Build and populate cache #3197
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Build and populate cache" | |
on: | |
pull_request: | |
push: | |
branches: | |
- main | |
- master | |
schedule: | |
# rebuild everyday at 2:07 | |
# TIP: Choose a random time here so not all repositories are build at once: | |
# https://www.random.org/clock-times/?num=1&earliest=01%3A00&latest=08%3A00&interval=5&format=html&rnd=new | |
- cron: '07 2 * * *' | |
jobs: | |
tests: | |
strategy: | |
matrix: | |
# Set this to notify the global nur package registry that changes are | |
# available. | |
# | |
# The repo name as used in | |
# https://github.com/nix-community/NUR/blob/master/repos.json | |
nurRepo: | |
- drewrisinger | |
# Set this to cache your build results in cachix for faster builds | |
# in CI and for everyone who uses your cache. | |
# | |
# Format: Your cachix cache host name without the ".cachix.org" suffix. | |
# Example: mycache (for mycache.cachix.org) | |
# | |
# For this to work, you also need to set the CACHIX_SIGNING_KEY or | |
# CACHIX_AUTH_TOKEN secret in your repository secrets settings in | |
# Github found at | |
# https://github.com/<your_githubname>/nur-packages/settings/secrets | |
cachixName: | |
- drewrisinger | |
nixPath: | |
- nixpkgs=channel:nixos-unstable | |
- nixpkgs=channel:nixpkgs-unstable | |
- nixpkgs=channel:nixos-21.05 | |
- nixpkgs=channel:nixos-21.11 | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Install nix | |
uses: cachix/install-nix-action@v16 | |
with: | |
nix_path: "${{ matrix.nixPath }}" | |
# nix 2.6 breaks restrict-eval, when using the NIX_PATH | |
# see https://github.com/NixOS/nix/issues/5980 | |
install_url: https://releases.nixos.org/nix/nix-2.5.1/install | |
extra_nix_config: | | |
experimental-features = nix-command flakes | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
- name: Show nixpkgs version | |
run: nix-instantiate --eval -E '(import <nixpkgs> {}).lib.version' | |
- name: Setup cachix | |
uses: cachix/cachix-action@v10 | |
# Don't replace <YOUR_CACHIX_NAME> here! | |
if: ${{ matrix.cachixName != '<YOUR_CACHIX_NAME>' }} | |
with: | |
name: ${{ matrix.cachixName }} | |
signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' | |
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
- name: Check evaluation | |
run: | | |
nix-env -f . -qa \* --meta --xml \ | |
--allowed-uris https://static.rust-lang.org \ | |
--option restrict-eval true \ | |
--option allow-import-from-derivation true \ | |
--drv-path --show-trace \ | |
-I nixpkgs=$(nix-instantiate --find-file nixpkgs) \ | |
-I $PWD | |
- name: Find Unbroken Nix Packages | |
env: | |
NIX_PATH: channel:nixos-21.11 | |
run: | | |
nix-shell update-shell.nix --run "nix-eval-jobs --option restrict-eval true default.nix > evaluations.json" | |
nix-shell update-shell.nix --run "jq '.|select(.error != null)' evaluations.json" | |
- name: Build nix packages | |
id: build_uncached | |
# if this errors, continue to verbose build. | |
continue-on-error: true | |
env: | |
# Allow building unfree packages & unsupported systems for CI purposes | |
NIXPKGS_ALLOW_UNFREE: 1 | |
NIXPKGS_ALLOW_UNSUPPORTED_SYSTEM: 1 | |
run: nix shell -f '<nixpkgs>' nix-build-uncached -c nix-build-uncached ci.nix -A cacheOutputs | |
# nix-build-uncached uses "nix build" internally, which only outputs last 10 lines of failure. | |
# To get more verbose error that we can debug, reruns any failed derivations to get full output | |
# Is this nice to the builder? No, but it's better than wasting time guessing at failed builds. | |
- name: Verbose Build on Previous Failure (full log available) | |
if: ${{ steps.build_uncached.outcome == 'failure' }} | |
env: | |
# Allow building unfree packages & unsupported systems for CI purposes | |
NIXPKGS_ALLOW_UNFREE: 1 | |
NIXPKGS_ALLOW_UNSUPPORTED_SYSTEM: 1 | |
run: nix-build ci.nix -A cacheOutputs | |
- name: Trigger NUR update | |
# Don't replace <YOUR_REPO_NAME> here! | |
if: ${{ matrix.nurRepo != '<YOUR_REPO_NAME>' }} | |
run: curl -XPOST "https://nur-update.herokuapp.com/update?repo=${{ matrix.nurRepo }}" |