Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Mid-fall Nix and CI cleaning #380

Merged
merged 16 commits into from
Nov 12, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
66 changes: 0 additions & 66 deletions .github/workflows/check.yml

This file was deleted.

79 changes: 79 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
name: CI

on:
push:
branches: [main]
pull_request:
workflow_dispatch:

jobs:
build:
name: Build (${{ matrix.os }})

strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
use-nix: true
- os: windows-latest
use-nix: false

runs-on: ${{ matrix.os }}

steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Install Rust
if: ${{ !matrix.use-nix }}
uses: actions-rust-lang/setup-rust-toolchain@v1

- name: Install Nix
if: ${{ matrix.use-nix }}
uses: DeterminateSystems/nix-installer-action@v15

- name: Setup Nix cache
if: ${{ matrix.use-nix }}
uses: DeterminateSystems/magic-nix-cache-action@v8

- name: Build
if: ${{ !matrix.use-nix }}
run: cargo build --locked

- name: Build
if: ${{ matrix.use-nix }}
run: nix build --print-build-logs .#refraction-debug

flake:
name: Flake checks

runs-on: ubuntu-latest

steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Install Nix
uses: DeterminateSystems/nix-installer-action@v15

- name: Setup Nix cache
uses: DeterminateSystems/magic-nix-cache-action@v8

- name: Run checks
run: |
nix flake check --print-build-logs --show-trace

# Make sure all above jobs finished successfully
release-gate:
name: CI Release gate
needs: [build, flake]

if: ${{ always() }}

runs-on: ubuntu-latest

steps:
- name: Exit with error
if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }}
run: exit 1
47 changes: 47 additions & 0 deletions .github/workflows/clippy.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
name: Clippy

on:
push:
branches: [main]
paths:
- 'Cargo.toml'
- 'Cargo.lock'
- '**.rs'
pull_request:
paths:
- 'Cargo.toml'
- 'Cargo.lock'
- '**.rs'
workflow_dispatch:

jobs:
clippy:
name: Run scan

runs-on: ubuntu-latest

permissions:
security-events: write

steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Install Nix
uses: DeterminateSystems/nix-installer-action@v13

- name: Setup Nix cache
uses: DeterminateSystems/magic-nix-cache-action@v7

- name: Generate sarif report
id: clippy-run
run: |
nix build --print-build-logs .#clippy-report
[ -L result ] || exit 1
echo "sarif-file=$(readlink -f result)" >> "$GITHUB_OUTPUT"

- name: Upload results
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ steps.clippy-run.outputs.sarif-file }}
wait-for-processing: true
44 changes: 31 additions & 13 deletions .github/workflows/docker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,21 +2,24 @@ name: Docker

on:
push:
branches: ['main']
branches: [main]
pull_request:
workflow_dispatch:

jobs:
build:
name: Build image
runs-on: ubuntu-latest

strategy:
fail-fast: false
matrix:
arch: [x86_64, aarch64]
arch: [amd64, arm64]

runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v4
- name: Checkout repository
uses: actions/checkout@v4

- name: Install Nix
uses: DeterminateSystems/nix-installer-action@v15
Expand All @@ -41,10 +44,26 @@ jobs:
if-no-files-found: error
retention-days: 3

# Make sure all above jobs finished successfully
release-gate:
name: Docker Release gate
needs: [build]

if: ${{ always() }}

runs-on: ubuntu-latest

steps:
- name: Exit with error
if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }}
run: exit 1

push:
name: Push image

needs: build

if: ${{ github.event_name == 'push' }}

runs-on: ubuntu-latest

permissions:
Expand All @@ -54,16 +73,15 @@ jobs:
REGISTRY: ghcr.io
USERNAME: ${{ github.actor }}

if: github.event_name == 'push'

steps:
- uses: actions/checkout@v4
- name: Checkout repository
uses: actions/checkout@v4

- name: Determine image name
run: |
echo "IMAGE_NAME=${REPOSITORY,,}" >> "$GITHUB_ENV"
env:
REPOSITORY: '${{ github.repository }}'
REPOSITORY: ${{ github.repository }}

- name: Download images
uses: actions/download-artifact@v4
Expand All @@ -83,15 +101,15 @@ jobs:
run: |
set -eu

architectures=("x86_64" "aarch64")
architectures=("amd64" "arm64")
for arch in "${architectures[@]}"; do
docker load < images/container-"$arch"/*.tar.gz
docker tag refraction:latest-"$arch" "$TAG"-"$arch"
docker push ${{ env.TAG }}-"$arch"
docker push "$TAG"-"$arch"
done

docker manifest create "$TAG" \
--amend "$TAG"-x86_64 \
--amend "$TAG"-aarch64
--amend "$TAG"-amd64 \
--amend "$TAG"-arm64

docker manifest push "$TAG"
52 changes: 0 additions & 52 deletions .github/workflows/nix.yml

This file was deleted.

7 changes: 2 additions & 5 deletions .github/workflows/update-flake.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,6 @@ jobs:
contents: write
pull-requests: write

env:
PR_BRANCH: 'update-lockfiles'

steps:
- name: Checkout repository
uses: actions/checkout@v4
Expand All @@ -27,9 +24,9 @@ jobs:

- name: Update flake.lock
id: update
uses: DeterminateSystems/update-flake-lock@main
uses: DeterminateSystems/update-flake-lock@v23
with:
pr-title: "nix: update flake.lock"
pr-title: 'nix: update flake.lock'

- name: Enable Pull Request Automerge
uses: peter-evans/enable-pull-request-automerge@v3
Expand Down
Loading