From 9b80adc718ee722505df13526a3a349842774569 Mon Sep 17 00:00:00 2001 From: Simon Rainerson Date: Wed, 3 Apr 2024 10:31:52 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=91=B7=20=F0=9F=94=A5=20=F0=9F=94=A8=20Re?= =?UTF-8?q?factor=20github=20workflows?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Simplify everything. --- .github/actions/setup-nix/action.yaml | 100 ------ .github/actions/setup-nix/ssh-agent.sh | 18 - .github/actions/setup-nix/ssh-conf | 3 - .github/workflows/build-components.yml | 320 ------------------ .github/workflows/build-examples-shared.yml | 66 ---- .github/workflows/build-examples.yaml | 32 ++ .github/workflows/build-examples.yml | 24 -- .github/workflows/checks.yaml | 96 ++++++ .github/workflows/checks.yml | 107 ------ .../{deploy-book.yml => deploy-book.yaml} | 19 +- .github/workflows/setup/nix.conf | 4 - .github/workflows/test.yaml | 33 -- CHANGELOG.md | 3 + dependabot.yml | 8 - docs/src/SUMMARY.md | 2 - docs/src/github-actions.md | 104 ------ 16 files changed, 144 insertions(+), 795 deletions(-) delete mode 100644 .github/actions/setup-nix/action.yaml delete mode 100755 .github/actions/setup-nix/ssh-agent.sh delete mode 100644 .github/actions/setup-nix/ssh-conf delete mode 100644 .github/workflows/build-components.yml delete mode 100644 .github/workflows/build-examples-shared.yml create mode 100644 .github/workflows/build-examples.yaml delete mode 100644 .github/workflows/build-examples.yml create mode 100644 .github/workflows/checks.yaml delete mode 100644 .github/workflows/checks.yml rename .github/workflows/{deploy-book.yml => deploy-book.yaml} (63%) delete mode 100644 .github/workflows/setup/nix.conf delete mode 100644 .github/workflows/test.yaml delete mode 100644 dependabot.yml delete mode 100644 docs/src/github-actions.md diff --git a/.github/actions/setup-nix/action.yaml b/.github/actions/setup-nix/action.yaml deleted file mode 100644 index 258d8368..00000000 --- a/.github/actions/setup-nix/action.yaml +++ /dev/null @@ -1,100 +0,0 @@ -name: 🌱 Setup nix -description: Setup nix with ssh agent and optionally config -inputs: - access-key: - description: SSH key to use for accessing repositories through nix. - required: false - - builders-access-key: - description: SSH key to use for accessing builders, defaults to the same used for repositories. - required: false - - builders: - description: SSH connection string for nix builders. - type: string - required: false - - config-path: - description: Path to a nix configuration file. - required: false - - version: - description: Nix version to install. - type: string - default: 2.11.1 - - cachix-name: - description: The name of the cachix cache to use. - type: string - required: false - - cachix-signing-key: - description: The cachix signing key. - type: string - required: false - - cachix-auth-token: - description: The cachix auth token. - type: string - required: false - -runs: - using: "composite" - steps: - - name: Install Nix - uses: cachix/install-nix-action@v22 - with: - install_url: https://releases.nixos.org/nix/nix-${{ inputs.version }}/install - - - name: Create Nix configuration - run: | - mkdir -p ~/.config/nix - - if [ -f "${{ inputs.config-path }}" ]; then - cp ${{ inputs.config-path }} ~/.config/nix/nix.conf - fi - - if ! grep "access-tokens" ~/.config/nix/nix.conf; then - echo "access-tokens = github.com=${{ github.token }}" >> ~/.config/nix/nix.conf - fi - shell: sh - - - name: Setup SSH - if: ${{ inputs.access-key != '' }} - env: - CI_ACCESS_KEY: ${{ inputs.access-key }} - BUILDERS_ACCESS_KEY: ${{ inputs.builders-access-key || inputs.access-key }} - SSH_CONFIG: ${{ github.action_path }}/ssh-conf - run: ${{ github.action_path }}/ssh-agent.sh - shell: sh - - - name: Set up nix builders ssh connection - env: - BUILD_HOST: ${{ inputs.builders }} - if: ${{ inputs.builders != '' && inputs.access-key != '' }} - run: | - build_host="${BUILD_HOST##*@}" - # Add host key to root (for connections made by the nix-daemon) - echo "::group::Test nix-daemon SSH" - sudo -i ssh-keyscan -t ed25519 "$build_host" | sudo tee /root/.ssh/known_hosts - sudo ls /root/.ssh - sudo -i nix store ping --store "ssh://$BUILD_HOST" - echo "nix-daemon connection successful" - echo "::endgroup::" - - # Add host key to user (for connections made by the nix client) - echo "::group::Test nix client SSH" - ssh-keyscan -t ed25519 "$build_host" >>~/.ssh/known_hosts - nix store ping --store ssh://"$BUILD_HOST" - echo "nix client connection successful" - echo "::endgroup::" - shell: bash - - - - name: Setup Cachix - if: ${{ inputs.cachix-name != '' }} - uses: cachix/cachix-action@v12 - with: - name: ${{ inputs.cachix-name }} - signingKey: ${{ inputs.cachix-signing-key }} - authToken: ${{ inputs.cachix-auth-token }} diff --git a/.github/actions/setup-nix/ssh-agent.sh b/.github/actions/setup-nix/ssh-agent.sh deleted file mode 100755 index cc84dc10..00000000 --- a/.github/actions/setup-nix/ssh-agent.sh +++ /dev/null @@ -1,18 +0,0 @@ -#! /usr/bin/env sh - -# user ssh config -mkdir -p ~/.ssh -chmod 700 ~/.ssh -cp "$SSH_CONFIG" ~/.ssh/config -echo "$BUILDERS_ACCESS_KEY" >~/.ssh/id_rsa -chmod 600 ~/.ssh/id_rsa - -# root ssh config -root_home=$(sudo -i -H bash -c 'echo $HOME') # So the shell doesn't expand HOME too early. - -echo "using $root_home for root's home" -sudo mkdir -p "$root_home/.ssh" -sudo chmod 700 "$root_home/.ssh" -sudo cp "$SSH_CONFIG" "$root_home/.ssh/config" -echo "$BUILDERS_ACCESS_KEY" | sudo tee "$root_home/.ssh/id_rsa" >/dev/null -sudo chmod 600 "$root_home/.ssh/id_rsa" diff --git a/.github/actions/setup-nix/ssh-conf b/.github/actions/setup-nix/ssh-conf deleted file mode 100644 index 068c7769..00000000 --- a/.github/actions/setup-nix/ssh-conf +++ /dev/null @@ -1,3 +0,0 @@ -Host * - ServerAliveInterval 15 - ServerAliveCountMax 150 diff --git a/.github/workflows/build-components.yml b/.github/workflows/build-components.yml deleted file mode 100644 index c7a6e9ca..00000000 --- a/.github/workflows/build-components.yml +++ /dev/null @@ -1,320 +0,0 @@ -name: 🏗️ Build Components 🦕 - -on: - workflow_call: - secrets: - nix-access-key: - description: SSH key to use for accessing repositories through nix. - required: true - - nix-builders-access-key: - description: SSH key to use for accessing builders, defaults to the same used for repositories. - required: false - - cachix-signing-key: - description: Cachix signing key. - required: false - - cachix-auth-token: - description: Cachix auth token. - required: false - - inputs: - build-platform: - description: "The nix platform to run the build on, available options are x86_64-linux (default) and x86_64-darwin." - default: x86_64-linux - type: string - - attribute: - description: "The attribute in the matrix to build, default is to build all packages in the flake for the build platform." - default: default - type: string - - root: - description: "The path, relative to the git repository, where the flake of the project is." - default: . - type: string - - max-parallel: - description: "The maximum parallel jobs to run when building." - default: 0 - type: number - - nix-builders: - description: SSH connection string for nix builders. - type: string - required: false - - nix-config-path: - description: Path to a nix configuration file. - type: string - required: false - - nix-version: - description: Nix version to install. - type: string - default: 2.11.1 - - nix-build-locally: - description: If nix should build on the local computer or remotely only. - type: boolean - default: false - - fail-fast: - description: If building components should fail fast. - type: boolean - default: false - - cachix-name: - description: Name of the cachix cache to use. - type: string - required: false - - use-remote-store: - description: Whether to use remote store builds (--store ) - type: boolean - default: false - -jobs: - collect-matrix: - name: Collect Components - runs-on: ${{ inputs.build-platform == 'x86_64-linux' && 'ubuntu-latest' || inputs.build-platform == 'x86_64-darwin' && 'macos-latest' || 'unsupported-os' }} - env: - ATTRIBUTE: packages.${{ inputs.build-platform }}${{ format('.{0}', inputs.attribute) }} - PACKAGES: packages.${{ inputs.build-platform }} - outputs: - components: ${{ steps.filter.outputs.components || steps.eval.outputs.components }} - steps: - - uses: actions/checkout@v3 - - - name: Setup Nix (Nedryland 10.0.0) - if: ${{ github.repository != 'goodbyekansas/nedryland' }} - uses: goodbyekansas/nedryland/.github/actions/setup-nix@10.0.0 - with: - access-key: ${{ secrets.nix-access-key }} - builders-access-key: ${{ secrets.nix-builders-access-key }} - builders: ${{ inputs.nix-builders }} - config-path: ${{ inputs.nix-config-path }} - version: ${{ inputs.nix-version }} - cachix-name: ${{ inputs.cachix-name }} - cachix-signing-key: ${{ secrets.cachix-signing-key }} - cachix-auth-token: ${{ secrets.cachix-auth-token }} - - - name: Setup Nix (Locally) - if: ${{ github.repository == 'goodbyekansas/nedryland' }} - uses: ./.github/actions/setup-nix - with: - access-key: ${{ secrets.nix-access-key }} - builders-access-key: ${{ secrets.nix-builders-access-key }} - builders: ${{ inputs.nix-builders }} - config-path: ${{ inputs.nix-config-path }} - version: ${{ inputs.nix-version }} - cachix-name: ${{ inputs.cachix-name }} - cachix-signing-key: ${{ secrets.cachix-signing-key }} - cachix-auth-token: ${{ secrets.cachix-auth-token }} - - - id: eval - name: Collect Components - working-directory: ${{ inputs.root }} - run: | - nix eval \ - ".#$ATTRIBUTE" \ - --json \ - --apply 'attrs: if attrs.nedrylandType or "" == "component-set" then (builtins.attrNames attrs.nedrylandComponents) else [ "${{ inputs.attribute }}" ]' \ - > components.json - - echo "components=$(cat components.json)" >> "$GITHUB_OUTPUT" - - - id: filter - name: Filter Cached Components - if: ${{ inputs.nix-config-path != '' }} - working-directory: ${{ inputs.root }} - run: | - # read cache (substituters) from config - # filter out default substituters and also handle when the default values ends with "/" but not config - caches=() - while IFS= read -r line; do - caches+=("$line") - done < <(nix show-config --json | \ - jq -r '.substituters | (.value - (.defaultValue + (.defaultValue | map(.[:-1]))) )[]') - - if [ "${#caches[@]}" -eq 0 ]; then - echo "No non-default substituters set in config, skipping filter." - exit 0 - fi - - echo "Looking for already built components in: ${caches[*]}" - components=() - while IFS= read -r line; do - components+=("$line") - done < <(jq -r '.[]' components.json) - - echo "# Filter Summary" >> "$GITHUB_STEP_SUMMARY" - echo "" >> "$GITHUB_STEP_SUMMARY" - - checkCache() { - component="$1" - shift - outPath="$1" - shift - for cache in "$@"; do - echo "Checking for $component in $cache..." - if curl -f -s "$cache/${outPath:11:32}.narinfo" >/dev/null; then - echo "Found $component in $cache" - touch skipped-components/"$component" - break - fi - done - - if [ ! -f skipped-components/"$component" ]; then - echo "$component not found in any cache, marking for build..." - touch filtered-components/"$component" - fi - } - - mkdir -p filtered-components skipped-components - - echo "::group::Collecting outpaths..." - out_paths=$(nix eval ".#$PACKAGES" --json) - echo "Outpaths collected." - echo "::endgroup::" - - batch_size=10 - for ((i = 0; i < ${#components[@]}; i += batch_size)); do - for component in "${components[@]:i:batch_size}"; do - out_path=$(jq -r ".$component" <<< "$out_paths") - checkCache "$component" "$out_path" "${caches[@]}" & - done - wait - done - - shopt -s nullglob - filteredComponents=(filtered-components/*) - filteredComponents=("${filteredComponents[@]##*/}") - skippedComponents=(skipped-components/*) - skippedComponents=("${skippedComponents[@]##*/}") - - if [ ${#skippedComponents[@]} -gt 0 ]; then - echo "## Found in Cache - " >> "$GITHUB_STEP_SUMMARY" - - for com in "${skippedComponents[@]}"; do - echo "- $com" >> "$GITHUB_STEP_SUMMARY" - done - fi - - if [ ${#filteredComponents[@]} -gt 0 ]; then - echo "## Building - " >> "$GITHUB_STEP_SUMMARY" - - for com in "${filteredComponents[@]}"; do - echo "- $com" >> "$GITHUB_STEP_SUMMARY" - done - fi - - jq --compact-output --null-input '$ARGS.positional' --args -- "${filteredComponents[@]}" > filtered-components.json - - echo "components=$(cat filtered-components.json)" >> "$GITHUB_OUTPUT" - - shell: bash - - - uses: actions/upload-artifact@v3 - if: always() - with: - name: components - path: | - ${{inputs.root}}/filtered-components.json - ${{inputs.root}}/components.json - if-no-files-found: ignore - - build-matrix: - name: Build ${{ matrix.component }} - needs: collect-matrix - runs-on: ${{ inputs.build-platform == 'x86_64-linux' && 'ubuntu-latest' || inputs.build-platform == 'x86_64-darwin' && 'macos-latest' || 'unsupported-os' }} - if: ${{ needs.collect-matrix.outputs.components != '[]' }} - - strategy: - max-parallel: ${{ inputs.max-parallel }} - matrix: - component: ${{ fromJSON(needs.collect-matrix.outputs.components) }} - fail-fast: ${{ inputs.fail-fast }} - - steps: - - uses: actions/checkout@v3 - - - name: Setup Nix (Nedryland 1) - if: ${{ github.repository != 'goodbyekansas/nedryland' }} - uses: goodbyekansas/nedryland/.github/actions/setup-nix@10.0.0 - with: - access-key: ${{ secrets.nix-access-key }} - builders-access-key: ${{ secrets.nix-builders-access-key }} - builders: ${{ inputs.nix-builders }} - config-path: ${{ inputs.nix-config-path }} - version: ${{ inputs.nix-version }} - cachix-name: ${{ inputs.cachix-name }} - cachix-signing-key: ${{ secrets.cachix-signing-key }} - cachix-auth-token: ${{ secrets.cachix-auth-token }} - - - name: Setup Nix (Locally) - if: ${{ github.repository == 'goodbyekansas/nedryland' }} - uses: ./.github/actions/setup-nix - with: - access-key: ${{ secrets.nix-access-key }} - builders-access-key: ${{ secrets.nix-builders-access-key }} - builders: ${{ inputs.nix-builders }} - config-path: ${{ inputs.nix-config-path }} - version: ${{ inputs.nix-version }} - cachix-name: ${{ inputs.cachix-name }} - cachix-signing-key: ${{ secrets.cachix-signing-key }} - cachix-auth-token: ${{ secrets.cachix-auth-token }} - - - name: Build ${{ matrix.component }} - working-directory: ${{ inputs.root }} - run: | - echo "building ${{ matrix.component }}" - if [ -n "${{ inputs.nix-builders }}" ] && [ "${{ inputs.use-remote-store }}" = "true" ]; then - nix build \ - -L \ - --eval-store auto \ - --store ssh-ng://${{ inputs.nix-builders }} \ - ".#packages.${{ inputs.build-platform }}.${{ matrix.component }}" - else - nix build \ - -L \ - ".#packages.${{ inputs.build-platform }}.${{ matrix.component }}" \ - ${{ !inputs.nix-build-locally && ' --max-jobs 0' || '' }} - fi - - - name: Closure Stats - continue-on-error: true - working-directory: ${{ inputs.root }} - run: | - echo -e "\x1b[93;4;1mSize\x1b[0m" - printf "\x1b[4m%-62.62s %8.8s %8.8s\x1b[0m\n" "Store Path" Self Closure - # shellcheck disable=SC2183,SC2086,SC2046 - printf "%-62.62s %8.8s %8.8s\n" $(nix path-info -sSh ./result) - echo "" - echo -e "\x1b[93;4;1mContents\x1b[0m" - printf "\x1b[4m%-62.62s %8.8s %8.8s\x1b[0m\n" "Store Path" Self Closure - # shellcheck disable=SC2183,SC2086,SC2046 - printf "%-62.62s %8.8s %8.8s\n" $(nix path-info -rsSh ./result) - - - name: Post annotation - if: ${{ failure() }} - run: | - directoryText="${{ inputs.root != '.' && format(' in directory {0}', inputs.root) || '' }}" - echo "::error ::${{ matrix.component }} failed to build. \ - To reproduce locally run \`nix build .#${{ matrix.component }}\`$directoryText." - - matrix: - name: All Components 🍔 - runs-on: ubuntu-latest - needs: [collect-matrix, build-matrix] - if: always() - steps: - - name: Successful Matrix Build - if: ${{ !(contains(needs.*.result, 'failure')) && !(contains(needs.*.result, 'cancelled')) }} - run: exit 0 - - name: Failing Matrix Build - if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }} - run: exit 1 diff --git a/.github/workflows/build-examples-shared.yml b/.github/workflows/build-examples-shared.yml deleted file mode 100644 index 887d0dfb..00000000 --- a/.github/workflows/build-examples-shared.yml +++ /dev/null @@ -1,66 +0,0 @@ -name: Build Examples - -on: - workflow_call: - secrets: - nix-access-key: - description: SSH key to use for accessing repositories through nix. - required: true - inputs: - build-platform: - description: "The nix platform to run the build on, available options are x86_64-linux (default) and x86_64-darwin." - default: x86_64-linux - type: string - -jobs: - build-hello: - name: Hello - uses: ./.github/workflows/build-components.yml - secrets: - nix-access-key: ${{ secrets.nix-access-key }} - with: - root: examples/hello - nix-build-locally: ${{ inputs.build-platform != 'x86_64-linux' }} - build-platform: ${{ inputs.build-platform }} - nix-builders: ${{ inputs.build-platform == 'x86_64-linux' && 'build@nix-builders.goodbyekansas.com' || '' }} - nix-config-path: ./.github/workflows/setup/nix.conf - nix-version: 2.11.1 - - build-documentation: - name: Documentation - uses: ./.github/workflows/build-components.yml - secrets: - nix-access-key: ${{ secrets.nix-access-key }} - with: - root: examples/documentation - nix-build-locally: ${{ inputs.build-platform != 'x86_64-linux' }} - build-platform: ${{ inputs.build-platform }} - nix-builders: ${{ inputs.build-platform == 'x86_64-linux' && 'build@nix-builders.goodbyekansas.com' || '' }} - nix-config-path: ./.github/workflows/setup/nix.conf - nix-version: 2.11.1 - - build-dependencies: - name: Dependencies - uses: ./.github/workflows/build-components.yml - secrets: - nix-access-key: ${{ secrets.nix-access-key }} - with: - root: examples/dependencies/child - nix-build-locally: ${{ inputs.build-platform != 'x86_64-linux' }} - build-platform: ${{ inputs.build-platform }} - nix-builders: ${{ inputs.build-platform == 'x86_64-linux' && 'build@nix-builders.goodbyekansas.com' || '' }} - nix-config-path: ./.github/workflows/setup/nix.conf - nix-version: 2.11.1 - - all-examples: - name: All Examples 👻 - runs-on: ubuntu-latest - needs: [build-hello, build-documentation, build-dependencies] - if: always() - steps: - - name: Successful Examples Build - if: ${{ !(contains(needs.*.result, 'failure')) && !(contains(needs.*.result, 'cancelled')) }} - run: exit 0 - - name: Failing Examples Build - if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }} - run: exit 1 diff --git a/.github/workflows/build-examples.yaml b/.github/workflows/build-examples.yaml new file mode 100644 index 00000000..2902c03e --- /dev/null +++ b/.github/workflows/build-examples.yaml @@ -0,0 +1,32 @@ +name: Build Examples + +on: + workflow_call: + inputs: + build-platform: + description: "The GitHub runner platform to use. Github name minus -latest." + default: ubuntu + type: string + +jobs: + build-examples: + strategy: + matrix: + example: [hello, documentation, dependencies/child] + + name: Build Example ${{ matrix.example }} + runs-on: ${{ inputs.build-platform }}-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Install Nix + uses: cachix/install-nix-action@v26 + with: + install_url: https://releases.nixos.org/nix/nix-2.18.1/install + + - name: Build ${{ matrix.example }} + run: | + cd examples/${{ matrix.example }} + nix build + diff --git a/.github/workflows/build-examples.yml b/.github/workflows/build-examples.yml deleted file mode 100644 index 8cf86d99..00000000 --- a/.github/workflows/build-examples.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: Examples - -on: [push] - -concurrency: - group: '${{ github.ref_name }}-build-examples-linux' - cancel-in-progress: true - -jobs: - build-examples-linux: - name: Linux 🐧 - uses: ./.github/workflows/build-examples-shared.yml - secrets: - nix-access-key: ${{ secrets.NIXOS_BUILDERS }} - with: - build-platform: x86_64-linux - - build-examples-macos: - name: macOS 🍎 - uses: ./.github/workflows/build-examples-shared.yml - secrets: - nix-access-key: ${{ secrets.NIXOS_BUILDERS }} - with: - build-platform: x86_64-darwin diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml new file mode 100644 index 00000000..81e344ec --- /dev/null +++ b/.github/workflows/checks.yaml @@ -0,0 +1,96 @@ +name: Checks + +on: [push] + +concurrency: + group: '${{ github.ref_name }}-checks' + cancel-in-progress: true + +jobs: + format: + name: Check Format on Nix Expressions 👓 🦖💨 + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - name: Install Nix + uses: cachix/install-nix-action@v26 + with: + install_url: https://releases.nixos.org/nix/nix-2.18.1/install + + - name: Check Nix format 👓 🦖💨 + run: nix run .#checks.nixfmt + + shell-check: + name: Lint Shell Scripts 🐢 🐌 💶 + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - name: Install Nix + uses: cachix/install-nix-action@v26 + with: + install_url: https://releases.nixos.org/nix/nix-2.18.1/install + + - name: Check shell scripts 🐢 🐌 💶 + run: nix run .#checks.shellcheck + + lint: + name: Lint Nix Expressions 🦕 📝 👀 + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - name: Install Nix + uses: cachix/install-nix-action@v26 + with: + install_url: https://releases.nixos.org/nix/nix-2.18.1/install + + - name: Lint Nix files 🦕 📝 👀 + run: nix run .#checks.nixlint + + actionlint: + name: Lint Github Actions 🐙 🐱 🎬 + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - name: Install Nix + uses: cachix/install-nix-action@v26 + with: + install_url: https://releases.nixos.org/nix/nix-2.18.1/install + + - name: Lint Github Actions 🐙 🐱 🎬 + run: nix run .#checks.actionlint + + test: + name: Unit Tests + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Install Nix + uses: cachix/install-nix-action@v26 + with: + install_url: https://releases.nixos.org/nix/nix-2.18.1/install + + - name: Run all tests + run: nix flake check + + build-examples-linux: + name: Build Examples (Linux 🐧) + uses: ./.github/workflows/build-examples.yaml + with: + build-platform: ubuntu + + build-examples-macos: + name: Build Examples (macOS 🍎) + uses: ./.github/workflows/build-examples.yaml + with: + build-platform: macos diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml deleted file mode 100644 index c39b8082..00000000 --- a/.github/workflows/checks.yml +++ /dev/null @@ -1,107 +0,0 @@ -name: 🔍 Check Nedryland Project 🦕 - -on: - workflow_call: - inputs: - nixfmt: - description: "If formatting of nix files should checked, default true." - default: true - type: boolean - - nixlint: - description: "If linting of nix files should run, default true." - default: true - type: boolean - - shellcheck: - description: "If linting of shell scripts should run, default true." - default: true - type: boolean - - actionlint: - description: "If linting of github actions should run, default true." - default: true - type: boolean - - nix-version: - description: "The version of nix to install." - default: 2.11.1 - type: string - -jobs: - format: - name: Check Format on Nix Expressions 👓 🦖💨 - if: ${{ inputs.nixfmt }} - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v3 - - - name: Install Nix - uses: cachix/install-nix-action@v18 - with: - install_url: https://releases.nixos.org/nix/nix-${{ inputs.nix-version }}/install - - - name: Check Nix format 👓 🦖💨 - run: nix run .#checks.nixfmt - - shell-check: - name: Lint Shell Scripts 🐢 🐌 💶 - if: ${{ inputs.shellcheck }} - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v3 - - - name: Install Nix - uses: cachix/install-nix-action@v18 - with: - install_url: https://releases.nixos.org/nix/nix-${{ inputs.nix-version }}/install - - - name: Check shell scripts 🐢 🐌 💶 - run: nix run .#checks.shellcheck - - lint: - name: Lint Nix Expressions 🦕 📝 👀 - if: ${{ inputs.nixlint }} - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v3 - - - name: Install Nix - uses: cachix/install-nix-action@v18 - with: - install_url: https://releases.nixos.org/nix/nix-${{ inputs.nix-version }}/install - - - name: Lint Nix files 🦕 📝 👀 - run: nix run .#checks.nixlint - - actionlint: - name: Lint Github Actions 🐙 🐱 🎬 - if: ${{ inputs.actionlint }} - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v3 - - - name: Install Nix - uses: cachix/install-nix-action@v18 - with: - install_url: https://releases.nixos.org/nix/nix-${{ inputs.nix-version }}/install - - - name: Lint Github Actions 🐙 🐱 🎬 - run: nix run .#checks.actionlint - - all-checks: - name: All Checks 🍪 - runs-on: ubuntu-latest - needs: [ format, shell-check, lint, actionlint ] - if: always() - steps: - - name: Successful checks - if: ${{ !(contains(needs.*.result, 'failure')) && !(contains(needs.*.result, 'cancelled')) }} - run: exit 0 - - name: Failing checks - if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }} - run: exit 1 diff --git a/.github/workflows/deploy-book.yml b/.github/workflows/deploy-book.yaml similarity index 63% rename from .github/workflows/deploy-book.yml rename to .github/workflows/deploy-book.yaml index c5480f0b..469993f6 100644 --- a/.github/workflows/deploy-book.yml +++ b/.github/workflows/deploy-book.yaml @@ -8,20 +8,27 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 - - name: Setup Nix - uses: ./.github/actions/setup-nix + - name: Install Nix + uses: cachix/install-nix-action@v26 + with: + install_url: https://releases.nixos.org/nix/nix-2.18.1/install - name: Build the book run: | nix build .#docs - cp --recursive --dereference --no-preserve=mode,ownership result/share/doc/nedryland/manual dist + cp \ + --recursive \ + --dereference \ + --no-preserve=mode,ownership \ + result/share/doc/nedryland/manual \ + dist - name: Upload Artifact - uses: actions/upload-pages-artifact@v2 + uses: actions/upload-pages-artifact@v3 with: path: ./dist/ @@ -41,4 +48,4 @@ jobs: steps: - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@v3 + uses: actions/deploy-pages@v4 diff --git a/.github/workflows/setup/nix.conf b/.github/workflows/setup/nix.conf deleted file mode 100644 index da82a074..00000000 --- a/.github/workflows/setup/nix.conf +++ /dev/null @@ -1,4 +0,0 @@ -sandbox = false -builders = ssh://build@nix-builders.goodbyekansas.com x86_64-linux - 32 - kvm,big-parallel -builders-use-substitutes = true -experimental-features = nix-command flakes diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml deleted file mode 100644 index a50fe517..00000000 --- a/.github/workflows/test.yaml +++ /dev/null @@ -1,33 +0,0 @@ -name: Tests - -on: [push] - -concurrency: - group: '${{ github.ref_name }}-tests' - cancel-in-progress: true - -jobs: - lint: - name: Lints - uses: ./.github/workflows/checks.yml - with: - nix-version: 2.11.1 - - test: - name: Unit Tests - runs-on: ubuntu-latest - - steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: Setup nix - uses: ./.github/actions/setup-nix - with: - access-key: ${{ secrets.NIXOS_BUILDERS }} - builders: build@nix-builders.goodbyekansas.com - config-path: ./.github/workflows/setup/nix.conf - version: 2.11.1 - - - name: Run all tests - run: nix flake check diff --git a/CHANGELOG.md b/CHANGELOG.md index 69799618..5ba32703 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Fixed - `.#checks.nixfmt` can be run from everywhere when nixFiles are relative to project. +### Removed +- All shared github workflows and actions. + ## [10.0.0] - 2024-02-06 ### Added diff --git a/dependabot.yml b/dependabot.yml deleted file mode 100644 index 6b396158..00000000 --- a/dependabot.yml +++ /dev/null @@ -1,8 +0,0 @@ -version: 2 -updates: - - # Maintain - - package-ecosystem: "cargo" - -commit-message: - prefix: "🔒" - diff --git a/docs/src/SUMMARY.md b/docs/src/SUMMARY.md index 952b043d..74b0f55a 100644 --- a/docs/src/SUMMARY.md +++ b/docs/src/SUMMARY.md @@ -16,8 +16,6 @@ - [Nedryland's Linters](./checks.md) -- [Github Actions](./github-actions.md) - - [Setting Up Deployment](./deployment.md) --- diff --git a/docs/src/github-actions.md b/docs/src/github-actions.md deleted file mode 100644 index 089c2db6..00000000 --- a/docs/src/github-actions.md +++ /dev/null @@ -1,104 +0,0 @@ -# Github Actions - -Nedryland contains actions and reusable workflows for Github Actions that can be reused in -projects to build and test the [matrix](./concepts/matrix.md). - -# Build Components - -This reusable workflow will build and test (through the `checkPhase`) all components that -correspond to the provided attribute (defaults to `default`). Usage looks like - -```yml -# ... - -jobs: - build-matrix: - name: Build all Component - uses: goodbyekansas/nedryland/.github/workflows/build-components.yml@8.2.1 - secrets: - nix-access-key: ${{ secrets.nix-access-key }} - with: - # The build platform (the one to run the build on. - # x86_64-linux and x86_64-darwin are supported). - build-platform: x86_64-linux - - # optional path to a nix config file to use. - nix-config-path: ./.github/workflows/setup/nix.conf - - # optional Nix version to use. - nix-version: 2.11.1 - -# ... -``` - -For a list of available options, see -[build-components.yml](https://github.com/goodbyekansas/nedryland/blob/8.2.1/.github/workflows/build-components.yml). - -# Checks - -This reusable workflow runs a set of linters and formatter for nix, shell -scripts and github actions. Each tool can be individually disabled. This action -assumes that the corresponding apps are forwarded from nedryland, in flake.nix -located in the repository root: - -```nix -# flake.nix -{ - inputs.nedryland.url = github:goodbyekansas/nedryland; - outputs = { nedryland }: - { - x86_64-linux.apps = nedryland.apps.x86_64-linux; - } -} -``` - - -```yml -jobs: - lint: - name: Lints - uses: ./.github/workflows/checks.yml - with: - nix-version: 2.11.1 - actionlint: false -``` -For a list of available options, see -[checks.yml](https://github.com/goodbyekansas/nedryland/blob/8.2.1/.github/workflows/checks.yml). - -# Setup Nix - -This action helps in setting up Nix for use together with Nedryland. It is used by "Build -Components", which exposes all of the options with a `nix-` prefix. - -Usage looks like - -```yml -# ... - -jobs: - build-thing: - name: Build It - steps: - - # ... - - - name: Setup Nix - uses: goodbyekansas/nedryland/setup-nix@8 - with: - - # SSH key for Nix to access private repos. - access-key: ${{ secrets.nix-access-key }} - - # optional path to nix config. - config-path: ./.github/workflows/nix.conf - - # optional Nix version to use. - version: 2.11.1 - - # ... - -# ... -``` - -For a complete list of options, see -[action.yml](https://github.com/goodbyekansas/nedryland/blob/8.2.1/.github/actions/setup-nix/action.yml).