diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 30698df1..39c9c88a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,243 +1,24 @@ -name: 'CI' +name: CI on: - # Allow this workflow to be reused by other workflows: - workflow_call: - inputs: - do_deploy: - description: 'Deploy to cachix' - type: 'boolean' - default: false - required: false - secrets: - CACHIX_AUTH_TOKEN: - description: 'Cachix auth token' - required: true - CACHIX_ACTIVATE_TOKEN: - description: 'Cachix activate token' - required: false - NIX_GITHUB_TOKEN: - description: GitHub token to add as access-token in nix.conf - required: false - # Allow this workflow to be triggered manually: workflow_dispatch: - inputs: - do_deploy: - description: 'Deploy to cachix' - type: 'boolean' - default: false - required: false - # Allow this workflow to be triggered in merge + # Allow this workflow to be run in merge queues: merge_group: - push: + # Run this workflow when PRs target `main` and when they're merged in `main`: + pull_request: branches: - main - pull_request: + push: branches: - main -concurrency: - group: ${{ github.workflow }}-${{ github.repository }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - jobs: - post-initial-comment: - runs-on: self-hosted - steps: - - name: 'Post initial package status comment' - uses: marocchino/sticky-pull-request-comment@v2.9.0 - with: - recreate: true - message: | - Thanks for your Pull Request! - - This comment will be updated automatically with the status of each package. - - generate-matrix-matrix: - name: Generate Matrix of Matrices - runs-on: self-hosted - steps: - - name: Install Nix - uses: metacraft-labs/nixos-modules/.github/install-nix@main - with: - cachix-cache: ${{ vars.CACHIX_CACHE }} - cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }} - trusted-public-keys: ${{ vars.TRUSTED_PUBLIC_KEYS }} - substituters: ${{ vars.SUBSTITUTERS }} - nix-github-token: ${{ secrets.NIX_GITHUB_TOKEN }} - - - uses: actions/checkout@v4 - - - name: Generate Matrix for Matrix - id: generate-matrix - env: - CACHIX_CACHE: ${{ vars.CACHIX_CACHE }} - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - MCL_BRANCH: ${{ github.repository == 'metacraft-labs/nixos-modules' && github.sha || 'main' }} - run: nix run --accept-flake-config github:metacraft-labs/nixos-modules/${{ env.MCL_BRANCH }}#mcl shard_matrix - outputs: - gen_matrix: ${{ steps.generate-matrix.outputs.gen_matrix }} - - generate-matrix: - needs: generate-matrix-matrix - runs-on: self-hosted - strategy: - matrix: ${{fromJSON(needs.generate-matrix-matrix.outputs.gen_matrix)}} - name: Generate Matrix ${{ matrix.digit != -1 && matrix.digit || '' }} - steps: - - name: Install Nix - uses: metacraft-labs/nixos-modules/.github/install-nix@main - with: - cachix-cache: ${{ vars.CACHIX_CACHE }} - cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }} - trusted-public-keys: ${{ vars.TRUSTED_PUBLIC_KEYS }} - substituters: ${{ vars.SUBSTITUTERS }} - nix-github-token: ${{ secrets.NIX_GITHUB_TOKEN }} - - - uses: actions/checkout@v4 - - - name: Generate CI Matrix - id: generate-matrix - shell: bash - env: - IS_INITIAL: 'true' - CACHIX_CACHE: ${{ vars.CACHIX_CACHE }} - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - FLAKE_PRE: ${{ matrix.prefix }} - FLAKE_POST: ${{ matrix.postfix }} - MCL_BRANCH: ${{ github.repository == 'metacraft-labs/nixos-modules' && github.sha || 'main' }} - run: nix run --accept-flake-config github:metacraft-labs/nixos-modules/${{ env.MCL_BRANCH }}#mcl ci_matrix - - - uses: actions/upload-artifact@v4 - with: - name: matrix-pre${{ matrix.digit != -1 && format('-{0}', matrix.digit) || '' }} - path: matrix-pre.json - outputs: - matrix: ${{ steps.generate-matrix.outputs.matrix }} - - slurp-matrix: - runs-on: self-hosted - needs: generate-matrix - name: Merge matrices - outputs: - matrix: ${{ steps.matrix.outputs.matrix }} - fullMatrix: ${{ steps.matrix.outputs.fullMatrix }} - steps: - - uses: actions/download-artifact@v4 - - name: Merge matrices - run: | - # Check if jq is installed - if ! command -v jq &> /dev/null; then - PATH="$(nix build --print-out-paths 'nixpkgs#jq^bin')/bin:$PATH" - export PATH - fi - - ls */matrix-pre.json - matrix="$(cat */matrix-pre.json | jq -cr '.include[]' | jq '[ select (.isCached == false) ]' | jq -s 'add' | jq -c '. | {include: .}')" - - if [[ "$matrix" == '' ]] || [[ "$matrix" == '{}' ]] || [[ "$matrix" == '{"include":null}' ]] || [[ "$matrix" == '{"include":[]}' ]]; then - matrix='{"include":[]}' - fi - - echo "---" - echo "Matrix:" - echo "$matrix" | jq - echo "---" - echo - echo - - fullMatrix="$(cat */matrix-pre.json | jq -cr '.include' | jq -s 'add' | jq -c '. | {include: .}')" - - echo "---" - echo "Full Matrix:" - echo "$fullMatrix" | jq - echo "---" - - echo "matrix=$matrix" >> $GITHUB_OUTPUT - echo "fullMatrix=$fullMatrix" >> $GITHUB_OUTPUT - - id: matrix - - name: Post Comment - id: print-matrix - uses: metacraft-labs/nixos-modules/.github/print-matrix@main - with: - is-initial: 'true' - cachix-cache: ${{ vars.CACHIX_CACHE }} - cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }} - trusted-public-keys: ${{ vars.TRUSTED_PUBLIC_KEYS }} - substituters: ${{ vars.SUBSTITUTERS }} - precalc_matrix: ${{ steps.matrix.outputs.fullMatrix }} - pr-comment-github-token: ${{ secrets.GITHUB_TOKEN }} - nix-github-token: ${{ secrets.NIX_GITHUB_TOKEN }} - - build: - needs: slurp-matrix - if: needs.slurp-matrix.outputs.matrix != '{"include":[]}' - - strategy: - fail-fast: false - matrix: ${{fromJSON( needs.slurp-matrix.outputs.matrix )}} - - name: ${{ matrix.name }} | ${{ matrix.system }} - runs-on: ${{ matrix.os }} - continue-on-error: ${{ matrix.allowedToFail }} - - steps: - - uses: actions/checkout@v4 - - - name: Install Nix - uses: metacraft-labs/nixos-modules/.github/install-nix@main - with: - cachix-cache: ${{ vars.CACHIX_CACHE }} - cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }} - trusted-public-keys: ${{ vars.TRUSTED_PUBLIC_KEYS }} - substituters: ${{ vars.SUBSTITUTERS }} - nix-github-token: ${{ secrets.NIX_GITHUB_TOKEN }} - - - name: Build ${{ matrix.name }} - run: | - nix build -L --no-link --keep-going --show-trace \ - '.#${{ matrix.attrPath }}' - - - name: Push to Cachix ${{ matrix.name }} - run: | - cachix push ${{ vars.CACHIX_CACHE }} ${{ matrix.output }} - - results: - runs-on: self-hosted - name: Final Results - needs: [build, slurp-matrix] - if: always() - steps: - - name: Post Comment - uses: metacraft-labs/nixos-modules/.github/print-matrix@main - with: - is-initial: 'false' - cachix-cache: ${{ vars.CACHIX_CACHE }} - cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }} - trusted-public-keys: ${{ vars.TRUSTED_PUBLIC_KEYS }} - substituters: ${{ vars.SUBSTITUTERS }} - precalc_matrix: ${{ needs.slurp-matrix.outputs.fullMatrix }} - pr-comment-github-token: ${{ secrets.GITHUB_TOKEN }} - nix-github-token: ${{ secrets.NIX_GITHUB_TOKEN }} - - - run: exit 1 - if: >- - needs.slurp-matrix.outputs.matrix != '{"include":[]}' - && contains(needs.*.result, 'failure') - || contains(needs.*.result, 'cancelled') - - - uses: actions/checkout@v4 - if: inputs.do_deploy - - - name: Deploy - if: inputs.do_deploy - env: - CACHIX_CACHE: ${{ vars.CACHIX_CACHE }} - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - CACHIX_ACTIVATE_TOKEN: '${{ secrets.CACHIX_ACTIVATE_TOKEN }}' - MCL_BRANCH: ${{ github.repository == 'metacraft-labs/nixos-modules' && github.sha || 'main' }} - run: nix run --accept-flake-config github:metacraft-labs/nixos-modules/${{ env.MCL_BRANCH }}#mcl deploy_spec + ci: + uses: metacraft-labs/nixos-modules/.github/workflows/flake-checks-ci-matrix.yml@main + secrets: inherit + with: + runner: '["self-hosted", "Linux", "x86-64-v2"]' + run-cachix-deploy: false diff --git a/.github/workflows/flake-checks-ci-matrix.yml b/.github/workflows/flake-checks-ci-matrix.yml new file mode 100644 index 00000000..5b3b0f6e --- /dev/null +++ b/.github/workflows/flake-checks-ci-matrix.yml @@ -0,0 +1,248 @@ +name: 'CI' + +on: + # Allow this workflow to be reused by other workflows: + workflow_call: + inputs: + runner: + description: 'JSON-encoded list of runner labels' + default: '["self-hosted"]' + required: false + type: string + run-cachix-deploy: + description: 'Deploy to cachix' + type: 'boolean' + default: false + required: false + secrets: + CACHIX_AUTH_TOKEN: + description: 'Cachix auth token' + required: true + CACHIX_ACTIVATE_TOKEN: + description: 'Cachix activate token' + required: false + NIX_GITHUB_TOKEN: + description: GitHub token to add as access-token in nix.conf + required: false + + # Allow this workflow to be triggered manually: + workflow_dispatch: + inputs: + run-cachix-deploy: + description: 'Deploy to cachix' + type: 'boolean' + default: false + required: false + + # Allow this workflow to be triggered in merge + merge_group: + + push: + branches: + - main + pull_request: + branches: + - main + +concurrency: + group: ${{ github.workflow }}-${{ github.repository }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +jobs: + post-initial-comment: + runs-on: ${{ fromJSON(inputs.runner) }} + steps: + - name: 'Post initial package status comment' + uses: marocchino/sticky-pull-request-comment@v2.9.0 + with: + recreate: true + message: | + Thanks for your Pull Request! + + This comment will be updated automatically with the status of each package. + + generate-matrix-matrix: + name: Generate Matrix of Matrices + runs-on: ${{ fromJSON(inputs.runner) }} + steps: + - name: Install Nix + uses: metacraft-labs/nixos-modules/.github/install-nix@main + with: + cachix-cache: ${{ vars.CACHIX_CACHE }} + cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }} + trusted-public-keys: ${{ vars.TRUSTED_PUBLIC_KEYS }} + substituters: ${{ vars.SUBSTITUTERS }} + nix-github-token: ${{ secrets.NIX_GITHUB_TOKEN }} + + - uses: actions/checkout@v4 + + - name: Generate Matrix for Matrix + id: generate-matrix + env: + CACHIX_CACHE: ${{ vars.CACHIX_CACHE }} + CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} + MCL_BRANCH: ${{ github.repository == 'metacraft-labs/nixos-modules' && github.sha || 'main' }} + run: nix run --accept-flake-config github:metacraft-labs/nixos-modules/${{ env.MCL_BRANCH }}#mcl shard_matrix + outputs: + gen_matrix: ${{ steps.generate-matrix.outputs.gen_matrix }} + + generate-matrix: + needs: generate-matrix-matrix + runs-on: ${{ fromJSON(inputs.runner) }} + strategy: + matrix: ${{fromJSON(needs.generate-matrix-matrix.outputs.gen_matrix)}} + name: Generate Matrix ${{ matrix.digit != -1 && matrix.digit || '' }} + steps: + - name: Install Nix + uses: metacraft-labs/nixos-modules/.github/install-nix@main + with: + cachix-cache: ${{ vars.CACHIX_CACHE }} + cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }} + trusted-public-keys: ${{ vars.TRUSTED_PUBLIC_KEYS }} + substituters: ${{ vars.SUBSTITUTERS }} + nix-github-token: ${{ secrets.NIX_GITHUB_TOKEN }} + + - uses: actions/checkout@v4 + + - name: Generate CI Matrix + id: generate-matrix + shell: bash + env: + IS_INITIAL: 'true' + CACHIX_CACHE: ${{ vars.CACHIX_CACHE }} + CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} + FLAKE_PRE: ${{ matrix.prefix }} + FLAKE_POST: ${{ matrix.postfix }} + MCL_BRANCH: ${{ github.repository == 'metacraft-labs/nixos-modules' && github.sha || 'main' }} + run: nix run --accept-flake-config github:metacraft-labs/nixos-modules/${{ env.MCL_BRANCH }}#mcl ci_matrix + + - uses: actions/upload-artifact@v4 + with: + name: matrix-pre${{ matrix.digit != -1 && format('-{0}', matrix.digit) || '' }} + path: matrix-pre.json + outputs: + matrix: ${{ steps.generate-matrix.outputs.matrix }} + + slurp-matrix: + runs-on: ${{ fromJSON(inputs.runner) }} + needs: generate-matrix + name: Merge matrices + outputs: + matrix: ${{ steps.matrix.outputs.matrix }} + fullMatrix: ${{ steps.matrix.outputs.fullMatrix }} + steps: + - uses: actions/download-artifact@v4 + - name: Merge matrices + run: | + # Check if jq is installed + if ! command -v jq &> /dev/null; then + PATH="$(nix build --print-out-paths 'nixpkgs#jq^bin')/bin:$PATH" + export PATH + fi + + ls */matrix-pre.json + matrix="$(cat */matrix-pre.json | jq -cr '.include[]' | jq '[ select (.isCached == false) ]' | jq -s 'add' | jq -c '. | {include: .}')" + + if [[ "$matrix" == '' ]] || [[ "$matrix" == '{}' ]] || [[ "$matrix" == '{"include":null}' ]] || [[ "$matrix" == '{"include":[]}' ]]; then + matrix='{"include":[]}' + fi + + echo "---" + echo "Matrix:" + echo "$matrix" | jq + echo "---" + echo + echo + + fullMatrix="$(cat */matrix-pre.json | jq -cr '.include' | jq -s 'add' | jq -c '. | {include: .}')" + + echo "---" + echo "Full Matrix:" + echo "$fullMatrix" | jq + echo "---" + + echo "matrix=$matrix" >> $GITHUB_OUTPUT + echo "fullMatrix=$fullMatrix" >> $GITHUB_OUTPUT + + id: matrix + - name: Post Comment + id: print-matrix + uses: metacraft-labs/nixos-modules/.github/print-matrix@main + with: + is-initial: 'true' + cachix-cache: ${{ vars.CACHIX_CACHE }} + cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }} + trusted-public-keys: ${{ vars.TRUSTED_PUBLIC_KEYS }} + substituters: ${{ vars.SUBSTITUTERS }} + precalc_matrix: ${{ steps.matrix.outputs.fullMatrix }} + pr-comment-github-token: ${{ secrets.GITHUB_TOKEN }} + nix-github-token: ${{ secrets.NIX_GITHUB_TOKEN }} + + build: + needs: slurp-matrix + if: needs.slurp-matrix.outputs.matrix != '{"include":[]}' + + strategy: + fail-fast: false + matrix: ${{fromJSON( needs.slurp-matrix.outputs.matrix )}} + + name: ${{ matrix.name }} | ${{ matrix.system }} + runs-on: ${{ matrix.os }} + continue-on-error: ${{ matrix.allowedToFail }} + + steps: + - uses: actions/checkout@v4 + + - name: Install Nix + uses: metacraft-labs/nixos-modules/.github/install-nix@main + with: + cachix-cache: ${{ vars.CACHIX_CACHE }} + cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }} + trusted-public-keys: ${{ vars.TRUSTED_PUBLIC_KEYS }} + substituters: ${{ vars.SUBSTITUTERS }} + nix-github-token: ${{ secrets.NIX_GITHUB_TOKEN }} + + - name: Build ${{ matrix.name }} + run: | + nix build -L --no-link --keep-going --show-trace \ + '.#${{ matrix.attrPath }}' + + - name: Push to Cachix ${{ matrix.name }} + run: | + cachix push ${{ vars.CACHIX_CACHE }} ${{ matrix.output }} + + results: + runs-on: ${{ fromJSON(inputs.runner) }} + name: Final Results + needs: [build, slurp-matrix] + if: always() + steps: + - name: Post Comment + uses: metacraft-labs/nixos-modules/.github/print-matrix@main + with: + is-initial: 'false' + cachix-cache: ${{ vars.CACHIX_CACHE }} + cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }} + trusted-public-keys: ${{ vars.TRUSTED_PUBLIC_KEYS }} + substituters: ${{ vars.SUBSTITUTERS }} + precalc_matrix: ${{ needs.slurp-matrix.outputs.fullMatrix }} + pr-comment-github-token: ${{ secrets.GITHUB_TOKEN }} + nix-github-token: ${{ secrets.NIX_GITHUB_TOKEN }} + + - run: exit 1 + if: >- + needs.slurp-matrix.outputs.matrix != '{"include":[]}' + && contains(needs.*.result, 'failure') + || contains(needs.*.result, 'cancelled') + + - uses: actions/checkout@v4 + if: inputs.run-cachix-deploy + + - name: Deploy + if: inputs.run-cachix-deploy + env: + CACHIX_CACHE: ${{ vars.CACHIX_CACHE }} + CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} + CACHIX_ACTIVATE_TOKEN: '${{ secrets.CACHIX_ACTIVATE_TOKEN }}' + MCL_BRANCH: ${{ github.repository == 'metacraft-labs/nixos-modules' && github.sha || 'main' }} + run: nix run --accept-flake-config github:metacraft-labs/nixos-modules/${{ env.MCL_BRANCH }}#mcl deploy_spec diff --git a/.github/workflows/update-flake-lock.yml b/.github/workflows/update-flake-lock.yml index 6161290b..7f5ed938 100644 --- a/.github/workflows/update-flake-lock.yml +++ b/.github/workflows/update-flake-lock.yml @@ -3,6 +3,13 @@ name: "Update Nix Flake lockfile" on: # Allow this workflow to be reused by other workflows: workflow_call: + inputs: + runner: + description: 'JSON-encoded list of runner labels' + default: '["self-hosted"]' + required: true + type: string + secrets: NIX_GITHUB_TOKEN: description: GitHub token to add as access-token in nix.conf @@ -26,7 +33,7 @@ on: jobs: main: - runs-on: self-hosted + runs-on: ${{ fromJSON(inputs.runner) }} steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/update-flake-packages.yml b/.github/workflows/update-flake-packages.yml index b77aa94b..c06a786b 100644 --- a/.github/workflows/update-flake-packages.yml +++ b/.github/workflows/update-flake-packages.yml @@ -3,6 +3,13 @@ name: "Update Flake Packages ❄️" on: # Allow this workflow to be reused by other workflows: workflow_call: + inputs: + runner: + description: 'JSON-encoded list of runner labels' + default: '["self-hosted"]' + required: true + type: string + secrets: NIX_GITHUB_TOKEN: description: GitHub token to add as access-token in nix.conf @@ -26,7 +33,7 @@ on: jobs: updateFlakePackages: - runs-on: self-hosted + runs-on: ${{ fromJSON(inputs.runner) }} steps: - name: Checkout repository uses: actions/checkout@v4