From bbc67b144c67195caf4871c8cef1ecc963f20fb5 Mon Sep 17 00:00:00 2001 From: Bernardo Meurer Date: Thu, 12 Oct 2023 09:13:19 -0400 Subject: [PATCH 01/19] feat(services/github-runner): init --- secrets.nix | 3 ++- services/github-runner.age | Bin 0 -> 390 bytes services/github-runner.nix | 10 ++++++++++ 3 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 services/github-runner.age create mode 100644 services/github-runner.nix diff --git a/secrets.nix b/secrets.nix index 7e3228814..92da732b2 100644 --- a/secrets.nix +++ b/secrets.nix @@ -3,7 +3,7 @@ let bemeurer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIQgTWfmR/Z4Szahx/uahdPqvEP/e/KQ1dKUYLenLuY2"; - hosts = mapAttrs (_: v: v.pubkey) (import ./nix/hosts.nix).nixos; + hosts = mapAttrs (_: v: v.pubkey) (import ./nix/hosts.nix); secrets = with hosts; { "hardware/nixos-aarch64-builder/key.age" = [ aurelius jung riemann spinoza ]; @@ -12,6 +12,7 @@ let "services/acme.age" = [ bohr fourier jung nozick riemann ]; "services/oauth2.age" = [ bohr fourier jung nozick riemann ]; "services/pihole.age" = [ ]; + "services/github-runner.age" = [ jung ]; "users/bemeurer/password.age" = attrValues hosts; }; diff --git a/services/github-runner.age b/services/github-runner.age new file mode 100644 index 0000000000000000000000000000000000000000..21e3756550bef430ce1ee0de6fc57fbc2340aad3 GIT binary patch literal 390 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+^)K)(a#S!*^UN2v2gXO@~PAh^eYZXPv`QC$oDKQcQ*H{& zJFD2ID#9l@ysD}oyuhR=*jwA%$I`XXz1-NX%781t$IQ6GF~>*WIl|q~xhN;f!Yni+ zCBIZVyD}{;INQlT!YeV+Gs`Q$JrHDDS*??cpR=EpZhBE_VsWa1nL)mv3RjsUm#(g^ zLa~dfOQNw;lvzqzMR{bNX@Rpvh`C{INOp2%WO0B?j+skQYJRD6NM~a@K5&uq}AbmC$*}^!~*!>lR&Rh~QhzF2y#p*Wa7_m}@|> V^#?QVGM+ Date: Thu, 12 Oct 2023 09:13:29 -0400 Subject: [PATCH 02/19] feat(hosts/jung): enable github-runner --- hosts/jung/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/jung/default.nix b/hosts/jung/default.nix index a41d4f57a..4c6d94195 100644 --- a/hosts/jung/default.nix +++ b/hosts/jung/default.nix @@ -12,6 +12,7 @@ ../../hardware/nixos-aarch64-builder ../../services/blocky.nix + ../../services/github-runner.nix ../../services/grafana.nix ../../services/nginx.nix ../../services/oauth2.nix From b1fd0184740a115734a048bf12306e6eaac43fcd Mon Sep 17 00:00:00 2001 From: Bernardo Meurer Date: Thu, 12 Oct 2023 09:27:05 -0400 Subject: [PATCH 03/19] refactor(nix/hosts): add mkHost fn --- nix/hosts.nix | 48 +++++++++++++++++++++++++++++++----------------- 1 file changed, 31 insertions(+), 17 deletions(-) diff --git a/nix/hosts.nix b/nix/hosts.nix index 6a8b0743b..6e504061d 100644 --- a/nix/hosts.nix +++ b/nix/hosts.nix @@ -1,71 +1,85 @@ +let + mkHost = + { type, hostPlatform, address ? null, pubkey ? null, remoteBuild ? true, homeDirectory ? null }: + if type == "nixos" then + assert address != null && pubkey != null; + { + inherit type hostPlatform address pubkey remoteBuild; + } + else if type == "darwin" then + assert pubkey != null; + { + inherit type hostPlatform pubkey; + } + else if type == "home-manager" then + assert homeDirectory != null; + { + inherit type hostPlatform homeDirectory; + } + else throw "unknown host type '${type}'"; +in { - aurelius = { + aurelius = mkHost { type = "nixos"; address = "100.69.178.40"; hostPlatform = "aarch64-linux"; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRlfGCSK2w34ckIGoRHaZ01CbF/7Zk4VNmyokkvg7cF"; remoteBuild = false; }; - bohr = { + bohr = mkHost { type = "nixos"; address = "100.123.20.11"; hostPlatform = "x86_64-linux"; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTh+kYOeeYoBuxvA00nGojfBHUQlXW3iF7aRIw9VbY1"; - remoteBuild = true; }; - derrida = { + derrida = mkHost { type = "home-manager"; hostPlatform = "x86_64-linux"; homeDirectory = "/home/bemeurer"; }; - fourier = { + fourier = mkHost { type = "nixos"; address = "100.77.107.1"; hostPlatform = "x86_64-linux"; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMJEc036Z0umFUeSgksRgBWhcEeqiVhuXNQZTipZVRMn"; - remoteBuild = true; }; - goethe = { + goethe = mkHost { type = "home-manager"; hostPlatform = "x86_64-linux"; homeDirectory = "/home/bemeurer"; }; - jung = { + jung = mkHost { type = "nixos"; address = "100.80.1.112"; hostPlatform = "x86_64-linux"; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHws1wwXYHDmU+Bjcbw8IZv2V+fbxaTDQc44XoUQ604t"; - remoteBuild = true; }; - luther = { + luther = mkHost { type = "home-manager"; hostPlatform = "aarch64-linux"; homeDirectory = "/home/bemeurer"; }; - nozick = { + nozick = mkHost { type = "nixos"; address = "100.124.29.84"; hostPlatform = "x86_64-linux"; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBEzb5JCgcXJZHDkY09vBAvIF34JabI+ZBpGqJDy6KbI"; - remoteBuild = true; }; - poincare = { + poincare = mkHost { type = "darwin"; hostPlatform = "aarch64-darwin"; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMYvFEyV+nebaTfrwAULWDmCk0L6O+1OyZc43JnizcIB"; }; - riemann = { + riemann = mkHost { type = "nixos"; address = "100.67.173.60"; hostPlatform = "aarch64-linux"; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOof4536ylMfznpkKbH/kqiuCOs2hCLXMBnF9md462sW"; - remoteBuild = true; }; - spinoza = { + spinoza = mkHost { type = "nixos"; address = "100.68.240.30"; hostPlatform = "x86_64-linux"; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDUZPmPTATZ4nBWstPqlUiguvxr26XWAE9BGPVNNRBR5"; - remoteBuild = true; }; } From 8444d1212a7f2749add2bdc9a0778a0fcc58c346 Mon Sep 17 00:00:00 2001 From: Bernardo Meurer Date: Thu, 12 Oct 2023 09:36:53 -0400 Subject: [PATCH 04/19] feat(nix/hosts): validate hostPlatform --- nix/hosts.nix | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/nix/hosts.nix b/nix/hosts.nix index 6e504061d..7c25c2857 100644 --- a/nix/hosts.nix +++ b/nix/hosts.nix @@ -1,13 +1,31 @@ let + hasSuffix = suffix: content: + let + inherit (builtins) stringLength substring; + lenContent = stringLength content; + lenSuffix = stringLength suffix; + in + lenContent >= lenSuffix + && substring (lenContent - lenSuffix) lenContent content == suffix + ; + mkHost = - { type, hostPlatform, address ? null, pubkey ? null, remoteBuild ? true, homeDirectory ? null }: + { type + , hostPlatform + , address ? null + , pubkey ? null + , homeDirectory ? null + , remoteBuild ? true + }: if type == "nixos" then assert address != null && pubkey != null; + assert (hasSuffix "linux" hostPlatform); { inherit type hostPlatform address pubkey remoteBuild; } else if type == "darwin" then assert pubkey != null; + assert (hasSuffix "darwin" hostPlatform); { inherit type hostPlatform pubkey; } From e5eabfb7ea17a25c3f038dc787f77e6f5e2cc1cc Mon Sep 17 00:00:00 2001 From: Bernardo Meurer Date: Thu, 12 Oct 2023 09:37:06 -0400 Subject: [PATCH 05/19] feat(nix/hosts): introduce large marker --- nix/hosts.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/nix/hosts.nix b/nix/hosts.nix index 7c25c2857..8de1a02a6 100644 --- a/nix/hosts.nix +++ b/nix/hosts.nix @@ -16,23 +16,24 @@ let , pubkey ? null , homeDirectory ? null , remoteBuild ? true + , large ? false }: if type == "nixos" then assert address != null && pubkey != null; assert (hasSuffix "linux" hostPlatform); { - inherit type hostPlatform address pubkey remoteBuild; + inherit type hostPlatform address pubkey remoteBuild large; } else if type == "darwin" then assert pubkey != null; assert (hasSuffix "darwin" hostPlatform); { - inherit type hostPlatform pubkey; + inherit type hostPlatform pubkey large; } else if type == "home-manager" then assert homeDirectory != null; { - inherit type hostPlatform homeDirectory; + inherit type hostPlatform homeDirectory large; } else throw "unknown host type '${type}'"; in @@ -99,5 +100,6 @@ in address = "100.68.240.30"; hostPlatform = "x86_64-linux"; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDUZPmPTATZ4nBWstPqlUiguvxr26XWAE9BGPVNNRBR5"; + large = true; }; } From 8d9ca938fc435a6d4d67718c1254fcdf25c140e0 Mon Sep 17 00:00:00 2001 From: Bernardo Meurer Date: Thu, 12 Oct 2023 09:45:01 -0400 Subject: [PATCH 06/19] ci: route large drvs to self-hosted runner --- .github/workflows/ci.yaml | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 1a244c84f..eb326831e 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -78,13 +78,20 @@ jobs: name: .key, evalOnly: false, hostPlatform: .value.hostPlatform, + large: .value.large, attr: "packages.\(.value.hostPlatform).\(.key)" }) | map( - if .hostPlatform == "x86_64-linux" then .runsOn="ubuntu-latest" - elif .hostPlatform == "aarch64-linux" then .runsOn="ubuntu-latest" - elif .hostPlatform == "x86_64-darwin" then .runsOn="macos-latest" - else .evalOnly=true | .runsOn="ubuntu-latest" + if .large then + if .hostPlatform == "x86_64-linux" then .runsOn=["x86_64-linux", "large"] + else .evalOnly=true | .runsOn="ubuntu-latest" + end + else + if .hostPlatform == "x86_64-linux" then .runsOn="ubuntu-latest" + elif .hostPlatform == "aarch64-linux" then .runsOn="ubuntu-latest" + elif .hostPlatform == "x86_64-darwin" then .runsOn="macos-latest" + else .evalOnly=true | .runsOn="ubuntu-latest" + end end ) ' >"$TMP/hostAttrs.json" From 659acc7fc42ad14bc245a712df32ea497ede4422 Mon Sep 17 00:00:00 2001 From: Bernardo Meurer Date: Thu, 12 Oct 2023 09:53:31 -0400 Subject: [PATCH 07/19] feat(services/github-runner): enable node16 --- flake.nix | 7 +++++-- services/github-runner.nix | 1 + 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index c613b67cf..fce29bd2d 100644 --- a/flake.nix +++ b/flake.nix @@ -119,8 +119,11 @@ pkgs = forAllSystems (localSystem: import nixpkgs { inherit localSystem; overlays = [ self.overlays.default ]; - config.allowUnfree = true; - config.allowAliases = true; + config = { + permittedInsecurePackages = [ "nodejs-16.20.2" ]; + allowUnfree = true; + allowAliases = true; + }; }); checks = forAllSystems (import ./nix/checks.nix inputs); diff --git a/services/github-runner.nix b/services/github-runner.nix index 5bc1dfad2..736dc2d1e 100644 --- a/services/github-runner.nix +++ b/services/github-runner.nix @@ -6,5 +6,6 @@ replace = true; tokenFile = config.age.secrets.github-runner-token.path; url = "https://github.com/lovesegfault/nix-config"; + nodeRuntimes = [ "node16" "node20" ]; }; } From 721468472cee5b9b5dba6b8ec7190d901cc26f7f Mon Sep 17 00:00:00 2001 From: Bernardo Meurer Date: Thu, 12 Oct 2023 09:56:06 -0400 Subject: [PATCH 08/19] feat(services/github-runner): add label with hostPlatform --- services/github-runner.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/services/github-runner.nix b/services/github-runner.nix index 736dc2d1e..360bff784 100644 --- a/services/github-runner.nix +++ b/services/github-runner.nix @@ -1,4 +1,4 @@ -{ config, ... }: { +{ config, pkgs, ... }: { age.secrets.github-runner-token.file = ./github-runner.age; services.github-runner = { enable = true; @@ -7,5 +7,6 @@ tokenFile = config.age.secrets.github-runner-token.path; url = "https://github.com/lovesegfault/nix-config"; nodeRuntimes = [ "node16" "node20" ]; + extraLabels = [ pkgs.stdenv.hostPlatform.system ]; }; } From 1e950afcba5d0360b996955672ab4c9c937aa78b Mon Sep 17 00:00:00 2001 From: Bernardo Meurer Date: Thu, 12 Oct 2023 09:56:52 -0400 Subject: [PATCH 09/19] ci: use self-hosted label --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index eb326831e..274b3538f 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -83,7 +83,7 @@ jobs: }) | map( if .large then - if .hostPlatform == "x86_64-linux" then .runsOn=["x86_64-linux", "large"] + if .hostPlatform == "x86_64-linux" then .runsOn=["self-hosted", "x86_64-linux"] else .evalOnly=true | .runsOn="ubuntu-latest" end else From 072d769302c002192f5e44db79458091e20f47b4 Mon Sep 17 00:00:00 2001 From: Bernardo Meurer Date: Thu, 12 Oct 2023 10:57:52 -0400 Subject: [PATCH 10/19] ci: don't install Nix on self-hosted runners --- .github/workflows/ci.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 274b3538f..7b077d7c9 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -192,6 +192,7 @@ jobs: system: ${{ matrix.attrs.hostPlatform }} steps: - uses: DeterminateSystems/nix-installer-action@v5 + if: ${{ !contains(matrix.attrs.runsOn, 'self-hosted') }} with: extra-conf: ${{ env.nix-conf }} - uses: cachix/cachix-action@v12 @@ -200,7 +201,7 @@ jobs: authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} extraPullNames: nix-community - name: setup-aarch64-ssh - if: ${{ env.system == 'aarch64-linux' }} + if: ${{ env.system == 'aarch64-linux' && !contains(matrix.attrs.runsOn, 'self-hosted') }} run: | mkdir -p ~/.ssh echo '${{ env.aarch64-ssh-config }}' > ~/.ssh/config From d694c019ad3ef53b4c8204a93156ee0b5d384308 Mon Sep 17 00:00:00 2001 From: Bernardo Meurer Date: Thu, 12 Oct 2023 11:19:43 -0400 Subject: [PATCH 11/19] refactor(nix/packages): add cachix --- nix/dev-shell.nix | 2 +- nix/packages.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/nix/dev-shell.nix b/nix/dev-shell.nix index 28c579bcc..b6ab7ec68 100644 --- a/nix/dev-shell.nix +++ b/nix/dev-shell.nix @@ -10,13 +10,13 @@ with self.pkgs.${hostPlatform}; nativeBuildInputs = [ # Nix agenix - cachix deploy-rs.deploy-rs nil nix-melt nix-output-monitor nix-tree nixpkgs-fmt + self.packages.${hostPlatform}.cachix self.packages.${hostPlatform}.nix-eval-jobs self.packages.${hostPlatform}.nix-fast-build statix diff --git a/nix/packages.nix b/nix/packages.nix index e1556e8ec..a891bbd26 100644 --- a/nix/packages.nix +++ b/nix/packages.nix @@ -22,5 +22,5 @@ compatHostDrvs default = compatHostsFarm; }) // { inherit (nix-fast-build.packages.${hostPlatform}) nix-fast-build; - inherit (self.pkgs.${hostPlatform}) nix-eval-jobs; + inherit (self.pkgs.${hostPlatform}) cachix nix-eval-jobs; } From 3b783329d6573f4d21966190ef4a4e4e27e8b89c Mon Sep 17 00:00:00 2001 From: Bernardo Meurer Date: Thu, 12 Oct 2023 11:23:46 -0400 Subject: [PATCH 12/19] feat(services/github-runner): add cachix --- services/github-runner.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/services/github-runner.nix b/services/github-runner.nix index 360bff784..54350fc73 100644 --- a/services/github-runner.nix +++ b/services/github-runner.nix @@ -8,5 +8,6 @@ url = "https://github.com/lovesegfault/nix-config"; nodeRuntimes = [ "node16" "node20" ]; extraLabels = [ pkgs.stdenv.hostPlatform.system ]; + extraPackages = with pkgs; [ cachix ]; }; } From 9cbbbec660ec04f941f8f6dc6d8f60b4a2aee71d Mon Sep 17 00:00:00 2001 From: Bernardo Meurer Date: Thu, 12 Oct 2023 11:25:05 -0400 Subject: [PATCH 13/19] ci: try to fix cachix in self-hosted runner --- .github/workflows/ci.yaml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 7b077d7c9..61a845b3d 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -10,12 +10,13 @@ on: permissions: {} env: - flake: "github:${{ github.repository }}/${{ github.sha }}" + flake: github:${{ github.repository }}/${{ github.sha }} nix-conf: |- accept-flake-config = true builders-use-substitutes = true max-jobs = auto - aarch64-host: "aarch64.nixos.community" + cachix-install: nix profile install 'github:${{ github.repository }}/${{ github.sha }}#cachix' + aarch64-host: aarch64.nixos.community aarch64-ssh-config: |- Host aarch64.nixos.community 147.28.143.250 User lovesegfault @@ -188,11 +189,12 @@ jobs: matrix: attrs: ${{ fromJson(needs.get-attrs.outputs.build) }} env: + self-hosted: ${{ !contains(matrix.attrs.runsOn, 'self-hosted') }} aarch64-ssh-key: ${{ secrets.AARCH64_BUILDER_KEY }} system: ${{ matrix.attrs.hostPlatform }} steps: - uses: DeterminateSystems/nix-installer-action@v5 - if: ${{ !contains(matrix.attrs.runsOn, 'self-hosted') }} + if: ${{ env.self-hosted != 'true' }} with: extra-conf: ${{ env.nix-conf }} - uses: cachix/cachix-action@v12 @@ -200,6 +202,8 @@ jobs: name: nix-config authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} extraPullNames: nix-community + skipAddingSubstituter: ${{ env.self-hosted }} + installCommand: ${{ env.self-hosted == 'true' && 'true' || env.cachix-install }} - name: setup-aarch64-ssh if: ${{ env.system == 'aarch64-linux' && !contains(matrix.attrs.runsOn, 'self-hosted') }} run: | From 6eca50d09f9038f25c94e36934500a26f27d17d7 Mon Sep 17 00:00:00 2001 From: Bernardo Meurer Date: Thu, 12 Oct 2023 11:28:25 -0400 Subject: [PATCH 14/19] ci: use latest cachix --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 61a845b3d..2649d350f 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -197,7 +197,7 @@ jobs: if: ${{ env.self-hosted != 'true' }} with: extra-conf: ${{ env.nix-conf }} - - uses: cachix/cachix-action@v12 + - uses: cachix/cachix-action@6a2e08b5ebf7a9f285ff57b1870a4262b06e0bee with: name: nix-config authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} From f75807145c414f7a03a377c4da96cee779a63218 Mon Sep 17 00:00:00 2001 From: Bernardo Meurer Date: Thu, 12 Oct 2023 11:30:02 -0400 Subject: [PATCH 15/19] ci: remove negation from self-hosted --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 2649d350f..75459d637 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -189,7 +189,7 @@ jobs: matrix: attrs: ${{ fromJson(needs.get-attrs.outputs.build) }} env: - self-hosted: ${{ !contains(matrix.attrs.runsOn, 'self-hosted') }} + self-hosted: ${{ contains(matrix.attrs.runsOn, 'self-hosted') }} aarch64-ssh-key: ${{ secrets.AARCH64_BUILDER_KEY }} system: ${{ matrix.attrs.hostPlatform }} steps: From 3b0be74af0f259c1883bcaa5540848facf867979 Mon Sep 17 00:00:00 2001 From: Bernardo Meurer Date: Thu, 12 Oct 2023 11:34:11 -0400 Subject: [PATCH 16/19] ci: don't set extraPullNames on self-hosted --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 75459d637..a3d9b68e0 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -201,7 +201,7 @@ jobs: with: name: nix-config authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - extraPullNames: nix-community + extraPullNames: ${{ env.self-hosted == 'true' && null || 'nix-community' }} skipAddingSubstituter: ${{ env.self-hosted }} installCommand: ${{ env.self-hosted == 'true' && 'true' || env.cachix-install }} - name: setup-aarch64-ssh From f7f456917c16cd8ffa5a983132eb513541724ca7 Mon Sep 17 00:00:00 2001 From: Bernardo Meurer Date: Thu, 12 Oct 2023 11:45:10 -0400 Subject: [PATCH 17/19] ci: use separate cachix actions during build --- .github/workflows/ci.yaml | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index a3d9b68e0..12b8020cd 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -198,12 +198,19 @@ jobs: with: extra-conf: ${{ env.nix-conf }} - uses: cachix/cachix-action@6a2e08b5ebf7a9f285ff57b1870a4262b06e0bee + if: ${{ env.self-hosted != 'true' }} + with: + name: nix-config + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + extraPullNames: nix-community + installCommand: ${{ env.cachix-install }} + - uses: cachix/cachix-action@6a2e08b5ebf7a9f285ff57b1870a4262b06e0bee + if: ${{ env.self-hosted == 'true' }} with: name: nix-config authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - extraPullNames: ${{ env.self-hosted == 'true' && null || 'nix-community' }} - skipAddingSubstituter: ${{ env.self-hosted }} - installCommand: ${{ env.self-hosted == 'true' && 'true' || env.cachix-install }} + skipAddingSubstituter: true + installCommand: true - name: setup-aarch64-ssh if: ${{ env.system == 'aarch64-linux' && !contains(matrix.attrs.runsOn, 'self-hosted') }} run: | From 3d69ffe7d415ab519315615275c6af754384904d Mon Sep 17 00:00:00 2001 From: Bernardo Meurer Date: Thu, 12 Oct 2023 11:55:26 -0400 Subject: [PATCH 18/19] ci: give up on self-hosted runner --- .github/workflows/ci.yaml | 31 +++++++++---------------------- 1 file changed, 9 insertions(+), 22 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 12b8020cd..b1ff8fe3d 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -37,6 +37,7 @@ jobs: name: nix-config authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} extraPullNames: nix-community + installCommand: ${{ env.cachix-install }} - name: nix-flake-check run: nix flake check '${{ env.flake }}' flake-show: @@ -50,6 +51,7 @@ jobs: name: nix-config authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} extraPullNames: nix-community + installCommand: ${{ env.cachix-install }} - name: nix-flake-show run: nix flake show '${{ env.flake }}' get-attrs: @@ -83,16 +85,10 @@ jobs: attr: "packages.\(.value.hostPlatform).\(.key)" }) | map( - if .large then - if .hostPlatform == "x86_64-linux" then .runsOn=["self-hosted", "x86_64-linux"] - else .evalOnly=true | .runsOn="ubuntu-latest" - end - else - if .hostPlatform == "x86_64-linux" then .runsOn="ubuntu-latest" - elif .hostPlatform == "aarch64-linux" then .runsOn="ubuntu-latest" - elif .hostPlatform == "x86_64-darwin" then .runsOn="macos-latest" - else .evalOnly=true | .runsOn="ubuntu-latest" - end + if .hostPlatform == "x86_64-linux" then .runsOn="ubuntu-latest" + elif .hostPlatform == "aarch64-linux" then .runsOn="ubuntu-latest" + elif .hostPlatform == "x86_64-darwin" then .runsOn="macos-latest" + else .evalOnly=true | .runsOn="ubuntu-latest" end ) ' >"$TMP/hostAttrs.json" @@ -175,6 +171,7 @@ jobs: name: nix-config authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} extraPullNames: nix-community + installCommand: ${{ env.cachix-install }} - name: eval if: ${{ matrix.attrs.evalOnly }} run: | @@ -189,30 +186,20 @@ jobs: matrix: attrs: ${{ fromJson(needs.get-attrs.outputs.build) }} env: - self-hosted: ${{ contains(matrix.attrs.runsOn, 'self-hosted') }} aarch64-ssh-key: ${{ secrets.AARCH64_BUILDER_KEY }} system: ${{ matrix.attrs.hostPlatform }} steps: - uses: DeterminateSystems/nix-installer-action@v5 - if: ${{ env.self-hosted != 'true' }} with: extra-conf: ${{ env.nix-conf }} - - uses: cachix/cachix-action@6a2e08b5ebf7a9f285ff57b1870a4262b06e0bee - if: ${{ env.self-hosted != 'true' }} + - uses: cachix/cachix-action@v12 with: name: nix-config authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} extraPullNames: nix-community installCommand: ${{ env.cachix-install }} - - uses: cachix/cachix-action@6a2e08b5ebf7a9f285ff57b1870a4262b06e0bee - if: ${{ env.self-hosted == 'true' }} - with: - name: nix-config - authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - skipAddingSubstituter: true - installCommand: true - name: setup-aarch64-ssh - if: ${{ env.system == 'aarch64-linux' && !contains(matrix.attrs.runsOn, 'self-hosted') }} + if: ${{ env.system == 'aarch64-linux' }} run: | mkdir -p ~/.ssh echo '${{ env.aarch64-ssh-config }}' > ~/.ssh/config From 62f63f7e2d8b539fb97d7a129e6e04a846e93518 Mon Sep 17 00:00:00 2001 From: Bernardo Meurer Date: Thu, 12 Oct 2023 12:01:15 -0400 Subject: [PATCH 19/19] ci: install jq in a separate step --- .github/workflows/ci.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index b1ff8fe3d..cb7f3d830 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -65,6 +65,8 @@ jobs: - uses: DeterminateSystems/nix-installer-action@v5 with: extra-conf: ${{ env.nix-conf }} + - id: install-jq + run: nix profile install '${{ env.flake }}#pkgs.x86_64-linux.jq' - id: get-attrs run: | function summary() { @@ -72,7 +74,6 @@ jobs: } summary "# CI" - nix profile install '${{ env.flake }}#pkgs.x86_64-linux.jq' TMP="$(mktemp -d)" # host packages nix eval --json '${{ env.flake }}#hosts' | jq -c '