Fix nix cache #106
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dev | |
| on: [push] | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| build-runner: | |
| name: Build runner | |
| runs-on: [self-hosted, nix, general, "${{ matrix.arch.runner }}", "${{ matrix.arch.size }}"] | |
| timeout-minutes: 20 | |
| strategy: | |
| matrix: | |
| arch: | |
| - nix: x86_64-linux | |
| runner: amd64-linux | |
| image: amd64 | |
| size: medium | |
| - nix: aarch64-linux | |
| runner: arm64-linux | |
| image: arm64 | |
| size: medium | |
| - nix: aarch64-darwin | |
| runner: arm64-darwin | |
| size: small | |
| env: | |
| IMAGE_REPOSITORY: public.ecr.aws/shopstic | |
| outputs: | |
| version: ${{ steps.determine-version.outputs.version }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - id: determine-version | |
| name: Determine current version | |
| run: |- | |
| CURRENT_VERSION=$(./release.sh get_release_version) || exit $? | |
| echo "version=${CURRENT_VERSION}" >> $GITHUB_OUTPUT | |
| - name: Build intellij-scala-runners | |
| run: |- | |
| nix build -L --no-link '.#packages.${{ matrix.arch.nix }}.intellij-scala-runners' | |
| - name: Build runner | |
| run: |- | |
| nix build -L --no-link '.#packages.${{ matrix.arch.nix }}.runner-jre' | |
| - name: Cache runner | |
| env: | |
| NIX_OUTPUT: .#packages.${{ matrix.arch.nix }}.runner-jre | |
| run: | | |
| nix store sign "${NIX_OUTPUT}" -v -r -k ~/.secrets/nix-cache-private-key | |
| nix copy -v --to "s3://${NIX_CACHE_BUCKET_NAME}/cache?region=${NIX_CACHE_BUCKET_REGION}&compression=zstd¶llel-compression=true" "${NIX_OUTPUT}" | |
| - name: Cache intellij-scala-runners | |
| env: | |
| NIX_OUTPUT: .#packages.${{ matrix.arch.nix }}.intellij-scala-runners | |
| run: | | |
| nix store sign "${NIX_OUTPUT}" -v -r -k ~/.secrets/nix-cache-private-key | |
| nix copy -v --to "s3://${NIX_CACHE_BUCKET_NAME}/cache?region=${NIX_CACHE_BUCKET_REGION}&compression=zstd¶llel-compression=true" "${NIX_OUTPUT}" | |
| - name: Build container images | |
| if: ${{ matrix.arch.image }} | |
| run: |- | |
| nix build -L '.#packages.${{ matrix.arch.nix }}.server-image' | |
| - name: Push | |
| env: | |
| GITHUB_SHA: ${{ github.sha }} | |
| IMAGE_ARCH: ${{ matrix.arch.image }} | |
| RELEASE_VERSION: ${{ steps.determine-version.outputs.version }} | |
| if: ${{ matrix.arch.image }} | |
| shell: nix develop -v -c bash {0} | |
| run: |- | |
| IMAGE_TAG="${RELEASE_VERSION}-${IMAGE_ARCH}" | |
| IMAGE_TARGET="${IMAGE_REPOSITORY}"/toothpick-server:"${IMAGE_TAG}" | |
| skopeo --insecure-policy copy \ | |
| nix:./result \ | |
| docker://"${IMAGE_TARGET}" | |
| push-manifest: | |
| name: Push multi-arch manifest | |
| runs-on: [self-hosted, nix, general, arm64-linux, small] | |
| timeout-minutes: 5 | |
| needs: [build-runner] | |
| env: | |
| IMAGE_REPOSITORY: public.ecr.aws/shopstic | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Push | |
| shell: nix develop -v -c bash {0} | |
| env: | |
| GITHUB_SHA: ${{ github.sha }} | |
| RELEASE_VERSION: ${{ needs.build-runner.outputs.version }} | |
| run: |- | |
| manifest-tool push from-args \ | |
| --platforms linux/amd64,linux/arm64 \ | |
| --template "${IMAGE_REPOSITORY}/toothpick-server:${RELEASE_VERSION}-ARCH" \ | |
| --target "${IMAGE_REPOSITORY}/toothpick-server:${RELEASE_VERSION}" | |
| build-helm-chart: | |
| name: Build Helm chart | |
| runs-on: [self-hosted, nix, general, arm64-linux, small] | |
| timeout-minutes: 5 | |
| needs: [build-runner] | |
| env: | |
| IMAGE_REPOSITORY: public.ecr.aws/shopstic | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Build and push Helm Chart | |
| shell: nix develop -v -c bash {0} | |
| env: | |
| GITHUB_SHA: ${{ github.sha }} | |
| RELEASE_VERSION: ${{ needs.build-runner.outputs.version }} | |
| run: |- | |
| export HELM_REGISTRY_CONFIG=/home/runner/.docker/config.json | |
| ./release.sh push_helm_chart "${RELEASE_VERSION}" "${RELEASE_VERSION}" "oci://${IMAGE_REPOSITORY}/charts" |