diff --git a/.github/actions/e2e_attestationconfigapi/action.yml b/.github/actions/e2e_attestationconfigapi/action.yml index 272b611979..710903042d 100644 --- a/.github/actions/e2e_attestationconfigapi/action.yml +++ b/.github/actions/e2e_attestationconfigapi/action.yml @@ -16,7 +16,7 @@ runs: using: "composite" steps: - name: Setup bazel - uses: ./.github/actions/setup_bazel + uses: ./.github/actions/setup_bazel_nix with: useCache: "true" buildBuddyApiKey: ${{ inputs.buildBuddyApiKey }} diff --git a/.github/actions/e2e_mini/action.yml b/.github/actions/e2e_mini/action.yml index 652217282b..f1d8b292b7 100644 --- a/.github/actions/e2e_mini/action.yml +++ b/.github/actions/e2e_mini/action.yml @@ -30,7 +30,7 @@ runs: terraform_wrapper: false - name: Setup bazel - uses: ./.github/actions/setup_bazel + uses: ./.github/actions/setup_bazel_nix with: useCache: "true" buildBuddyApiKey: ${{ inputs.buildBuddyApiKey }} diff --git a/.github/actions/e2e_test/action.yml b/.github/actions/e2e_test/action.yml index 8bba5bf3da..9e8f5f87c1 100644 --- a/.github/actions/e2e_test/action.yml +++ b/.github/actions/e2e_test/action.yml @@ -120,7 +120,7 @@ runs: echo "hostArch=$(go env GOARCH)" | tee -a "$GITHUB_OUTPUT" - name: Setup bazel - uses: ./.github/actions/setup_bazel + uses: ./.github/actions/setup_bazel_nix with: useCache: ${{ inputs.buildBuddyApiKey != '' }} buildBuddyApiKey: ${{ inputs.buildBuddyApiKey }} diff --git a/.github/actions/setup_bazel/action.yml b/.github/actions/setup_bazel_nix/action.yml similarity index 64% rename from .github/actions/setup_bazel/action.yml rename to .github/actions/setup_bazel_nix/action.yml index 9b6ee424d8..47deb9cecc 100644 --- a/.github/actions/setup_bazel/action.yml +++ b/.github/actions/setup_bazel_nix/action.yml @@ -1,5 +1,5 @@ -name: Setup bazel -description: Setup Bazel for CI builds and tests +name: Setup bazel and Nix +description: Setup Bazel and Nix for CI builds and tests inputs: useCache: @@ -14,6 +14,7 @@ runs: using: "composite" steps: - name: Check inputs + id: check_inputs shell: bash run: | echo "::group::Check inputs" @@ -25,6 +26,55 @@ runs: echo "BuildBuddy API key is required when cache is enabled." exit 1 fi + if command -v nix; then + echo "nixPreinstalled=true" | tee -a "$GITHUB_OUTPUT" + else + echo "nixPreinstalled=false" | tee -a "$GITHUB_OUTPUT" + fi + if command -v bazel; then + echo "bazelPreinstalled=true" | tee -a "$GITHUB_OUTPUT" + else + echo "bazelPreinstalled=false" | tee -a "$GITHUB_OUTPUT" + fi + if [[ -f /etc/NIXOS ]]; then + echo "nixOS=true" | tee -a "$GITHUB_OUTPUT" + else + echo "nixOS=false" | tee -a "$GITHUB_OUTPUT" + fi + if [[ "$RUNNER_OS" == "Linux" ]]; then + echo "os=linux" | tee -a "$GITHUB_OUTPUT" + elif [[ "$RUNNER_OS" == "Windows" ]]; then + echo "os=windows" | tee -a "$GITHUB_OUTPUT" + elif [[ "$RUNNER_OS" == "macOS" ]]; then + echo "os=darwin" | tee -a "$GITHUB_OUTPUT" + else + echo "$RUNNER_OS not supported" + exit 1 + fi + if [[ "$RUNNER_ARCH" == "X64" ]]; then + echo "arch=amd64" | tee -a "$GITHUB_OUTPUT" + elif [[ "$RUNNER_ARCH" == "ARM64" ]]; then + echo "arch=arm64" | tee -a "$GITHUB_OUTPUT" + else + echo "$RUNNER_ARCH not supported" + exit 1 + fi + echo "::endgroup::" + + - name: Install nix + uses: cachix/install-nix-action@6ed004b9ccb68dbc28e7c85bee15fa93dbd214ac # v22 + if: steps.check_inputs.outputs.nixPreinstalled == 'false' + + - name: Install Bazelisk + shell: bash + if: steps.check_inputs.outputs.bazelPreinstalled == 'false' && steps.check_inputs.outputs.nixOS == 'false' + env: + OS: ${{ steps.check_inputs.outputs.os }} + ARCH: ${{ steps.check_inputs.outputs.arch }} + run: | + echo "::group::Install Bazelisk" + curl -sSfLo /usr/local/bin/bazel "https://github.com/bazelbuild/bazelisk/releases/download/v1.18.0/bazelisk-${OS}-${ARCH}" + chmod +x /usr/local/bin/bazel echo "::endgroup::" - name: Configure Bazel (general) diff --git a/.github/workflows/build-binaries.yml b/.github/workflows/build-binaries.yml index 7746be41a2..b2c447b41d 100644 --- a/.github/workflows/build-binaries.yml +++ b/.github/workflows/build-binaries.yml @@ -27,7 +27,7 @@ jobs: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Setup bazel - uses: ./.github/actions/setup_bazel + uses: ./.github/actions/setup_bazel_nix with: useCache: "true" buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }} diff --git a/.github/workflows/build-os-image.yml b/.github/workflows/build-os-image.yml index 306203cd2c..0642dc8f86 100644 --- a/.github/workflows/build-os-image.yml +++ b/.github/workflows/build-os-image.yml @@ -157,12 +157,9 @@ jobs: with: ref: ${{ inputs.ref || github.head_ref }} - - uses: cachix/install-nix-action@6ed004b9ccb68dbc28e7c85bee15fa93dbd214ac # v22 - - - uses: cachix/cachix-action@6a9a34cdd93d0ae4b4b59fd678660efb08109f2f # v12 + - uses: ./.github/actions/setup_bazel_nix with: - name: katexochen - extraPullNames: nix-community + useCache: "false" - name: Build id: build @@ -231,6 +228,10 @@ jobs: with: ref: ${{ inputs.ref || github.head_ref }} + - uses: ./.github/actions/setup_bazel_nix + with: + useCache: "false" + - name: Download OS image artifact uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: @@ -385,6 +386,10 @@ jobs: with: name: image-${{ matrix.csp }}-${{ matrix.attestation_variant }} + - uses: ./.github/actions/setup_bazel_nix + with: + useCache: "false" + - name: Install dependencies run: | echo "::group::Install dependencies" @@ -620,6 +625,10 @@ jobs: with: ref: ${{ inputs.ref || github.head_ref }} + - uses: ./.github/actions/setup_bazel_nix + with: + useCache: "false" + - name: Download image lookup table uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3 with: diff --git a/.github/workflows/e2e-upgrade.yml b/.github/workflows/e2e-upgrade.yml index 7e383953c2..794b349e0f 100644 --- a/.github/workflows/e2e-upgrade.yml +++ b/.github/workflows/e2e-upgrade.yml @@ -134,6 +134,10 @@ jobs: fetch-depth: 0 ref: ${{ inputs.gitRef }} + - uses: ./.github/actions/setup_bazel_nix + with: + useCache: "false" + - name: Login to AWS uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0 with: diff --git a/.github/workflows/release-cli.yml b/.github/workflows/release-cli.yml index 5eac4a7f9c..54831c2bd1 100644 --- a/.github/workflows/release-cli.yml +++ b/.github/workflows/release-cli.yml @@ -77,7 +77,7 @@ jobs: ref: ${{ inputs.ref || github.head_ref }} - name: Setup bazel - uses: ./.github/actions/setup_bazel + uses: ./.github/actions/setup_bazel_nix with: useCache: "false" @@ -125,7 +125,7 @@ jobs: ref: ${{ inputs.ref || github.head_ref }} - name: Setup bazel - uses: ./.github/actions/setup_bazel + uses: ./.github/actions/setup_bazel_nix with: useCache: "false" @@ -209,7 +209,7 @@ jobs: uses: ./.github/actions/install_syft_grype - name: Setup bazel - uses: ./.github/actions/setup_bazel + uses: ./.github/actions/setup_bazel_nix with: useCache: "false" diff --git a/.github/workflows/reproducible-builds.yml b/.github/workflows/reproducible-builds.yml index a017ec9ffe..5478d6e814 100644 --- a/.github/workflows/reproducible-builds.yml +++ b/.github/workflows/reproducible-builds.yml @@ -29,7 +29,7 @@ jobs: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Setup bazel - uses: ./.github/actions/setup_bazel + uses: ./.github/actions/setup_bazel_nix with: useCache: "logs" buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }} diff --git a/.github/workflows/test-tidy.yml b/.github/workflows/test-tidy.yml index fac80ea798..7c1d753d82 100644 --- a/.github/workflows/test-tidy.yml +++ b/.github/workflows/test-tidy.yml @@ -30,7 +30,7 @@ jobs: echo "::endgroup::" - name: Setup Bazel - uses: ./.github/actions/setup_bazel + uses: ./.github/actions/setup_bazel_nix with: useCache: "true" buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }} diff --git a/.github/workflows/test-unittest.yml b/.github/workflows/test-unittest.yml index e0edd0aebe..0468f53a9a 100644 --- a/.github/workflows/test-unittest.yml +++ b/.github/workflows/test-unittest.yml @@ -49,7 +49,7 @@ jobs: aws-region: eu-central-1 - name: Setup bazel - uses: ./.github/actions/setup_bazel + uses: ./.github/actions/setup_bazel_nix with: useCache: "true" buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}