Skip to content

CI

CI #49

Workflow file for this run

# Copyright 2024 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This workflow does double duty: it runs checks against PRs/pushes, and it
# updates flake.lock (run from a schedule or manually).
#
# This approach seems simpler than having a separate lockfile-updating workflow
# that creates a PR that gets the normal check workflow ran against it before
# merging, especially since (according to
# https://github.com/DeterminateSystems/update-flake-lock) GitHub Actions does
# not run workflows against PRs created by a GitHub Action.
name: CI
on:
push:
pull_request:
workflow_dispatch:
inputs:
updateFlakeLock:
description: 'Update flake.lock'
default: false
type: boolean
schedule:
- cron: '23 8 * * *' # runs daily at a randomly selected time
jobs:
check:
runs-on: ubuntu-latest
permissions:
id-token: "write"
contents: "write"
steps:
- name: Check out repository
uses: actions/checkout@v4
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@main
- name: Enable Magic Nix Cache
uses: DeterminateSystems/magic-nix-cache-action@main
with:
use-flakehub: false
- name: Update flake.lock
if: github.event_name == 'schedule' || ( github.event_name == 'workflow_dispatch' && inputs.updateFlakeLock )
run: |
git config user.email "github-actions[bot]@users.noreply.github.com"
git config user.name "github-actions[bot]"
nix flake update --commit-lock-file
- name: Check flake.lock
uses: DeterminateSystems/flake-checker-action@main
# Update the caches daily, flush the cache monthly.
- name: Set cache keys
id: cache-keys
run: |
{
echo "key=$(date +'%Y-%m-%d')"
echo "restore=$(date +'%Y-%m-')"
} >> "$GITHUB_OUTPUT"
- name: Cache git checkouts
uses: actions/cache@v4
with:
path: ~/.cache/nix/gitv3
key: nix-gitv3-cache-${{ steps.cache-keys.outputs.key }}
restore-keys: nix-gitv3-cache-${{ steps.cache-keys.outputs.restore }}
- name: Cache tarballs
uses: actions/cache@v4
with:
path: ~/.cache/nix/tarball-cache
key: nix-tarball-cache-${{ steps.cache-keys.outputs.key }}
restore-keys: nix-tarball-cache-${{ steps.cache-keys.outputs.restore }}
- name: nix flake check
run: nix flake check -L --show-trace
- name: Build packages for Cachix
if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
run: nix build .#cachix-packages -L
# Intentionally install Cachix late: build artifacts are cached by Magic
# Nix Cache, only the runtime closure of cachix-packages goes to the
# public Cachix cache.
- name: Install Cachix
if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
uses: cachix/cachix-action@v15
with:
name: doom-emacs-unstraightened
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- name: Push to Cachix
if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
run: readlink result | cachix push doom-emacs-unstraightened
- name: Push changes
if: github.event_name == 'schedule' || ( github.event_name == 'workflow_dispatch' && inputs.updateFlakeLock )
run: git push
# `git push` only works because branch protection is not enabled.
#
# Currently branch protection is not effective anyway, since the only
# contributor (marienz) has admin permissions, and applying branch
# protection to administrators seems to be an "organization" feature.
#
# The supported path seems to be "create a PR and use the API to merge
# it", but that's more work to implement (see above): revisit later.
# TODO: try to improve caching.
#
# We spend a lot of time fetching sources. Caching all of ~/.cache/nix/gitv3 is
# not ideal: it is too large (3GiB) and we don't expire individual checkouts.
# https://github.com/DeterminateSystems/magic-nix-cache/issues/28 may help.
#
# The "magic" nix cache hits usage limits:
#
# 2024-05-18T06:45:19.165515Z ERROR magic_nix_cache::gha: Upload of path '/nix/store/fpq1vaw8vr88a67lc2jspskf2fa7zbvj-emacs-treepy-20230715.2154' failed: GitHub API error: API error (429 Too Many Requests): StructuredApiError { message: "Request was blocked due to exceeding usage of resource 'Count' in namespace ''." }
#
# This might get better as the cache populates, as long as I don't hit size
# limits.