From a279e1ce83ca8c27ba426ee280feb33d7cd89871 Mon Sep 17 00:00:00 2001 From: Ryan Butler Date: Wed, 20 Nov 2024 11:35:44 -0500 Subject: [PATCH] implement liveusb artifact builds --- .github/workflows/nix-ci.yaml | 94 ++++++++++++++++++++++++++++++++++ .github/workflows/rust-ci.yaml | 4 -- 2 files changed, 94 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/nix-ci.yaml diff --git a/.github/workflows/nix-ci.yaml b/.github/workflows/nix-ci.yaml new file mode 100644 index 00000000..b3724f61 --- /dev/null +++ b/.github/workflows/nix-ci.yaml @@ -0,0 +1,94 @@ +name: Nix CI +on: + pull_request: + workflow_dispatch: + workflow_call: + secrets: + GIT_HUB_TOKEN: + required: true + CACHIX_AUTH_TOKEN: + required: false + push: + branches: + - main + - prod + tags: + - '**' + +env: + CI_NIXOS_HOSTNAMES: worldcoin-hil-munich-0 worldcoin-hil-munich-1 + +jobs: + fmt: + name: Format + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3 + with: + token: ${{ secrets.GIT_HUB_TOKEN }} + - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # pin@v27 + with: + github_access_token: ${{ secrets.GIT_HUB_TOKEN }} + - uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # pin@v15 + continue-on-error: true + with: + name: worldcoin + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + - name: Print environment + run: | + uname -a + nix develop -c env + + - name: Check Nix formatting + run: | + nix develop -c \ + nixpkgs-fmt --check . + + build: + name: Build Nix Targets + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3 + with: + token: ${{ secrets.GIT_HUB_TOKEN }} + - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # pin@v27 + with: + github_access_token: ${{ secrets.GIT_HUB_TOKEN }} + - uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # pin@v15 + continue-on-error: true + with: + name: worldcoin + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + - name: Authorize private git repos + run: git config --global url."https://${{ secrets.GIT_HUB_TOKEN }}@github.com".insteadOf https://github.com + + - name: Make artifacts dir + run: mkdir -p artifacts + + - name: Build liveusb + run: | + nix build .#packages.x86_64-linux.liveusb + ls -alh result/ + cp result artifacts/liveusb + + - name: Build NixOS configurations + run: | + set -Eeux -o pipefail + # TODO: Build *all* configurations. + for hostname in ${CI_NIXOS_HOSTNAMES}; do + nix build .#nixosConfigurations.${hostname}.config.system.build.toplevel + done + - name: Debug + run: ls -alh artifacts + + - name: Upload Artifacts + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # pin@v4.3.3 + if: github.event_name == 'workflow_dispatch' || format('refs/heads/{0}', github.event.repository.default_branch) == github.ref + with: + # upload v4 doesn't support writing multiple times to the same artifact name. + # so its important that we name it after the workflow and not something + # general like "artifacts" + name: nix + path: artifacts + if-no-files-found: error + retention-days: 14 diff --git a/.github/workflows/rust-ci.yaml b/.github/workflows/rust-ci.yaml index e964ee4e..02e134a2 100644 --- a/.github/workflows/rust-ci.yaml +++ b/.github/workflows/rust-ci.yaml @@ -38,10 +38,6 @@ jobs: - name: Check Rust formatting run: cargo fmt --check --all - - name: Check Nix formatting - run: | - nix develop -c \ - nixpkgs-fmt --check flake.nix clippy: name: Clippy