.github: Fix CI cache push conditional #255
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| pull_request: | |
| push: | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ghcr.io/${{ github.repository }} | |
| jobs: | |
| build: | |
| strategy: | |
| matrix: | |
| os: | |
| - ubuntu-latest | |
| - macos-latest | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@v4.1.7 | |
| - name: Install current Bash on macOS | |
| if: runner.os == 'macOS' | |
| run: | | |
| command -v brew && brew install bash || true | |
| - uses: DeterminateSystems/nix-installer-action@v14 | |
| continue-on-error: true # Self-hosted runners already have Nix installed | |
| - name: Install Attic | |
| run: | | |
| if ! command -v attic &> /dev/null; then | |
| ./.github/install-attic-ci.sh | |
| fi | |
| - name: Configure Attic | |
| continue-on-error: true | |
| run: | | |
| : "${ATTIC_SERVER:=https://staging.attic.rs/}" | |
| : "${ATTIC_CACHE:=attic-ci}" | |
| echo ATTIC_CACHE=$ATTIC_CACHE >>$GITHUB_ENV | |
| export PATH=$HOME/.nix-profile/bin:$PATH # FIXME | |
| attic login --set-default ci "$ATTIC_SERVER" "$ATTIC_TOKEN" | |
| attic use "$ATTIC_CACHE" | |
| env: | |
| ATTIC_SERVER: ${{ secrets.ATTIC_SERVER }} | |
| ATTIC_CACHE: ${{ secrets.ATTIC_CACHE }} | |
| ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} | |
| - name: Cache dev shell | |
| run: | | |
| .ci/cache-shell.sh | |
| system=$(nix-instantiate --eval -E 'builtins.currentSystem') | |
| echo system=$system >>$GITHUB_ENV | |
| # TODO: Abstract all of this out, and use `attic push --stdin` (requires #232) | |
| - name: Build packages | |
| run: | | |
| export PATH=$HOME/.nix-profile/bin:$PATH # FIXME | |
| nix build --no-link --print-out-paths -L \ | |
| .#attic \ | |
| .#attic-client \ | |
| .#attic-server \ | |
| | if [ -n "$ATTIC_CACHE" ]; then | |
| xargs attic push "ci:$ATTIC_CACHE" | |
| else | |
| cat | |
| fi | |
| tests: | |
| strategy: | |
| matrix: | |
| os: | |
| - ubuntu-latest | |
| - macos-latest | |
| nix: | |
| - "2.20" | |
| - "2.24" | |
| - "default" | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@v4.1.7 | |
| - name: Install current Bash on macOS | |
| if: runner.os == 'macOS' | |
| run: | | |
| command -v brew && brew install bash || true | |
| - uses: DeterminateSystems/nix-installer-action@v14 | |
| continue-on-error: true # Self-hosted runners already have Nix installed | |
| - name: Install Attic | |
| run: | | |
| if ! command -v attic &> /dev/null; then | |
| ./.github/install-attic-ci.sh | |
| fi | |
| - name: Configure Attic | |
| continue-on-error: true | |
| run: | | |
| : "${ATTIC_SERVER:=https://staging.attic.rs/}" | |
| : "${ATTIC_CACHE:=attic-ci}" | |
| echo ATTIC_CACHE=$ATTIC_CACHE >>$GITHUB_ENV | |
| export PATH=$HOME/.nix-profile/bin:$PATH # FIXME | |
| attic login --set-default ci "$ATTIC_SERVER" "$ATTIC_TOKEN" | |
| attic use "$ATTIC_CACHE" | |
| env: | |
| ATTIC_SERVER: ${{ secrets.ATTIC_SERVER }} | |
| ATTIC_CACHE: ${{ secrets.ATTIC_CACHE }} | |
| ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} | |
| - name: Cache dev shell | |
| run: | | |
| .ci/cache-shell.sh | |
| system=$(nix-instantiate --eval -E 'builtins.currentSystem') | |
| echo system=$system >>$GITHUB_ENV | |
| - name: Run unit tests | |
| run: | | |
| .ci/run just ci-unit-tests ${{ matrix.nix }} | |
| - name: Build WebAssembly crates | |
| if: runner.os == 'Linux' | |
| run: | | |
| .ci/run just ci-build-wasm | |
| # TODO: Just take a diff of the list of store paths, also abstract all of this out | |
| - name: Push build artifacts | |
| run: | | |
| export PATH=$HOME/.nix-profile/bin:$PATH # FIXME | |
| if [ -n "$ATTIC_CACHE" ]; then | |
| nix build --no-link --print-out-paths -L \ | |
| .#internalMatrix."$system".\"${{ matrix.nix }}\".attic-tests \ | |
| .#internalMatrix."$system".\"${{ matrix.nix }}\".cargoArtifacts \ | |
| | xargs attic push "ci:$ATTIC_CACHE" | |
| fi | |
| nix-matrix: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.set-matrix.outputs.matrix }} | |
| steps: | |
| - uses: actions/checkout@v4.1.7 | |
| - uses: DeterminateSystems/nix-installer-action@v14 | |
| continue-on-error: true # Self-hosted runners already have Nix installed | |
| - name: Install Attic | |
| run: | | |
| if ! command -v attic &> /dev/null; then | |
| ./.github/install-attic-ci.sh | |
| fi | |
| - name: Configure Attic | |
| continue-on-error: true | |
| run: | | |
| : "${ATTIC_SERVER:=https://staging.attic.rs/}" | |
| : "${ATTIC_CACHE:=attic-ci}" | |
| echo ATTIC_CACHE=$ATTIC_CACHE >>$GITHUB_ENV | |
| export PATH=$HOME/.nix-profile/bin:$PATH # FIXME | |
| attic login --set-default ci "$ATTIC_SERVER" "$ATTIC_TOKEN" | |
| attic use "$ATTIC_CACHE" | |
| env: | |
| ATTIC_SERVER: ${{ secrets.ATTIC_SERVER }} | |
| ATTIC_CACHE: ${{ secrets.ATTIC_CACHE }} | |
| ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} | |
| - id: set-matrix | |
| name: Generate Nix Matrix | |
| run: | | |
| set -Eeu | |
| matrix="$(nix eval --json '.#githubActions.matrix')" | |
| echo "matrix=$matrix" >> "$GITHUB_OUTPUT" | |
| nix-matrix-job: | |
| name: ${{ matrix.name }} | |
| runs-on: ${{ matrix.os }} | |
| needs: | |
| - build | |
| - nix-matrix | |
| strategy: | |
| matrix: ${{fromJSON(needs.nix-matrix.outputs.matrix)}} | |
| steps: | |
| - uses: actions/checkout@v4.1.7 | |
| - name: Install current Bash on macOS | |
| if: runner.os == 'macOS' | |
| run: | | |
| command -v brew && brew install bash || true | |
| - uses: DeterminateSystems/nix-installer-action@v14 | |
| continue-on-error: true # Self-hosted runners already have Nix installed | |
| - name: Configure Attic | |
| continue-on-error: true | |
| run: | | |
| : "${ATTIC_SERVER:=https://staging.attic.rs/}" | |
| : "${ATTIC_CACHE:=attic-ci}" | |
| echo ATTIC_CACHE=$ATTIC_CACHE >>$GITHUB_ENV | |
| export PATH=$HOME/.nix-profile/bin:$PATH # FIXME | |
| attic login --set-default ci "$ATTIC_SERVER" "$ATTIC_TOKEN" | |
| attic use "$ATTIC_CACHE" | |
| env: | |
| ATTIC_SERVER: ${{ secrets.ATTIC_SERVER }} | |
| ATTIC_CACHE: ${{ secrets.ATTIC_CACHE }} | |
| ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} | |
| - name: Build ${{ matrix.attr }} | |
| run: | | |
| nix build --no-link --print-out-paths -L '.#${{ matrix.attr }}' \ | |
| | if [ -n "$ATTIC_CACHE" ]; then | |
| xargs attic push "ci:$ATTIC_CACHE" | |
| else | |
| cat | |
| fi | |
| image: | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' | |
| needs: | |
| - build | |
| - tests | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@v4.1.7 | |
| - name: Install current Bash on macOS | |
| if: runner.os == 'macOS' | |
| run: | | |
| command -v brew && brew install bash || true | |
| - uses: DeterminateSystems/nix-installer-action@v14 | |
| continue-on-error: true # Self-hosted runners already have Nix installed | |
| - name: Install Attic | |
| run: | | |
| if ! command -v attic &> /dev/null; then | |
| ./.github/install-attic-ci.sh | |
| fi | |
| - name: Configure Attic | |
| continue-on-error: true | |
| run: | | |
| : "${ATTIC_SERVER:=https://staging.attic.rs/}" | |
| : "${ATTIC_CACHE:=attic-ci}" | |
| echo ATTIC_CACHE=$ATTIC_CACHE >>$GITHUB_ENV | |
| export PATH=$HOME/.nix-profile/bin:$PATH # FIXME | |
| attic login --set-default ci "$ATTIC_SERVER" "$ATTIC_TOKEN" | |
| attic use "$ATTIC_CACHE" | |
| env: | |
| ATTIC_SERVER: ${{ secrets.ATTIC_SERVER }} | |
| ATTIC_CACHE: ${{ secrets.ATTIC_CACHE }} | |
| ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} | |
| - name: Cache dev shell | |
| run: | | |
| .ci/cache-shell.sh | |
| system=$(nix-instantiate --eval -E 'builtins.currentSystem') | |
| echo system=$system >>$GITHUB_ENV | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v3.3.0 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push container images | |
| continue-on-error: true | |
| run: | | |
| declare -a tags | |
| tags+=("${{ github.sha }}") | |
| branch=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') | |
| if [[ "${{ github.ref }}" == "refs/tags/"* ]]; then | |
| tags+=("$(echo $branch | sed -e 's/^v//')") | |
| else | |
| tags+=("${branch}") | |
| fi | |
| if [ "$branch" == "${{ github.event.repository.default_branch }}" ]; then | |
| tags+=("latest") | |
| fi | |
| >&2 echo "Image: ${IMAGE_NAME}" | |
| >&2 echo "Tags: ${tags[@]}" | |
| .ci/run just ci-build-and-push-images "${IMAGE_NAME}" "${tags[@]}" | |
| # TODO: Just take a diff of the list of store paths, also abstract all of this out | |
| - name: Push build artifacts | |
| run: | | |
| export PATH=$HOME/.nix-profile/bin:$PATH # FIXME | |
| if [ -n "$ATTIC_CACHE" ]; then | |
| nix build --no-link --print-out-paths -L \ | |
| .#attic-server-image \ | |
| .#attic-server-image-aarch64 \ | |
| | xargs attic push "ci:$ATTIC_CACHE" | |
| fi |