From 4a31343b5377cae9e9b741171bd8ec86c3aea41d Mon Sep 17 00:00:00 2001 From: seth Date: Wed, 27 Nov 2024 17:36:52 -0500 Subject: [PATCH 1/2] ci: use nix-eval-jobs --- .github/workflows/ci.yml | 63 +++++++++++++++++++--- ci.nix | 109 +++++++++++++++++++++++++++++++++++++++ flake.nix | 1 + 3 files changed, 165 insertions(+), 8 deletions(-) create mode 100644 ci.nix diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3b3df2b..1ba7472 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,20 +1,67 @@ name: CI + on: push: - branches: [main] + branches: [ main ] pull_request: workflow_dispatch: + jobs: - flake: - name: Flake checks + eval: + name: Evaluate hydraJobs + runs-on: ubuntu-latest + + outputs: + matrix: ${{ steps.eval.outputs.matrix }} + steps: - name: Checkout repository uses: actions/checkout@v4 + - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v16 - - name: Setup Nix cache - uses: DeterminateSystems/magic-nix-cache-action@v8 - - name: Run checks + uses: cachix/install-nix-action@v27 + + - name: Generate matrix + id: eval run: | - nix flake check --print-build-logs --show-trace + echo "matrix=$(nix run .#generate-actions-matrix)" >> "$GITHUB_OUTPUT" + + build: + name: Build ${{ matrix.attr }} + needs: [ eval ] + + strategy: + fail-fast: false + matrix: ${{ fromJSON(needs.eval.outputs.matrix) }} + + runs-on: ${{ matrix.os }} + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Install Nix + uses: cachix/install-nix-action@v27 + + - name: Setup Cachix + uses: cachix/cachix-action@v15 + with: + name: prismlauncher + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + + - name: Build ${{ matrix.attr }} + run: | + nix build --print-build-logs '${{ matrix.drvPath }}^*' + + # Cumulative job for all of the above + release-gate: + name: Release Gate + needs: [ build ] + + runs-on: ubuntu-latest + + steps: + - name: Exit with error + if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }} + run: exit 1 diff --git a/ci.nix b/ci.nix new file mode 100644 index 0000000..e1fb1c9 --- /dev/null +++ b/ci.nix @@ -0,0 +1,109 @@ +{ + self, + nixpkgs, + flake-utils, + ... +}: + +let + inherit (nixpkgs) lib; +in + +flake-utils.lib.eachDefaultSystem ( + system: + let + pkgs = nixpkgs.legacyPackages.${system}; + + mkCheck = + name: deps: script: + pkgs.runCommand "check-${name}" { nativeBuildInputs = deps; } '' + ${script} + touch $out + ''; + in + { + apps = { + generate-actions-matrix = { + type = "app"; + program = lib.getExe ( + pkgs.writeShellApplication { + name = "generate-actions-matrix"; + + runtimeInputs = [ + pkgs.jq + pkgs.nix-eval-jobs + ]; + + text = '' + filter=' + { + include: [ + .[] | { + attr, + drvPath, + os: ( + if .system == "x86_64-linux" then + "ubuntu-latest" + elif .system == "x86_64-darwin" then + "macos-13" + elif .system == "aarch64-darwin" then + "macos-latest" + else + null + end + ) + } + ] + } + ' + + gcroot_dir="$(mktemp -d)" + trap 'rm -rf "$gcroot_dir"' EXIT + + eval_jobs_args=( + --flake '${self.outPath}#hydraJobs' + --gc-roots-dir "$gcroot_dir" + --option allow-import-from-derivation false + --show-trace + ) + + jq_args=( + --compact-output + --slurp + "$filter" + ) + + nix-eval-jobs "''${eval_jobs_args[@]}" | jq "''${jq_args[@]}" + ''; + } + ); + }; + }; + + checks = { + deadnix = mkCheck "deadnix" [ pkgs.deadnix ] "deadnix --fail ${self}"; + statix = mkCheck "statix" [ pkgs.statix ] "statix check ${self}"; + }; + } +) +// { + hydraJobs = + let + ciSystem = "x86_64-linux"; + pkgs = nixpkgs.legacyPackages.${ciSystem}; + + nixosConfigurations = lib.mapAttrs (lib.const ( + configuration: configuration.config.system.build.toplevel + )) self.nixosConfigurations; + in + { + checks = lib.recurseIntoAttrs self.checks.${ciSystem}; + devShells = lib.recurseIntoAttrs self.devShells.${ciSystem}; + + nixosConfigurations = lib.recurseIntoAttrs { + # TODO: Inherit nixosConfigurations from above when we can actually + # build ARM configurations in GHA + andesite = builtins.deepSeq nixosConfigurations.andesite.drvPath pkgs.emptyFile; + }; + }; +} diff --git a/flake.nix b/flake.nix index b93a383..dc12c75 100644 --- a/flake.nix +++ b/flake.nix @@ -42,6 +42,7 @@ flake-utils.lib.meld inputs [ ./machines/andesite ./modules + ./ci.nix ./development.nix ]; } From 74d845eccafa342ccfa0d767b8e148e6ddcdcc4f Mon Sep 17 00:00:00 2001 From: seth Date: Wed, 27 Nov 2024 17:38:26 -0500 Subject: [PATCH 2/2] treewide: fix statix warnings --- machines/andesite/disks.nix | 2 -- modules/default.nix | 1 - modules/from-facts.nix | 2 +- treefmt.nix | 19 ++++++++++--------- 4 files changed, 11 insertions(+), 13 deletions(-) diff --git a/machines/andesite/disks.nix b/machines/andesite/disks.nix index 24959bb..8d48d0d 100644 --- a/machines/andesite/disks.nix +++ b/machines/andesite/disks.nix @@ -1,6 +1,4 @@ { inputs, ... }: -let -in { imports = [ inputs.impermanence.nixosModules.impermanence diff --git a/modules/default.nix b/modules/default.nix index f921156..1df10bc 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,4 +1,3 @@ -{ ... }: { nixosModules = { from-facts = ./from-facts.nix; diff --git a/modules/from-facts.nix b/modules/from-facts.nix index fc99d51..87a63dd 100644 --- a/modules/from-facts.nix +++ b/modules/from-facts.nix @@ -27,7 +27,7 @@ in config = mkIf (cfg.file != null) { networking = { hostName = cfg.data.hostname; - domain = cfg.data.domain; + inherit (cfg.data) domain; interfaces.${cfg.interface} = { useDHCP = true; ipv6.addresses = [ diff --git a/treefmt.nix b/treefmt.nix index 648d4d6..aad8770 100644 --- a/treefmt.nix +++ b/treefmt.nix @@ -1,15 +1,16 @@ -{ ... }: { projectRootFile = "flake.nix"; - programs.actionlint.enable = true; - programs.hclfmt.enable = true; - programs.just.enable = true; - programs.mdformat.enable = true; - programs.nixfmt.enable = true; - programs.shfmt.enable = true; - programs.terraform.enable = true; - programs.yamlfmt.enable = true; + programs = { + actionlint.enable = true; + hclfmt.enable = true; + just.enable = true; + mdformat.enable = true; + nixfmt.enable = true; + shfmt.enable = true; + terraform.enable = true; + yamlfmt.enable = true; + }; settings.global.excludes = [ "**.age"