ci, nix: build and cache all packages and CI dependencies

from f5bd9bc45e
with changes for GitHub CI and misc

Co-authored-by: Charles Hall <charles@computer.surgery>
Signed-off-by: strawberry <strawberry@puppygock.gay>
This commit is contained in:
strawberry 2024-05-01 23:30:49 -04:00 committed by June
parent 3b410d0556
commit cad16b9268
5 changed files with 93 additions and 55 deletions

View file

@ -53,7 +53,7 @@ jobs:
- name: Enable Cachix binary cache - name: Enable Cachix binary cache
run: | run: |
nix-env -iA cachix -f https://cachix.org/api/v1/install nix profile install nixpkgs#cachix
cachix use crane cachix use crane
cachix use nix-community cachix use nix-community
@ -78,7 +78,7 @@ jobs:
- name: Prepare build environment - name: Prepare build environment
run: | run: |
echo 'source $HOME/.nix-profile/share/nix-direnv/direnvrc' > "$HOME/.direnvrc" echo 'source $HOME/.nix-profile/share/nix-direnv/direnvrc' > "$HOME/.direnvrc"
nix-env -f "<nixpkgs>" -iA direnv -iA nix-direnv nix profile install --impure --inputs-from . nixpkgs#direnv nixpkgs#nix-direnv
direnv allow direnv allow
nix develop --command true nix develop --command true
@ -144,9 +144,9 @@ jobs:
- name: Install Nix - name: Install Nix
uses: DeterminateSystems/nix-installer-action@main uses: DeterminateSystems/nix-installer-action@main
- name: Enable Cachix binary cache - name: Install and enable Cachix binary cache
run: | run: |
nix-env -iA cachix -f https://cachix.org/api/v1/install nix profile install nixpkgs#cachix
cachix use crane cachix use crane
cachix use nix-community cachix use nix-community
@ -171,13 +171,13 @@ jobs:
- name: Prepare build environment - name: Prepare build environment
run: | run: |
echo 'source $HOME/.nix-profile/share/nix-direnv/direnvrc' > "$HOME/.direnvrc" echo 'source $HOME/.nix-profile/share/nix-direnv/direnvrc' > "$HOME/.direnvrc"
nix-env -f "<nixpkgs>" -iA direnv -iA nix-direnv nix profile install --impure --inputs-from . nixpkgs#direnv nixpkgs#nix-direnv
direnv allow direnv allow
nix develop --command true nix develop --command true
- name: Build static ${{ matrix.target }} - name: Build static ${{ matrix.target }}
run: | run: |
bin/nix-build-and-cache .#static-${{ matrix.target }} bin/nix-build-and-cache just .#static-${{ matrix.target }}
mkdir -p target/release mkdir -p target/release
cp -v -f result/bin/conduit target/release/ cp -v -f result/bin/conduit target/release/
direnv exec . cargo deb --no-build --no-strip --output target/debian/${{ matrix.target }}.deb direnv exec . cargo deb --no-build --no-strip --output target/debian/${{ matrix.target }}.deb
@ -199,7 +199,7 @@ jobs:
- name: Build OCI image ${{ matrix.target }} - name: Build OCI image ${{ matrix.target }}
run: | run: |
bin/nix-build-and-cache .#oci-image-${{ matrix.target }} bin/nix-build-and-cache just .#oci-image-${{ matrix.target }}
cp -v -f result oci-image-${{ matrix.target }}.tar.gz cp -v -f result oci-image-${{ matrix.target }}.tar.gz
- name: Upload OCI image ${{ matrix.target }} - name: Upload OCI image ${{ matrix.target }}

View file

@ -88,13 +88,13 @@ jobs:
- name: Allow direnv - name: Allow direnv
run: direnv allow run: direnv allow
- name: Cache x86_64 inputs for devShell - name: Cache CI dependencies
run: | run: |
./bin/nix-build-and-cache .#devShells.x86_64-linux.default.inputDerivation ./bin/nix-build-and-cache ci
- name: Build documentation (book) - name: Build documentation (book)
run: | run: |
./bin/nix-build-and-cache .#book ./bin/nix-build-and-cache just .#book
cp -r --dereference result public cp -r --dereference result public
- name: Upload generated documentation (book) as normal artifact - name: Upload generated documentation (book) as normal artifact
uses: actions/upload-artifact@v4 uses: actions/upload-artifact@v4

View file

@ -56,8 +56,8 @@ ci:
stage: ci stage: ci
image: nixos/nix:2.22.0 image: nixos/nix:2.22.0
script: script:
# Cache the inputs required for the devShell # Cache CI dependencies
- ./bin/nix-build-and-cache .#devShells.x86_64-linux.default.inputDerivation - ./bin/nix-build-and-cache ci
- direnv exec . engage - direnv exec . engage
cache: cache:
@ -81,7 +81,7 @@ artifacts:
stage: artifacts stage: artifacts
image: nixos/nix:2.22.0 image: nixos/nix:2.22.0
script: script:
- ./bin/nix-build-and-cache .#static-x86_64-unknown-linux-musl - ./bin/nix-build-and-cache just .#static-x86_64-unknown-linux-musl
- cp result/bin/conduit x86_64-unknown-linux-musl - cp result/bin/conduit x86_64-unknown-linux-musl
- mkdir -p target/release - mkdir -p target/release
@ -97,16 +97,16 @@ artifacts:
# Note that although we have an `oci-image-x86_64-unknown-linux-musl` # Note that although we have an `oci-image-x86_64-unknown-linux-musl`
# output, we don't build it because it would be largely redundant to this # output, we don't build it because it would be largely redundant to this
# one since it's all containerized anyway. # one since it's all containerized anyway.
- ./bin/nix-build-and-cache .#oci-image - ./bin/nix-build-and-cache just .#oci-image
- cp result oci-image-amd64.tar.gz - cp result oci-image-amd64.tar.gz
- ./bin/nix-build-and-cache .#static-aarch64-unknown-linux-musl - ./bin/nix-build-and-cache just .#static-aarch64-unknown-linux-musl
- cp result/bin/conduit aarch64-unknown-linux-musl - cp result/bin/conduit aarch64-unknown-linux-musl
- ./bin/nix-build-and-cache .#oci-image-aarch64-unknown-linux-musl - ./bin/nix-build-and-cache just .#oci-image-aarch64-unknown-linux-musl
- cp result oci-image-arm64v8.tar.gz - cp result oci-image-arm64v8.tar.gz
- ./bin/nix-build-and-cache .#book - ./bin/nix-build-and-cache just .#book
# We can't just copy the symlink, we need to dereference it https://gitlab.com/gitlab-org/gitlab/-/issues/19746 # We can't just copy the symlink, we need to dereference it https://gitlab.com/gitlab-org/gitlab/-/issues/19746
- cp -r --dereference result public - cp -r --dereference result public
artifacts: artifacts:

View file

@ -17,7 +17,9 @@ RESULTS_FILE="$3"
OCI_IMAGE="complement-conduit:dev" OCI_IMAGE="complement-conduit:dev"
pushd "$(git rev-parse --show-toplevel)" > /dev/null toplevel="$(git rev-parse --show-toplevel)"
pushd "$toplevel" > /dev/null
# uses nix-output-monitor (nom) if available # uses nix-output-monitor (nom) if available
if command -v nom &> /dev/null; then if command -v nom &> /dev/null; then
nom build .#complement nom build .#complement

View file

@ -2,45 +2,81 @@
set -eo pipefail set -eo pipefail
# The first argument must be the desired installable toplevel="$(git rev-parse --show-toplevel)"
INSTALLABLE="$1"
# Build the installable and forward any other arguments too # Build just the single installable and forward any other arguments too
# uses nix-output-monitor (nom) if available just() {
if command -v nom &> /dev/null; then # uses nix-output-monitor (nom) if available
nom build "$@" if command -v nom &> /dev/null; then
else nom build "$@"
nix build -L "$@" else
fi nix build -L "$@"
fi
if [ ! -z "$ATTIC_TOKEN" ]; then if [ ! -z "$ATTIC_TOKEN" ]; then
nix run --inputs-from . attic -- \ # historical "conduit" store for compatibility purposes, same as conduwuit
login \ nix run --inputs-from "$toplevel" attic -- \
conduit \ login \
"${ATTIC_ENDPOINT:-https://attic.kennel.juneis.dog/conduit}" \ conduit \
"$ATTIC_TOKEN" "${ATTIC_ENDPOINT:-https://attic.kennel.juneis.dog/conduit}" \
"$ATTIC_TOKEN"
# Push the target installable and its build dependencies readarray -t outputs < <(nix path-info "$@")
nix run --inputs-from . attic -- \ readarray -t derivations < <(nix path-info "$@" --derivation)
push \
conduit \ # Push the target installable and its build dependencies
"$(nix path-info "$INSTALLABLE" --derivation)" \ nix run --inputs-from "$toplevel" attic -- \
"$(nix path-info "$INSTALLABLE")" push \
conduit \
"${outputs[@]}" \
"${derivations[@]}"
# main "conduwuit" store
nix run --inputs-from "$toplevel" attic -- \
login \
conduwuit \
"${ATTIC_ENDPOINT:-https://attic.kennel.juneis.dog/conduwuit}" \
"$ATTIC_TOKEN"
# Push the target installable and its build dependencies
nix run --inputs-from "$toplevel" attic -- \
push \
conduwuit \
"${outputs[@]}" \
"${derivations[@]}"
else
echo "\$ATTIC_TOKEN is unset, skipping uploading to the binary cache"
fi
}
# Build and cache things needed for CI
ci() {
cache=(
--inputs-from "$toplevel"
# Keep sorted
"$toplevel#devShells.x86_64-linux.default.inputDerivation"
attic#default
nixpkgs#direnv
nixpkgs#jq
nixpkgs#nix-direnv
)
just "${cache[@]}"
}
# Build and cache *all* the package outputs from the flake.nix
packages() {
declare -a cache="($(
nix flake show --json 2> /dev/null |
nix run --inputs-from "$toplevel" nixpkgs#jq -- \
-r \
'.packages."x86_64-linux" | keys | map("'"$toplevel"'#" + .) | @sh'
))"
just "${cache[@]}"
}
# push to "conduwuit" too eval "$@"
nix run --inputs-from . attic -- \
login \
conduwuit \
"${ATTIC_ENDPOINT:-https://attic.kennel.juneis.dog/conduwuit}" \
"$ATTIC_TOKEN"
# Push the target installable and its build dependencies
nix run --inputs-from . attic -- \
push \
conduwuit \
"$(nix path-info "$INSTALLABLE" --derivation)" \
"$(nix path-info "$INSTALLABLE")"
else
echo "\$ATTIC_TOKEN is unset, skipping uploading to the binary cache"
fi