chore(deps): lock file maintenance (#358) #976
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json | |
| name: Build Nix Systems | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - .github/workflows/** | |
| - "**.nix" | |
| - "flake.lock" | |
| concurrency: | |
| group: ${{ github.ref }}-${{ github.workflow }} | |
| cancel-in-progress: true | |
| jobs: | |
| nix-build: | |
| if: github.event.pull_request.draft == false | |
| permissions: | |
| pull-requests: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - system: odin | |
| os: macos-14 | |
| - system: hera | |
| os: ubuntu-latest | |
| - system: ragnar | |
| os: ubuntu-latest | |
| - system: titan | |
| os: ubuntu-latest | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install Nix | |
| uses: DeterminateSystems/nix-installer-action@e50d5f73bfe71c2dd0aa4218de8f4afa59f8f81d # v16 | |
| - name: Set up Magic Nix Cache | |
| uses: DeterminateSystems/magic-nix-cache-action@main | |
| - name: Set up Cachix | |
| uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # v15 | |
| if: ${{ !github.event.pull_request.head.repo.fork }} | |
| with: | |
| name: szinn | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| - name: Garbage collect build dependencies | |
| run: nix-collect-garbage | |
| - name: Build previous ${{ matrix.system }} system | |
| if: github.event_name == 'pull_request' | |
| run: | | |
| nix build \ | |
| "github:szinn/nix-config#ciSystems.${{ matrix.system }}" \ | |
| -v \ | |
| --log-format raw \ | |
| --profile ./profile | |
| - name: Build new ${{ matrix.system }} system | |
| run: | | |
| set -o pipefail | |
| nix build \ | |
| ".#ciSystems.${{ matrix.system }}" \ | |
| --profile ./profile \ | |
| --fallback \ | |
| -v \ | |
| --log-format raw > >(tee stdout.log) 2> >(tee /tmp/nix-build-err.log >&2) | |
| - name: Output build failure | |
| if: failure() | |
| run: | | |
| drv=$(grep "For full logs, run" /tmp/nix-build-err.log | grep -oE "/nix/store/.*.drv") | |
| if [ -n $drv ]; then | |
| nix log $drv | |
| echo $drv | |
| fi | |
| exit 1 | |
| - name: Diff profile | |
| if: github.event_name == 'pull_request' | |
| id: diff | |
| run: | | |
| nix profile diff-closures --profile ./profile | |
| delimiter="$(openssl rand -hex 16)" | |
| echo "diff<<${delimiter}" >> "${GITHUB_OUTPUT}" | |
| nix profile diff-closures --profile ./profile | perl -pe 's/\e\[[0-9;]*m(?:\e\[K)?//g' >> "${GITHUB_OUTPUT}" | |
| echo "${delimiter}" >> "${GITHUB_OUTPUT}" | |
| - name: Comment report in pr | |
| if: github.event_name == 'pull_request' | |
| uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2 | |
| with: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| header: ".#ciSystems.${{ matrix.system }}" | |
| message: | | |
| ### Report for `${{ matrix.system }}` | |
| <summary> Version changes </summary> <br> | |
| <pre> ${{ steps.diff.outputs.diff }} </pre> | |
| nix-build-success: | |
| if: ${{ always() }} | |
| needs: | |
| - nix-build | |
| name: Nix Build Successful | |
| runs-on: ubuntu-latest | |
| steps: | |
| - if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }} | |
| name: Check matrix status | |
| run: exit 1 |