Log in to flakehub on existing installs (#129) #530
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
pull_request: | |
push: | |
branches: [main] | |
workflow_dispatch: | |
jobs: | |
tests: | |
runs-on: ubuntu-22.04 | |
needs: | |
- check-dist-up-to-date | |
- install-nix | |
- install-with-non-default-source-inputs | |
- install-no-id-token | |
# NOTE(cole-h): GitHub treats "skipped" as "OK" for the purposes of required checks on branch | |
# protection, so we take advantage of this fact and fail if any of the dependent actions failed, | |
# or "skip" (which is a success for GHA's purposes) if none of them did. | |
if: failure() | |
steps: | |
- name: Dependent checks failed | |
run: exit 1 | |
check-dist-up-to-date: | |
name: Check the dist/ folder is up to date | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: DeterminateSystems/nix-installer-action@main | |
- uses: DeterminateSystems/magic-nix-cache-action@main | |
- name: pnpm install | |
run: nix develop --command pnpm install | |
- name: prettier format | |
run: nix develop --command pnpm run check-fmt | |
- name: ESLint | |
run: nix develop --command pnpm run lint | |
- name: tsup build | |
run: nix develop --command pnpm run build | |
- name: ncc package | |
run: nix develop --command pnpm run package | |
- name: Git status | |
run: git status --porcelain=v1 | |
- name: Ensure no staged changes | |
run: git diff --exit-code | |
install-nix: | |
name: "Test: ${{ matrix.runner }}${{ matrix.determinate && ' with determinate' || '' }}" | |
strategy: | |
matrix: | |
runner: | |
- ubuntu-latest | |
- nscloud-ubuntu-22.04-amd64-4x16 | |
- namespace-profile-default-arm64 | |
# - macos-12-large # determinate-nixd is broken on macos-12 | |
- macos-13-large | |
- macos-14-large | |
- macos-14-xlarge # arm64 | |
determinate: | |
- true | |
- false | |
runs-on: ${{ matrix.runner }} | |
permissions: | |
contents: read | |
id-token: write | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install Nix | |
uses: ./ | |
with: | |
logger: pretty | |
log-directives: nix_installer=trace | |
backtrace: full | |
_internal-strict-mode: true | |
determinate: ${{ matrix.determinate }} | |
- name: echo $PATH | |
run: echo $PATH | |
- name: Render the devshell | |
if: success() || failure() | |
run: | | |
nix develop --command date | |
- name: Test `nix` with `$GITHUB_PATH` | |
if: success() || failure() | |
run: | | |
nix run nixpkgs#hello | |
nix profile install nixpkgs#hello | |
hello | |
nix store gc | |
nix run nixpkgs#hello | |
- name: Test bash | |
run: nix-instantiate -E 'builtins.currentTime' --eval | |
if: success() || failure() | |
shell: bash --login {0} | |
- name: Test sh | |
run: nix-instantiate -E 'builtins.currentTime' --eval | |
if: success() || failure() | |
shell: sh -l {0} | |
- name: Test zsh | |
run: if (zsh --help > /dev/null); then zsh --login --interactive -c "nix-instantiate -E 'builtins.currentTime' --eval"; fi | |
if: success() || failure() | |
- name: Install Nix again (noop) | |
uses: ./ | |
with: | |
logger: pretty | |
log-directives: nix_installer=trace | |
backtrace: full | |
_internal-strict-mode: true | |
determinate: ${{ matrix.determinate }} | |
- name: Test `nix` with `$GITHUB_PATH` | |
if: success() || failure() | |
run: | | |
nix run nixpkgs#hello | |
nix profile install nixpkgs#hello | |
hello | |
nix store gc | |
nix run nixpkgs#hello | |
- name: Reinstall Nix | |
uses: ./ | |
with: | |
logger: pretty | |
log-directives: nix_installer=trace | |
backtrace: full | |
reinstall: true | |
extra-conf: | | |
use-sqlite-wal = true | |
_internal-strict-mode: true | |
determinate: ${{ matrix.determinate }} | |
- name: Test `nix` with `$GITHUB_PATH` | |
if: success() || failure() | |
run: | | |
nix run nixpkgs#hello | |
nix profile install nixpkgs#hello | |
hello | |
nix store gc | |
nix run nixpkgs#hello | |
- name: Verify the generated nix.conf | |
run: | | |
nix config show | |
cat -n /etc/nix/nix.conf | |
nix config show | grep -E "^trusted-users = .*$USER" | |
nix config show | grep -E "^use-sqlite-wal = true" | |
install-with-non-default-source-inputs: | |
name: Install Nix using non-default source-${{ matrix.inputs.key }} | |
runs-on: ubuntu-22.04 | |
strategy: | |
matrix: | |
inputs: | |
# https://github.com/DeterminateSystems/nix-installer/blob/v0.18.0 | |
- key: url | |
value: https://github.com/DeterminateSystems/nix-installer/releases/download/v0.18.0/nix-installer-x86_64-linux | |
nix-version: "2.21.2" | |
# https://github.com/DeterminateSystems/nix-installer/tree/7011c077ec491da410fbc39f68676b0908b9ce7e | |
- key: revision | |
value: 7011c077ec491da410fbc39f68676b0908b9ce7e | |
nix-version: "2.19.2" | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install with alternative source-${{ matrix.inputs.key }} | |
uses: ./ | |
with: | |
source-${{ matrix.inputs.key }}: ${{ matrix.inputs.value }} | |
_internal-strict-mode: true | |
- name: Ensure that the expected Nix version ${{ matrix.inputs.nix-version }} is installed via alternative source-${{ matrix.inputs.key }} | |
run: .github/verify-version.sh ${{ matrix.inputs.nix-version }} | |
install-no-id-token: | |
name: Install Nix without an ID token | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./ | |
with: | |
_internal-strict-mode: true | |
determinate: true |