aboutsummaryrefslogtreecommitdiff
path: root/.github/workflows/ci.yml
blob: 858dec4400af34dfd0da41500d07304fbdb42f8d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: "CI"

on:
  pull_request:
  push:

permissions: read-all

jobs:

  tests:
    needs: [check_secrets]
    strategy:
      matrix:
        os: [ubuntu-latest, macos-latest]
    runs-on: ${{ matrix.os }}
    timeout-minutes: 60
    steps:
    - uses: actions/checkout@v3
      with:
        fetch-depth: 0
    - uses: cachix/install-nix-action@v20
    - run: echo CACHIX_NAME="$(echo $GITHUB_REPOSITORY-install-tests | tr "[A-Z]/" "[a-z]-")" >> $GITHUB_ENV
    - uses: cachix/cachix-action@v12
      if: needs.check_secrets.outputs.cachix == 'true'
      with:
        name: '${{ env.CACHIX_NAME }}'
        signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
        authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
    - run: nix --experimental-features 'nix-command flakes' flake check -L

  check_secrets:
    permissions:
      contents: none
    name: Check Cachix and Docker secrets present for installer tests
    runs-on: ubuntu-latest
    outputs:
      cachix: ${{ steps.secret.outputs.cachix }}
      docker: ${{ steps.secret.outputs.docker }}
    steps:
      - name: Check for secrets
        id: secret
        env:
          _CACHIX_SECRETS: ${{ secrets.CACHIX_SIGNING_KEY }}${{ secrets.CACHIX_AUTH_TOKEN }}
          _DOCKER_SECRETS: ${{ secrets.DOCKERHUB_USERNAME }}${{ secrets.DOCKERHUB_TOKEN }}
        run: |
          echo "::set-output name=cachix::${{ env._CACHIX_SECRETS != '' }}"
          echo "::set-output name=docker::${{ env._DOCKER_SECRETS != '' }}"

  installer:
    needs: [tests, check_secrets]
    if: github.event_name == 'push' && needs.check_secrets.outputs.cachix == 'true'
    runs-on: ubuntu-latest
    outputs:
      installerURL: ${{ steps.prepare-installer.outputs.installerURL }}
    steps:
    - uses: actions/checkout@v3
      with:
        fetch-depth: 0
    - run: echo CACHIX_NAME="$(echo $GITHUB_REPOSITORY-install-tests | tr "[A-Z]/" "[a-z]-")" >> $GITHUB_ENV
    - uses: cachix/install-nix-action@v19
      with:
        install_url: https://releases.nixos.org/nix/nix-2.13.3/install
    - uses: cachix/cachix-action@v12
      with:
        name: '${{ env.CACHIX_NAME }}'
        signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
        authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
    - id: prepare-installer
      run: scripts/prepare-installer-for-github-actions

  installer_test:
    needs: [installer, check_secrets]
    if: github.event_name == 'push' && needs.check_secrets.outputs.cachix == 'true'
    strategy:
      matrix:
        os: [ubuntu-latest, macos-latest]
    runs-on: ${{ matrix.os }}
    steps:
    - uses: actions/checkout@v3
    - run: echo CACHIX_NAME="$(echo $GITHUB_REPOSITORY-install-tests | tr "[A-Z]/" "[a-z]-")" >> $GITHUB_ENV
    - uses: cachix/install-nix-action@v19
      with:
        install_url: '${{needs.installer.outputs.installerURL}}'
        install_options: "--tarball-url-prefix https://${{ env.CACHIX_NAME }}.cachix.org/serve"
    - run: sudo apt install fish zsh
      if: matrix.os == 'ubuntu-latest'
    - run: brew install fish
      if: matrix.os == 'macos-latest'
    - run: exec bash -c "nix-instantiate -E 'builtins.currentTime' --eval"
    - run: exec sh -c "nix-instantiate -E 'builtins.currentTime' --eval"
    - run: exec zsh -c "nix-instantiate -E 'builtins.currentTime' --eval"
    - run: exec fish -c "nix-instantiate -E 'builtins.currentTime' --eval"
    - run: exec bash -c "nix-channel --add https://releases.nixos.org/nixos/unstable/nixos-23.05pre466020.60c1d71f2ba nixpkgs"
    - run: exec bash -c "nix-channel --update && nix-env -iA nixpkgs.hello && hello"

  docker_push_image:
    needs: [check_secrets, tests]
    if: >-
      github.event_name == 'push' &&
      github.ref_name == 'master' &&
      needs.check_secrets.outputs.cachix == 'true' &&
      needs.check_secrets.outputs.docker == 'true'
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
      with:
        fetch-depth: 0
    - uses: cachix/install-nix-action@v19
      with:
        install_url: https://releases.nixos.org/nix/nix-2.13.3/install
    - run: echo CACHIX_NAME="$(echo $GITHUB_REPOSITORY-install-tests | tr "[A-Z]/" "[a-z]-")" >> $GITHUB_ENV
    - run: echo NIX_VERSION="$(nix --experimental-features 'nix-command flakes' eval .\#default.version | tr -d \")" >> $GITHUB_ENV
    - uses: cachix/cachix-action@v12
      if: needs.check_secrets.outputs.cachix == 'true'
      with:
        name: '${{ env.CACHIX_NAME }}'
        signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
        authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
    - run: nix --experimental-features 'nix-command flakes' build .#dockerImage -L
    - run: docker load -i ./result/image.tar.gz
    - run: docker tag nix:$NIX_VERSION nixos/nix:$NIX_VERSION
    - run: docker tag nix:$NIX_VERSION nixos/nix:master
    - name: Login to Docker Hub
      uses: docker/login-action@v2
      with:
        username: ${{ secrets.DOCKERHUB_USERNAME }}
        password: ${{ secrets.DOCKERHUB_TOKEN }}
    - run: docker push nixos/nix:$NIX_VERSION
    - run: docker push nixos/nix:master