wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-06-25 06:31:14 +02:00
Code Activity

Merge pull request #12050 from Mic92/ci

Browse source 
speed up ci by splitting off eval and build + fix ci with restricted namespaces
This commit is contained in:
mergify[bot] 2024-12-14 15:24:39 +00:00 committed by GitHub
commit 9389b27fe4
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 20 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

32
.github/workflows/ci.yml vendored
View file

@ -7,6 +7,14 @@ on:
permissions: read-all permissions: read-all
jobs: jobs:
eval:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: cachix/install-nix-action@v30
- run: nix --experimental-features 'nix-command flakes' flake show --all-systems --json
tests: tests:
needs: [check_secrets] needs: [check_secrets]
@ -33,25 +41,11 @@ jobs:
name: '${{ env.CACHIX_NAME }}' name: '${{ env.CACHIX_NAME }}'
signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- if: matrix.os == 'ubuntu-latest' # Since ubuntu 22.30, unprivileged usernamespaces are no longer allowed to map to the root user:
run: | # https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces
free -h - run: sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
swapon --show if: matrix.os == 'ubuntu-latest'
swap=$(swapon --show --noheadings | head -n 1 | awk '{print $1}') - run: scripts/build-checks
echo "Found swap: $swap"
sudo swapoff $swap
# resize it (fallocate)
sudo fallocate -l 10G $swap
sudo mkswap $swap
sudo swapon $swap
free -h
(
while sleep 60; do
free -h
done
) &
- run: nix --experimental-features 'nix-command flakes' flake check -L
- run: nix --experimental-features 'nix-command flakes' flake show --all-systems --json
# Steps to test CI automation in your own fork. # Steps to test CI automation in your own fork.
# Cachix: # Cachix:

2
scripts/binary-tarball.nix
View file

@ -65,7 +65,7 @@ runCommand "nix-binary-tarball-${version}" env ''
fn=$out/$dir.tar.xz fn=$out/$dir.tar.xz
mkdir -p $out/nix-support mkdir -p $out/nix-support
echo "file binary-dist $fn" >> $out/nix-support/hydra-build-products echo "file binary-dist $fn" >> $out/nix-support/hydra-build-products
tar cvfJ $fn \ tar cfJ $fn \
--owner=0 --group=0 --mode=u+rw,uga+r \ --owner=0 --group=0 --mode=u+rw,uga+r \
--mtime='1970-01-01' \ --mtime='1970-01-01' \
--absolute-names \ --absolute-names \

6
scripts/build-checks Executable file
View file

@ -0,0 +1,6 @@
#!/usr/bin/env bash
set -euo pipefail
system=$(nix eval --raw --impure --expr builtins.currentSystem)
nix eval --json ".#checks.$system" --apply builtins.attrNames | \
jq -r '.[]' | \
xargs -P0 -I '{}' sh -c "nix build -L .#checks.$system.{} || { echo 'FAILED: \033[0;31mnix build -L .#checks.$system.{}\\033[0m'; kill 0; }"