-
Notifications
You must be signed in to change notification settings - Fork 5
148 lines (126 loc) · 5.17 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
# Copyright lowRISC contributors.
#
# SPDX-License-Identifier: MIT
name: CI
on:
push:
branches: ["main"]
pull_request:
branches: ["main"]
# Cancel existing runs if a pull request is pushed.
# For branch pushes, this will queue a new run and cancel the existing one. This allows the cache
# of the run to be used by the new run.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
jobs:
checks:
name: Quality Check
runs-on: nixos-23.11
steps:
- name: checkout
uses: actions/checkout@v4
- name: Install Nix
uses: cachix/install-nix-action@v24
- name: Nix Format Check
run: nix fmt -- . --check
- name: Run Nix Checks
run: nix flake check -L
build-plan:
# Save some computation. If the checks fail, don't build.
needs: checks
name: Generate Build Plan
runs-on: nixos-23.11
outputs:
matrix: ${{ steps.plan.outputs.MATRIX }}
steps:
- name: checkout
uses: actions/checkout@v4
- name: Install Nix
uses: cachix/install-nix-action@v24
with:
nix_path: nixpkgs=channel:nixos-23.11
extra_nix_config: |
substituters = https://nix-cache.lowrisc.org/public/ https://cache.nixos.org/
trusted-public-keys = nix-cache.lowrisc.org-public-1:O6JLD0yXzaJDPiQW1meVu32JIDViuaPtGDfjlOopU7o= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
- name: Generate Build Plan
id: plan
run: |
REBUILD=()
echo '| Package | System | Status |' >> $GITHUB_STEP_SUMMARY
echo '|---------|--------|--------|' >> $GITHUB_STEP_SUMMARY
if ${{ github.event_name == 'pull_request' }}; then
# We only support MacOS with best-effort basis. They take much longer to build so shouldn't block PR.
SYSTEMS=(x86_64-linux)
else
SYSTEMS=(x86_64-linux x86_64-darwin aarch64-darwin)
fi
for SYSTEM in "${SYSTEMS[@]}"; do
# Choose a GitHub runner for the given system.
case $SYSTEM in
x86_64-linux)
RUNNER=nixos-23.11
;;
x86_64-darwin)
RUNNER=macos-13
;;
aarch64-darwin)
RUNNER=macos-14
;;
esac
# This is a json object with package names as keys and their main outputs as values
PACKAGES=$(nix eval --json ".#packages.$SYSTEM")
for ATTR in $(echo "$PACKAGES" | jq -r 'keys[]'); do
HASH=$(echo "$PACKAGES" | jq -r ".[\"$ATTR\"]" | cut -d '/' -f4 | cut -d '-' -f1)
# Check if the main output is cached by us or upstream.
CACHED=n
if curl -sSfL "https://nix-cache.lowrisc.org/public/$HASH.narinfo"; then
CACHED=y
elif curl -sSfL "https://cache.nixos.org/$HASH.narinfo"; then
CACHED=y
fi
if [[ $CACHED == y ]]; then
echo "| $ATTR | $SYSTEM | ✅ Cached |" | tee -a $GITHUB_STEP_SUMMARY
else
REBUILD+=("$(jq --null-input '{attr: $attr, runner: $runner}' --arg attr "$ATTR" --arg runner "$RUNNER")")
echo "| $ATTR | $SYSTEM | ⏳ Need Rebuild |" | tee -a $GITHUB_STEP_SUMMARY
fi
done
done
echo 'MATRIX<<EOF' >> $GITHUB_OUTPUT
jq --null-input '$ARGS.positional' --jsonargs -- "${REBUILD[@]}" >> $GITHUB_OUTPUT
echo 'EOF' >> $GITHUB_OUTPUT
build:
needs: build-plan
name: Build
# Matrix can't be empty, so skip the job entirely if nothing needs to be rebuilt.
if: fromJSON(needs.build-plan.outputs.matrix)[0] != null
strategy:
matrix:
include: ${{fromJSON(needs.build-plan.outputs.matrix)}}
# Disable fail-fast for non-PR builds to ensure all outputs have a chance to be built.
fail-fast: ${{ github.event_name == 'pull_request' }}
runs-on: ${{ matrix.runner }}
steps:
- name: checkout
uses: actions/checkout@v4
- name: Install Nix
uses: cachix/install-nix-action@v24
with:
extra_nix_config: |
substituters = https://nix-cache.lowrisc.org/public/ https://cache.nixos.org/
trusted-public-keys = nix-cache.lowrisc.org-public-1:O6JLD0yXzaJDPiQW1meVu32JIDViuaPtGDfjlOopU7o= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
- name: Setup Cache
if: github.event_name != 'pull_request'
run: |
nix profile install nixpkgs#attic-client
attic login --set-default lowrisc https://nix-cache.lowrisc.org/ ${{ secrets.NIX_CACHE_TOKEN }}
- name: Build
run: |
# For derivations with multiple outputs, this produces a list that references all the outputs.
OUTPUTS=$(nix eval .#${{ matrix.attr }} --apply 'd: d.outputs' --json | jq -r 'map(".#${{ matrix.attr }}." + .) | join(" ")')
nix build $OUTPUTS --accept-flake-config
- name: Upload Cache
if: github.event_name != 'pull_request'
run: |
attic push public result*