-
-
Notifications
You must be signed in to change notification settings - Fork 3
104 lines (103 loc) · 4.18 KB
/
test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
name: "Test"
on:
pull_request:
push:
# Run periodically, to build with latest -unstable releases. Caching makes
# this a cheap operation when nothing changed, so no need for further logic.
schedule:
# 13 is a random non-0 minute to be nice to GitHub because most jobs
# probably run on the hour. Give it a bit more time than the timeout of jobs
# (5h) to allow the caching step to finish uploading cache so the next job
# can pick up where the timed out job left off.
- cron: '13 */6 * * *'
jobs:
tests:
# Leave some time for the post actions to run, particularly cachix to upload
# any successful builds.
timeout-minutes: 300
strategy:
fail-fast: false
matrix:
config:
- os: ubuntu-latest
channel: nixpkgs-unstable
- os: macos-latest
channel: nixpkgs-unstable
runs-on: ${{ matrix.config.os }}
concurrency:
# Different runs of the same job are very likely candidates for (partial)
# caching, which is defeated in parallel runs. Be nice to GitHub.
group: ${{ matrix.config.os }}-${{ matrix.config.channel }}-${{ github.ref }}
cancel-in-progress: true
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@v9
- uses: cachix/cachix-action@v14
with:
name: cl-nix-lite
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
# Use GH Actions cache /in addition to/ Cachix because my cachix allowance
# account is too small to cache a single run.
- uses: DeterminateSystems/magic-nix-cache-action@main
- name: "Pin the nixpkgs channel to ${{ matrix.config.channel }}"
# Works for the local user only! And this only pins the registry, which is
# only used by flakes, it just happens that the DeterminateSystems nix
# installer also sets extra-nix-path = nixpkgs=flake:nixpkgs, which makes
# nix-build pick up on this, too.
run: |
nix registry add nixpkgs "github:NixOS/nixpkgs/${{ matrix.config.channel }}"
# This avoids having to fetch an older nixpkgs just for tests and it helps
# detect problems early.
- name: Update flake locks to use this cl-nix-lite and nixpkgs
# This used to override cl-nix-lite to “../../..”, which is simple,
# obvious and works locally. Github Actions hates those things, and it
# finds in the filesystem is a fantastic opportunity to waste your time.
# They do lord knows what here with shallow checkouts or not or whatever,
# I have no idea, I don’t care, shut up. Locking to the revision and
# re-fetching this from remote is the easiest thing to do.
run: |
for example in examples/flakes/* ; do
(
cd "$example"
nix flake lock \
--override-input cl-nix-lite "github:${{ github.repository }}/${{ github.sha }}" \
--override-input nixpkgs nixpkgs
)
done
# Only bother actually building derivations that are not yet in the
# store. This prevents nix-build from downloading all built binaries from
# the store only to discard them immediately afterwards.
- name: All examples
# Inspired by
# https://github.com/divnix/std-action/blob/5ead0a37047d44137f950247ee4d3e26fda291d7/run/build-uncached-extractor.sed
# Works on both BSD (Darwin) and GNU sed. Prints every store path
# following “.. will be built:”.
run: |
set -euo pipefail
cd examples && \
nix-build --no-out-link --dry-run 2>&1 | \
tee nix-build.out | \
sed -ne '/will be built:$/ {
# label
:b
# next line
n
# If the line is indented, it’s a store path
/^ /{
# Print it
p
# goto label b
bb
}
}' | \
sed -e 's/$/^*/' | \
xargs -r nix build --keep-going --print-build-logs --no-link
- name: nix-build error output
if: failure()
run: "cat examples/nix-build.out"
nocommit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: nobssoftware/nocommit@v1
name: nocommit