diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..a56f2d2 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,10 @@ +# https://editorconfig.org +root = true + +[*] +indent_style = space +indent_size = 2 +end_of_line = lf +charset = utf-8 +trim_trailing_whitespace = true +insert_final_newline = true diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 0cffe12..32403b5 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -7,6 +7,12 @@ on: jobs: build-artifacts: runs-on: ${{ matrix.systems.runner }} + permissions: + contents: read + id-token: write + env: + ARTIFACT_KEY: magic-nix-cache-${{ matrix.systems.system }} + ARCHIVE_NAME: magic-nix-cache.closure.xz strategy: matrix: systems: @@ -22,20 +28,26 @@ jobs: - nix-system: aarch64-darwin system: ARM64-macOS runner: macos-latest-xlarge - permissions: - contents: read - id-token: write steps: - uses: actions/checkout@v3 - - uses: DeterminateSystems/nix-installer-action@main - - uses: DeterminateSystems/magic-nix-cache-action@main - - name: Build package - run: "nix build .# -L --fallback && nix-store --export $(nix-store -qR ./result) | xz -9 > magic-nix-cache.closure.xz" + - name: Install Nix on ${{ matrix.systems.system }} + uses: DeterminateSystems/nix-installer-action@main + - name: Magic Nix Cache + uses: DeterminateSystems/magic-nix-cache-action@main - - name: Upload a Build Artifact + - name: Build and cache dev shell for ${{ matrix.systems.nix-system }} + run: | + nix build ".#devShells.${{ matrix.systems.nix-system }}.default" + + - name: Build package and create closure for ${{ matrix.systems.system }} + run: | + nix build .# -L --fallback && \ + nix-store --export $(nix-store -qR ./result) | xz -9 > "${{ env.ARCHIVE_NAME }}" + + - name: Upload magic-nix-cache closure for ${{ matrix.systems.system }} uses: actions/upload-artifact@v3.1.2 with: # Artifact name - name: magic-nix-cache-${{ matrix.systems.system }} - path: magic-nix-cache.closure.xz + name: ${{ env.ARTIFACT_KEY }} + path: ${{ env.ARCHIVE_NAME }} retention-days: 1 diff --git a/.github/workflows/check-and-test.yaml b/.github/workflows/check-and-test.yaml new file mode 100644 index 0000000..bace43e --- /dev/null +++ b/.github/workflows/check-and-test.yaml @@ -0,0 +1,90 @@ +name: Run checks and integration test + +on: + pull_request: + push: + branches: [main] + +jobs: + checks: + name: Nix and Rust checks + runs-on: ubuntu-22.04 + permissions: + contents: read + id-token: write + steps: + - uses: actions/checkout@v3 + + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@main + - uses: DeterminateSystems/magic-nix-cache-action@main + + - name: Check health of flake.lock + uses: DeterminateSystems/flake-checker-action@main + with: + fail-mode: true + + - name: Check Rust formatting + run: nix develop --command cargo fmt --check + + - name: Clippy + run: nix develop --command cargo clippy + + build: + name: Build artifacts + needs: checks + uses: ./.github/workflows/build.yaml + secrets: inherit + + action-integration-test: + name: Integration test for magic-nix-cache-action + runs-on: ${{ matrix.systems.runner }} + needs: build + env: + ARTIFACT_KEY: magic-nix-cache-${{ matrix.systems.system }} + ARCHIVE_NAME: magic-nix-cache.closure.xz + strategy: + matrix: + systems: + - system: X64-Linux + runner: ubuntu-22.04 + - system: ARM64-Linux + runner: namespace-profile-default-arm64 + - system: X64-macOS + runner: macos-12 + - system: ARM64-macOS + runner: macos-latest-xlarge + permissions: + contents: read + id-token: write + steps: + - uses: actions/checkout@v3 + + - name: Download closure for ${{ matrix.systems.system }} + uses: actions/download-artifact@v3 + with: + name: ${{ env.ARTIFACT_KEY }} + path: ${{ env.ARTIFACT_KEY }} + + - name: Install Nix on ${{ matrix.systems.system }} + uses: DeterminateSystems/nix-installer-action@main + + - name: Extract closure for ${{ matrix.systems.system }} + id: extract + run: | + ARTIFACT="${{ env.ARTIFACT_KEY }}/${{ env.ARCHIVE_NAME }}" + OUTPUT=$(cat ${ARTIFACT} | xz -d | nix-store --import) + MNC_BIN_PATH=$(echo "${OUTPUT}" | tail -n 1) + MAGIC_NIX_CACHE="${MNC_BIN_PATH}/bin/magic-nix-cache" + + echo "mnc-path=${MAGIC_NIX_CACHE}" >> "$GITHUB_OUTPUT" + + - name: Test magic-nix-cache-action@test-fail-mode on ${{ matrix.systems.runner }} + uses: DeterminateSystems/magic-nix-cache-action@test-fail-mode + with: + source-binary: "${{ steps.extract.outputs.mnc-path }}" + strict-mode: true + + - name: Run nix to test magic-nix-cache-action + run: | + nix develop --command echo "just testing" diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml deleted file mode 100644 index a2295da..0000000 --- a/.github/workflows/checks.yaml +++ /dev/null @@ -1,34 +0,0 @@ -name: Rust checks - -on: - pull_request: - push: - branches: [main] - -jobs: - checks: - runs-on: ubuntu-22.04 - permissions: - contents: read - id-token: write - steps: - - uses: actions/checkout@v3 - - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@main - - uses: DeterminateSystems/magic-nix-cache-action@main - - - name: Check health of flake.lock - uses: DeterminateSystems/flake-checker-action@main - with: - fail-mode: true - - - name: Check Rust formatting - run: nix develop --command cargo fmt --check - - - name: Clippy - run: nix develop --command cargo clippy - - build: - uses: ./.github/workflows/build.yaml - secrets: inherit diff --git a/.github/workflows/flakehub-cache.yml b/.github/workflows/flakehub-cache.yml deleted file mode 100644 index c7969de..0000000 --- a/.github/workflows/flakehub-cache.yml +++ /dev/null @@ -1,32 +0,0 @@ -name: Push dev shell to FlakeHub Cache - -on: - push: - branches: [main] - -jobs: - push-dev-shell-to-flakehub-cache: - env: - ACTIONS_STEP_DEBUG: true - runs-on: ${{ matrix.systems.runner }} - permissions: - id-token: "write" - contents: "read" - strategy: - matrix: - systems: - - nix-system: "aarch64-darwin" - runner: "macos-latest-xlarge" - - nix-system: "x86_64-darwin" - runner: "macos-12" - - nix-system: "x86_64-linux" - runner: "ubuntu-22.04" - steps: - - uses: actions/checkout@v3 - - uses: DeterminateSystems/nix-installer-action@main - - uses: DeterminateSystems/magic-nix-cache-action@main - with: - use-flakehub: true - - name: Build dev shell for ${{ matrix.systems.nix-system }} on ${{ matrix.systems.runner }} - run: | - nix build .#devShells.${{ matrix.systems.nix-system }}.default diff --git a/.github/workflows/release-prs.yml b/.github/workflows/release-prs.yml index 9d6a26e..7364c74 100644 --- a/.github/workflows/release-prs.yml +++ b/.github/workflows/release-prs.yml @@ -10,13 +10,7 @@ on: jobs: build: - uses: ./.github/workflows/build.yaml - secrets: inherit - - release: - needs: build - - concurrency: release + # We want to build artifacts only if the `upload to s3` label is applied # Only intra-repo PRs are allowed to have PR artifacts uploaded # We only want to trigger once the upload once in the case the upload label is added, not when any label is added if: | @@ -25,6 +19,12 @@ jobs: (github.event.action == 'labeled' && github.event.label.name == 'upload to s3') || (github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'upload to s3')) ) + uses: ./.github/workflows/build.yaml + secrets: inherit + + release: + needs: build + concurrency: release runs-on: ubuntu-latest permissions: id-token: write # In order to request a JWT for AWS auth