nixos: Allow settings to be omitted with null #324
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| pull_request: | |
| push: | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ghcr.io/${{ github.repository }} | |
| jobs: | |
| build: | |
| strategy: | |
| matrix: | |
| os: | |
| - ubuntu-latest | |
| - macos-latest | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/[email protected] | |
| - name: Install current Bash on macOS | |
| if: runner.os == 'macOS' | |
| run: | | |
| command -v brew && brew install bash || true | |
| - uses: DeterminateSystems/nix-installer-action@v15 | |
| continue-on-error: true # Self-hosted runners already have Nix installed | |
| - name: Install Attic | |
| run: | | |
| if ! command -v attic &> /dev/null; then | |
| ./.github/install-attic-ci.sh | |
| fi | |
| - name: Configure Attic | |
| continue-on-error: true | |
| run: | | |
| : "${ATTIC_SERVER:=https://staging.attic.rs/}" | |
| : "${ATTIC_CACHE:=attic-ci}" | |
| echo ATTIC_CACHE=$ATTIC_CACHE >>$GITHUB_ENV | |
| export PATH=$HOME/.nix-profile/bin:$PATH # FIXME | |
| attic login --set-default ci "$ATTIC_SERVER" "$ATTIC_TOKEN" | |
| attic use "$ATTIC_CACHE" | |
| env: | |
| ATTIC_SERVER: ${{ secrets.ATTIC_SERVER }} | |
| ATTIC_CACHE: ${{ secrets.ATTIC_CACHE }} | |
| ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} | |
| - name: Cache dev shell | |
| run: | | |
| .ci/cache-shell.sh | |
| system=$(nix-instantiate --eval -E 'builtins.currentSystem') | |
| echo system=$system >>$GITHUB_ENV | |
| # TODO: Abstract all of this out, and use `attic push --stdin` (requires #232) | |
| - name: Build packages | |
| run: | | |
| export PATH=$HOME/.nix-profile/bin:$PATH # FIXME | |
| nix build --no-link --print-out-paths -L \ | |
| .#attic \ | |
| .#attic-client \ | |
| .#attic-server \ | |
| | if [ -n "$ATTIC_CACHE" ]; then | |
| xargs attic push "ci:$ATTIC_CACHE" | |
| else | |
| cat | |
| fi | |
| tests: | |
| strategy: | |
| matrix: | |
| os: | |
| - ubuntu-latest | |
| - macos-latest | |
| nix: | |
| - "2.20" | |
| - "2.24" | |
| - "default" | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/[email protected] | |
| - name: Install current Bash on macOS | |
| if: runner.os == 'macOS' | |
| run: | | |
| command -v brew && brew install bash || true | |
| - uses: DeterminateSystems/nix-installer-action@v15 | |
| continue-on-error: true # Self-hosted runners already have Nix installed | |
| - name: Install Attic | |
| run: | | |
| if ! command -v attic &> /dev/null; then | |
| ./.github/install-attic-ci.sh | |
| fi | |
| - name: Configure Attic | |
| continue-on-error: true | |
| run: | | |
| : "${ATTIC_SERVER:=https://staging.attic.rs/}" | |
| : "${ATTIC_CACHE:=attic-ci}" | |
| echo ATTIC_CACHE=$ATTIC_CACHE >>$GITHUB_ENV | |
| export PATH=$HOME/.nix-profile/bin:$PATH # FIXME | |
| attic login --set-default ci "$ATTIC_SERVER" "$ATTIC_TOKEN" | |
| attic use "$ATTIC_CACHE" | |
| env: | |
| ATTIC_SERVER: ${{ secrets.ATTIC_SERVER }} | |
| ATTIC_CACHE: ${{ secrets.ATTIC_CACHE }} | |
| ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} | |
| - name: Cache dev shell | |
| run: | | |
| .ci/cache-shell.sh | |
| system=$(nix-instantiate --eval -E 'builtins.currentSystem') | |
| echo system=$system >>$GITHUB_ENV | |
| - name: Run unit tests | |
| run: | | |
| .ci/run just ci-unit-tests ${{ matrix.nix }} | |
| - name: Build WebAssembly crates | |
| if: runner.os == 'Linux' | |
| run: | | |
| .ci/run just ci-build-wasm | |
| # TODO: Just take a diff of the list of store paths, also abstract all of this out | |
| - name: Push build artifacts | |
| run: | | |
| export PATH=$HOME/.nix-profile/bin:$PATH # FIXME | |
| if [ -n "$ATTIC_CACHE" ]; then | |
| nix build --no-link --print-out-paths -L \ | |
| .#internalMatrix."$system".\"${{ matrix.nix }}\".attic-tests \ | |
| .#internalMatrix."$system".\"${{ matrix.nix }}\".cargoArtifacts \ | |
| | xargs attic push "ci:$ATTIC_CACHE" | |
| fi | |
| nix-matrix: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.set-matrix.outputs.matrix }} | |
| steps: | |
| - uses: actions/[email protected] | |
| - uses: DeterminateSystems/nix-installer-action@v15 | |
| continue-on-error: true # Self-hosted runners already have Nix installed | |
| - name: Install Attic | |
| run: | | |
| if ! command -v attic &> /dev/null; then | |
| ./.github/install-attic-ci.sh | |
| fi | |
| - name: Configure Attic | |
| continue-on-error: true | |
| run: | | |
| : "${ATTIC_SERVER:=https://staging.attic.rs/}" | |
| : "${ATTIC_CACHE:=attic-ci}" | |
| echo ATTIC_CACHE=$ATTIC_CACHE >>$GITHUB_ENV | |
| export PATH=$HOME/.nix-profile/bin:$PATH # FIXME | |
| attic login --set-default ci "$ATTIC_SERVER" "$ATTIC_TOKEN" | |
| attic use "$ATTIC_CACHE" | |
| env: | |
| ATTIC_SERVER: ${{ secrets.ATTIC_SERVER }} | |
| ATTIC_CACHE: ${{ secrets.ATTIC_CACHE }} | |
| ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} | |
| - id: set-matrix | |
| name: Generate Nix Matrix | |
| run: | | |
| set -Eeu | |
| matrix="$(nix eval --json '.#githubActions.matrix')" | |
| echo "matrix=$matrix" >> "$GITHUB_OUTPUT" | |
| nix-matrix-job: | |
| name: ${{ matrix.name }} | |
| runs-on: ${{ matrix.os }} | |
| needs: | |
| - build | |
| - nix-matrix | |
| strategy: | |
| matrix: ${{fromJSON(needs.nix-matrix.outputs.matrix)}} | |
| steps: | |
| - uses: actions/[email protected] | |
| - name: Install current Bash on macOS | |
| if: runner.os == 'macOS' | |
| run: | | |
| command -v brew && brew install bash || true | |
| - uses: DeterminateSystems/nix-installer-action@v15 | |
| continue-on-error: true # Self-hosted runners already have Nix installed | |
| - name: Install Attic | |
| run: | | |
| if ! command -v attic &> /dev/null; then | |
| ./.github/install-attic-ci.sh | |
| fi | |
| - name: Configure Attic | |
| continue-on-error: true | |
| run: | | |
| : "${ATTIC_SERVER:=https://staging.attic.rs/}" | |
| : "${ATTIC_CACHE:=attic-ci}" | |
| echo ATTIC_CACHE=$ATTIC_CACHE >>$GITHUB_ENV | |
| export PATH=$HOME/.nix-profile/bin:$PATH # FIXME | |
| attic login --set-default ci "$ATTIC_SERVER" "$ATTIC_TOKEN" | |
| attic use "$ATTIC_CACHE" | |
| env: | |
| ATTIC_SERVER: ${{ secrets.ATTIC_SERVER }} | |
| ATTIC_CACHE: ${{ secrets.ATTIC_CACHE }} | |
| ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} | |
| - name: Build ${{ matrix.attr }} | |
| run: | | |
| nix build --no-link --print-out-paths -L '.#${{ matrix.attr }}' \ | |
| | if [ -n "$ATTIC_CACHE" ]; then | |
| xargs attic push "ci:$ATTIC_CACHE" | |
| else | |
| cat | |
| fi | |
| image: | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' | |
| needs: | |
| - build | |
| - tests | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - uses: actions/[email protected] | |
| - name: Install current Bash on macOS | |
| if: runner.os == 'macOS' | |
| run: | | |
| command -v brew && brew install bash || true | |
| - uses: DeterminateSystems/nix-installer-action@v15 | |
| continue-on-error: true # Self-hosted runners already have Nix installed | |
| - name: Install Attic | |
| run: | | |
| if ! command -v attic &> /dev/null; then | |
| ./.github/install-attic-ci.sh | |
| fi | |
| - name: Configure Attic | |
| continue-on-error: true | |
| run: | | |
| : "${ATTIC_SERVER:=https://staging.attic.rs/}" | |
| : "${ATTIC_CACHE:=attic-ci}" | |
| echo ATTIC_CACHE=$ATTIC_CACHE >>$GITHUB_ENV | |
| export PATH=$HOME/.nix-profile/bin:$PATH # FIXME | |
| attic login --set-default ci "$ATTIC_SERVER" "$ATTIC_TOKEN" | |
| attic use "$ATTIC_CACHE" | |
| env: | |
| ATTIC_SERVER: ${{ secrets.ATTIC_SERVER }} | |
| ATTIC_CACHE: ${{ secrets.ATTIC_CACHE }} | |
| ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} | |
| - name: Cache dev shell | |
| run: | | |
| .ci/cache-shell.sh | |
| system=$(nix-instantiate --eval -E 'builtins.currentSystem') | |
| echo system=$system >>$GITHUB_ENV | |
| - name: Log in to the Container registry | |
| uses: docker/[email protected] | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push container images | |
| continue-on-error: true | |
| run: | | |
| declare -a tags | |
| tags+=("${{ github.sha }}") | |
| branch=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') | |
| if [[ "${{ github.ref }}" == "refs/tags/"* ]]; then | |
| tags+=("$(echo $branch | sed -e 's/^v//')") | |
| else | |
| tags+=("${branch}") | |
| fi | |
| if [ "$branch" == "${{ github.event.repository.default_branch }}" ]; then | |
| tags+=("latest") | |
| fi | |
| >&2 echo "Image: ${IMAGE_NAME}" | |
| >&2 echo "Tags: ${tags[@]}" | |
| .ci/run just ci-build-and-push-images "${IMAGE_NAME}" "${tags[@]}" | |
| # TODO: Just take a diff of the list of store paths, also abstract all of this out | |
| - name: Push build artifacts | |
| run: | | |
| export PATH=$HOME/.nix-profile/bin:$PATH # FIXME | |
| if [ -n "$ATTIC_CACHE" ]; then | |
| nix build --no-link --print-out-paths -L \ | |
| .#attic-server-image \ | |
| .#attic-server-image-aarch64 \ | |
| | xargs attic push "ci:$ATTIC_CACHE" | |
| fi |