Skip to content
Nix CI

chores: use custom github runners #3575

Sign in to view logs

chores: use custom github runners

chores: use custom github runners #3575

Workflow file for this run

.github/workflows/nix-build.yml at 6353d58
name: Nix CI
on:
push:
branches:
- develop
- release/*
pull_request:
workflow_dispatch:
permissions:
id-token: write
# required by dependent workflows
contents: write
packages: write
jobs:
nix-matrix:
runs-on:
group: self-hosted-runners-nix
labels:
- aarch64-darwin
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- id: set-matrix
name: Generate Nix Matrix
run: |
set -Eeu
echo matrix="$(python scripts/github-matrix.py)" >> "$GITHUB_OUTPUT"
build-run-image:
name: ${{ matrix.name }} (${{ matrix.system }})
needs: nix-matrix
runs-on: ${{ matrix.runs_on.group && matrix.runs_on || matrix.runs_on.labels }}
strategy:
fail-fast: false
matrix: ${{fromJSON(needs.nix-matrix.outputs.matrix)}}
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: aws-oidc
uses: aws-actions/[email protected]
with:
aws-region: us-east-2
role-to-assume: arn:aws:iam::279559813984:role/supabase-github-oidc-role # Shared Services
role-session-name: gha-oidc-${{ github.run_id }}
- name: aws-creds
uses: aws-actions/[email protected]
with:
disable-retry: true
aws-region: us-east-2
role-to-assume: arn:aws:iam::436098097459:role/nix-artifacts-deploy-role # supabase-dev
role-session-name: gha-oidc-${{ github.run_id }}
role-chaining: true
role-skip-session-tagging: true
role-duration-seconds: 900 # TODO: switch to 18000 (5 hours)
- name: Write creds files
run: |
umask 006
cat > /etc/nix/aws/nix-aws-credentials <<EOF
[ci-uploader]
aws_access_key_id = ${AWS_ACCESS_KEY_ID}
aws_secret_access_key = ${AWS_SECRET_ACCESS_KEY}
aws_session_token = ${AWS_SESSION_TOKEN}
EOF
- name: nix build
run: |
if ${{ matrix.already_cached }}; then
echo "${{ matrix.attr }} already cached, skipping build"
exit 0
fi
nix build -L .#${{ matrix.attr }}
run-tests:
needs: build-run-image
if: ${{ success() }}
uses: ./.github/workflows/test.yml