feat: enable x86_64-linux builds in CI

jfroche · jfroche · commit 5abba2bf1bb4 · 2025-10-06T13:40:40.000+02:00
diff --git a/.github/actions/nix-install-ephemeral/action.yml b/.github/actions/nix-install-ephemeral/action.yml
@@ -1,5 +1,5 @@
 name: 'Install Nix on ephemeral runners'
-description: 'Installs Nix and sets up AWS credentials for pushing to Nix binary cache'
+description: 'Installs Nix and sets up AWS credentials to push to the Nix binary cache'
 inputs:
   push-to-cache:
     description: 'Whether to push build outputs to the Nix binary cache'
diff --git a/.github/actions/nix-install-self-hosted/action.yml b/.github/actions/nix-install-self-hosted/action.yml
@@ -1,13 +1,10 @@
-name: 'Nix Build Setup'
-description: 'Sets up AWS credentials and builds a Nix package'
+name: 'Configure Nix on self hosted runners'
+description: 'Sets up AWS credentials to push to the Nix binary cache'
 inputs:
-  attr:
-    description: 'The Nix attribute to build'
-    required: true
   aws-role-duration:
     description: 'AWS role session duration in seconds'
     required: false
-    default: '3600'
+    default: '18000'
 
 runs:
   using: 'composite'
@@ -19,7 +16,7 @@ runs:
         aws-region: us-east-2
         role-to-assume: arn:aws:iam::436098097459:role/nix-artifacts-deploy-role # supabase-dev
         role-session-name: gha-oidc-${{ github.run_id }}
-        role-duration-seconds: 18000
+        role-duration-seconds: ${{ inputs.aws-role-duration }}
 
     - name: Write creds files
       shell: bash
@@ -31,6 +28,3 @@ runs:
         aws_secret_access_key = ${AWS_SECRET_ACCESS_KEY}
         aws_session_token = ${AWS_SESSION_TOKEN}
         EOF
-    - name: nix build
-      shell: bash
-      run: nix build --accept-flake-config -L .#${{ inputs.attr }}
diff --git a/.github/workflows/nix-build.yml b/.github/workflows/nix-build.yml
@@ -34,9 +34,10 @@ jobs:
       - name: Checkout Repo
         uses: actions/checkout@v4
       - name: Build Nix Package
-        uses: ./.github/actions/nix-build-self-hosted
-        with:
-          attr: ${{ matrix.attr }}
+        uses: ./.github/actions/nix-install-self-hosted
+      - name: nix build
+        shell: bash
+        run: nix build --accept-flake-config -L .#${{ matrix.attr }}
 
   nix-build-aarch64-darwin:
     name: ${{ matrix.name }} (aarch64-darwin)
@@ -51,30 +52,34 @@ jobs:
       - name: Checkout Repo
         uses: actions/checkout@v4
       - name: Build Nix Package
-        uses: ./.github/actions/nix-build-self-hosted
-        with:
-          attr: ${{ matrix.attr }}
+        uses: ./.github/actions/nix-install-self-hosted
+      - name: nix build
+        shell: bash
+        run: nix build --accept-flake-config -L .#${{ matrix.attr }}
 
-  # TODO
-  # nix-build-x86_64-linux:
-  #   name: ${{matrix.postgresql_version}}.${{ matrix.name }} (x86_64-linux)
-  #   needs: nix-eval
-  #   runs-on: ${{ matrix.runs_on.group && matrix.runs_on || matrix.runs_on.labels }}
-  #   if: ${{ fromJSON(needs.nix-eval.outputs.matrix).x86_64_linux != null }}
-  #   strategy:
-  #     fail-fast: false
-  #     max-parallel: 3
-  #     matrix: ${{ fromJSON(needs.nix-eval.outputs.matrix).x86_64_linux }}
-  #   steps:
-  #     - name: Checkout Repo
-  #       uses: actions/checkout@v4
-  #     - name: Build Nix Package
-  #       uses: ./.github/actions/nix-build-self-hosted
-  #       with:
-  #         attr: ${{ matrix.attr }}
+  nix-build-x86_64-linux:
+    name: ${{ matrix.name }} (x86_64-linux)
+    needs: nix-eval
+    runs-on: ${{ matrix.runs_on.group && matrix.runs_on || matrix.runs_on.labels }}
+    if: ${{ fromJSON(needs.nix-eval.outputs.matrix).x86_64_linux != null }}
+    strategy:
+      fail-fast: false
+      max-parallel: 5
+      matrix: ${{ fromJSON(needs.nix-eval.outputs.matrix).x86_64_linux }}
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v4
+      - name: Install nix
+        uses: ./.github/actions/nix-install-ephemeral
+        env:
+          DEV_AWS_ROLE: ${{ secrets.DEV_AWS_ROLE }}
+          NIX_SIGN_SECRET_KEY: ${{ secrets.NIX_SIGN_SECRET_KEY }}
+      - name: nix build
+        shell: bash
+        run: nix build --accept-flake-config -L .#${{ matrix.attr }}
 
   run-testinfra:
-    needs: [nix-build-aarch64-linux, nix-build-aarch64-darwin] #, nix-build-x86_64-linux]
+    needs: [nix-build-aarch64-linux, nix-build-aarch64-darwin, nix-build-x86_64-linux]
     if: |
       !cancelled() &&
       (needs.nix-build-aarch64-linux.result == 'skipped' || needs.nix-build-aarch64-linux.result == 'success') &&
@@ -84,7 +89,7 @@ jobs:
       DEV_AWS_ROLE: ${{ secrets.DEV_AWS_ROLE }}
 
   run-tests:
-    needs: [nix-build-aarch64-linux, nix-build-aarch64-darwin] #, nix-build-x86_64-linux]
+    needs: [nix-build-aarch64-linux, nix-build-aarch64-darwin, nix-build-x86_64-linux]
     if: |
       !cancelled() && 
       (needs.nix-build-aarch64-linux.result == 'skipped' || needs.nix-build-aarch64-linux.result == 'success') &&
