CI: tests first and templates until approved (#199)

Modular, context-aware and aspect-oriented dendritic Nix configurations. Discussions: https://oeiuwq.zulipchat.com/join/nqp26cd4kngon6mo3ncgnuap/ den.oeiuwq.com

configurations den dendritic nix aspect oriented

fork atom

docs

authored by oeiuwq.com and committed by

GitHub 2 weeks ago d04af46a 841714c4

+45 -32

3 changed files

expand all

unified split

.github

workflows

test.yml

nix

default.nix

flake-packages.nix

+44 -31

.github/workflows/test.yml

··· 3 3 branches: [main] 4 4 pull_request: 5 5 types: [labeled, opened, synchronize, reopened, review_requested, ready_for_review] 6 + pull_request_review: 7 + types: [submitted] 6 8 concurrency: 7 9 group: ${{ github.workflow }}-${{ github.ref }} 8 10 cancel-in-progress: true 9 11 jobs: 10 12 non-draft: 11 13 runs-on: ubuntu-latest 14 + if: ${{github.ref == 'refs/heads/main' || github.event.pull_request.draft == false}} 12 15 steps: 13 - - run: test "true" = "${{github.ref == 'refs/heads/main' || github.event.pull_request.draft == false}}" 16 + - uses: actions/checkout@v4 17 + - run: | 18 + git fetch --depth 1 origin refs/heads/main 19 + test "refs/heads/main" == "${{github.ref}}" || (git diff --name-only origin/main..${{ github.sha }} -- | grep '.nix') 20 + tests: 21 + needs: [non-draft] 22 + strategy: 23 + matrix: 24 + os: [ubuntu-latest, macos-latest] 25 + name: Tests ${{matrix.os}} 26 + runs-on: ${{matrix.os}} 27 + steps: 28 + - uses: wimpysworld/nothing-but-nix@main 29 + - uses: cachix/install-nix-action@v31 30 + - uses: DeterminateSystems/magic-nix-cache-action@v13 31 + - run: nix flake init -t github:$GITHUB_REPOSITORY/$GITHUB_SHA#ci 32 + - run: sed -i "s@\"github:vic/den\"@\"github:vic/den/$GITHUB_SHA\"@" flake.nix 33 + if: matrix.os == 'ubuntu-latest' 34 + - run: sed -i '' "s@\"github:vic/den\"@\"github:vic/den/$GITHUB_SHA\"@" flake.nix 35 + if: matrix.os == 'macos-latest' 36 + - run: | 37 + cat <<-EOF > modules/ci-runtime.nix 38 + { lib, ... }: 39 + { 40 + _module.args.CI = true; 41 + } 42 + EOF 43 + - run: nix flake update den 44 + - run: nix flake metadata 45 + - run: nix flake check -L 14 46 flake-check: 15 47 needs: [non-draft] 16 48 name: nix flake check ··· 18 50 steps: 19 51 - uses: cachix/install-nix-action@v31 20 52 - run: nix flake check -L github:vic/checkmate --override-input target github:$GITHUB_REPOSITORY/$GITHUB_SHA 53 + approved: 54 + needs: [non-draft] 55 + name: approved 56 + runs-on: ubuntu-latest 57 + if: ${{github.actor == github.repository_owner || github.event.review.state == 'approved'}} 58 + steps: 59 + - run: true 21 60 noflake: 22 - needs: [non-draft] 61 + needs: [approved] 23 62 name: noflake 24 63 runs-on: ubuntu-latest 25 64 steps: ··· 37 76 git add templates/noflake/modules/ci-runtime.nix 38 77 - run: cd templates/noflake && nix-build -A flake.nixosConfigurations.igloo.config.system.build.toplevel 39 78 minimal: 40 - needs: [non-draft] 79 + needs: [approved] 41 80 name: minimal 42 81 runs-on: ubuntu-latest 43 82 steps: ··· 54 93 git add templates/minimal/modules/ci-runtime.nix 55 94 - run: nix flake check -L ./templates/minimal --override-input den github:$GITHUB_REPOSITORY/$GITHUB_SHA 56 95 bogus: 57 - needs: [non-draft] 96 + needs: [approved] 58 97 strategy: 59 98 matrix: 60 99 os: [ubuntu-latest, macos-latest] ··· 73 112 EOF 74 113 git add templates/bogus/modules/ci-runtime.nix 75 114 - run: nix flake check -L ./templates/bogus --override-input den github:$GITHUB_REPOSITORY/$GITHUB_SHA 76 - tests: 77 - needs: [non-draft] 78 - strategy: 79 - matrix: 80 - os: [ubuntu-latest, macos-latest] 81 - name: Tests ${{matrix.os}} 82 - runs-on: ${{matrix.os}} 83 - steps: 84 - - uses: wimpysworld/nothing-but-nix@main 85 - - uses: cachix/install-nix-action@v31 86 - - uses: DeterminateSystems/magic-nix-cache-action@v13 87 - - run: nix flake init -t github:$GITHUB_REPOSITORY/$GITHUB_SHA#ci 88 - - run: sed -i "s@\"github:vic/den\"@\"github:vic/den/$GITHUB_SHA\"@" flake.nix 89 - if: matrix.os == 'ubuntu-latest' 90 - - run: sed -i '' "s@\"github:vic/den\"@\"github:vic/den/$GITHUB_SHA\"@" flake.nix 91 - if: matrix.os == 'macos-latest' 92 - - run: | 93 - cat <<-EOF > modules/ci-runtime.nix 94 - { lib, ... }: 95 - { 96 - _module.args.CI = true; 97 - } 98 - EOF 99 - - run: nix flake update den 100 - - run: nix flake metadata 101 - - run: nix flake check -L 102 115 template: 103 - needs: [non-draft] 116 + needs: [approved] 104 117 strategy: 105 118 # max-parallel: 1 106 119 matrix:

+1 -1

nix/default.nix

··· 25 25 bogus.path = ../templates/bogus; 26 26 bogus.description = "For bug reproduction"; 27 27 }; 28 - packages = import ./template-packages.nix; 28 + packages = import ./flake-packages.nix; 29 29 namespace = import ./namespace.nix; 30 30 lib = import ./lib.nix; 31 31 }

nix/template-packages.nix nix/flake-packages.nix