CI #6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright 2024 Google LLC | |
# | |
# Licensed under the Apache License, Version 2.0 (the "License"); | |
# you may not use this file except in compliance with the License. | |
# You may obtain a copy of the License at | |
# | |
# http://www.apache.org/licenses/LICENSE-2.0 | |
# | |
# Unless required by applicable law or agreed to in writing, software | |
# distributed under the License is distributed on an "AS IS" BASIS, | |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
# See the License for the specific language governing permissions and | |
# limitations under the License. | |
# This workflow does double duty: it runs checks against PRs/pushes, and it | |
# updates flake.lock (run from a schedule or manually). | |
# | |
# This approach seems simpler than having a separate lockfile-updating workflow | |
# that creates a PR that gets the normal check workflow ran against it before | |
# merging, especially since (according to | |
# https://github.com/DeterminateSystems/update-flake-lock) GitHub Actions does | |
# not run workflows against PRs created by a GitHub Action. | |
name: CI | |
on: | |
push: | |
pull_request: | |
workflow_dispatch: | |
inputs: | |
updateFlakeLock: | |
description: 'Update flake.lock' | |
default: false | |
type: boolean | |
# To enable once confirmed working. | |
# schedule: | |
# - cron: '23 8 * * *' # runs daily at a randomly selected time | |
jobs: | |
check: | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: "write" | |
contents: "read" | |
steps: | |
- name: Check out repository | |
uses: actions/checkout@v4 | |
- name: Install Nix | |
uses: DeterminateSystems/nix-installer-action@main | |
- name: Enable Magic Nix Cache | |
uses: DeterminateSystems/magic-nix-cache-action@main | |
- name: Update flake.lock | |
if: github.event_name == 'schedule' || ( github.event_name == 'workflow_dispatch' && inputs.updateFlakeLock ) | |
run: | | |
git config user.email "github-actions[bot]@users.noreply.github.com" | |
git config user.name "github-actions[bot]" | |
nix flake update --commit-lock-file | |
- name: Check flake.lock | |
uses: DeterminateSystems/flake-checker-action@main | |
with: | |
nixpkgs-keys: "" # TODO: check nixpkgs used for cached builds | |
- name: Cache git checkouts | |
uses: actions/cache@v4 | |
with: | |
path: ~/.cache/nix/gitv3 | |
key: nix-gitv3-cache-${{ hashFiles('flake.lock') }} | |
restore-keys: nix-gitv3-cache- | |
- name: nix flake check | |
run: nix flake check -L --show-trace | |
- name: Push changes | |
if: github.event_name == 'schedule' || ( github.event_name == 'workflow_dispatch' && inputs.updateFlakeLock ) | |
run: git push | |
# TODO: try to improve caching. | |
# | |
# We spend a lot of time fetching sources. Caching all of ~/.cache/nix/gitv3 is | |
# not ideal: it is too large (3GiB) and we don't expire individual checkouts. | |
# https://github.com/DeterminateSystems/magic-nix-cache/issues/28 may help. | |
# | |
# The "magic" nix cache hits usage limits: | |
# | |
# 2024-05-18T06:45:19.165515Z ERROR magic_nix_cache::gha: Upload of path '/nix/store/fpq1vaw8vr88a67lc2jspskf2fa7zbvj-emacs-treepy-20230715.2154' failed: GitHub API error: API error (429 Too Many Requests): StructuredApiError { message: "Request was blocked due to exceeding usage of resource 'Count' in namespace ''." } | |
# | |
# This might get better as the cache populates, as long as I don't hit size | |
# limits. |