diff --git a/.github/workflows/nix-build.yml b/.github/workflows/nix-build.yml index 058d9087b..7551a14fa 100644 --- a/.github/workflows/nix-build.yml +++ b/.github/workflows/nix-build.yml @@ -10,23 +10,32 @@ on: permissions: id-token: write - # required by testinfra-ami-build dependent workflows + # required by dependent workflows contents: write packages: write jobs: + nix-matrix: + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.set-matrix.outputs.matrix }} + steps: + - uses: actions/checkout@v4 + - uses: cachix/install-nix-action@v30 + - id: set-matrix + name: Generate Nix Matrix + run: | + set -Eeu + matrix="$(nix eval --json '.#githubActions.matrix')" + echo "matrix=$matrix" >> "$GITHUB_OUTPUT" + build-run-image: + name: ${{ matrix.name }} (${{ matrix.system }}) + needs: nix-matrix + runs-on: ${{ matrix.os }} strategy: fail-fast: false - matrix: - include: - - runner: large-linux-x86 - arch: amd64 - - runner: large-linux-arm - arch: arm64 - - runner: macos-latest-xlarge - arch: arm64 - runs-on: ${{ matrix.runner }} + matrix: ${{fromJSON(needs.nix-matrix.outputs.matrix)}} timeout-minutes: 180 steps: - name: Checkout Repo @@ -104,23 +113,12 @@ jobs: sudo rm -rf /tmp/* 2>/dev/null || true echo "=== AFTER CLEANUP ===" df -h - - name: Build psql bundle - run: > - nix run "github:Mic92/nix-fast-build?rev=b1dae483ab7d4139a6297e02b6de9e5d30e43d48" - -- --skip-cached --no-nom ${{ matrix.runner == 'macos-latest-xlarge' && '--max-jobs 1' || '' }} - --flake ".#checks.$(nix eval --raw --impure --expr 'builtins.currentSystem')" + - run: nix build -L '.#${{ matrix.attr }}' env: AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }} AWS_SESSION_TOKEN: ${{ env.AWS_SESSION_TOKEN }} - run-testinfra: - needs: build-run-image - if: ${{ success() }} - uses: ./.github/workflows/testinfra-ami-build.yml - secrets: - DEV_AWS_ROLE: ${{ secrets.DEV_AWS_ROLE }} - run-tests: needs: build-run-image if: ${{ success() }} diff --git a/flake.lock b/flake.lock index 9d2865e1d..b9a8b2f83 100644 --- a/flake.lock +++ b/flake.lock @@ -173,6 +173,26 @@ "type": "github" } }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1737420293, + "narHash": "sha256-F1G5ifvqTpJq7fdkT34e/Jy9VCyzd5XfJ9TO8fHhJWE=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "f4158fa080ef4503c8f4c820967d946c2af31ec9", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, "nix2container": { "inputs": { "flake-utils": "flake-utils_2", @@ -309,6 +329,7 @@ "git-hooks": "git-hooks", "nix-editor": "nix-editor", "nix-fast-build": "nix-fast-build", + "nix-github-actions": "nix-github-actions", "nix2container": "nix2container", "nixpkgs": "nixpkgs_4", "nixpkgs-go124": "nixpkgs-go124", diff --git a/flake.nix b/flake.nix index db14dac9a..f91facd4b 100644 --- a/flake.nix +++ b/flake.nix @@ -14,6 +14,8 @@ git-hooks.url = "github:cachix/git-hooks.nix"; git-hooks.inputs.nixpkgs.follows = "nixpkgs"; nixpkgs-go124.url = "github:Nixos/nixpkgs/d2ac4dfa61fba987a84a0a81555da57ae0b9a2b0"; + nix-github-actions.url = "github:nix-community/nix-github-actions"; + nix-github-actions.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = @@ -36,6 +38,7 @@ nix/nixpkgs.nix nix/packages nix/overlays + nix/github-actions.nix ]; }); } diff --git a/nix/github-actions.nix b/nix/github-actions.nix new file mode 100644 index 000000000..752f0b41a --- /dev/null +++ b/nix/github-actions.nix @@ -0,0 +1,18 @@ +{ inputs, ... }: +let + githubPlatforms = { + "x86_64-linux" = "large-linux-x86"; + "aarch64-linux" = "large-linux-arm"; + "aarch64-darwin" = "macos-latest-xlarge"; + }; +in +{ + flake.githubActions = inputs.nix-github-actions.lib.mkGithubMatrix { + checks = inputs.nixpkgs.lib.getAttrs [ + "x86_64-linux" + "aarch64-linux" + "aarch64-darwin" + ] inputs.self.checks; + platforms = githubPlatforms; + }; +}