build(nixos): auto-deploy nixos configs with deploy-rs #1151

Workflow file for this run

.github/workflows/rust-ci.yaml at dae13f0

	name: Rust CI
	on:
	pull_request:
	workflow_dispatch:
	workflow_call:
	secrets:
	GIT_HUB_TOKEN:
	required: true
	CACHIX_AUTH_TOKEN:
	required: false
	push:
	branches:
	- main
	- prod
	tags:
	- '**'

	jobs:
	fmt:
	name: Format
	runs-on: ubuntu-22.04
	steps:
	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
	with:
	token: ${{ secrets.GIT_HUB_TOKEN }}
	- uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # pin@v27
	with:
	github_access_token: ${{ secrets.GIT_HUB_TOKEN }}
	- uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # pin@v15
	continue-on-error: true
	with:
	name: worldcoin
	authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
	- name: Print environment
	run: \|
	uname -a
	nix develop -c env

	- name: Check Rust formatting
	run: cargo fmt --check --all
	- name: Check Nix formatting
	run: \|
	nix develop -c \
	nixpkgs-fmt --check flake.nix

	clippy:
	name: Clippy
	runs-on: ubuntu-22.04
	steps:
	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
	with:
	token: ${{ secrets.GIT_HUB_TOKEN }}
	- uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # pin@v27
	with:
	github_access_token: ${{ secrets.GIT_HUB_TOKEN }}
	- uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # pin@v15
	continue-on-error: true
	with:
	name: worldcoin
	authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
	- name: Authorize private git repos
	run: git config --global url."https://${{ secrets.GIT_HUB_TOKEN }}@github.com".insteadOf https://github.com
	- name: Cache cargo dependencies
	uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # pin@v2
	with:
	key: custom-${{ hashFiles('*/.nix', 'flake.lock') }}
	- name: Print environment
	run: \|
	uname -a
	nix develop -c env

	- name: Clippy lints
	run: \|
	nix develop -c \
	cargo clippy --all --all-features --all-targets --no-deps -- -D warnings

	doc:
	name: Doc
	runs-on: ubuntu-22.04
	steps:
	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
	with:
	token: ${{ secrets.GIT_HUB_TOKEN }}
	- uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # pin@v27
	with:
	github_access_token: ${{ secrets.GIT_HUB_TOKEN }}
	- uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # pin@v15
	continue-on-error: true
	with:
	name: worldcoin
	authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
	- name: Authorize private git repos
	run: git config --global url."https://${{ secrets.GIT_HUB_TOKEN }}@github.com".insteadOf https://github.com
	- name: Cache cargo dependencies
	uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # pin@v2
	with:
	key: custom-${{ hashFiles('*/.nix', 'flake.lock') }}
	- name: Print environment
	run: \|
	uname -a
	nix develop -c env

	- name: Cargo Doc
	run: \|
	nix develop -c \
	cargo doc --all --all-features --no-deps --document-private-items

	test:
	name: Test
	strategy:
	matrix:
	platform: [ public-ubuntu-22.04-32core, macos-13 ]
	runs-on: ${{ matrix.platform }}
	steps:
	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
	with:
	token: ${{ secrets.GIT_HUB_TOKEN }}
	lfs: true
	- uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # pin@v27
	with:
	github_access_token: ${{ secrets.GIT_HUB_TOKEN }}
	- uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # pin@v15
	continue-on-error: true
	with:
	name: worldcoin
	authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
	- name: Authorize private git repos
	run: git config --global url."https://${{ secrets.GIT_HUB_TOKEN }}@github.com".insteadOf https://github.com
	- name: Cache cargo dependencies
	uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # pin@v2
	with:
	key: custom-${{ hashFiles('*/.nix', 'flake.lock') }}
	- name: Install dbus
	if: matrix.platform == 'macos-13'
	run: brew install dbus
	- name: Print environment
	run: \|
	uname -a
	nix develop -c env

	- name: Configure cargo to exclude platform-specific crates
	run: \|
	tmp=($(ci/rust_ci_helper.py excludes))
	EXCLUDES=""
	for e in ${tmp[@]}; do
	EXCLUDES+="--exclude ${e} "
	done
	echo EXCLUDES="${EXCLUDES}" >>${GITHUB_ENV}
	cat ${GITHUB_ENV}
	- name: Cargo Test
	run: \|
	nix develop -c \
	cargo test --all --all-features --all-targets $EXCLUDES

	build:
	name: Build
	runs-on: public-ubuntu-22.04-32core
	steps:
	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
	with:
	token: ${{ secrets.GIT_HUB_TOKEN }}
	lfs: true
	- uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # pin@v27
	with:
	github_access_token: ${{ secrets.GIT_HUB_TOKEN }}
	- uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # pin@v15
	continue-on-error: true
	with:
	name: worldcoin
	authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
	- name: Authorize private git repos
	run: git config --global url."https://${{ secrets.GIT_HUB_TOKEN }}@github.com".insteadOf https://github.com
	- name: Cache cargo dependencies
	uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # pin@v2
	with:
	key: custom-${{ hashFiles('*/.nix', 'flake.lock') }}
	- name: Print environment
	run: \|
	uname -a
	nix develop -c env

	- name: Choose cargo profile
	run: \|
	set -Eeuxo pipefail
	if [[ ${{ github.event_name }} == "pull_request" \|\| ${{ github.event_name }} == "push" ]]; then
	CI_PROFILE="release"
	else
	CI_PROFILE="artifact"
	fi
	echo CI_PROFILE=${CI_PROFILE} >>${GITHUB_ENV}
	- name: Build linux artifacts
	run: \|
	nix develop -c ci/rust_ci_helper.py \
	build_linux_artifacts \
	--out_dir artifacts_linux \
	--cargo_profile ${CI_PROFILE}
	ls -aRsh artifacts_linux

	- name: Bundle artifacts
	run: \|
	set -Eeuxo pipefail
	mkdir artifacts_bundled
	for b in artifacts_linux/*; do
	b="$(basename ${b})"
	# We make sure that the tarball is idempotent:
	# https://stackoverflow.com/a/54908072
	tar --sort=name --owner=root:0 --group=root:0 --mtime='@0' \
	-vahcf artifacts_bundled/${b}.tar.zst -C artifacts_linux/${b} .
	done
	ls -aRsh artifacts_bundled

	- name: Upload artifacts
	uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # [email protected]
	with:
	# upload v4 doesn't support writing multiple times to the same artifact name.
	# so its important that we name it after the workflow and not something
	# general like "artifacts"
	name: rust
	path: artifacts_bundled
	if-no-files-found: error
	retention-days: 14

	cargo-deny:
	name: Cargo Deny
	runs-on: ubuntu-22.04
	steps:
	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
	with:
	token: ${{ secrets.GIT_HUB_TOKEN }}
	- uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # pin@v27
	with:
	github_access_token: ${{ secrets.GIT_HUB_TOKEN }}
	- uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # pin@v15
	continue-on-error: true
	with:
	name: worldcoin
	authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
	- name: Authorize private git repos
	run: git config --global url."https://${{ secrets.GIT_HUB_TOKEN }}@github.com".insteadOf https://github.com
	- name: Print environment
	run: \|
	uname -a
	nix develop -c env

	- name: Check licenses
	run: \|
	nix develop -c \
	cargo deny check licenses

	- name: Check security advisories
	run: \|
	nix develop -c \
	cargo deny check advisories

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(nixos): auto-deploy nixos configs with deploy-rs #1151

Workflow file

build(nixos): auto-deploy nixos configs with deploy-rs #1151

Jobs

Run details

Workflow file for this run