build: use self-hosted runner for tests #358
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "tests" | |
| on: | |
| # I don't think it's important for correctness to run the tests on main. | |
| # I'm doing it to make GitHub Actions caches available across pull requests. | |
| # See https://github.com/LightAndLight/ipso/issues/338 | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| workflow_dispatch: | |
| env: | |
| NIX_PUBLIC_KEY: "ipso-binary-cache-1:UMRLNOKcCsb/a2dBhtcZhRZP4RN8yIDsSUwHTObu2w4=" | |
| # Note: these values are duplicated in the `UPLOAD_TO_CACHE` script. | |
| BINARY_CACHE_BUCKET: "ipso-binary-cache" | |
| BINARY_CACHE_ENDPOINT: "7065dc7f7d1813a29036535b4c4f4014.r2.cloudflarestorage.com" | |
| # Avoid [rate | |
| # limiting](https://discourse.nixos.org/t/flakes-provide-github-api-token-for-rate-limiting/18609) | |
| # by allowing Nix to make authenticated GitHub requests. | |
| NIX_CONFIG: "access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}" | |
| # The version of ipso to use for CI scripts that are written in the language. | |
| CI_IPSO_VERSION: "v0.5" | |
| jobs: | |
| tests: | |
| runs-on: nixos | |
| steps: | |
| - uses: actions/[email protected] | |
| with: | |
| # `./scripts/recheck` uses `git diff` which accesses the repo's history. `fetch-depth: 0` fetches all branches and history. | |
| fetch-depth: 0 | |
| - name: "tests" | |
| if: github.event_name == 'pull_request' | |
| run: > | |
| nix develop .#tests | |
| --extra-substituters "s3://$BINARY_CACHE_BUCKET?scheme=https&endpoint=$BINARY_CACHE_ENDPOINT" | |
| --extra-trusted-public-keys "$NIX_PUBLIC_KEY" | |
| -c ./scripts/recheck origin/$GITHUB_BASE_REF $GITHUB_REF_NAME | |
| # `tests.yml` is currently set to run on pushes to `main`. When that happens, `$GITHUB_BASE_REF` | |
| # isn't set because it's not a pull request. Instead we use the most recent commit before the | |
| # push | |
| # (https://docs.github.com/en/webhooks-and-events/webhooks/webhook-events-and-payloads#push) | |
| # as the "old" commit for `./scripts/recheck`. | |
| # | |
| # If it's a force push (which it really shouldn't be for main) then we skip this step. | |
| - name: "tests" | |
| if: github.event_name == 'push' && !github.event.forced | |
| run: > | |
| nix develop .#tests | |
| --extra-substituters "s3://$BINARY_CACHE_BUCKET?scheme=https&endpoint=$BINARY_CACHE_ENDPOINT" | |
| --extra-trusted-public-keys "$NIX_PUBLIC_KEY" | |
| -c ./scripts/recheck ${{ github.event.before }} $GITHUB_REF_NAME | |
| - name: wait for uploads to finish | |
| if: always() | |
| run: pueue wait | |
| - name: log all uploads | |
| if: always() | |
| run: pueue log --json | jq '.[].task.original_command' -r | |
| - name: log failed uploads | |
| if: always() | |
| run: pueue log --json | jq 'to_entries[] | select(.value.task.status.Done != "Success") | .key' -r | xargs -r pueue log | |
| - name: check uploads succeeded | |
| if: always() | |
| run: "[ \"$(pueue log --json | jq 'to_entries[] | select(.value.task.status.Done != \"Success\") | .key' -r)\" == \"\" ]" |