From 702bde8bf0577ebb4df9037d213225eae60155cb Mon Sep 17 00:00:00 2001 From: Cole Helbling Date: Fri, 21 Feb 2025 13:02:04 -0800 Subject: [PATCH] Revert "wip: delete unnecessary CI for now" This reverts commit d712540206fb40d3c26809bdcdd0479a37072df9. --- .github/workflows/ci.yml | 169 ++++++++++++++++++++++++++++++++++ .github/workflows/labels.yml | 24 +++++ .github/workflows/publish.yml | 23 +++++ .github/workflows/test.yml | 21 +++++ 4 files changed, 237 insertions(+) create mode 100644 .github/workflows/ci.yml create mode 100644 .github/workflows/labels.yml create mode 100644 .github/workflows/publish.yml create mode 100644 .github/workflows/test.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 000000000..c3a96704f --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,169 @@ +name: "CI" + +on: + pull_request: + push: + branches: + - detsys-main + - main + - master + merge_group: + +permissions: + id-token: "write" + contents: "read" + +jobs: + eval: + runs-on: blacksmith-32vcpu-ubuntu-2204 + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + - uses: DeterminateSystems/nix-installer-action@main + with: + flakehub: true + - run: nix flake show --all-systems --json + + build_x86_64-linux: + uses: ./.github/workflows/build.yml + with: + os: blacksmith-32vcpu-ubuntu-2204 + + build_aarch64-linux: + if: github.event_name == 'merge_group' + uses: ./.github/workflows/build.yml + with: + os: blacksmith-32vcpu-ubuntu-2204-arm + + build_x86_64-darwin: + if: github.event_name == 'merge_group' + uses: ./.github/workflows/build.yml + with: + os: macos-13 + + build_aarch64-darwin: + uses: ./.github/workflows/build.yml + with: + os: macos-latest + + test_x86_64-linux: + uses: ./.github/workflows/test.yml + needs: build_x86_64-linux + with: + os: blacksmith-32vcpu-ubuntu-2204 + + test_aarch64-linux: + if: github.event_name == 'merge_group' + uses: ./.github/workflows/test.yml + needs: build_aarch64-linux + with: + os: blacksmith-32vcpu-ubuntu-2204-arm + + test_x86_64-darwin: + if: github.event_name == 'merge_group' + uses: ./.github/workflows/test.yml + needs: build_aarch64-darwin + with: + os: macos-13 + + test_aarch64-darwin: + if: github.event_name == 'merge_group' + uses: ./.github/workflows/test.yml + needs: build_aarch64-darwin + with: + os: macos-latest + + vm_tests_smoke: + if: github.event_name != 'merge_group' + needs: build_x86_64-linux + runs-on: blacksmith-32vcpu-ubuntu-2204 + steps: + - uses: actions/checkout@v4 + - uses: DeterminateSystems/nix-installer-action@main + with: + flakehub: true + - uses: DeterminateSystems/flakehub-cache-action@main + - run: | + nix build -L \ + .#hydraJobs.tests.functional_user \ + .#hydraJobs.tests.githubFlakes \ + .#hydraJobs.tests.nix-docker \ + .#hydraJobs.tests.tarballFlakes \ + ; + + vm_tests_all: + if: github.event_name == 'merge_group' + needs: build_x86_64-linux + runs-on: blacksmith-32vcpu-ubuntu-2204 + steps: + - uses: actions/checkout@v4 + - uses: DeterminateSystems/nix-installer-action@main + with: + flakehub: true + - uses: DeterminateSystems/flakehub-cache-action@main + - run: | + nix build -L --keep-going \ + $(nix flake show --json \ + | jq -r ' + .hydraJobs.tests + | with_entries(select(.value.type == "derivation")) + | keys[] + | ".#hydraJobs.tests." + .' \ + | head -n5) # FIXME: for testing the merge queue + + flake_regressions: + if: github.event_name == 'merge_group' + needs: build_x86_64-linux + runs-on: blacksmith-32vcpu-ubuntu-2204 + steps: + - name: Checkout nix + uses: actions/checkout@v4 + - name: Checkout flake-regressions + uses: actions/checkout@v4 + with: + repository: DeterminateSystems/flake-regressions + path: flake-regressions + - name: Checkout flake-regressions-data + uses: actions/checkout@v4 + with: + repository: DeterminateSystems/flake-regressions-data + path: flake-regressions/tests + - uses: DeterminateSystems/nix-installer-action@main + with: + flakehub: true + - uses: DeterminateSystems/flakehub-cache-action@main + - run: nix build -L --out-link ./new-nix && PATH=$(pwd)/new-nix/bin:$PATH MAX_FLAKES=50 flake-regressions/eval-all.sh + + manual: + if: github.event_name != 'merge_group' + needs: build_x86_64-linux + runs-on: blacksmith + permissions: + id-token: "write" + contents: "read" + pull-requests: "write" + statuses: "write" + deployments: "write" + steps: + - name: Checkout nix + uses: actions/checkout@v4 + - uses: DeterminateSystems/nix-installer-action@main + with: + flakehub: true + - uses: DeterminateSystems/flakehub-cache-action@main + - name: Build manual + run: nix build .#hydraJobs.manual + - uses: nwtgck/actions-netlify@v3.0 + with: + publish-dir: './result/share/doc/nix/manual' + production-branch: detsys-main + github-token: ${{ secrets.GITHUB_TOKEN }} + deploy-message: "Deploy from GitHub Actions" + enable-pull-request-comment: true + enable-commit-comment: true + enable-commit-status: true + overwrites-pull-request-comment: true + env: + NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }} + NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }} diff --git a/.github/workflows/labels.yml b/.github/workflows/labels.yml new file mode 100644 index 000000000..23a5d9e51 --- /dev/null +++ b/.github/workflows/labels.yml @@ -0,0 +1,24 @@ +name: "Label PR" + +on: + pull_request_target: + types: [edited, opened, synchronize, reopened] + +# WARNING: +# When extending this action, be aware that $GITHUB_TOKEN allows some write +# access to the GitHub API. This means that it should not evaluate user input in +# a way that allows code injection. + +permissions: + contents: read + pull-requests: write + +jobs: + labels: + runs-on: ubuntu-24.04 + if: github.repository_owner == 'NixOS' + steps: + - uses: actions/labeler@v5 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + sync-labels: false diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 000000000..00ca3ec53 --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,23 @@ +name: Release + +on: + release: + types: + - released + +jobs: + publish: + if: (!github.repository.fork && (github.ref == format('refs/heads/{0}', github.event.repository.default_branch) || startsWith(github.ref, 'refs/tags/'))) + environment: ${{ github.event_name == 'release' && 'production' || '' }} + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + steps: + - uses: actions/checkout@v4 + - uses: DeterminateSystems/nix-installer-action@main + - uses: "DeterminateSystems/flakehub-push@main" + with: + rolling: ${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }} + visibility: "private" + tag: "${{ github.ref_name }}" diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 000000000..e58827a9c --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,21 @@ +on: + workflow_call: + inputs: + os: + required: true + type: string + +jobs: + + tests: + strategy: + fail-fast: false + runs-on: ${{ inputs.os }} + timeout-minutes: 60 + steps: + - uses: actions/checkout@v4 + - uses: DeterminateSystems/nix-installer-action@main + with: + flakehub: true + - uses: DeterminateSystems/flakehub-cache-action@main + - run: nix flake check -L