on: push: branches: [main] pull_request: types: [labeled, opened, synchronize, reopened, review_requested, ready_for_review] pull_request_review: types: [submitted] concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: non-draft: runs-on: ubuntu-latest if: ${{github.ref == 'refs/heads/main' || github.event.pull_request.draft == false}} steps: - uses: actions/checkout@v4 - run: | git fetch --depth 1 origin refs/heads/main test "refs/heads/main" == "${{github.ref}}" || (git diff --name-only origin/main..${{ github.sha }} -- | grep '.nix') tests: needs: [non-draft] strategy: matrix: os: [ubuntu-latest, macos-latest] name: Tests ${{matrix.os}} runs-on: ${{matrix.os}} steps: - uses: wimpysworld/nothing-but-nix@main - uses: cachix/install-nix-action@v31 - uses: DeterminateSystems/magic-nix-cache-action@v13 - run: nix flake init -t github:$GITHUB_REPOSITORY/$GITHUB_SHA#ci - run: sed -i "s@\"github:vic/den\"@\"github:vic/den/$GITHUB_SHA\"@" flake.nix if: matrix.os == 'ubuntu-latest' - run: sed -i '' "s@\"github:vic/den\"@\"github:vic/den/$GITHUB_SHA\"@" flake.nix if: matrix.os == 'macos-latest' - run: | cat <<-EOF > modules/ci-runtime.nix { lib, ... }: { _module.args.CI = true; } EOF - run: nix flake update den - run: nix flake metadata - run: nix flake check -L flake-check: needs: [non-draft] name: nix flake check runs-on: ubuntu-latest steps: - uses: cachix/install-nix-action@v31 - run: nix flake check -L github:vic/checkmate --override-input target github:$GITHUB_REPOSITORY/$GITHUB_SHA approved: needs: [non-draft] name: approved runs-on: ubuntu-latest if: ${{github.ref == 'refs/heads/main' || contains( github.event.pull_request.labels.*.name, 'approved')}} steps: - run: true noflake: needs: [approved] name: noflake runs-on: ubuntu-latest steps: - uses: wimpysworld/nothing-but-nix@main - uses: cachix/install-nix-action@v31 - uses: DeterminateSystems/magic-nix-cache-action@v13 - uses: actions/checkout@v4 - run: sed -i 's@# den.outPath@den.outPath@' templates/noflake/default.nix - run: | cat <<-EOF > templates/noflake/modules/ci-runtime.nix { _module.args.CI = true; } EOF git add templates/noflake/modules/ci-runtime.nix - run: cd templates/noflake && nix-build -A flake.nixosConfigurations.igloo.config.system.build.toplevel template: needs: [approved] strategy: matrix: template: [bogus, minimal, microvm] os: [ubuntu-latest] name: Check template ${{matrix.template}} ${{matrix.os}} runs-on: ${{matrix.os}} steps: - uses: wimpysworld/nothing-but-nix@main - uses: cachix/install-nix-action@v31 - uses: DeterminateSystems/magic-nix-cache-action@v13 - uses: actions/checkout@v4 - run: | cat <<-EOF > templates/${{matrix.template}}/modules/ci-runtime.nix { _module.args.CI = true; } EOF git add templates/${{matrix.template}}/modules/ci-runtime.nix - run: nix flake check -L ./templates/${{matrix.template}} --override-input den github:$GITHUB_REPOSITORY/$GITHUB_SHA flake-file-template: needs: [approved] strategy: # max-parallel: 1 matrix: os: [ubuntu-latest] template: [default, example] name: Check template ${{matrix.template}} ${{matrix.os}} runs-on: ${{matrix.os}} steps: - uses: wimpysworld/nothing-but-nix@main if: matrix.os == 'ubuntu-latest' - uses: cachix/install-nix-action@v31 # - uses: DeterminateSystems/magic-nix-cache-action@v13 - run: nix flake init -t github:$GITHUB_REPOSITORY/$GITHUB_SHA#${{matrix.template}} - run: | cat <<-EOF > modules/ci-runtime.nix { lib, ... }: { flake-file.inputs.den.url = lib.mkForce "github:$GITHUB_REPOSITORY/$GITHUB_SHA"; _module.args.CI = true; } EOF - run: nix run .#write-flake --override-input den "github:$GITHUB_REPOSITORY/$GITHUB_SHA" - run: nix flake update den - run: nix run .#write-flake - run: nix flake metadata - run: nix flake check -L --no-build