ci, nix: build and cache all packages and CI dependencies
from f5bd9bc45e
with changes for GitHub CI and misc
Co-authored-by: Charles Hall <charles@computer.surgery>
Signed-off-by: strawberry <strawberry@puppygock.gay>
This commit is contained in:
parent
3b410d0556
commit
cad16b9268
5 changed files with 93 additions and 55 deletions
14
.github/workflows/ci.yml
vendored
14
.github/workflows/ci.yml
vendored
|
@ -53,7 +53,7 @@ jobs:
|
||||||
|
|
||||||
- name: Enable Cachix binary cache
|
- name: Enable Cachix binary cache
|
||||||
run: |
|
run: |
|
||||||
nix-env -iA cachix -f https://cachix.org/api/v1/install
|
nix profile install nixpkgs#cachix
|
||||||
cachix use crane
|
cachix use crane
|
||||||
cachix use nix-community
|
cachix use nix-community
|
||||||
|
|
||||||
|
@ -78,7 +78,7 @@ jobs:
|
||||||
- name: Prepare build environment
|
- name: Prepare build environment
|
||||||
run: |
|
run: |
|
||||||
echo 'source $HOME/.nix-profile/share/nix-direnv/direnvrc' > "$HOME/.direnvrc"
|
echo 'source $HOME/.nix-profile/share/nix-direnv/direnvrc' > "$HOME/.direnvrc"
|
||||||
nix-env -f "<nixpkgs>" -iA direnv -iA nix-direnv
|
nix profile install --impure --inputs-from . nixpkgs#direnv nixpkgs#nix-direnv
|
||||||
direnv allow
|
direnv allow
|
||||||
nix develop --command true
|
nix develop --command true
|
||||||
|
|
||||||
|
@ -144,9 +144,9 @@ jobs:
|
||||||
- name: Install Nix
|
- name: Install Nix
|
||||||
uses: DeterminateSystems/nix-installer-action@main
|
uses: DeterminateSystems/nix-installer-action@main
|
||||||
|
|
||||||
- name: Enable Cachix binary cache
|
- name: Install and enable Cachix binary cache
|
||||||
run: |
|
run: |
|
||||||
nix-env -iA cachix -f https://cachix.org/api/v1/install
|
nix profile install nixpkgs#cachix
|
||||||
cachix use crane
|
cachix use crane
|
||||||
cachix use nix-community
|
cachix use nix-community
|
||||||
|
|
||||||
|
@ -171,13 +171,13 @@ jobs:
|
||||||
- name: Prepare build environment
|
- name: Prepare build environment
|
||||||
run: |
|
run: |
|
||||||
echo 'source $HOME/.nix-profile/share/nix-direnv/direnvrc' > "$HOME/.direnvrc"
|
echo 'source $HOME/.nix-profile/share/nix-direnv/direnvrc' > "$HOME/.direnvrc"
|
||||||
nix-env -f "<nixpkgs>" -iA direnv -iA nix-direnv
|
nix profile install --impure --inputs-from . nixpkgs#direnv nixpkgs#nix-direnv
|
||||||
direnv allow
|
direnv allow
|
||||||
nix develop --command true
|
nix develop --command true
|
||||||
|
|
||||||
- name: Build static ${{ matrix.target }}
|
- name: Build static ${{ matrix.target }}
|
||||||
run: |
|
run: |
|
||||||
bin/nix-build-and-cache .#static-${{ matrix.target }}
|
bin/nix-build-and-cache just .#static-${{ matrix.target }}
|
||||||
mkdir -p target/release
|
mkdir -p target/release
|
||||||
cp -v -f result/bin/conduit target/release/
|
cp -v -f result/bin/conduit target/release/
|
||||||
direnv exec . cargo deb --no-build --no-strip --output target/debian/${{ matrix.target }}.deb
|
direnv exec . cargo deb --no-build --no-strip --output target/debian/${{ matrix.target }}.deb
|
||||||
|
@ -199,7 +199,7 @@ jobs:
|
||||||
|
|
||||||
- name: Build OCI image ${{ matrix.target }}
|
- name: Build OCI image ${{ matrix.target }}
|
||||||
run: |
|
run: |
|
||||||
bin/nix-build-and-cache .#oci-image-${{ matrix.target }}
|
bin/nix-build-and-cache just .#oci-image-${{ matrix.target }}
|
||||||
cp -v -f result oci-image-${{ matrix.target }}.tar.gz
|
cp -v -f result oci-image-${{ matrix.target }}.tar.gz
|
||||||
|
|
||||||
- name: Upload OCI image ${{ matrix.target }}
|
- name: Upload OCI image ${{ matrix.target }}
|
||||||
|
|
6
.github/workflows/documentation.yml
vendored
6
.github/workflows/documentation.yml
vendored
|
@ -88,13 +88,13 @@ jobs:
|
||||||
- name: Allow direnv
|
- name: Allow direnv
|
||||||
run: direnv allow
|
run: direnv allow
|
||||||
|
|
||||||
- name: Cache x86_64 inputs for devShell
|
- name: Cache CI dependencies
|
||||||
run: |
|
run: |
|
||||||
./bin/nix-build-and-cache .#devShells.x86_64-linux.default.inputDerivation
|
./bin/nix-build-and-cache ci
|
||||||
|
|
||||||
- name: Build documentation (book)
|
- name: Build documentation (book)
|
||||||
run: |
|
run: |
|
||||||
./bin/nix-build-and-cache .#book
|
./bin/nix-build-and-cache just .#book
|
||||||
cp -r --dereference result public
|
cp -r --dereference result public
|
||||||
- name: Upload generated documentation (book) as normal artifact
|
- name: Upload generated documentation (book) as normal artifact
|
||||||
uses: actions/upload-artifact@v4
|
uses: actions/upload-artifact@v4
|
||||||
|
|
|
@ -56,8 +56,8 @@ ci:
|
||||||
stage: ci
|
stage: ci
|
||||||
image: nixos/nix:2.22.0
|
image: nixos/nix:2.22.0
|
||||||
script:
|
script:
|
||||||
# Cache the inputs required for the devShell
|
# Cache CI dependencies
|
||||||
- ./bin/nix-build-and-cache .#devShells.x86_64-linux.default.inputDerivation
|
- ./bin/nix-build-and-cache ci
|
||||||
|
|
||||||
- direnv exec . engage
|
- direnv exec . engage
|
||||||
cache:
|
cache:
|
||||||
|
@ -81,7 +81,7 @@ artifacts:
|
||||||
stage: artifacts
|
stage: artifacts
|
||||||
image: nixos/nix:2.22.0
|
image: nixos/nix:2.22.0
|
||||||
script:
|
script:
|
||||||
- ./bin/nix-build-and-cache .#static-x86_64-unknown-linux-musl
|
- ./bin/nix-build-and-cache just .#static-x86_64-unknown-linux-musl
|
||||||
- cp result/bin/conduit x86_64-unknown-linux-musl
|
- cp result/bin/conduit x86_64-unknown-linux-musl
|
||||||
|
|
||||||
- mkdir -p target/release
|
- mkdir -p target/release
|
||||||
|
@ -97,16 +97,16 @@ artifacts:
|
||||||
# Note that although we have an `oci-image-x86_64-unknown-linux-musl`
|
# Note that although we have an `oci-image-x86_64-unknown-linux-musl`
|
||||||
# output, we don't build it because it would be largely redundant to this
|
# output, we don't build it because it would be largely redundant to this
|
||||||
# one since it's all containerized anyway.
|
# one since it's all containerized anyway.
|
||||||
- ./bin/nix-build-and-cache .#oci-image
|
- ./bin/nix-build-and-cache just .#oci-image
|
||||||
- cp result oci-image-amd64.tar.gz
|
- cp result oci-image-amd64.tar.gz
|
||||||
|
|
||||||
- ./bin/nix-build-and-cache .#static-aarch64-unknown-linux-musl
|
- ./bin/nix-build-and-cache just .#static-aarch64-unknown-linux-musl
|
||||||
- cp result/bin/conduit aarch64-unknown-linux-musl
|
- cp result/bin/conduit aarch64-unknown-linux-musl
|
||||||
|
|
||||||
- ./bin/nix-build-and-cache .#oci-image-aarch64-unknown-linux-musl
|
- ./bin/nix-build-and-cache just .#oci-image-aarch64-unknown-linux-musl
|
||||||
- cp result oci-image-arm64v8.tar.gz
|
- cp result oci-image-arm64v8.tar.gz
|
||||||
|
|
||||||
- ./bin/nix-build-and-cache .#book
|
- ./bin/nix-build-and-cache just .#book
|
||||||
# We can't just copy the symlink, we need to dereference it https://gitlab.com/gitlab-org/gitlab/-/issues/19746
|
# We can't just copy the symlink, we need to dereference it https://gitlab.com/gitlab-org/gitlab/-/issues/19746
|
||||||
- cp -r --dereference result public
|
- cp -r --dereference result public
|
||||||
artifacts:
|
artifacts:
|
||||||
|
|
|
@ -17,7 +17,9 @@ RESULTS_FILE="$3"
|
||||||
|
|
||||||
OCI_IMAGE="complement-conduit:dev"
|
OCI_IMAGE="complement-conduit:dev"
|
||||||
|
|
||||||
pushd "$(git rev-parse --show-toplevel)" > /dev/null
|
toplevel="$(git rev-parse --show-toplevel)"
|
||||||
|
|
||||||
|
pushd "$toplevel" > /dev/null
|
||||||
# uses nix-output-monitor (nom) if available
|
# uses nix-output-monitor (nom) if available
|
||||||
if command -v nom &> /dev/null; then
|
if command -v nom &> /dev/null; then
|
||||||
nom build .#complement
|
nom build .#complement
|
||||||
|
|
|
@ -2,45 +2,81 @@
|
||||||
|
|
||||||
set -eo pipefail
|
set -eo pipefail
|
||||||
|
|
||||||
# The first argument must be the desired installable
|
toplevel="$(git rev-parse --show-toplevel)"
|
||||||
INSTALLABLE="$1"
|
|
||||||
|
|
||||||
# Build the installable and forward any other arguments too
|
# Build just the single installable and forward any other arguments too
|
||||||
# uses nix-output-monitor (nom) if available
|
just() {
|
||||||
if command -v nom &> /dev/null; then
|
# uses nix-output-monitor (nom) if available
|
||||||
nom build "$@"
|
if command -v nom &> /dev/null; then
|
||||||
else
|
nom build "$@"
|
||||||
nix build -L "$@"
|
else
|
||||||
fi
|
nix build -L "$@"
|
||||||
|
fi
|
||||||
|
|
||||||
if [ ! -z "$ATTIC_TOKEN" ]; then
|
if [ ! -z "$ATTIC_TOKEN" ]; then
|
||||||
nix run --inputs-from . attic -- \
|
# historical "conduit" store for compatibility purposes, same as conduwuit
|
||||||
login \
|
nix run --inputs-from "$toplevel" attic -- \
|
||||||
conduit \
|
login \
|
||||||
"${ATTIC_ENDPOINT:-https://attic.kennel.juneis.dog/conduit}" \
|
conduit \
|
||||||
"$ATTIC_TOKEN"
|
"${ATTIC_ENDPOINT:-https://attic.kennel.juneis.dog/conduit}" \
|
||||||
|
"$ATTIC_TOKEN"
|
||||||
|
|
||||||
# Push the target installable and its build dependencies
|
readarray -t outputs < <(nix path-info "$@")
|
||||||
nix run --inputs-from . attic -- \
|
readarray -t derivations < <(nix path-info "$@" --derivation)
|
||||||
push \
|
|
||||||
conduit \
|
# Push the target installable and its build dependencies
|
||||||
"$(nix path-info "$INSTALLABLE" --derivation)" \
|
nix run --inputs-from "$toplevel" attic -- \
|
||||||
"$(nix path-info "$INSTALLABLE")"
|
push \
|
||||||
|
conduit \
|
||||||
|
"${outputs[@]}" \
|
||||||
|
"${derivations[@]}"
|
||||||
|
|
||||||
|
# main "conduwuit" store
|
||||||
|
nix run --inputs-from "$toplevel" attic -- \
|
||||||
|
login \
|
||||||
|
conduwuit \
|
||||||
|
"${ATTIC_ENDPOINT:-https://attic.kennel.juneis.dog/conduwuit}" \
|
||||||
|
"$ATTIC_TOKEN"
|
||||||
|
|
||||||
|
# Push the target installable and its build dependencies
|
||||||
|
nix run --inputs-from "$toplevel" attic -- \
|
||||||
|
push \
|
||||||
|
conduwuit \
|
||||||
|
"${outputs[@]}" \
|
||||||
|
"${derivations[@]}"
|
||||||
|
else
|
||||||
|
echo "\$ATTIC_TOKEN is unset, skipping uploading to the binary cache"
|
||||||
|
fi
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
# Build and cache things needed for CI
|
||||||
|
ci() {
|
||||||
|
cache=(
|
||||||
|
--inputs-from "$toplevel"
|
||||||
|
|
||||||
|
# Keep sorted
|
||||||
|
"$toplevel#devShells.x86_64-linux.default.inputDerivation"
|
||||||
|
attic#default
|
||||||
|
nixpkgs#direnv
|
||||||
|
nixpkgs#jq
|
||||||
|
nixpkgs#nix-direnv
|
||||||
|
)
|
||||||
|
|
||||||
|
just "${cache[@]}"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Build and cache *all* the package outputs from the flake.nix
|
||||||
|
packages() {
|
||||||
|
declare -a cache="($(
|
||||||
|
nix flake show --json 2> /dev/null |
|
||||||
|
nix run --inputs-from "$toplevel" nixpkgs#jq -- \
|
||||||
|
-r \
|
||||||
|
'.packages."x86_64-linux" | keys | map("'"$toplevel"'#" + .) | @sh'
|
||||||
|
))"
|
||||||
|
|
||||||
|
just "${cache[@]}"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
# push to "conduwuit" too
|
eval "$@"
|
||||||
nix run --inputs-from . attic -- \
|
|
||||||
login \
|
|
||||||
conduwuit \
|
|
||||||
"${ATTIC_ENDPOINT:-https://attic.kennel.juneis.dog/conduwuit}" \
|
|
||||||
"$ATTIC_TOKEN"
|
|
||||||
|
|
||||||
# Push the target installable and its build dependencies
|
|
||||||
nix run --inputs-from . attic -- \
|
|
||||||
push \
|
|
||||||
conduwuit \
|
|
||||||
"$(nix path-info "$INSTALLABLE" --derivation)" \
|
|
||||||
"$(nix path-info "$INSTALLABLE")"
|
|
||||||
else
|
|
||||||
echo "\$ATTIC_TOKEN is unset, skipping uploading to the binary cache"
|
|
||||||
fi
|
|
||||||
|
|
Loading…
Add table
Reference in a new issue