2021-12-21 22:26:52 +02:00
name : "CI"
2021-10-29 15:38:55 +03:00
2020-03-13 12:57:58 +02:00
on :
pull_request :
push :
2021-10-29 15:38:55 +03:00
2022-07-05 13:06:58 +03:00
permissions : read-all
2020-03-13 12:57:58 +02:00
jobs :
2021-10-29 15:38:55 +03:00
2020-03-13 12:57:58 +02:00
tests :
2022-08-29 15:17:06 +03:00
needs : [ check_secrets]
2020-03-13 12:57:58 +02:00
strategy :
2023-06-17 16:05:10 +03:00
fail-fast : false
2020-03-13 12:57:58 +02:00
matrix :
2020-05-15 11:06:14 +03:00
os : [ ubuntu-latest, macos-latest]
2020-03-13 12:57:58 +02:00
runs-on : ${{ matrix.os }}
2021-10-29 15:38:55 +03:00
timeout-minutes : 60
2020-03-13 12:57:58 +02:00
steps :
2023-09-05 01:52:37 +03:00
- uses : actions/checkout@v4
2020-03-13 18:25:47 +02:00
with :
fetch-depth : 0
2024-05-21 01:51:54 +03:00
- uses : cachix/install-nix-action@V27
2023-02-17 20:23:09 +02:00
with :
# The sandbox would otherwise be disabled by default on Darwin
extra_nix_config : "sandbox = true"
2021-02-26 00:12:51 +02:00
- run : echo CACHIX_NAME="$(echo $GITHUB_REPOSITORY-install-tests | tr "[A-Z]/" "[a-z]-")" >> $GITHUB_ENV
2024-05-21 01:51:53 +03:00
- uses : cachix/cachix-action@v15
2022-08-29 15:17:06 +03:00
if : needs.check_secrets.outputs.cachix == 'true'
2021-02-15 12:20:54 +02:00
with :
name : '${{ env.CACHIX_NAME }}'
signingKey : '${{ secrets.CACHIX_SIGNING_KEY }}'
2021-02-26 00:12:51 +02:00
authToken : '${{ secrets.CACHIX_AUTH_TOKEN }}'
2022-01-26 15:31:23 +02:00
- run : nix --experimental-features 'nix-command flakes' flake check -L
2021-10-29 15:38:55 +03:00
2024-06-06 09:50:05 +03:00
# Steps to test CI automation in your own fork.
# Cachix:
# 1. Sign-up for https://www.cachix.org/
# 2. Create a cache for $githubuser-nix-install-tests
# 3. Create a cachix auth token and save it in https://github.com/$githubuser/nix/settings/secrets/actions in "Repository secrets" as CACHIX_AUTH_TOKEN
# Dockerhub:
# 1. Sign-up for https://hub.docker.com/
# 2. Store your dockerhub username as DOCKERHUB_USERNAME in "Repository secrets" of your fork repository settings (https://github.com/$githubuser/nix/settings/secrets/actions)
# 3. Create an access token in https://hub.docker.com/settings/security and store it as DOCKERHUB_TOKEN in "Repository secrets" of your fork
2022-08-29 15:17:06 +03:00
check_secrets :
2022-07-01 03:29:30 +03:00
permissions :
contents : none
2022-08-29 15:17:06 +03:00
name : Check Cachix and Docker secrets present for installer tests
2021-02-26 00:12:51 +02:00
runs-on : ubuntu-latest
outputs :
2022-08-29 15:17:06 +03:00
cachix : ${{ steps.secret.outputs.cachix }}
docker : ${{ steps.secret.outputs.docker }}
2021-02-26 00:12:51 +02:00
steps :
2022-08-29 15:17:06 +03:00
- name : Check for secrets
2021-02-26 00:12:51 +02:00
id : secret
env :
_CACHIX_SECRETS : ${{ secrets.CACHIX_SIGNING_KEY }}${{ secrets.CACHIX_AUTH_TOKEN }}
2022-08-29 15:17:06 +03:00
_DOCKER_SECRETS : ${{ secrets.DOCKERHUB_USERNAME }}${{ secrets.DOCKERHUB_TOKEN }}
run : |
echo "::set-output name=cachix::${{ env._CACHIX_SECRETS != '' }}"
echo "::set-output name=docker::${{ env._DOCKER_SECRETS != '' }}"
2021-10-29 15:38:55 +03:00
2021-02-15 12:20:54 +02:00
installer :
2022-08-29 15:17:06 +03:00
needs : [ tests, check_secrets]
if : github.event_name == 'push' && needs.check_secrets.outputs.cachix == 'true'
2021-02-15 12:20:54 +02:00
runs-on : ubuntu-latest
outputs :
installerURL : ${{ steps.prepare-installer.outputs.installerURL }}
steps :
2023-09-05 01:52:37 +03:00
- uses : actions/checkout@v4
2021-02-15 12:20:54 +02:00
with :
fetch-depth : 0
2021-02-26 00:12:51 +02:00
- run : echo CACHIX_NAME="$(echo $GITHUB_REPOSITORY-install-tests | tr "[A-Z]/" "[a-z]-")" >> $GITHUB_ENV
2024-05-21 01:51:54 +03:00
- uses : cachix/install-nix-action@V27
2023-03-01 02:19:11 +02:00
with :
2024-02-28 20:54:17 +02:00
install_url : https://releases.nixos.org/nix/nix-2.20.3/install
2024-05-21 01:51:53 +03:00
- uses : cachix/cachix-action@v15
2021-02-15 12:20:54 +02:00
with :
name : '${{ env.CACHIX_NAME }}'
signingKey : '${{ secrets.CACHIX_SIGNING_KEY }}'
2021-02-26 00:12:51 +02:00
authToken : '${{ secrets.CACHIX_AUTH_TOKEN }}'
2021-02-15 12:20:54 +02:00
- id : prepare-installer
run : scripts/prepare-installer-for-github-actions
2021-10-29 15:38:55 +03:00
2021-02-15 12:20:54 +02:00
installer_test :
2022-08-29 15:17:06 +03:00
needs : [ installer, check_secrets]
if : github.event_name == 'push' && needs.check_secrets.outputs.cachix == 'true'
2021-02-15 12:20:54 +02:00
strategy :
2023-06-17 16:05:10 +03:00
fail-fast : false
2021-02-15 12:20:54 +02:00
matrix :
os : [ ubuntu-latest, macos-latest]
runs-on : ${{ matrix.os }}
steps :
2023-09-05 01:52:37 +03:00
- uses : actions/checkout@v4
2021-02-26 00:12:51 +02:00
- run : echo CACHIX_NAME="$(echo $GITHUB_REPOSITORY-install-tests | tr "[A-Z]/" "[a-z]-")" >> $GITHUB_ENV
2024-05-21 01:51:54 +03:00
- uses : cachix/install-nix-action@V27
2021-02-15 12:20:54 +02:00
with :
install_url : '${{needs.installer.outputs.installerURL}}'
2021-02-26 00:12:51 +02:00
install_options : "--tarball-url-prefix https://${{ env.CACHIX_NAME }}.cachix.org/serve"
2022-09-12 19:46:06 +03:00
- run : sudo apt install fish zsh
if : matrix.os == 'ubuntu-latest'
- run : brew install fish
if : matrix.os == 'macos-latest'
- run : exec bash -c "nix-instantiate -E 'builtins.currentTime' --eval"
- run : exec sh -c "nix-instantiate -E 'builtins.currentTime' --eval"
- run : exec zsh -c "nix-instantiate -E 'builtins.currentTime' --eval"
- run : exec fish -c "nix-instantiate -E 'builtins.currentTime' --eval"
2023-03-20 11:24:29 +02:00
- run : exec bash -c "nix-channel --add https://releases.nixos.org/nixos/unstable/nixos-23.05pre466020.60c1d71f2ba nixpkgs"
- run : exec bash -c "nix-channel --update && nix-env -iA nixpkgs.hello && hello"
2021-12-21 23:42:47 +02:00
docker_push_image :
2022-08-29 15:17:06 +03:00
needs : [ check_secrets, tests]
2023-10-20 20:28:26 +03:00
permissions :
contents : read
packages : write
2021-12-21 23:42:47 +02:00
if : >-
github.event_name == 'push' &&
github.ref_name == 'master' &&
2022-08-29 15:17:06 +03:00
needs.check_secrets.outputs.cachix == 'true' &&
needs.check_secrets.outputs.docker == 'true'
2021-12-21 23:42:47 +02:00
runs-on : ubuntu-latest
steps :
2023-09-05 01:52:37 +03:00
- uses : actions/checkout@v4
2021-12-21 23:42:47 +02:00
with :
fetch-depth : 0
2024-05-21 01:51:54 +03:00
- uses : cachix/install-nix-action@V27
2023-03-01 02:19:11 +02:00
with :
2024-02-28 20:54:17 +02:00
install_url : https://releases.nixos.org/nix/nix-2.20.3/install
2021-12-21 23:42:47 +02:00
- run : echo CACHIX_NAME="$(echo $GITHUB_REPOSITORY-install-tests | tr "[A-Z]/" "[a-z]-")" >> $GITHUB_ENV
2022-06-10 13:09:09 +03:00
- run : echo NIX_VERSION="$(nix --experimental-features 'nix-command flakes' eval .\#default.version | tr -d \")" >> $GITHUB_ENV
2024-05-21 01:51:53 +03:00
- uses : cachix/cachix-action@v15
2022-08-29 15:17:06 +03:00
if : needs.check_secrets.outputs.cachix == 'true'
2021-12-21 23:42:47 +02:00
with :
name : '${{ env.CACHIX_NAME }}'
signingKey : '${{ secrets.CACHIX_SIGNING_KEY }}'
authToken : '${{ secrets.CACHIX_AUTH_TOKEN }}'
2022-01-26 15:31:23 +02:00
- run : nix --experimental-features 'nix-command flakes' build .#dockerImage -L
2021-12-21 23:42:47 +02:00
- run : docker load -i ./result/image.tar.gz
2024-06-06 11:32:38 +03:00
- run : docker tag nix:$NIX_VERSION ${{ secrets.DOCKERHUB_USERNAME }}/nix:$NIX_VERSION
- run : docker tag nix:$NIX_VERSION ${{ secrets.DOCKERHUB_USERNAME }}/nix:master
2023-10-20 20:28:26 +03:00
# We'll deploy the newly built image to both Docker Hub and Github Container Registry.
#
# Push to Docker Hub first
2021-12-21 23:42:47 +02:00
- name : Login to Docker Hub
2023-09-19 01:16:55 +03:00
uses : docker/login-action@v3
2021-12-21 23:42:47 +02:00
with :
username : ${{ secrets.DOCKERHUB_USERNAME }}
password : ${{ secrets.DOCKERHUB_TOKEN }}
2024-06-06 11:32:38 +03:00
- run : docker push ${{ secrets.DOCKERHUB_USERNAME }}/nix:$NIX_VERSION
- run : docker push ${{ secrets.DOCKERHUB_USERNAME }}/nix:master
2023-10-20 20:28:26 +03:00
# Push to GitHub Container Registry as well
- name : Login to GitHub Container Registry
uses : docker/login-action@v3
with :
registry : ghcr.io
username : ${{ github.actor }}
password : ${{ secrets.GITHUB_TOKEN }}
- name : Push image
run : |
IMAGE_ID=ghcr.io/${{ github.repository_owner }}/nix
# Change all uppercase to lowercase
IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')
docker tag nix:$NIX_VERSION $IMAGE_ID:$NIX_VERSION
2024-02-24 12:15:58 +02:00
docker tag nix:$NIX_VERSION $IMAGE_ID:latest
2023-10-20 20:28:26 +03:00
docker push $IMAGE_ID:$NIX_VERSION
2024-02-24 12:15:58 +02:00
docker push $IMAGE_ID:latest
# deprecated 2024-02-24
2024-03-02 10:00:42 +02:00
docker tag nix:$NIX_VERSION $IMAGE_ID:master
2023-10-20 20:28:26 +03:00
docker push $IMAGE_ID:master
2024-03-27 13:59:41 +02:00
vm_tests :
runs-on : ubuntu-22.04
steps :
2024-04-02 01:32:31 +03:00
- uses : actions/checkout@v4
2024-03-27 13:59:41 +02:00
- uses : DeterminateSystems/nix-installer-action@main
- uses : DeterminateSystems/magic-nix-cache-action@main
2024-04-17 15:34:53 +03:00
- run : nix build -L .#hydraJobs.tests.githubFlakes .#hydraJobs.tests.tarballFlakes