Skip to content

CI

CI #485

Workflow file for this run

jobs:
_1_init:
name: Initial Nix job
permissions:
actions: write
contents: write
runs-on: ubuntu-22.04
steps:
- name: Checkout this repo
uses: actions/checkout@v3
- name: Install Nix
uses: nixbuild/nix-quick-install-action@v25
with:
nix_conf: |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
substituters = https://cache.nixos.org/ https://nix-community.cachix.org https://cache.iog.io https://deemp.cachix.org
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ= deemp.cachix.org-1:9shDxyR2ANqEPQEEYDL/xIOnoPwxHot21L5fiZnFL18=
keep-outputs = true
- name: Restore and cache Nix store
uses: nix-community/cache-nix-action@v1
with:
key: nix-ubuntu-22.04-init-${{ hashfiles('**/flake.nix', '**/flake.lock') }}
linux-gc-enabled: true
linux-max-store-size: 4500000000
restore-keys: |
nix-ubuntu-22.04-init-
- name: Remove old cache profiles
run: rm -rf /nix/var/nix/profiles/cache
- name: Configure git for github-actions
run: |
git config --global user.name github-actions
git config --global user.email [email protected]
- name: Update flake locks
run: |-
nix profile install .#updateLocks
nix run .#updateLocks
- name: Format Nix files
run: |-
nix profile install .#format
nix run .#format
- name: Run writers
run: |-
nix profile install .#writeAll
nix run .#writeAll
- name: Commit & Push
run: |-
git pull --rebase --autostash
git add .
git commit \
-m "action" \
-m "Update flake locks" \
-m "Format Nix files" \
-m "Run writers" \
|| echo "commit failed!"
git push
- name: Purge cache
uses: deemp/purge-cache@v1
with:
accessed: false
created: true
debug: true
max-age: 172800
_2_cache:
name: Caching Nix
needs:
- _1_init
permissions:
actions: write
contents: write
runs-on: ${{ matrix.os }}
steps:
- name: Checkout this repo
uses: actions/checkout@v3
- name: Install Nix
uses: nixbuild/nix-quick-install-action@v25
with:
nix_conf: |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
substituters = https://cache.nixos.org/ https://nix-community.cachix.org https://cache.iog.io https://deemp.cachix.org
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ= deemp.cachix.org-1:9shDxyR2ANqEPQEEYDL/xIOnoPwxHot21L5fiZnFL18=
keep-outputs = true
- name: Restore and cache Nix store
uses: nix-community/cache-nix-action@v1
with:
key: nix-${{ matrix.os }}-caching-${{ hashfiles('**/flake.nix', '**/flake.lock') }}
linux-gc-enabled: true
linux-max-store-size: 7500000000
macos-gc-enabled: true
macos-max-store-size: 7000000000
restore-keys: |
nix-${{ matrix.os }}-caching-
- name: Remove old cache profiles
run: rm -rf /nix/var/nix/profiles/cache
- env:
CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
CACHIX_CACHE: ${{ secrets.CACHIX_CACHE }}
name: Push flakes to Cachix
run: |-
nix profile install .#pushToCachix
nix run .#pushToCachix
- name: Purge cache
uses: deemp/purge-cache@v1
with:
accessed: false
created: true
debug: true
max-age: 172800
strategy:
matrix:
os:
- macos-11
- macos-12
- ubuntu-20.04
- ubuntu-22.04
_3_changed-files-app_purescript:
name: Check if app_purescript has any modified files
needs:
- _1_init
outputs:
app_purescript: ${{ steps.changed-files.outputs.any_modified }}
runs-on: ubuntu-22.04
steps:
- name: Checkout this repo
uses: actions/checkout@v3
with:
fetch-depth: 0
- id: changed-files
name: Get changed files
uses: tj-actions/changed-files@v37
with:
files: |
app_purescript/**
flake*
.github/**
sha: ${{ github.sha }}
- if: steps.changed-files.outputs.any_modified == 'true'
name: List changed files
run: echo "${{ steps.changed-files.outputs.all_changed_files }}"
_3_changed-files-app_python:
name: Check if app_python has any modified files
needs:
- _1_init
outputs:
app_python: ${{ steps.changed-files.outputs.any_modified }}
runs-on: ubuntu-22.04
steps:
- name: Checkout this repo
uses: actions/checkout@v3
with:
fetch-depth: 0
- id: changed-files
name: Get changed files
uses: tj-actions/changed-files@v37
with:
files: |
app_python/**
flake*
.github/**
sha: ${{ github.sha }}
- if: steps.changed-files.outputs.any_modified == 'true'
name: List changed files
run: echo "${{ steps.changed-files.outputs.all_changed_files }}"
_4_app-ci-app_purescript:
defaults:
run:
working-directory: app_purescript
if: needs._3_changed-files-app_purescript.outputs.app_purescript == 'true'
name: CI for app_purescript
needs:
- _3_changed-files-app_purescript
permissions:
actions: write
contents: write
runs-on: ${{ matrix.os }}
steps:
- name: Checkout this repo
uses: actions/checkout@v3
- name: Install Nix
uses: nixbuild/nix-quick-install-action@v25
with:
nix_conf: |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
substituters = https://cache.nixos.org/ https://nix-community.cachix.org https://cache.iog.io https://deemp.cachix.org
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ= deemp.cachix.org-1:9shDxyR2ANqEPQEEYDL/xIOnoPwxHot21L5fiZnFL18=
keep-outputs = true
- name: Restore and cache Nix store
uses: nix-community/cache-nix-action@v1
with:
key: nix-${{ matrix.os }}-app-${{ hashfiles('**/flake.nix', '**/flake.lock') }}
linux-gc-enabled: true
linux-max-store-size: 2000000000
macos-gc-enabled: true
macos-max-store-size: 2000000000
restore-keys: |
nix-${{ matrix.os }}-app-
- name: Remove old cache profiles
run: rm -rf /nix/var/nix/profiles/cache
- uses: actions/cache@v3
with:
key: ${{ runner.os }}-front-${{ hashFiles('**/*.dhall') }}
path: |
~/.npm
./app_purescript/.spago
restore-keys: ${{ runner.os }}-front-
- name: Build app
run: |-
nix profile install .#build
nix run .#build
- env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
name: Run Snyk to check for vulnerabilities (Node.js)
run: |-
nix profile install .#snykTest
nix run .#snykTest
- name: Test app
run: |-
nix profile install .#test
nix run .#test
- name: Purge cache
uses: deemp/purge-cache@v1
with:
accessed: false
created: true
debug: true
max-age: 172800
strategy:
matrix:
os:
- ubuntu-22.04
- macos-12
_4_app-ci-app_python:
defaults:
run:
working-directory: app_python
if: needs._3_changed-files-app_python.outputs.app_python == 'true'
name: CI for app_python
needs:
- _3_changed-files-app_python
permissions:
actions: write
contents: write
runs-on: ${{ matrix.os }}
steps:
- name: Checkout this repo
uses: actions/checkout@v3
- name: Install Nix
uses: nixbuild/nix-quick-install-action@v25
with:
nix_conf: |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
substituters = https://cache.nixos.org/ https://nix-community.cachix.org https://cache.iog.io https://deemp.cachix.org
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ= deemp.cachix.org-1:9shDxyR2ANqEPQEEYDL/xIOnoPwxHot21L5fiZnFL18=
keep-outputs = true
- name: Restore and cache Nix store
uses: nix-community/cache-nix-action@v1
with:
key: nix-${{ matrix.os }}-app-${{ hashfiles('**/flake.nix', '**/flake.lock') }}
linux-gc-enabled: true
linux-max-store-size: 2000000000
macos-gc-enabled: true
macos-max-store-size: 2000000000
restore-keys: |
nix-${{ matrix.os }}-app-
- name: Remove old cache profiles
run: rm -rf /nix/var/nix/profiles/cache
- name: Lint app
run: |-
nix profile install .#lint
nix run .#lint
- env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
name: Run Snyk to check for vulnerabilities (Python)
run: |-
nix profile install .#snykTest
nix run .#snykTest
- name: Test app
run: |-
nix profile install .#test
nix run .#test
- name: Purge cache
uses: deemp/purge-cache@v1
with:
accessed: false
created: true
debug: true
max-age: 172800
strategy:
matrix:
os:
- ubuntu-22.04
- macos-12
_5_push-to-docker-hub-app_purescript:
name: Push 'app_purescript' to Docker Hub
needs:
- _4_app-ci-app_purescript
runs-on: ubuntu-22.04
steps:
- name: Checkout this repo
uses: actions/checkout@v3
- name: Pull latest repo changes
run: git pull --rebase --autostash
- name: Hadolint Action
uses: hadolint/[email protected]
with:
dockerfile: app_purescript/Dockerfile
no-fail: true
verbose: true
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Log in to Docker Hub
uses: docker/login-action@v2
with:
password: ${{ secrets.DOCKER_HUB_PAT }}
username: ${{ secrets.DOCKER_HUB_USERNAME }}
- env:
DOCKER_NAME: ${{ secrets.DOCKER_HUB_USERNAME }}
name: Build and push
uses: docker/build-push-action@v3
with:
context: app_purescript
push: true
tags: ${{ secrets.DOCKER_HUB_USERNAME }}/app_purescript:latest
_5_push-to-docker-hub-app_python:
name: Push 'app_python' to Docker Hub
needs:
- _4_app-ci-app_python
runs-on: ubuntu-22.04
steps:
- name: Checkout this repo
uses: actions/checkout@v3
- name: Pull latest repo changes
run: git pull --rebase --autostash
- name: Hadolint Action
uses: hadolint/[email protected]
with:
dockerfile: app_python/Dockerfile
no-fail: true
verbose: true
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Log in to Docker Hub
uses: docker/login-action@v2
with:
password: ${{ secrets.DOCKER_HUB_PAT }}
username: ${{ secrets.DOCKER_HUB_USERNAME }}
- env:
DOCKER_NAME: ${{ secrets.DOCKER_HUB_USERNAME }}
name: Build and push
uses: docker/build-push-action@v3
with:
context: app_python
push: true
tags: ${{ secrets.DOCKER_HUB_USERNAME }}/app_python:latest
name: CI
"on":
pull_request: {}
push: {}
schedule:
- cron: 0 0 * * *
workflow_dispatch: {}