Skip to content
CI

Rework the CI #1845

Sign in to view logs

Rework the CI

Rework the CI #1845

Workflow file for this run

.github/workflows/CI.yml at 87d1220
name: CI
on:
# Following https://github.com/orgs/community/discussions/26276
# to get builds on PRs and pushes to master but not double
# builds on PRs.
push:
branches:
- main
pull_request:
workflow_dispatch:
env:
NIX_CONFIG: accept-flake-config = true
jobs:
check:
runs-on: nixos
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # the check script below needs the whole history
- name: Run checks
run: nix develop -c ./scripts/check.sh
# If this is a pull request, we have a base ref to compare against
build-repo-base:
if: github.event_name == 'pull'
runs-on: nixos
steps:
- uses: actions/checkout@v4
# We don't need to build the repos more than once, we can deal with
# transient issues by wiping the broken cache (e.g. `gh cache delete`)
- name: Fetch cache
id: cache
uses: actions/cache@v3
with:
path: _repo
key: built-repo-${{ github.event.pull_request.base.sha }}
- if: ${{ steps.cache.outputs.cache-hit != 'true' }}
name: Build repository
uses: ./.github/actions/build-repo
with:
ref: ${{ github.event.pull_request.base.ref }}
# See https://github.com/actions/upload-artifact/issues/36
- name: Pack repository in a tar archive
run: tar cf _repo.tar -C _repo .
- name: Upload built repository
uses: actions/upload-artifact@v3
with:
name: built-repo-base
path: _repo.tar
build-repo-head:
runs-on: nixos
steps:
- uses: actions/checkout@v4
# We don't need to build the repos more than once, we can deal with
# transient issues by wiping the broken cache (e.g. `gh cache delete`)
- name: Fetch cache
id: cache
uses: actions/cache@v3
with:
path: _repo
key: built-repo-${{ github.sha }}
- if: ${{ steps.cache.outputs.cache-hit != 'true' }}
name: Build repository
uses: ./.github/actions/build-repo
with:
ref: ${{ github.ref }}
# See https://github.com/actions/upload-artifact/issues/36
- name: Pack repository in a tar archive
run: tar cf _repo.tar -C _repo .
- name: Upload built repository
uses: actions/upload-artifact@v3
with:
name: built-repo-head
path: _repo.tar
# If this is a pull request, we have a base ref to compare against
check-append-only:
if: github.event_name == 'pull'
runs-on: nixos
needs:
- build-repo-base
- build-repo-head
steps:
- name: Download built repository (base)
uses: actions/download-artifact@v3
with:
name: built-repo-base
path: built-repo-base
- name: Unpack built repository (base)
run: |
mkdir _repo-base
tar xf built-repo-base/_repo.tar -C _repo-base
- name: Download built repository (head)
uses: actions/download-artifact@v3
with:
name: built-repo-head
path: built-repo-head
- name: Unpack built repository (head)
run: |
mkdir _repo-head
tar xf built-repo-head/_repo.tar -C _repo-head
- name: Check new index is an extension of the old index
run: |
echo "If this check failed because 'some entries only exist in the old index'"
echo "then you may need to update your branch.\n"
echo "If it failed because 'the last old entry is newer than the first new entry'"
echo "then you may need to update the timestamps in your new packages to be newer than those in main."
./scripts/check-archive-extension.sh _repo-base/01-index.tar _repo-head/01-index.tar
generate-smoke-tests:
runs-on: nixos
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- id: set-matrix
run: echo "matrix=$(nix eval --json github:${{ github.repository }}/${{ github.ref }}#ghaMatrix)" >> "$GITHUB_OUTPUT"
build-packages:
name: build-package ${{ matrix.name }}
runs-on: nixos
needs:
- build-repo-base
- build-repo-head
- generate-smoke-tests
strategy:
fail-fast: false
# The step generate-smoke-tests produces a list of derivations to build
# include:
# - name: ghc96/cardano-node/8.5.0
# ...
matrix: ${{ fromJSON(needs.generate-smoke-tests.outputs.matrix) }}
steps:
- name: Download built repository (base)
if: github.event_name == 'pull'
uses: actions/download-artifact@v3
with:
name: built-repo-base
path: built-repo-base
- name: Unpack built repository (base)
if: github.event_name == 'pull'
run: |
mkdir _repo-base
tar xf built-repo-base/_repo.tar -C _repo-base
- name: Download built repository (head)
uses: actions/download-artifact@v3
with:
name: built-repo-head
path: built-repo-head
- name: Unpack built repository (head)
run: |
mkdir _repo-head
tar xf built-repo-head/_repo.tar -C _repo-head
- name: Old install plan
if: github.event_name == 'pull'
run: >
nix build
'github:${{ github.repository }}/${{ github.ref }}#"${{ matrix.name }}".passthru.project.plan-nix.json'
--out-link plan-base
--override-input CHaP path:_repo-base
- name: New install plan
run: >
nix build
'github:${{ github.repository }}/${{ github.ref }}#"${{ matrix.name }}".passthru.project.plan-nix.json'
--out-link plan-head
--override-input CHaP path:_repo-head
- name: Compute difference between install plans
if: github.event_name == 'pull'
run: >
nix develop --command
cabal-plan diff --plan-json plan-base-json --plan-json plan-head-json
- name: Build package
# The > is the "YAML folded string" marker, which replaces newlines
# with spaces, since the usual bash idiom of \ doesn't work for some
# reason
run: >
nix build 'github:${{ github.repository }}/${{ github.ref }}#"${{ matrix.name }}"'
--print-build-logs
--override-input CHaP path:_repo-head
--show-trace
deploy-check:
runs-on: nixos
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
needs:
- build-repo-head
steps:
- uses: actions/checkout@v4
with:
path: src
- uses: actions/checkout@v4
with:
path: repo
ref: repo
- name: Download built repository (head)
uses: actions/download-artifact@v3
with:
name: built-repo-head
path: built-repo-head
- name: Unpack built repository (head)
run: |
mkdir _repo-head
tar xf built-repo-head/_repo.tar -C _repo-head
# This is meaningfully different to the check in 'build': that checks the repository
# built from main and from the PR tip, but that's not _actually_ the repository
# deployed in the repo branch. It should be the same, but it can't hurt to check
# against the thing that's actually deployed before we deploy.
- name: Check new index is an extension of the old index
run: |
./src/scripts/check-archive-extension.sh repo/01-index.tar _repo-head/01-index.tar
deploy:
# This job is fine to run on GitHub provided (free) runners.
runs-on: ubuntu-latest
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
needs:
- check
- build-repo-head
- deploy-check
concurrency:
group: "pages"
cancel-in-progress: true
# Grant GITHUB_TOKEN the permissions required to make a Pages deployment
permissions:
contents: write
id-token: write
pages: write
# Deploy to the github-pages environment
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
steps:
- name: Download built repository
uses: actions/download-artifact@v3
with:
name: built-repo-head
- name: Unpack built repository
run: |
mkdir _repo
tar xf _repo.tar -C _repo
- name: Commit as branch
run: |
set -xe
# see https://github.com/orgs/community/discussions/26560 and https://github.com/actions/checkout/issues/13
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
# Need --force because _repo is gitignore'd
git add --force _repo
treeId=$(git write-tree --prefix=_repo)
# the checkout action doesn't checkout all branches so we fetch
# the repo branch, if the remote doesn't have it, it's ok we do
# without
if git fetch --quiet origin repo; then
# add commit to branch
commitId=$(git commit-tree -p origin/repo -m "Update from ${{ github.sha }}" "$treeId")
else
# add commit with no parents
commitId=$(git commit-tree -m "Update from ${{ github.sha }}" "$treeId")
fi
git update-ref "refs/heads/repo" "$commitId"
git push origin repo
- name: Setup Pages
uses: actions/configure-pages@v1
- name: Upload pages artifact
uses: actions/upload-pages-artifact@v1
with:
path: _repo
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@v2