.github/workflows/ci.yml

# Copyright lowRISC contributors.
#
# SPDX-License-Identifier: MIT

name: CI

on:
  push:
    branches: ["main"]
  pull_request:
    branches: ["main"]

# Cancel existing runs if a pull request is pushed.
# For branch pushes, this will queue a new run and cancel the existing one. This allows the cache
# of the run to be used by the new run.
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: ${{ github.event_name == 'pull_request' }}

jobs:
  checks:
    name: Quality Check
    runs-on: nixos-23.11
    steps:
      - name: checkout
        uses: actions/checkout@v4

      - name: Install Nix
        uses: cachix/install-nix-action@v24

      - name: Nix Format Check
        run: nix fmt -- . --check

      - name: Run Nix Checks
        run: nix flake check -L

  build-plan:
    # Save some computation. If the checks fail, don't build.
    needs: checks
    name: Generate Build Plan
    runs-on: nixos-23.11
    outputs:
      attrs: ${{ steps.plan.outputs.ATTRS }}
    steps:
      - name: checkout
        uses: actions/checkout@v4

      - name: Install Nix
        uses: cachix/install-nix-action@v24
        with:
          nix_path: nixpkgs=channel:nixos-23.11
          extra_nix_config: |
            substituters = https://nix-cache.lowrisc.org/public/ https://cache.nixos.org/
            trusted-public-keys = nix-cache.lowrisc.org-public-1:O6JLD0yXzaJDPiQW1meVu32JIDViuaPtGDfjlOopU7o= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=

      # Attic is not in nixpkgs currently, so it's not in NixOS cache. In case it's also not in our cache,
      # we want to avoid having to build it for every job. Do a build ahead of time and cache attic itself.
      - name: Build and Cache Attic
        if: github.event_name != 'pull_request'
        run: |
          nix profile install github:zhaofengli/attic#attic
          attic login --set-default lowrisc https://nix-cache.lowrisc.org/ ${{ secrets.NIX_CACHE_TOKEN }}
          attic push public $(which attic)

      - name: Generate Build Plan
        id: plan
        run: |
          REBUILD=()
          echo '| Package | Outputs | Status |' >> $GITHUB_STEP_SUMMARY
          echo '|---------|---------|--------|' >> $GITHUB_STEP_SUMMARY

          for LINE in $(nix-shell -p nix-eval-jobs --run 'nix-eval-jobs --accept-flake-config --flake .#packages.x86_64-linux'); do
            ATTR=$(echo "$LINE" | jq -r .attr)
            OUTPUTS=$(echo "$LINE" | jq -r '.outputs | keys | join(",")')

            # Check if all outputs are cached. We don't use nix-eval-jobs's cache check because it also includes local path
            CACHED=y
            for OUTPUT in ${OUTPUTS//,/ }; do
              HASH=$(echo "$LINE" | jq -r ".outputs.$OUTPUT" | cut -d '/' -f4 | cut -d '-' -f1)
              if ! curl -sSfL "https://nix-cache.lowrisc.org/public/$HASH.narinfo"; then
                CACHED=n
              fi
            done

            if [[ $CACHED == y ]]; then
              echo "| $ATTR | $OUTPUTS | ✅ Cached |" | tee -a $GITHUB_STEP_SUMMARY
            else
              if [[ "$OUTPUTS" = *,* ]]; then
                # If the derivation has multiple outputs, ensure that they're all built and cached
                REBUILD+=($ATTR.\{$OUTPUTS\})
              else
                REBUILD+=($ATTR)
              fi
              echo "| $ATTR | $OUTPUTS | ⏳ Need Rebuild |" | tee -a $GITHUB_STEP_SUMMARY
            fi
          done

          echo 'ATTRS<<EOF' >> $GITHUB_OUTPUT
          jq --null-input '$ARGS.positional' --args -- "${REBUILD[@]}" >> $GITHUB_OUTPUT
          echo 'EOF' >> $GITHUB_OUTPUT

  build:
    needs: build-plan
    name: Build
    runs-on: nixos-23.11
    # Matrix can't be empty, so skip the job entirely if nothing needs to be rebuilt.
    if: fromJSON(needs.build-plan.outputs.attrs)[0] != null
    strategy:
      matrix:
        attr: ${{fromJSON(needs.build-plan.outputs.attrs)}}
    steps:
      - name: checkout
        uses: actions/checkout@v4

      - name: Install Nix
        uses: cachix/install-nix-action@v24
        with:
          extra_nix_config: |
            substituters = https://nix-cache.lowrisc.org/public/ https://cache.nixos.org/
            trusted-public-keys = nix-cache.lowrisc.org-public-1:O6JLD0yXzaJDPiQW1meVu32JIDViuaPtGDfjlOopU7o= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=

      - name: Setup Cache
        if: github.event_name != 'pull_request'
        run: |
          nix profile install github:zhaofengli/attic#attic
          attic login --set-default lowrisc https://nix-cache.lowrisc.org/ ${{ secrets.NIX_CACHE_TOKEN }}

      - name: Build
        run: nix build .#${{ matrix.attr }} --accept-flake-config

      - name: Upload Cache
        if: github.event_name != 'pull_request'
        run: |
          attic push public result*