diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7e3c9872d..f04126747 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -18,4 +18,11 @@ jobs: with: flakehub: true - uses: DeterminateSystems/flakehub-cache-action@main - - run: nix build . .#binaryTarball -L + - run: echo "system=$(nix eval --impure --raw --expr 'builtins.currentSystem')" >> "$GITHUB_OUTPUT" + id: system + - run: nix build .# .#binaryTarball --no-link -L + - run: nix build .#binaryTarball --out-link tarball + - uses: actions/upload-artifact@v4 + with: + name: ${{ steps.system.outputs.system }} + path: ./tarball/*.xz diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml deleted file mode 100644 index 00ca3ec53..000000000 --- a/.github/workflows/publish.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: Release - -on: - release: - types: - - released - -jobs: - publish: - if: (!github.repository.fork && (github.ref == format('refs/heads/{0}', github.event.repository.default_branch) || startsWith(github.ref, 'refs/tags/'))) - environment: ${{ github.event_name == 'release' && 'production' || '' }} - runs-on: ubuntu-latest - permissions: - contents: read - id-token: write - steps: - - uses: actions/checkout@v4 - - uses: DeterminateSystems/nix-installer-action@main - - uses: "DeterminateSystems/flakehub-push@main" - with: - rolling: ${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }} - visibility: "private" - tag: "${{ github.ref_name }}" diff --git a/.github/workflows/upload-release.yml b/.github/workflows/upload-release.yml new file mode 100644 index 000000000..5e09c010c --- /dev/null +++ b/.github/workflows/upload-release.yml @@ -0,0 +1,103 @@ +name: Upload release + +concurrency: + group: upload-release + +on: + workflow_call: + push: + branches: + # NOTE: make sure any branches here are also valid directory names, + # otherwise creating the directory and uploading to s3 will fail + - "main" + pull_request: + types: + - opened + - reopened + - synchronize + - labeled + release: + types: + - released + +permissions: + id-token: "write" + contents: "read" + +jobs: + build-x86_64-linux: + uses: ./.github/workflows/build.yml + with: + os: blacksmith-32vcpu-ubuntu-2204 + build-aarch64-linux: + uses: ./.github/workflows/build.yml + with: + os: blacksmith-32vcpu-ubuntu-2204-arm + build-x86_64-darwin: + uses: ./.github/workflows/build.yml + with: + os: macos-13 + build-aarch64-darwin: + uses: ./.github/workflows/build.yml + with: + os: macos-latest + + release: + runs-on: ubuntu-latest + needs: + - build-x86_64-linux + - build-aarch64-linux + - build-x86_64-darwin + - build-aarch64-darwin + steps: + - name: Checkout + uses: actions/checkout@v4 + - uses: "DeterminateSystems/nix-installer-action@main" + with: + determinate: true + + - name: Create artifacts directory + run: mkdir -p ./artifacts + + - name: Fetch artifacts + uses: actions/download-artifact@v4 + with: + path: downloaded + - name: Move downloaded artifacts to artifacts directory + run: | + for dir in ./downloaded/*; do + arch="$(basename "$dir")" + mv "$dir"/*.xz ./artifacts/"${arch}" + done + + - name: Build fallback-paths.nix + run: | + nix build .#fallbackPathsNix --out-link fallback + cat fallback > ./artifacts/fallback-paths.nix + + - uses: DeterminateSystems/push-artifact-ids@main + with: + s3_upload_role: ${{ secrets.AWS_S3_UPLOAD_ROLE_ARN }} + bucket: ${{ secrets.AWS_S3_UPLOAD_BUCKET_NAME }} + directory: ./artifacts + ids_project_name: determinate-nix + ids_binary_prefix: determinate-nix + skip_acl: true + + publish: + needs: + - release + if: (!github.repository.fork && (github.ref == format('refs/heads/{0}', github.event.repository.default_branch) || startsWith(github.ref, 'refs/tags/'))) + environment: ${{ github.event_name == 'release' && 'production' || '' }} + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + steps: + - uses: actions/checkout@v4 + - uses: DeterminateSystems/nix-installer-action@main + - uses: "DeterminateSystems/flakehub-push@main" + with: + rolling: ${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }} + visibility: "private" + tag: "${{ github.ref_name }}" diff --git a/flake.nix b/flake.nix index 29111b453..04f3e4d87 100644 --- a/flake.nix +++ b/flake.nix @@ -294,6 +294,36 @@ nix-manual = nixpkgsFor.${system}.native.nixComponents.nix-manual; nix-internal-api-docs = nixpkgsFor.${system}.native.nixComponents.nix-internal-api-docs; nix-external-api-docs = nixpkgsFor.${system}.native.nixComponents.nix-external-api-docs; + + fallbackPathsNix = + let + pkgs = nixpkgsFor.${system}.native; + + closures = forAllSystems (system: self.packages.${system}.default.outPath); + + closures_json = pkgs.runCommand "versions.json" + { + buildInputs = [ pkgs.jq ]; + passAsFile = [ "json" ]; + json = builtins.toJSON closures; + } '' + cat "$jsonPath" | jq . > $out + ''; + + closures_nix = pkgs.runCommand "versions.nix" + { + buildInputs = [ pkgs.jq ]; + passAsFile = [ "template" ]; + jsonPath = closures_json; + template = '' + builtins.fromJSON('''@closures@''') + ''; + } '' + export closures=$(cat "$jsonPath"); + substituteAll "$templatePath" "$out" + ''; + in + closures_nix; } # We need to flatten recursive attribute sets of derivations to pass `flake check`. //