ci: Custom GitHub Runners for Nix Builds #4510

Workflow file for this run

.github/workflows/nix-build.yml at 52b9aae

	name: Nix CI

	on:
	push:
	branches:
	- release/*
	pull_request:
	merge_group:
	workflow_dispatch:

	permissions:
	id-token: write
	# required by testinfra-ami-build dependent workflows
	contents: write
	packages: write

	jobs:
	nix-eval:
	uses: ./.github/workflows/nix-eval.yml
	secrets:
	DEV_AWS_ROLE: ${{ secrets.DEV_AWS_ROLE }}
	NIX_SIGN_SECRET_KEY: ${{ secrets.NIX_SIGN_SECRET_KEY }}

	nix-build-aarch64-linux:
	name: >-
	${{ matrix.name }}${{ matrix.postgresql_version && format(' - Postgres {0}', matrix.postgresql_version) \|\| '' }}
	(aarch64-linux)
	needs: nix-eval
	runs-on: ${{ matrix.runs_on.group && matrix.runs_on \|\| matrix.runs_on.labels }}
	if: ${{ fromJSON(needs.nix-eval.outputs.matrix).aarch64_linux != null }}
	strategy:
	fail-fast: false
	max-parallel: 5
	matrix: ${{ fromJSON(needs.nix-eval.outputs.matrix).aarch64_linux }}
	steps:
	- name: Checkout Repo
	if: ${{ matrix.attr != '' }}
	uses: actions/checkout@v4
	- name: Install nix (ephemeral)
	if: ${{ matrix.attr != '' && matrix.runs_on.group != 'self-hosted-runners-nix' }}
	uses: ./.github/actions/nix-install-ephemeral
	with:
	push-to-cache: 'true'
	env:
	DEV_AWS_ROLE: ${{ secrets.DEV_AWS_ROLE }}
	NIX_SIGN_SECRET_KEY: ${{ secrets.NIX_SIGN_SECRET_KEY }}
	- name: Install nix (self-hosted)
	if: ${{ matrix.attr != '' && matrix.runs_on.group == 'self-hosted-runners-nix' }}
	uses: ./.github/actions/nix-install-self-hosted
	- name: nix build
	if: ${{ matrix.attr != '' }}
	shell: bash
	run: nix build --accept-flake-config -L .#${{ matrix.attr }}

	nix-build-aarch64-darwin:
	name: >-
	${{ matrix.name }}${{ matrix.postgresql_version && format(' - Postgres {0}', matrix.postgresql_version) \|\| '' }}
	(aarch64-darwin)
	needs: nix-eval
	runs-on: ${{ matrix.attr != '' && matrix.runs_on.group && matrix.runs_on \|\| matrix.runs_on.labels }}
	if: ${{ fromJSON(needs.nix-eval.outputs.matrix).aarch64_darwin != null }}
	strategy:
	fail-fast: false
	max-parallel: 5
	matrix: ${{ fromJSON(needs.nix-eval.outputs.matrix).aarch64_darwin }}
	steps:
	- name: Checkout Repo
	if: ${{ matrix.attr != '' }}
	uses: actions/checkout@v4
	- name: Install nix
	if: ${{ matrix.attr != '' }}
	uses: ./.github/actions/nix-install-self-hosted
	- name: nix build
	if: ${{ matrix.attr != '' }}
	shell: bash
	run: nix build --accept-flake-config -L .#${{ matrix.attr }}

	nix-build-x86_64-linux:
	name: >-
	${{ matrix.name }}${{ matrix.postgresql_version && format(' - Postgres {0}', matrix.postgresql_version) \|\| '' }}
	(x86_64-linux)
	needs: nix-eval
	runs-on: ${{ matrix.attr != '' && matrix.runs_on.group && matrix.runs_on \|\| matrix.runs_on.labels }}
	if: ${{ fromJSON(needs.nix-eval.outputs.matrix).x86_64_linux != null }}
	strategy:
	fail-fast: false
	max-parallel: 5
	matrix: ${{ fromJSON(needs.nix-eval.outputs.matrix).x86_64_linux }}
	steps:
	- name: Checkout Repo
	if: ${{ matrix.attr != '' }}
	uses: actions/checkout@v4
	- name: Install nix
	if: ${{ matrix.attr != '' }}
	uses: ./.github/actions/nix-install-ephemeral
	with:
	push-to-cache: 'true'
	env:
	DEV_AWS_ROLE: ${{ secrets.DEV_AWS_ROLE }}
	NIX_SIGN_SECRET_KEY: ${{ secrets.NIX_SIGN_SECRET_KEY }}
	- name: nix build
	if: ${{ matrix.attr != '' }}
	shell: bash
	run: nix build --accept-flake-config -L .#${{ matrix.attr }}

	run-testinfra:
	needs: [nix-build-aarch64-linux, nix-build-aarch64-darwin, nix-build-x86_64-linux]
	if: \|
	!cancelled() &&
	(needs.nix-build-aarch64-linux.result == 'skipped' \|\| needs.nix-build-aarch64-linux.result == 'success') &&
	(needs.nix-build-aarch64-darwin.result == 'skipped' \|\| needs.nix-build-aarch64-darwin.result == 'success') &&
	(needs.nix-build-x86_64-linux.result == 'skipped' \|\| needs.nix-build-x86_64-linux.result == 'success')
	uses: ./.github/workflows/testinfra-ami-build.yml
	secrets:
	DEV_AWS_ROLE: ${{ secrets.DEV_AWS_ROLE }}

	run-tests:
	needs: [nix-build-aarch64-linux, nix-build-aarch64-darwin, nix-build-x86_64-linux]
	if: \|
	!cancelled() &&
	(needs.nix-build-aarch64-linux.result == 'skipped' \|\| needs.nix-build-aarch64-linux.result == 'success') &&
	(needs.nix-build-aarch64-darwin.result == 'skipped' \|\| needs.nix-build-aarch64-darwin.result == 'success') &&
	(needs.nix-build-x86_64-linux.result == 'skipped' \|\| needs.nix-build-x86_64-linux.result == 'success')
	uses: ./.github/workflows/test.yml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

ci: Custom GitHub Runners for Nix Builds #4510

Workflow file

ci: Custom GitHub Runners for Nix Builds #4510

Uh oh!

Jobs

Run details

Workflow file for this run