Make release #58

Workflow file for this run

.github/workflows/build-hds.yaml at 94a2c29

	name: Make release

	on:
	workflow_dispatch:
	inputs:
	holo-nixpkgs-tag:
	description: "The holo-nixpkgs tag to build from"
	required: true
	default: "develop"
	type: string
	skip-upload-binary:
	description: "skip the upload-binary job"
	required: true
	default: true
	type: boolean
	skip-update-sources:
	description: "skip the update-sources job"
	required: true
	default: true
	type: boolean

	env:
	NIX_GITHUB_PRIVATE_USERNAME: ${{ secrets.NIX_GITHUB_PRIVATE_USERNAME }}
	NIX_GITHUB_PRIVATE_PASSWORD: ${{ secrets.NIX_GITHUB_PRIVATE_PASSWORD }}

	jobs:
	build:
	runs-on: ${{ matrix.build-config.runner }}
	outputs:
	nixpkgs-revision: ${{ steps.nixpkgs-revision.outputs.nixpkgs-revision }}
	rust-overlay-revision: ${{ steps.rust-overlay-revision.outputs.rust-overlay-revision }}
	rust-version: ${{ steps.rust-version.outputs.rust-version }}
	build-deps: ${{ steps.build-deps.outputs.build-deps }}
	strategy:
	matrix:
	build-config:
	- { system: x86_64-linux, runner: "ubuntu-latest", native: true }
	- { system: aarch64-linux, runner: "ubuntu-latest", native: false }
	- { system: aarch64-darwin, runner: "macos-latest", native: true }

	permissions:
	contents: read
	id-token: write

	steps:
	- uses: actions/checkout@v4

	- uses: DeterminateSystems/nix-installer-action@main
	with:
	github-token: ${{ secrets.STEVEEJ_READ_ONLY_ACCESS }}
	extra-conf: \|
	trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
	substituters = https://cache.nixos.org/
	netrc-file = /etc/nix/netrc
	- uses: DeterminateSystems/magic-nix-cache-action@main

	- name: Configure nix with github credentials
	run: \|
	set -eou pipefail
	sudo mkdir -p /etc/nix/
	sudo dd of=/etc/nix/netrc <<EOF
	machine github.com
	username ${{ secrets.NIX_GITHUB_PRIVATE_USERNAME }}
	password ${{ secrets.NIX_GITHUB_PRIVATE_PASSWORD }}
	machine api.github.com
	username ${{ secrets.NIX_GITHUB_PRIVATE_USERNAME }}
	password ${{ secrets.NIX_GITHUB_PRIVATE_PASSWORD }}
	EOF

	if type systemctl; then
	sudo mkdir -p /etc/systemd/system/nix-daemon.service.d/
	sudo dd of=/etc/systemd/system/nix-daemon.service.d/github-credentials.conf <<EOF
	[Service]
	Environment=NIX_GITHUB_PRIVATE_USERNAME=$NIX_GITHUB_PRIVATE_USERNAME
	Environment=NIX_GITHUB_PRIVATE_PASSWORD=$NIX_GITHUB_PRIVATE_PASSWORD
	EOF

	sudo systemctl daemon-reload
	sudo systemctl restart nix-daemon.service
	elif type launchctl; then
	sudo launchctl debug system/org.nixos.nix-daemon --environment \
	NIX_GITHUB_PRIVATE_USERNAME=$NIX_GITHUB_PRIVATE_USERNAME \
	NIX_GITHUB_PRIVATE_PASSWORD=$NIX_GITHUB_PRIVATE_PASSWORD
	sudo launchctl stop system/org.nixos.nix-daemon
	sudo launchctl start system/org.nixos.nix-daemon
	else
	echo Unsupported system
	exit 1
	fi

	- name: "download holo-nixpkgs tag"
	run: \|
	set -eou pipefail

	# cat >> ~/.config/nix/nix.conf <<EOF
	# access-tokens = github.com=${{ secrets.HOLO_NIXPKGS_READ_KEY }}
	# EOF
	# cat ~/.config/nix/nix.conf

	nix flake update holo-nixpkgs --override-input holo-nixpkgs github:holo-host/holo-nixpkgs/${{ inputs.holo-nixpkgs-tag }}

	- name: "build holo-dev-server"
	if: ${{ matrix.build-config.native }}
	run: \|
	nix build -vL \
	--out-link holo-dev-server \
	'.#legacyPackages.${{ matrix.build-config.system }}.holo-dev-server-bin'

	- name: "build holo-dev-server"
	if: ${{ ! matrix.build-config.native }}
	run: \|
	sudo apt-get update
	sudo apt-get install binfmt-support qemu-user-static

	nix build -vL \
	--option extra-platforms aarch64-linux \
	--option extra-sandbox-paths "/usr/libexec/qemu-binfmt /usr/bin/qemu-aarch64-static /usr/bin/qemu-aarch64-static /usr/bin/qemu-arm-static" \
	--out-link holo-dev-server \
	'.#legacyPackages.${{ matrix.build-config.system }}.holo-dev-server-bin'

	- name: get nixpkgs revision
	id: nixpkgs-revision
	run: \|
	echo "nixpkgs-revision=$(nix eval --raw '.#legacyPackages.${{ matrix.build-config.system }}.holo-dev-server-bin.nixpkgs-revision')" >> ${GITHUB_OUTPUT}

	- name: get rust-overlay revision
	id: rust-overlay-revision
	run: \|
	echo "rust-overlay-revision=$(nix eval --raw '.#legacyPackages.${{ matrix.build-config.system }}.holo-dev-server-bin.rust-overlay-revision')" >> ${GITHUB_OUTPUT}

	- name: get rust version
	id: rust-version
	run: \|
	echo "rust-version=$(nix eval --raw '.#legacyPackages.${{ matrix.build-config.system }}.holo-dev-server-bin.rust-version')" >> ${GITHUB_OUTPUT}

	- name: get build deps
	id: build-deps
	run: \|
	echo "build-deps=$(nix eval --raw '.#legacyPackages.${{ matrix.build-config.system }}.holo-dev-server-bin.propagatedBuildInputs')" >> ${GITHUB_OUTPUT}

	- name: upload artifact
	if: ${{ inputs.skip-upload-binary == false }}
	uses: actions/upload-artifact@v4
	with:
	name: holo-dev-server-${{ inputs.holo-nixpkgs-tag }}-${{ matrix.build-config.system }}
	path: \|
	holo-dev-server
	if-no-files-found: error

	- name: Setup upterm session
	if: ${{ always() }}
	uses: owenthereal/action-upterm@v1
	with:
	limit-access-to-actor: true # Restrict to the user who triggered the workflow
	limit-access-to-users: steveej # Specific authorized users only
	## If no one connects after 5 minutes, shut down server.
	wait-timeout-minutes: 5



	upload-binary:
	if: ${{ inputs.skip-upload-binary == false }}
	runs-on: ubuntu-latest
	permissions:
	contents: write
	needs: build
	outputs:
	release_name: ${{ steps.make_release.outputs.release }}
	tag_name: ${{ steps.date.outputs.date }}
	steps:
	- name: download x86_64-linux artifact
	uses: actions/download-artifact@v4
	with:
	name: holo-dev-server-${{ inputs.holo-nixpkgs-tag }}-x86_64-linux
	path: holo-dev-server

	- name: "Create the x86_64-linux tarball"
	run: \|
	chmod +x holo-dev-server/bin/holo-dev-server
	tar -czf holo-dev-server-x86_64-linux.tar.gz holo-dev-server
	rm -rf holo-dev-server

	- name: download aarch64-linux artifact
	uses: actions/download-artifact@v4
	with:
	name: holo-dev-server-${{ inputs.holo-nixpkgs-tag }}-aarch64-linux
	path: holo-dev-server

	- name: "Create the aarch64-linux tarball"
	run: \|
	chmod +x holo-dev-server/bin/holo-dev-server
	tar -czf holo-dev-server-aarch64-linux.tar.gz holo-dev-server
	rm -rf holo-dev-server

	- name: download aarch64-darwin artifact
	uses: actions/download-artifact@v4
	with:
	name: holo-dev-server-${{ inputs.holo-nixpkgs-tag }}-aarch64-darwin
	path: holo-dev-server

	- name: "Create the aarch64-darwin tarball"
	run: \|
	chmod +x holo-dev-server/bin/holo-dev-server
	tar -czf holo-dev-server-aarch64-darwin.tar.gz holo-dev-server
	rm -rf holo-dev-server

	- name: Get current date
	id: date
	run: echo "date=$(date +'%Y-%m-%d-%H%M%S')" >> ${GITHUB_OUTPUT}

	- name: Create draft release
	id: make_release
	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|-
	release=$(
	gh release create --draft ${{ steps.date.outputs.date }} \
	--repo ${{ github.repository }} \
	--title "Version ${{ steps.date.outputs.date }}" \
	"holo-dev-server-x86_64-linux.tar.gz" \
	"holo-dev-server-aarch64-linux.tar.gz" \
	"holo-dev-server-aarch64-darwin.tar.gz"
	)
	echo "release=${release}" >> ${GITHUB_OUTPUT}

	update-sources:
	if: ${{ inputs.skip-update-sources == false }}
	runs-on: ubuntu-latest
	permissions:
	contents: write
	needs:
	- build
	- upload-binary
	steps:
	- uses: actions/checkout@v4

	- name: "install nix"
	uses: "cachix/install-nix-action@v22"
	with:
	github_access_token: ${{ secrets.GITHUB_TOKEN }}
	extra_nix_config: \|
	trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= cache.holo.host-1:lNXIXtJgS9Iuw4Cu6X0HINLu9sTfcjEntnrgwMQIMcE= cache.holo.host-2:ZJCkX3AUYZ8soxTLfTb60g+F3MkWD7hkH9y8CgqwhDQ=
	substituters = https://cache.holo.host https://cache.nixos.org/

	- name: prefetch nixpkgs
	id: prefetch-nixpkgs
	run: \|
	tar -xzf <(curl --location https://github.com/nixos/nixpkgs/archive/${{ needs.build.outputs.nixpkgs-revision }}.tar.gz)
	echo "hash=$(nix hash path --base32 nixpkgs-${{ needs.build.outputs.nixpkgs-revision }}/)" >> ${GITHUB_OUTPUT}

	- name: prefetch rust-overlay
	id: prefetch-rust-overlay
	run: \|
	tar -xzf <(curl --location https://github.com/oxalica/rust-overlay/archive/${{ needs.build.outputs.rust-overlay-revision }}.tar.gz)
	echo "hash=$(nix hash path --base32 rust-overlay-${{ needs.build.outputs.rust-overlay-revision }}/)" >> ${GITHUB_OUTPUT}

	- name: prefetch release binaries
	id: prefetch-binaries
	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	gh release download ${{ needs.upload-binary.outputs.tag_name }}
	tar -xzf holo-dev-server-x86_64-linux.tar.gz
	echo "hash_x86_64_linux=$(nix hash path --base32 holo-dev-server/)" >> ${GITHUB_OUTPUT}
	rm -rf holo-dev-server
	tar -xzf holo-dev-server-aarch64-linux.tar.gz
	echo "hash_aarch64_linux=$(nix hash path --base32 holo-dev-server/)" >> ${GITHUB_OUTPUT}
	rm -rf holo-dev-server
	tar -xzf holo-dev-server-aarch64-darwin.tar.gz
	echo "hash_aarch64_darwin=$(nix hash path --base32 holo-dev-server/)" >> ${GITHUB_OUTPUT}
	rm -rf holo-dev-server

	- name: overwrite sources.nix
	run: \|
	cat > sources.nix << EOF
	# this file is autogenerated by .github/workflows/build-hds.yml
	{
	nixpkgs = builtins.fetchTarball {
	url = "https://github.com/nixos/nixpkgs/archive/${{ needs.build.outputs.nixpkgs-revision }}.tar.gz";
	sha256 = "${{ steps.prefetch-nixpkgs.outputs.hash }}";
	};

	rust-overlay = builtins.fetchTarball {
	url = "https://github.com/oxalica/rust-overlay/archive/${{ needs.build.outputs.rust-overlay-revision }}.tar.gz";
	sha256 = "${{ steps.prefetch-rust-overlay.outputs.hash }}";
	};
	rust-version = "${{ needs.build.outputs.rust-version }}";

	x86_64-linux.holo-dev-server-bin = builtins.fetchTarball {
	url = "https://github.com/${{ github.repository }}/releases/download/${{ needs.upload-binary.outputs.tag_name }}/holo-dev-server-x86_64-linux.tar.gz";
	sha256 = "${{ steps.prefetch-binaries.outputs.hash_x86_64_linux }}";
	};
	aarch64-linux.holo-dev-server-bin = builtins.fetchTarball {
	url = "https://github.com/${{ github.repository }}/releases/download/${{ needs.upload-binary.outputs.tag_name }}/holo-dev-server-aarch64-linux.tar.gz";
	sha256 = "${{ steps.prefetch-binaries.outputs.hash_aarch64_linux }}";
	};
	aarch64-darwin.holo-dev-server-bin = builtins.fetchTarball {
	url = "https://github.com/${{ github.repository }}/releases/download/${{ needs.upload-binary.outputs.tag_name }}/holo-dev-server-aarch64-darwin.tar.gz";
	sha256 = "${{ steps.prefetch-binaries.outputs.hash_aarch64_darwin }}";
	};
	}
	EOF

	- name: overwrite holo-dev-server.deps.json
	run: \|
	cat > holo-dev-server.deps.json << EOF
	${{ needs.build.outputs.build-deps }}
	EOF

	- name: commit and push sources.nix
	run: \|
	if [[ "$(git status --porcelain)" != "" ]]; then
	git config --local user.email "github-actions[bot]@users.noreply.github.com"
	git config --local user.name "github-actions[bot]"
	git add sources.nix holo-dev-server.deps.json
	git commit -m "update to release ${{ needs.upload-binary.outputs.tag_name }}"
	git push origin HEAD:refs/heads/main
	fi

	- name: update and undraft release
	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|-
	gh release edit --draft=false ${{ needs.upload-binary.outputs.tag_name }}

	# Unfortunately we cannot do this earlier, since the release artifacts are
	# only public after the release was undrafted.
	# TODO: can we make a prerelease first, then test, then make the real release?
	- name: test if flake works
	run: \|
	nix flake show --all-systems
	nix flake check -L

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Make release #58

Workflow file

Make release #58

Jobs

Run details

Workflow file for this run