From c46b30654f5a3e2e76da26ab1fa82404b3bcdd41 Mon Sep 17 00:00:00 2001 From: seth Date: Sat, 16 Dec 2023 00:34:10 -0500 Subject: [PATCH] ci: back to garnix --- .github/workflows/ci.yaml | 113 ---------------------------- .github/workflows/docker.yaml | 60 +++++++++++---- .github/workflows/update-flake.yaml | 8 +- README.md | 2 +- flake.lock | 21 ------ flake.nix | 14 +--- garnix.yaml | 6 ++ nix/ci.nix | 22 ++++++ nix/deployment.nix | 4 +- nix/workflow.nix | 15 ---- 10 files changed, 86 insertions(+), 179 deletions(-) delete mode 100644 .github/workflows/ci.yaml create mode 100644 garnix.yaml create mode 100644 nix/ci.nix delete mode 100644 nix/workflow.nix diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml deleted file mode 100644 index 98e3af4..0000000 --- a/.github/workflows/ci.yaml +++ /dev/null @@ -1,113 +0,0 @@ -name: CI - -on: - push: - branches: [main] - pull_request: - workflow_dispatch: - -jobs: - eval: - name: Evaluate flake - runs-on: ubuntu-latest - - outputs: - matrix: ${{ steps.evaluate.outputs.matrix }} - - steps: - - uses: actions/checkout@v4 - - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v9 - - - name: Evaluate matrix - id: evaluate - run: | - set -eu - echo "matrix=$(nix eval --show-trace --json .#githubWorkflow.matrix)" >> "$GITHUB_OUTPUT" - - build: - needs: eval - - strategy: - fail-fast: false - matrix: ${{ fromJSON(needs.eval.outputs.matrix) }} - - name: Build (${{ matrix.attr }}) - runs-on: ${{ matrix.os }} - - steps: - - uses: actions/checkout@v4 - - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v9 - - - name: Setup local Nix cache - uses: DeterminateSystems/magic-nix-cache-action@v2 - - - name: Setup Attic cache - uses: ryanccn/attic-action@v0 - with: - endpoint: https://cache.mydadleft.me - cache: teawiebot - token: ${{ secrets.ATTIC_TOKEN }} - skip-push: ${{ github.event_name == 'pull_request' }} - - - name: Run build - run: | - nix build -L --accept-flake-config .#${{ matrix.attr }} - - check: - name: Check flake - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v4 - - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v9 - - - name: Setup local Nix cache - uses: DeterminateSystems/magic-nix-cache-action@v2 - - - name: Setup Attic cache - uses: ryanccn/attic-action@v0 - with: - endpoint: https://cache.mydadleft.me - cache: teawiebot - token: ${{ secrets.ATTIC_TOKEN }} - skip-push: ${{ github.event_name == 'pull_request' }} - - - name: Run check - run: nix flake check --show-trace --accept-flake-config - - # https://github.com/orgs/community/discussions/26822#discussioncomment-3305794 - gate: - needs: [build, check] - - name: CI Gate - runs-on: ubuntu-latest - - if: always() - - steps: - - name: Exit with result - run: | - build_result="${{ needs.build.result }}" - check_result="${{ needs.check.result }}" - - results=("$build_result" "$check_result") - - for result in "${results[@]}"; do [ "$result" != "success" ] && exit 1; done - - exit 0 - - docker: - needs: gate - - permissions: - packages: write - - name: Push to image registry - if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' - uses: ./.github/workflows/docker.yaml diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index a2873ed..6654e6a 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -1,12 +1,53 @@ name: Push to image registry on: - workflow_call: + check_suite: + types: [completed] workflow_dispatch: jobs: + build: + name: Build image + + runs-on: ubuntu-latest + strategy: + matrix: + arch: [x86_64, aarch64] + + # https://github.com/sellout/bash-strict-mode/commit/9bf1d65c2f786a9887facfcb81e06d8b8b5f4667 + if: github.event.check_suite.app.name == 'Garnix CI' + && github.event.check_suite.conclusion == 'success' + && github.event.check_suite.latest_check_runs_count >= 8 + && github.event.check_suite.head_branch == 'main' + + steps: + - uses: actions/checkout@v4 + + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@v9 + + - name: Setup Nix cache + uses: DeterminateSystems/magic-nix-cache-action@v2 + + - name: Build Docker image + id: build + run: | + nix build -L --accept-flake-config .#container-${{ matrix.arch }} + [ ! -L result ] && exit 1 + echo "path=$(realpath result)" >> "$GITHUB_OUTPUT" + + - name: Upload image + uses: actions/upload-artifact@v3 + with: + name: container-${{ matrix.arch }} + path: ${{ steps.build.outputs.path }} + if-no-files-found: error + retention-days: 1 + push: name: Push image + + needs: build runs-on: ubuntu-latest permissions: @@ -23,15 +64,10 @@ jobs: - uses: actions/checkout@v4 - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v9 - - - name: Setup Attic cache - uses: ryanccn/attic-action@v0 + - name: Download images + uses: actions/download-artifact@v3 with: - endpoint: https://cache.mydadleft.me - cache: teawiebot - token: ${{ secrets.ATTIC_TOKEN }} + path: images - name: Login to registry uses: docker/login-action@v3 @@ -48,11 +84,9 @@ jobs: architectures=("x86_64" "aarch64") for arch in "${architectures[@]}"; do - nix build -L --accept-flake-config .#container-"$arch" - docker load < result - docker tag ${{ env.IMAGE_NAME }}:latest-"$arch" ${{ env.TAG }}-"$arch" + docker load < images/container-"$arch"/*.tar.gz + docker tag teawiebot:latest-"$arch" ${{ env.TAG }}-"$arch" docker push ${{ env.TAG }}-"$arch" - rm result done docker manifest create ${{ env.TAG }} \ diff --git a/.github/workflows/update-flake.yaml b/.github/workflows/update-flake.yaml index f87726f..b4ae88c 100644 --- a/.github/workflows/update-flake.yaml +++ b/.github/workflows/update-flake.yaml @@ -10,6 +10,10 @@ jobs: update: runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + steps: - uses: actions/checkout@v4 @@ -22,11 +26,11 @@ jobs: with: commit-msg: "flake: update inputs" pr-title: "flake: update inputs" - token: ${{ secrets.MERGE_TOKEN }} + token: ${{ github.token }} - name: Enable auto-merge shell: bash run: gh pr merge --auto --rebase "$PR_ID" env: - GH_TOKEN: ${{ secrets.MERGE_TOKEN }} + GH_TOKEN: ${{ github.token }} PR_ID: ${{ steps.update.outputs.pull-request-number }} diff --git a/README.md b/README.md index 3932da9..a4051a5 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # teawie bot 🦀🦀🦀 -[![Build status](https://img.shields.io/github/actions/workflow/status/getchoo/teawiebot/ci.yaml?style=flat-square&logo=github&label=Build%20status&color=5277c3)](https://github.com/getchoo/teawiebot/actions/workflows/ci.yaml) +[![built with garnix](https://img.shields.io/endpoint.svg?url=https%3A%2F%2Fgarnix.io%2Fapi%2Fbadges%2Fgetchoo%2FteawieBot)](https://garnix.io) okay so like basically, it's just a discord bot named "teawie" (so cool!! and now in rust!!!)🚀🚀 diff --git a/flake.lock b/flake.lock index 9d44ebc..a49bac6 100644 --- a/flake.lock +++ b/flake.lock @@ -111,26 +111,6 @@ "type": "github" } }, - "nix2workflow": { - "inputs": { - "nixpkgs-lib": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1699416125, - "narHash": "sha256-IQHjxELWK6DBWbqYwggO4Q9gJbOm0XS3aCgMRzQWwZU=", - "owner": "getchoo", - "repo": "nix2workflow", - "rev": "f1de38cfea711e9a788794b5a658298b4062defb", - "type": "github" - }, - "original": { - "owner": "getchoo", - "repo": "nix2workflow", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1702539185, @@ -213,7 +193,6 @@ "fenix": "fenix", "flake-root": "flake-root", "naersk": "naersk", - "nix2workflow": "nix2workflow", "nixpkgs": "nixpkgs", "parts": "parts", "pre-commit": "pre-commit", diff --git a/flake.nix b/flake.nix index 670b6bd..09b9f81 100644 --- a/flake.nix +++ b/flake.nix @@ -2,8 +2,8 @@ description = "teawie moment"; nixConfig = { - extra-substituters = ["https://cache.mydadleft.me/teawiebot"]; - extra-trusted-public-keys = ["teawiebot:vp7AaQ042O/3326DMMtLF4MOUa5/kCBAq+YApy5GWXA="]; + extra-substituters = ["https://cache.garnix.io"]; + extra-trusted-public-keys = ["cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="]; }; inputs = { @@ -27,11 +27,6 @@ proc-flake.url = "github:srid/proc-flake"; flake-root.url = "github:srid/flake-root"; - nix2workflow = { - url = "github:getchoo/nix2workflow"; - inputs.nixpkgs-lib.follows = "nixpkgs"; - }; - pre-commit = { url = "github:cachix/pre-commit-hooks.nix"; inputs.nixpkgs.follows = "nixpkgs"; @@ -43,16 +38,13 @@ parts.lib.mkFlake {inherit inputs;} { imports = [ inputs.pre-commit.flakeModule - inputs.proc-flake.flakeModule inputs.flake-root.flakeModule - inputs.nix2workflow.flakeModule - + ./nix/ci.nix ./nix/deployment.nix ./nix/dev.nix ./nix/packages.nix - ./nix/workflow.nix ]; systems = [ diff --git a/garnix.yaml b/garnix.yaml new file mode 100644 index 0000000..64bee81 --- /dev/null +++ b/garnix.yaml @@ -0,0 +1,6 @@ +builds: + exclude: [] + include: + - "checks.x86_64-linux.*" + - "packages.x86_64-linux.*" + - "devShells.x86_64-linux.default" diff --git a/nix/ci.nix b/nix/ci.nix new file mode 100644 index 0000000..0d614f7 --- /dev/null +++ b/nix/ci.nix @@ -0,0 +1,22 @@ +{ + perSystem = { + pkgs, + lib, + config, + ... + }: { + # require packages, checks, and devShells for ci to be considered a success + packages.ciGate = + pkgs.runCommand "ci-gate" { + name = "ci-gate"; + + depsBuildBuild = lib.concatMap builtins.attrValues [ + config.checks + (builtins.removeAttrs config.packages ["default" "ciGate"]) + ]; + } '' + echo "-- success! --" + touch $out + ''; + }; +} diff --git a/nix/deployment.nix b/nix/deployment.nix index 9fb754e..57bc67a 100644 --- a/nix/deployment.nix +++ b/nix/deployment.nix @@ -13,8 +13,6 @@ inputs', ... }: let - name = "getchoo/teawiebot"; - crossPkgsFor = lib.fix (finalAttrs: { "x86_64-linux" = { "x86_64" = pkgs.pkgsStatic; @@ -70,7 +68,7 @@ containerFor = arch: pkgs.dockerTools.buildLayeredImage { - inherit name; + name = "teawiebot"; tag = "latest-${arch}"; contents = [pkgs.dockerTools.caCertificates]; config.Cmd = [(wieFor arch)]; diff --git a/nix/workflow.nix b/nix/workflow.nix deleted file mode 100644 index 600a1bb..0000000 --- a/nix/workflow.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - githubWorkflowGenerator = { - outputs = [ - "checks" - "devShells" - "packages" - ]; - - overrides = { - checks.systems = ["x86_64-linux"]; - devShells.systems = ["x86_64-linux"]; - packages.systems = ["x86_64-linux"]; - }; - }; -}