Skip to content

Workflow file for this run

# SPDX-FileCopyrightText: 2022-2023 TII (SSRC) and the Ghaf contributors
#
# SPDX-License-Identifier: Apache-2.0
name: build
on:
push:
branches:
- '**'
workflow_dispatch:
pull_request_target:
branches:
- main
permissions:
contents: read
jobs:
# This workflow uses environment-based authorization together
# with 'pull_request_target' trigger as explained in:
# https://ssrc.atlassian.net/wiki/x/OABjMg
# check-identity:
# runs-on: ubuntu-latest
# outputs:
# authorized_user: ${{ steps.check-authorized-user.outputs.authorized_user}}
# environment: 'internal-build-workflow'
# steps:
# - name: Check identity
# id: check-authorized-user
# shell: bash
# run: |
# authorized_user='False'
# for user in ${{ vars.AUTHORIZED_USERS }};
# do
# if [ "$user" = "${{ github.actor }}" ]; then
# authorized_user='True'
# break
# fi
# done
# echo "github.event_name: ${{ github.event_name }}"
# echo "github.repository: ${{ github.repository }}"
# echo "github.event.pull_request.head.repo.full_name: ${{ github.event.pull_request.head.repo.full_name }}"
# echo "github.actor: ${{ github.actor }}"
# echo "authorized_user=$authorized_user"
# echo "authorized_user=$authorized_user" >> "$GITHUB_OUTPUT"
#
# authorize-internal:
# needs: [check-identity]
# runs-on: ubuntu-latest
# if: ${{ needs.check-identity.outputs.authorized_user == 'True' }}
# steps:
# - name: Authorize internal
# run: echo "authorized"
#
# authorize-external:
# needs: [check-identity]
# runs-on: ubuntu-latest
# if: ${{ needs.check-identity.outputs.authorized_user == 'False' }}
# environment:
# ${{ ( github.event_name == 'pull_request_target' &&
# github.event.pull_request.head.repo.full_name != github.repository &&
# 'external-build-workflow' ) || ( 'internal-build-workflow' ) }}
# steps:
# - name: Authorize external
# run: echo "authorized"
#
# authorize:
# needs: [authorize-internal, authorize-external]
# runs-on: ubuntu-latest
# # See: https://github.com/actions/runner/issues/491#issuecomment-660122693
# if: |
# always() &&
# (needs.authorize-internal.result == 'success' || needs.authorize-internal.result == 'skipped') &&
# (needs.authorize-external.result == 'success' || needs.authorize-external.result == 'skipped') &&
# !(needs.authorize-internal.result == 'skipped' && needs.authorize-external.result == 'skipped')
# steps:
# - name: Authorize
# run: echo "authorized"
build-yml-check:
uses: ./.github/workflows/build-yml-check.yml
build_matrix:

Check failure on line 84 in .github/workflows/build.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/build.yml

Invalid workflow file

You have an error in your yaml syntax on line 84
name: "build"
needs: [build-yml-check] # [authorize, build-yml-check]
runs-on: ubuntu-latest
timeout-minutes: 360
strategy:
matrix:
include:
- arch: x86_64-linux
target: fmo-os-installer-debug
# - arch: x86_64-linux
# target: fmo-os-installer-debug
if: |
always() &&
# needs.authorize.result == 'success' &&
needs.build-yml-check.outputs.result == 'not-changed'
concurrency:
# Cancel any in-progress workflow runs from the same PR or branch,
# allowing matrix jobs to run concurrently:
group: ${{ github.workflow }}.${{ github.event.pull_request.number || github.ref }}.${{ matrix.arch }}.${{ matrix.target }}
cancel-in-progress: true
steps:
- name: Maximize space available on rootfs
# Why not use https://github.com/easimon/maximize-build-space directly?
# The reason is: we want to maximize the space on rootfs, since that's
# where the nix store (`/nix/store`) is located. Github action
# https://github.com/easimon/maximize-build-space maximizes
# the builder space on ${GITHUB_WORKSPACE}, which is not what we need.
# Alternatively, we could move the nix store to ${GITHUB_WORKSPACE}
# and use https://github.com/easimon/maximize-build-space as such, but
# we suspect other tooling (e.g. cachix) would not work well with such
# configuration.
run: |
echo "Available storage before cleanup:"
df -h
echo
echo "Removing unwanted software... "
sudo rm -rf /usr/share/dotnet
sudo rm -rf /usr/local/lib/android
sudo rm -rf /opt/ghc
sudo rm -rf /opt/hostedtoolcache/CodeQL
sudo docker image prune --all --force
echo "... done"
echo
echo "Available storage after cleanup:"
df -h
- name: Print runner system info
run: sudo apt-get update; sudo apt-get install -y inxi; sudo inxi -c0 --width -1 --basic --memory-short
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha || github.ref }}
- name: Install nix
uses: cachix/install-nix-action@v24
with:
extra_nix_config: |
# trusted-public-keys = ghaf-dev.cachix.org-1:S3M8x3no8LFQPBfHw1jl6nmP8A7cVWKntoMKN3IsEQY= cache.vedenemo.dev:8NhplARANhClUSWJyLVk4WMyy1Wb4rhmWW2u8AejH9E= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
# substituters = https://ghaf-dev.cachix.org?priority=20 https://cache.vedenemo.dev https://cache.nixos.org
system-features = nixos-test benchmark big-parallel kvm
# builders-use-substitutes = true
# builders = @/etc/nix/machines
# - name: Configure remote builder
# run: |
# sudo sh -c "umask 377; echo '${{ secrets.BUILDER_SSH_KEY }}' >/etc/nix/id_builder_key"
# sudo sh -c "echo '${{ vars.BUILDER_SSH_KNOWN_HOST }}' >>/etc/ssh/ssh_known_hosts"
# sudo sh -c "echo '${{ vars.BUILDER_MACHINE_CONFIG }}' >/etc/nix/machines"
# - name: Install cachix
# run: |
# nix-env -iA cachix -f https://cachix.org/api/v1/install
# echo "Using cachix version:"
# cachix --version
- name: Build ${{ matrix.arch }}.${{ matrix.target }}
run: |
# if [ "${{ secrets.CACHIX_AUTH_TOKEN }}" == "" ]; then
# echo "::error::Missing CACHIX_AUTH_TOKEN, will not build"
# exit 1
# else
# echo "Running nix build, with cachix watch-exec"
# cachix authtoken ${{ secrets.CACHIX_AUTH_TOKEN }}
# cachix watch-exec ghaf-dev -- \
# nix build .#packages.${{ matrix.arch }}.${{ matrix.target }}
# fi
nix build .#packages.${{ matrix.arch }}.${{ matrix.target }}