name: Build on: pull_request: push: env: REGISTRY: ghcr.io IMAGE_NAME: ghcr.io/${{ github.repository }} jobs: tests: strategy: matrix: os: - ubuntu-latest - macos-latest nix: - "2.20" - "2.24" - "default" runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4.1.1 - name: Install current Bash on macOS if: runner.os == 'macOS' run: | command -v brew && brew install bash || true - uses: DeterminateSystems/nix-installer-action@v9 continue-on-error: true # Self-hosted runners already have Nix installed - name: Install Attic run: | if ! command -v attic &> /dev/null; then ./.github/install-attic-ci.sh fi - name: Configure Attic continue-on-error: true run: | : "${ATTIC_SERVER:=https://staging.attic.rs/}" : "${ATTIC_CACHE:=attic-ci}" echo ATTIC_CACHE=$ATTIC_CACHE >>$GITHUB_ENV export PATH=$HOME/.nix-profile/bin:$PATH # FIXME attic login --set-default ci "$ATTIC_SERVER" "$ATTIC_TOKEN" attic use "$ATTIC_CACHE" env: ATTIC_SERVER: ${{ secrets.ATTIC_SERVER }} ATTIC_CACHE: ${{ secrets.ATTIC_CACHE }} ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} - name: Cache dev shell run: | .ci/cache-shell.sh system=$(nix-instantiate --eval -E 'builtins.currentSystem') echo system=$system >>$GITHUB_ENV - name: Run unit tests run: | .ci/run just ci-unit-tests ${{ matrix.nix }} - name: Build WebAssembly crates if: runner.os == 'Linux' run: | .ci/run just ci-build-wasm # TODO: Just take a diff of the list of store paths, also abstract all of this out - name: Push build artifacts run: | export PATH=$HOME/.nix-profile/bin:$PATH # FIXME if [ -n "$ATTIC_TOKEN" ]; then nix build --no-link --print-out-paths -L \ .#internalMatrix."$system".\"${{ matrix.nix }}\".attic-tests \ .#internalMatrix."$system".\"${{ matrix.nix }}\".cargoArtifacts \ | xargs attic push "ci:$ATTIC_CACHE" fi image: runs-on: ubuntu-latest if: github.event_name == 'push' needs: - tests permissions: contents: read packages: write steps: - uses: actions/checkout@v4.1.1 - name: Install current Bash on macOS if: runner.os == 'macOS' run: | command -v brew && brew install bash || true - uses: DeterminateSystems/nix-installer-action@v9 continue-on-error: true # Self-hosted runners already have Nix installed - name: Install Attic run: | if ! command -v attic &> /dev/null; then ./.github/install-attic-ci.sh fi - name: Configure Attic continue-on-error: true run: | : "${ATTIC_SERVER:=https://staging.attic.rs/}" : "${ATTIC_CACHE:=attic-ci}" echo ATTIC_CACHE=$ATTIC_CACHE >>$GITHUB_ENV export PATH=$HOME/.nix-profile/bin:$PATH # FIXME attic login --set-default ci "$ATTIC_SERVER" "$ATTIC_TOKEN" attic use "$ATTIC_CACHE" env: ATTIC_SERVER: ${{ secrets.ATTIC_SERVER }} ATTIC_CACHE: ${{ secrets.ATTIC_CACHE }} ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} - name: Cache dev shell run: | .ci/cache-shell.sh system=$(nix-instantiate --eval -E 'builtins.currentSystem') echo system=$system >>$GITHUB_ENV - name: Log in to the Container registry uses: docker/login-action@v3.0.0 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push container images continue-on-error: true run: | declare -a tags tags+=("${{ github.sha }}") branch=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') if [[ "${{ github.ref }}" == "refs/tags/"* ]]; then tags+=("$(echo $branch | sed -e 's/^v//')") else tags+=("${branch}") fi if [ "$branch" == "${{ github.event.repository.default_branch }}" ]; then tags+=("latest") fi >&2 echo "Image: ${IMAGE_NAME}" >&2 echo "Tags: ${tags[@]}" .ci/run just ci-build-and-push-images "${IMAGE_NAME}" "${tags[@]}" # TODO: Just take a diff of the list of store paths, also abstract all of this out - name: Push build artifacts run: | export PATH=$HOME/.nix-profile/bin:$PATH # FIXME if [ -n "$ATTIC_TOKEN" ]; then nix build --no-link --print-out-paths -L \ .#attic-server-image \ .#attic-server-image-aarch64 \ | xargs attic push "ci:$ATTIC_CACHE" fi