From 0dc5b249ff05bbfbd659805aee4261065d5826c3 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 5 Nov 2024 16:38:52 +0100 Subject: [PATCH 1/4] Build the Nix manual in CI and deploy to Netlify --- .github/workflows/build.yml | 4 ++++ .github/workflows/ci.yml | 27 +++++++++++++++++++++++++++ packaging/hydra.nix | 9 +++++++++ 3 files changed, 40 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7e3c9872d..441f23c5a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -4,6 +4,10 @@ on: os: required: true type: string + manual: + required: false + type: boolean + default: false jobs: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 60b75a439..4397d3747 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -134,3 +134,30 @@ jobs: flakehub: true - uses: DeterminateSystems/flakehub-cache-action@main - run: nix build -L --out-link ./new-nix && PATH=$(pwd)/new-nix/bin:$PATH MAX_FLAKES=50 flake-regressions/eval-all.sh + + manual: + if: github.event_name != 'merge_group' + needs: build_x86_64-linux + runs-on: blacksmith + steps: + - name: Checkout nix + uses: actions/checkout@v4 + - uses: DeterminateSystems/nix-installer-action@main + with: + flakehub: true + - uses: DeterminateSystems/flakehub-cache-action@main + - name: Build manual + run: nix build .#hydraJobs.manual + - uses: nwtgck/actions-netlify@v3.0 + with: + publish-dir: './result/share/doc/nix/manual' + production-branch: detsys-main + github-token: ${{ secrets.GITHUB_TOKEN }} + deploy-message: "Deploy from GitHub Actions" + enable-pull-request-comment: true + enable-commit-comment: true + enable-commit-status: true + overwrites-pull-request-comment: true + env: + NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }} + NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }} diff --git a/packaging/hydra.nix b/packaging/hydra.nix index debd98cf2..4f9039cd3 100644 --- a/packaging/hydra.nix +++ b/packaging/hydra.nix @@ -181,6 +181,15 @@ in # Nix's manual manual = nixpkgsFor.x86_64-linux.native.nixComponents.nix-manual; + manualTarball = + with nixpkgsFor.x86_64-linux.native; + runCommand "determinate-nix-manual-${self.hydraJobs.manual.version}" + { } + '' + mkdir -p $out/tarballs + tar cvfz $out/tarballs/$name.tar.gz -C ${self.hydraJobs.manual}/share/doc/nix/manual . --transform "s/^./$name/" + ''; + # API docs for Nix's unstable internal C++ interfaces. internal-api-docs = nixpkgsFor.x86_64-linux.native.nixComponents.nix-internal-api-docs; From c23a2cdc4a541a787fc8f3f76dbeddb42b849b02 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 21 Feb 2025 00:50:04 +0100 Subject: [PATCH 2/4] Hack --- .github/workflows/ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4397d3747..483b787dc 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,6 +12,9 @@ on: permissions: id-token: "write" contents: "read" + pull-requests: "write" + statuses: "write" + deployments: "write" jobs: eval: From 53c03a0161478ce94874110abf34229cb0de1bbd Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 21 Feb 2025 01:50:29 +0100 Subject: [PATCH 3/4] Cleanup --- .github/workflows/build.yml | 4 ---- packaging/hydra.nix | 9 --------- 2 files changed, 13 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 441f23c5a..7e3c9872d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -4,10 +4,6 @@ on: os: required: true type: string - manual: - required: false - type: boolean - default: false jobs: diff --git a/packaging/hydra.nix b/packaging/hydra.nix index 4f9039cd3..debd98cf2 100644 --- a/packaging/hydra.nix +++ b/packaging/hydra.nix @@ -181,15 +181,6 @@ in # Nix's manual manual = nixpkgsFor.x86_64-linux.native.nixComponents.nix-manual; - manualTarball = - with nixpkgsFor.x86_64-linux.native; - runCommand "determinate-nix-manual-${self.hydraJobs.manual.version}" - { } - '' - mkdir -p $out/tarballs - tar cvfz $out/tarballs/$name.tar.gz -C ${self.hydraJobs.manual}/share/doc/nix/manual . --transform "s/^./$name/" - ''; - # API docs for Nix's unstable internal C++ interfaces. internal-api-docs = nixpkgsFor.x86_64-linux.native.nixComponents.nix-internal-api-docs; From dece94fe2598e82b094d1b761631bb7b9eb2e49c Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 21 Feb 2025 02:07:16 +0100 Subject: [PATCH 4/4] Restrict permissions --- .github/workflows/ci.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 483b787dc..c3a96704f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,9 +12,6 @@ on: permissions: id-token: "write" contents: "read" - pull-requests: "write" - statuses: "write" - deployments: "write" jobs: eval: @@ -142,6 +139,12 @@ jobs: if: github.event_name != 'merge_group' needs: build_x86_64-linux runs-on: blacksmith + permissions: + id-token: "write" + contents: "read" + pull-requests: "write" + statuses: "write" + deployments: "write" steps: - name: Checkout nix uses: actions/checkout@v4