rc/.github/workflows/ci.yml at main · stackptr/rc · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
name: CI

on:
  pull_request:
  push:
    branches: main

jobs:
  eval:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - uses: cachix/install-nix-action@v31
      with:
        github_access_token: ${{ secrets.GITHUB_TOKEN }}
    - name: Check all configurations evaluate
      run: |
        eval_host() {
          local host="$1"
          local expr="$2"
          echo "Evaluating $host..."
          stderr=$(nix eval "$expr" 2>&1 >/dev/null)
          if [ -n "$stderr" ]; then
            echo "$stderr"
            if echo "$stderr" | grep -q "evaluation warning:"; then
              encoded=$(printf '%s' "$stderr" | python3 -c "import sys; print(sys.stdin.read().replace('%','%25').replace('\n','%0A').replace('\r','%0D'))")
              echo "::warning title=Evaluation warnings ($host)::${encoded}"
            fi
          fi
        }
        for host in glyph spore zeta; do
          eval_host "$host" ".#nixosConfigurations.$host.config.system.build.toplevel.drvPath"
        done
        eval_host "Rhizome" ".#darwinConfigurations.Rhizome.system.drvPath"

  build:
    needs: eval
    strategy:
      fail-fast: false
      matrix:
        include:
          - host: glyph
            system: x86_64-linux
            runner: ubuntu-latest
          - host: Rhizome
            system: aarch64-darwin
            runner: macos-latest
          - host: spore
            system: x86_64-linux
            runner: ubuntu-latest
          - host: zeta
            system: aarch64-linux
            runner: ubuntu-24.04-arm
    runs-on: ${{ matrix.runner }}
    steps:
    - uses: actions/checkout@v4
    - uses: cachix/install-nix-action@v31
      with:
        github_access_token: ${{ secrets.GITHUB_TOKEN }}
        extra_nix_config: |
          extra-substituters = https://cache.zx.dev/main
          extra-trusted-public-keys = main:mu0jkxdJTGWC3djDSEQb3rvZgqlhA8WVMulcTo5IW6c=
    - name: Configure Attic cache
      run: |
        nix profile install --inputs-from . attic#attic-client --fallback
        attic login rc https://cache.zx.dev ${{ secrets.ATTIC_TOKEN }}
        attic use rc:main
    - name: Build system configuration
      run: |
        if [ "${{ matrix.system }}" = "aarch64-darwin" ]; then
          nix build .#darwinConfigurations.${{ matrix.host }}.system
        else
          nix build .#nixosConfigurations.${{ matrix.host }}.config.system.build.toplevel
        fi
    - name: Push to Attic
      if: github.ref == 'refs/heads/main'
      run: |
        attic push rc:main ./result
        attic push rc:main $(which attic)
        nix build .#devShells.${{ matrix.system }}.default -o ./result-devshell
        attic push rc:main ./result-devshell
    - name: Prepare Slack context
      if: failure()
      id: slack-context
      env:
        EVENT_NAME: ${{ github.event_name }}
        SHA: ${{ github.sha }}
        PR_NUMBER: ${{ github.event.pull_request.number }}
        PR_TITLE: ${{ github.event.pull_request.title }}
        PR_URL: ${{ github.event.pull_request.html_url }}
        COMMIT_MESSAGE: ${{ github.event.head_commit.message }}
        COMMIT_URL: ${{ github.event.head_commit.url }}
      run: |
        echo "short_sha=${SHA:0:7}" >> $GITHUB_OUTPUT
        if [ "$EVENT_NAME" = "pull_request" ]; then
          echo "trigger=PR <${PR_URL}|#${PR_NUMBER}: ${PR_TITLE}>" >> $GITHUB_OUTPUT
        else
          FIRST_LINE=$(printf '%s' "$COMMIT_MESSAGE" | head -1)
          echo "trigger=push <${COMMIT_URL}|${FIRST_LINE}>" >> $GITHUB_OUTPUT
        fi
    - name: Notify Slack on failure
      if: failure()
      uses: slackapi/slack-github-action@v2
      with:
        webhook: ${{ secrets.SLACK_WEBHOOK_UPDATES_CI }}
        webhook-type: incoming-webhook
        payload-templating: true
        payload: |
          {
            "attachments": [
              {
                "color": "#CC0000",
                "blocks": [
                  {
                    "type": "header",
                    "text": {
                      "type": "plain_text",
                      "text": ":x: CI build failed",
                      "emoji": true
                    }
                  },
                  {
                    "type": "section",
                    "fields": [
                      {
                        "type": "mrkdwn",
                        "text": "*Host*\n${{ matrix.host }}"
                      },
                      {
                        "type": "mrkdwn",
                        "text": "*Trigger*\n${{ steps.slack-context.outputs.trigger }}"
                      }
                    ]
                  },
                  {
                    "type": "context",
                    "elements": [
                      {
                        "type": "mrkdwn",
                        "text": "<${{ github.server_url }}/${{ github.repository }}|${{ github.repository }}> · <${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }}|${{ steps.slack-context.outputs.short_sha }}> · <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|View run>"
                      }
                    ]
                  }
                ]
              }
            ]
          }