-
Notifications
You must be signed in to change notification settings - Fork 3
155 lines (142 loc) · 5.54 KB
/
workflow.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
on:
workflow_call:
inputs:
visibility:
required: false
type: string
default-branch:
required: false
default: ${{ github.event.repository.default_branch }}
type: string
enable-ssh-agent:
required: false
default: false
type: boolean
directory:
required: false
default: "."
type: string
runner-map:
required: false
type: string
default: |
{
"aarch64-darwin": "macos-latest",
"x86_64-darwin": "macos-latest",
"x86_64-linux": "ubuntu-latest",
"i686-linux": "ubuntu-latest",
"aarch64-linux": "ubuntu-24.04-arm"
}
outputs:
flake_name:
value: ${{ jobs.success.outputs.flake_name }}
description: |
Name of the flake.
Example: DeterminateSystems/flakehub-push
flake_version:
value: ${{ jobs.success.outputs.flake_version }}
description: |
Version of the published flake.
Example: 0.1.99+rev-2075013a3f3544d45a96f4b35df4ed03cd53779c
flakeref_exact:
value: ${{ jobs.success.outputs.flakeref_exact }}
description: |
A precise reference that always resolves to this to this exact release.
Example: DeterminateSystems/flakehub-push/=0.1.99+rev-2075013a3f3544d45a96f4b35df4ed03cd53779c
flakeref_at_least:
value: ${{ jobs.success.outputs.flakeref_at_least }}
description: |
A loose reference to this release.
Depending on this reference will require at least this version, and will also resolve to newer releases.
This output is not sufficient for deployment pipelines, use flake_exact instead.
Example: DeterminateSystems/flakehub-push/0.1.99+rev-2075013a3f3544d45a96f4b35df4ed03cd53779c
secrets:
ssh-private-key:
required: false
jobs:
inventory:
runs-on: ubuntu-latest
outputs:
systems: ${{ steps.inventory.outputs.systems }}
permissions:
id-token: "write"
contents: "read"
steps:
- uses: actions/checkout@v4
# disabled pending strategy discussion on exposing tunables
# - uses: Determinatesystems/flake-checker-action@main
- uses: DeterminateSystems/nix-installer-action@main
with:
flakehub: true
- uses: DeterminateSystems/flakehub-cache-action@main
- uses: webfactory/[email protected]
if: ${{ inputs.enable-ssh-agent }}
with:
ssh-private-key: ${{ secrets.ssh-private-key }}
- name: Inventory the flake for targeted systems
id: inventory
env:
FLAKE_ITER_RUNNER_MAP: ${{ toJson(fromJson(inputs.runner-map)) }}
working-directory: ${{ inputs.directory }}
run: |
nix run "https://flakehub.com/f/DeterminateSystems/flake-iter/*" -- systems
build:
runs-on: ${{ matrix.systems.runner }}
needs: inventory
strategy:
matrix:
systems: ${{ fromJSON(needs.inventory.outputs.systems) }}
permissions:
id-token: "write"
contents: "read"
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@main
with:
determinate: true
- uses: DeterminateSystems/flakehub-cache-action@main
- uses: webfactory/[email protected]
if: ${{ inputs.enable-ssh-agent }}
with:
ssh-private-key: ${{ secrets.ssh-private-key }}
- name: Build for ${{ matrix.systems.nix-system }}
env:
FLAKE_ITER_NIX_SYSTEM: ${{ matrix.systems.nix-system }}
working-directory: ${{ inputs.directory }}
run: nix run 'https://flakehub.com/f/DeterminateSystems/flake-iter/*' -- --verbose build
success:
runs-on: ubuntu-latest
needs: build
if: ${{ always() }}
permissions:
id-token: "write"
contents: "read"
outputs:
flake_name: ${{ steps.publish.outputs.flake_name }}
flake_version: ${{ steps.publish.outputs.flake_version }}
flakeref_exact: ${{ steps.publish.outputs.flakeref_exact }}
flakeref_at_least: ${{ steps.publish.outputs.flakeref_at_least }}
steps:
- run: "true"
- run: |
echo "A dependent in the build matrix failed."
exit 1
if: |
contains(needs.*.result, 'failure') ||
contains(needs.*.result, 'cancelled')
- uses: actions/checkout@main
if: ${{ !github.repository.fork && inputs.visibility != '' && (github.ref == format('refs/heads/{0}', inputs.default-branch) || startsWith(github.ref, 'refs/tags/')) }}
- uses: DeterminateSystems/nix-installer-action@main
if: ${{ !github.repository.fork && inputs.visibility != '' && (github.ref == format('refs/heads/{0}', inputs.default-branch) || startsWith(github.ref, 'refs/tags/')) }}
with:
flakehub: true
- uses: DeterminateSystems/flakehub-cache-action@main
if: ${{ !github.repository.fork && inputs.visibility != '' && (github.ref == format('refs/heads/{0}', inputs.default-branch) || startsWith(github.ref, 'refs/tags/')) }}
- uses: "DeterminateSystems/flakehub-push@main"
if: ${{ !github.repository.fork && inputs.visibility != '' && (github.ref == format('refs/heads/{0}', inputs.default-branch) || startsWith(github.ref, 'refs/tags/')) }}
id: publish
with:
rolling: ${{ github.ref == format('refs/heads/{0}', inputs.default-branch) }}
visibility: ${{ inputs.visibility }}
include-output-paths: true
directory: ${{ inputs.directory }}