From 9fcd2510a0f0f0c21d58dc096b66eac314a4c4c5 Mon Sep 17 00:00:00 2001 From: Kat Inskip Date: Sat, 13 Jul 2024 14:02:45 -0700 Subject: [PATCH] feat: maybe move to full github actions jobs instead of tasks --- .github/workflows/flake-update.yml | 2 + .github/workflows/nodes.yml | 288 ++++++--------------------- ci/nodes.nix | 41 +++- packages/nf-build-system/default.nix | 1 + shells/repo.nix | 2 + 5 files changed, 93 insertions(+), 241 deletions(-) diff --git a/.github/workflows/flake-update.yml b/.github/workflows/flake-update.yml index fb08a2ae..2636e684 100644 --- a/.github/workflows/flake-update.yml +++ b/.github/workflows/flake-update.yml @@ -3,6 +3,7 @@ env: CI_ALLOW_ROOT: '1' CI_CONFIG: ./ci/flake-cron.nix CI_PLATFORM: gh-actions + DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }} jobs: ci-check: name: flake-update check @@ -45,6 +46,7 @@ jobs: uses: arcnmx/ci/actions/nix/install@v0.7 - env: CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }} + DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }} NF_CONFIG_ROOT: ${{ github.workspace }} NF_UPDATE_CACHIX_PUSH: '1' NF_UPDATE_GIT_COMMIT: '1' diff --git a/.github/workflows/nodes.yml b/.github/workflows/nodes.yml index c56a2498..72aefe21 100644 --- a/.github/workflows/nodes.yml +++ b/.github/workflows/nodes.yml @@ -1,7 +1,9 @@ env: + CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }} CI_ALLOW_ROOT: '1' CI_CONFIG: ./ci/nodes.nix CI_PLATFORM: gh-actions + DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }} jobs: ci-check: name: nodes check @@ -11,6 +13,7 @@ jobs: name: git clone uses: actions/checkout@v4 with: + fetch-depth: 0 submodules: false - id: nix-install name: nix install @@ -29,209 +32,61 @@ jobs: attrs: nixpkgs.diffutils command: diff goliath: - name: nodes-goliath + name: goliath runs-on: ubuntu-latest steps: - - id: checkout - name: git clone - uses: actions/checkout@v4 - with: - submodules: false - - id: nix-install - name: nix install - uses: arcnmx/ci/actions/nix/install@v0.7 - - id: ci-dirty - name: nix test dirty - uses: arcnmx/ci/actions/nix/run@v0.7 - with: - attrs: ci.job.goliath.run.test - command: ci-build-dirty - quiet: false - stdout: ${{ runner.temp }}/ci.build.dirty - - id: ci-test - name: nix test build - uses: arcnmx/ci/actions/nix/run@v0.7 - with: - attrs: ci.job.goliath.run.test - command: ci-build-realise - ignore-exit-code: true - quiet: false - stdin: ${{ runner.temp }}/ci.build.dirty - - env: - CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }} - id: ci-summary - name: nix test results - uses: arcnmx/ci/actions/nix/run@v0.7 - with: - attrs: ci.job.goliath.run.test - command: ci-build-summarise - quiet: false - stdin: ${{ runner.temp }}/ci.build.dirty - stdout: ${{ runner.temp }}/ci.build.cache - env: CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }} - id: ci-cache - if: always() - name: nix test cache - uses: arcnmx/ci/actions/nix/run@v0.7 - with: - attrs: ci.job.goliath.run.test - command: ci-build-cache - quiet: false - stdin: ${{ runner.temp }}/ci.build.cache + DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }} + NF_CONFIG_ROOT: ${{ github.workspace }} + NF_UPDATE_CACHIX_PUSH: '1' + NF_UPDATE_GIT_COMMIT: '1' + id: goliath + name: Build goliath system closure + run: nix run .#nf-build-system -- nixosConfigurations.goliath.config.system.build.topLevel + goliath NixOS koishi: - name: nodes-koishi + name: koishi runs-on: ubuntu-latest steps: - - id: checkout - name: git clone - uses: actions/checkout@v4 - with: - submodules: false - - id: nix-install - name: nix install - uses: arcnmx/ci/actions/nix/install@v0.7 - - id: ci-dirty - name: nix test dirty - uses: arcnmx/ci/actions/nix/run@v0.7 - with: - attrs: ci.job.koishi.run.test - command: ci-build-dirty - quiet: false - stdout: ${{ runner.temp }}/ci.build.dirty - - id: ci-test - name: nix test build - uses: arcnmx/ci/actions/nix/run@v0.7 - with: - attrs: ci.job.koishi.run.test - command: ci-build-realise - ignore-exit-code: true - quiet: false - stdin: ${{ runner.temp }}/ci.build.dirty - - env: - CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }} - id: ci-summary - name: nix test results - uses: arcnmx/ci/actions/nix/run@v0.7 - with: - attrs: ci.job.koishi.run.test - command: ci-build-summarise - quiet: false - stdin: ${{ runner.temp }}/ci.build.dirty - stdout: ${{ runner.temp }}/ci.build.cache - env: CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }} - id: ci-cache - if: always() - name: nix test cache - uses: arcnmx/ci/actions/nix/run@v0.7 - with: - attrs: ci.job.koishi.run.test - command: ci-build-cache - quiet: false - stdin: ${{ runner.temp }}/ci.build.cache + DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }} + NF_CONFIG_ROOT: ${{ github.workspace }} + NF_UPDATE_CACHIX_PUSH: '1' + NF_UPDATE_GIT_COMMIT: '1' + id: koishi + name: Build koishi system closure + run: nix run .#nf-build-system -- nixosConfigurations.koishi.config.system.build.topLevel + koishi NixOS mai: - name: nodes-mai + name: mai runs-on: ubuntu-latest steps: - - id: checkout - name: git clone - uses: actions/checkout@v4 - with: - submodules: false - - id: nix-install - name: nix install - uses: arcnmx/ci/actions/nix/install@v0.7 - - id: ci-dirty - name: nix test dirty - uses: arcnmx/ci/actions/nix/run@v0.7 - with: - attrs: ci.job.mai.run.test - command: ci-build-dirty - quiet: false - stdout: ${{ runner.temp }}/ci.build.dirty - - id: ci-test - name: nix test build - uses: arcnmx/ci/actions/nix/run@v0.7 - with: - attrs: ci.job.mai.run.test - command: ci-build-realise - ignore-exit-code: true - quiet: false - stdin: ${{ runner.temp }}/ci.build.dirty - - env: - CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }} - id: ci-summary - name: nix test results - uses: arcnmx/ci/actions/nix/run@v0.7 - with: - attrs: ci.job.mai.run.test - command: ci-build-summarise - quiet: false - stdin: ${{ runner.temp }}/ci.build.dirty - stdout: ${{ runner.temp }}/ci.build.cache - env: CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }} - id: ci-cache - if: always() - name: nix test cache - uses: arcnmx/ci/actions/nix/run@v0.7 - with: - attrs: ci.job.mai.run.test - command: ci-build-cache - quiet: false - stdin: ${{ runner.temp }}/ci.build.cache + DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }} + NF_CONFIG_ROOT: ${{ github.workspace }} + NF_UPDATE_CACHIX_PUSH: '1' + NF_UPDATE_GIT_COMMIT: '1' + id: mai + name: Build mai system closure + run: nix run .#nf-build-system -- nixosConfigurations.mai.config.system.build.topLevel + mai NixOS mei: - name: nodes-mei + name: mei runs-on: ubuntu-latest steps: - - id: checkout - name: git clone - uses: actions/checkout@v4 - with: - submodules: false - - id: nix-install - name: nix install - uses: arcnmx/ci/actions/nix/install@v0.7 - - id: ci-dirty - name: nix test dirty - uses: arcnmx/ci/actions/nix/run@v0.7 - with: - attrs: ci.job.mei.run.test - command: ci-build-dirty - quiet: false - stdout: ${{ runner.temp }}/ci.build.dirty - - id: ci-test - name: nix test build - uses: arcnmx/ci/actions/nix/run@v0.7 - with: - attrs: ci.job.mei.run.test - command: ci-build-realise - ignore-exit-code: true - quiet: false - stdin: ${{ runner.temp }}/ci.build.dirty - - env: - CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }} - id: ci-summary - name: nix test results - uses: arcnmx/ci/actions/nix/run@v0.7 - with: - attrs: ci.job.mei.run.test - command: ci-build-summarise - quiet: false - stdin: ${{ runner.temp }}/ci.build.dirty - stdout: ${{ runner.temp }}/ci.build.cache - env: CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }} - id: ci-cache - if: always() - name: nix test cache - uses: arcnmx/ci/actions/nix/run@v0.7 - with: - attrs: ci.job.mei.run.test - command: ci-build-cache - quiet: false - stdin: ${{ runner.temp }}/ci.build.cache + DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }} + NF_CONFIG_ROOT: ${{ github.workspace }} + NF_UPDATE_CACHIX_PUSH: '1' + NF_UPDATE_GIT_COMMIT: '1' + id: mei + name: Build mei system closure + run: nix run .#nf-build-system -- nixosConfigurations.mei.config.system.build.topLevel + mei NixOS packages: name: nodes-packages runs-on: ubuntu-latest @@ -240,6 +95,7 @@ jobs: name: git clone uses: actions/checkout@v4 with: + fetch-depth: 0 submodules: false - id: nix-install name: nix install @@ -284,57 +140,25 @@ jobs: quiet: false stdin: ${{ runner.temp }}/ci.build.cache yukari: - name: nodes-yukari + name: yukari runs-on: ubuntu-latest steps: - - id: checkout - name: git clone - uses: actions/checkout@v4 - with: - submodules: false - - id: nix-install - name: nix install - uses: arcnmx/ci/actions/nix/install@v0.7 - - id: ci-dirty - name: nix test dirty - uses: arcnmx/ci/actions/nix/run@v0.7 - with: - attrs: ci.job.yukari.run.test - command: ci-build-dirty - quiet: false - stdout: ${{ runner.temp }}/ci.build.dirty - - id: ci-test - name: nix test build - uses: arcnmx/ci/actions/nix/run@v0.7 - with: - attrs: ci.job.yukari.run.test - command: ci-build-realise - ignore-exit-code: true - quiet: false - stdin: ${{ runner.temp }}/ci.build.dirty - - env: - CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }} - id: ci-summary - name: nix test results - uses: arcnmx/ci/actions/nix/run@v0.7 - with: - attrs: ci.job.yukari.run.test - command: ci-build-summarise - quiet: false - stdin: ${{ runner.temp }}/ci.build.dirty - stdout: ${{ runner.temp }}/ci.build.cache - env: CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }} - id: ci-cache - if: always() - name: nix test cache - uses: arcnmx/ci/actions/nix/run@v0.7 - with: - attrs: ci.job.yukari.run.test - command: ci-build-cache - quiet: false - stdin: ${{ runner.temp }}/ci.build.cache + DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }} + NF_CONFIG_ROOT: ${{ github.workspace }} + NF_UPDATE_CACHIX_PUSH: '1' + NF_UPDATE_GIT_COMMIT: '1' + id: yukari + name: Build yukari system closure + run: nix run .#nf-build-system -- nixosConfigurations.yukari.config.system.build.topLevel + yukari NixOS name: nodes 'on': -- push -- pull_request + pull_request: + paths: + - '*' + push: + paths: + - '*' + workflow_dispatch: {} diff --git a/ci/nodes.nix b/ci/nodes.nix index 91eeb729..f8314450 100644 --- a/ci/nodes.nix +++ b/ci/nodes.nix @@ -9,11 +9,34 @@ with lib; { imports = [ ./common.nix ]; config = { name = "nodes"; + gh-actions = { + env = { + CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}"; + DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}"; + }; + on = let + paths = [ + "*" +/* + "default.nix" + "ci/.nix" + config.ci.gh-actions.path +*/ + ]; + in { + push = { + inherit paths; + }; + pull_request = { + inherit paths; + }; + workflow_dispatch = {}; + }; jobs = let enabledNixOSSystems = filterAttrs (_: system: system.config.ci.enable) channels.nixfiles.systems; mkNixOSSystemJob = name: system: nameValuePair "${name}" { - step.build-system-wrapper = { + step.${name} = { name = "Build ${name} system closure"; order = 500; run = "nix run .#nf-build-system -- nixosConfigurations.${name}.config.system.build.topLevel ${name} NixOS"; @@ -25,18 +48,18 @@ with lib; { NF_CONFIG_ROOT = "\${{ github.workspace }}"; }; }; - tasks = { - system = { - inputs = channels.nixfiles.nixosConfigurations.${name}.config.system.build.toplevel; - warn = system.config.ci.allowFailure; - }; - }; }; nixOSSystemJobs = mapAttrs' mkNixOSSystemJob enabledNixOSSystems; - in { + in nixOSSystemJobs; + }; + jobs = { packages = { ... }: { imports = [ ./packages.nix ]; }; - } // nixOSSystemJobs; + }; + + ci.gh-actions.checkoutOptions = { + fetch-depth = 0; + }; }; } diff --git a/packages/nf-build-system/default.nix b/packages/nf-build-system/default.nix index bdf097fc..fe184406 100644 --- a/packages/nf-build-system/default.nix +++ b/packages/nf-build-system/default.nix @@ -7,6 +7,7 @@ wrapShellScriptBin "nf-build-system" ./build-system.sh { git cachix jq + nix curl ]; } diff --git a/shells/repo.nix b/shells/repo.nix index 822666f7..9478ea4e 100644 --- a/shells/repo.nix +++ b/shells/repo.nix @@ -11,7 +11,9 @@ with pkgs; let repoShell = mkShell { nativeBuildInputs = [ + nf-build-system nf-update + nix fd # fd, better fine! ripgrep # rg, better grep! sops