diff --git a/.ci/gen-workflow-files.nu b/.ci/gen-workflow-files.nu new file mode 100755 index 0000000..867ebc9 --- /dev/null +++ b/.ci/gen-workflow-files.nu @@ -0,0 +1,163 @@ +#!/usr/bin/env nu + +use std log + +# cd to git root +cd (git rev-parse --show-toplevel) + +# check if a subject depends on a potential dependency +def depends [ + subject:string # package to examine + maybe_dep:string # maybe a dependency of subject + ] { + not ( nix why-depends --quiet --derivation $subject $maybe_dep | is-empty ) +} + +# get attribute names of the attribute set +def get-attr-names [ + expr: # nix expression to get attrNames of + ] { + nix eval --json $expr --apply builtins.attrNames | from json +} + +def job-id [ + system:string, + derivation:string, + ] { + $"($system)---($derivation)" +} + +# map from nixos system to github runner type +let systems_map = { + # aarch64-darwin + # aarch64-linux + + i686-linux: ubuntu-latest, + x86_64-darwin: macos-13, + x86_64-linux: ubuntu-latest +} + +let targets = (get-attr-names ".#packages" + | par-each {|system| { $system : (get-attr-names $".#packages.($system)") } } + | reduce {|it, acc| $acc | merge $it } +) + +mut cachix_workflow = { + name: "Nix", + permissions: {contents: write}, + on: { + pull_request: null, + push: {branches: [main]} + }, + jobs: {}, +} + +mut release_workflow = { + name: "Release", + permissions: {contents: write}, + on: { push: {tags: ["v*"]} }, + jobs: {}, +} + +let runner_setup = [ + { + uses: "actions/checkout@v3" + } + { + uses: "cachix/install-nix-action@v22", + with: { nix_path: "nixpkgs=channel:nixos-unstable" } + } + { + uses: "cachix/cachix-action@v12", + with: { + name: dlr-ft, + authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" + } + } +] + +for system in ($targets | columns) { + if ($systems_map | get -i $system | is-empty) { + log info $"skipping ($system), since there are no GH-Actions runners for it" + continue + } + + # lookup the correct runner for $system + let runs_on = [ ($systems_map | get $system) ] + + # add jobs for all derivations + let derivations = ($targets | get $system) + for derivation in $derivations { + + # job_id for GH-Actions + let id = ( job-id $system $derivation ) + + # name displayed + let name = $"($system).($derivation)" + + # collection of dependencies + # TODO currently only considers dependencies on the same $system + let needs = ($derivations + | filter {|it| $it != $derivation and $it != "default" } # filter out self and default + | par-each {|it| { + name: $it, # the other derivation + # does self depend on $it? + needed: (depends $".#packages.($system).($derivation)" $".#packages.($system).($it)") + } } + | filter {|it| $it.needed} + | each {|it| job-id $system $it.name} + ) + + mut new_job = { + name: $"Build ($name)", + "runs-on": $runs_on, + needs: $needs, + steps: ($runner_setup | append [ + { + name: Build, + run: $"nix build .#packages.($system).($derivation) --print-build-logs" + } + ]) + } + $cachix_workflow.jobs = ($cachix_workflow.jobs | insert $id $new_job ) + } + + # add check job + $cachix_workflow.jobs = ($cachix_workflow.jobs | insert $"($system)---check" { + name: $"Run Nix checks on ($system)", + "runs-on": $runs_on, + steps: ($runner_setup | append { + name: Check, + run: "nix flake check . --print-build-logs" + }) + }) + + # add release job + $release_workflow.jobs = ($release_workflow.jobs | insert $"($system)---release" { + name: $"Build release artifacts for ($system)", + "runs-on": $runs_on, + steps: ($runner_setup | append [ + { + name: "Build release", + run: "nix build .#release-package --print-build-logs" + } + { + name: Release, + uses: "softprops/action-gh-release@v1", + with: { + draft: "${{ contains(github.ref_name, 'rc') }}", + prerelease: "${{ contains(github.ref_name, 'alpha') || contains(github.ref_name, 'beta') }}", + files: "result/*" + } + } + ]) + }) +} + + +log info "saving nix-cachix workflow" +$cachix_workflow | to yaml | save --force .github/workflows/nix.yaml +$release_workflow | to yaml | save --force .github/workflows/release.yaml + +log info "prettify generated yaml" +prettier -w .github/workflows/ diff --git a/.github/workflows/nix.yaml b/.github/workflows/nix.yaml new file mode 100644 index 0000000..2c4e13c --- /dev/null +++ b/.github/workflows/nix.yaml @@ -0,0 +1,359 @@ +name: Nix +permissions: + contents: write +on: + pull_request: null + push: + branches: + - main +jobs: + x86_64-linux---camkes-deps: + name: Build x86_64-linux.camkes-deps + runs-on: + - ubuntu-latest + needs: + - x86_64-linux---concurrencytest + - x86_64-linux---guardonce + - x86_64-linux---seL4-deps + - x86_64-linux---pyfdt + steps: + - uses: actions/checkout@v3 + - uses: cachix/install-nix-action@v22 + with: + nix_path: nixpkgs=channel:nixos-unstable + - uses: cachix/cachix-action@v12 + with: + name: dlr-ft + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + - name: Build + run: nix build .#packages.x86_64-linux.camkes-deps --print-build-logs + x86_64-linux---concurrencytest: + name: Build x86_64-linux.concurrencytest + runs-on: + - ubuntu-latest + needs: [] + steps: + - uses: actions/checkout@v3 + - uses: cachix/install-nix-action@v22 + with: + nix_path: nixpkgs=channel:nixos-unstable + - uses: cachix/cachix-action@v12 + with: + name: dlr-ft + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + - name: Build + run: nix build .#packages.x86_64-linux.concurrencytest --print-build-logs + x86_64-linux---guardonce: + name: Build x86_64-linux.guardonce + runs-on: + - ubuntu-latest + needs: [] + steps: + - uses: actions/checkout@v3 + - uses: cachix/install-nix-action@v22 + with: + nix_path: nixpkgs=channel:nixos-unstable + - uses: cachix/cachix-action@v12 + with: + name: dlr-ft + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + - name: Build + run: nix build .#packages.x86_64-linux.guardonce --print-build-logs + x86_64-linux---pyfdt: + name: Build x86_64-linux.pyfdt + runs-on: + - ubuntu-latest + needs: [] + steps: + - uses: actions/checkout@v3 + - uses: cachix/install-nix-action@v22 + with: + nix_path: nixpkgs=channel:nixos-unstable + - uses: cachix/cachix-action@v12 + with: + name: dlr-ft + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + - name: Build + run: nix build .#packages.x86_64-linux.pyfdt --print-build-logs + x86_64-linux---seL4-deps: + name: Build x86_64-linux.seL4-deps + runs-on: + - ubuntu-latest + needs: + - x86_64-linux---guardonce + - x86_64-linux---pyfdt + steps: + - uses: actions/checkout@v3 + - uses: cachix/install-nix-action@v22 + with: + nix_path: nixpkgs=channel:nixos-unstable + - uses: cachix/cachix-action@v12 + with: + name: dlr-ft + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + - name: Build + run: nix build .#packages.x86_64-linux.seL4-deps --print-build-logs + x86_64-linux---seL4-kernel-arm: + name: Build x86_64-linux.seL4-kernel-arm + runs-on: + - ubuntu-latest + needs: + - x86_64-linux---pyfdt + - x86_64-linux---guardonce + - x86_64-linux---seL4-deps + steps: + - uses: actions/checkout@v3 + - uses: cachix/install-nix-action@v22 + with: + nix_path: nixpkgs=channel:nixos-unstable + - uses: cachix/cachix-action@v12 + with: + name: dlr-ft + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + - name: Build + run: nix build .#packages.x86_64-linux.seL4-kernel-arm --print-build-logs + x86_64-linux---seL4-kernel-arm-hyp: + name: Build x86_64-linux.seL4-kernel-arm-hyp + runs-on: + - ubuntu-latest + needs: + - x86_64-linux---seL4-deps + - x86_64-linux---guardonce + - x86_64-linux---pyfdt + steps: + - uses: actions/checkout@v3 + - uses: cachix/install-nix-action@v22 + with: + nix_path: nixpkgs=channel:nixos-unstable + - uses: cachix/cachix-action@v12 + with: + name: dlr-ft + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + - name: Build + run: nix build .#packages.x86_64-linux.seL4-kernel-arm-hyp --print-build-logs + x86_64-linux---seL4-kernel-arm-mcs: + name: Build x86_64-linux.seL4-kernel-arm-mcs + runs-on: + - ubuntu-latest + needs: + - x86_64-linux---pyfdt + - x86_64-linux---guardonce + - x86_64-linux---seL4-deps + steps: + - uses: actions/checkout@v3 + - uses: cachix/install-nix-action@v22 + with: + nix_path: nixpkgs=channel:nixos-unstable + - uses: cachix/cachix-action@v12 + with: + name: dlr-ft + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + - name: Build + run: nix build .#packages.x86_64-linux.seL4-kernel-arm-mcs --print-build-logs + x86_64-linux---seL4-kernel-riscv64: + name: Build x86_64-linux.seL4-kernel-riscv64 + runs-on: + - ubuntu-latest + needs: + - x86_64-linux---guardonce + - x86_64-linux---seL4-deps + - x86_64-linux---pyfdt + steps: + - uses: actions/checkout@v3 + - uses: cachix/install-nix-action@v22 + with: + nix_path: nixpkgs=channel:nixos-unstable + - uses: cachix/cachix-action@v12 + with: + name: dlr-ft + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + - name: Build + run: nix build .#packages.x86_64-linux.seL4-kernel-riscv64 --print-build-logs + x86_64-linux---seL4-kernel-riscv64-mcs: + name: Build x86_64-linux.seL4-kernel-riscv64-mcs + runs-on: + - ubuntu-latest + needs: + - x86_64-linux---seL4-deps + - x86_64-linux---pyfdt + - x86_64-linux---guardonce + steps: + - uses: actions/checkout@v3 + - uses: cachix/install-nix-action@v22 + with: + nix_path: nixpkgs=channel:nixos-unstable + - uses: cachix/cachix-action@v12 + with: + name: dlr-ft + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + - name: Build + run: nix build .#packages.x86_64-linux.seL4-kernel-riscv64-mcs --print-build-logs + x86_64-linux---seL4-kernel-x64: + name: Build x86_64-linux.seL4-kernel-x64 + runs-on: + - ubuntu-latest + needs: + - x86_64-linux---seL4-deps + - x86_64-linux---guardonce + - x86_64-linux---pyfdt + steps: + - uses: actions/checkout@v3 + - uses: cachix/install-nix-action@v22 + with: + nix_path: nixpkgs=channel:nixos-unstable + - uses: cachix/cachix-action@v12 + with: + name: dlr-ft + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + - name: Build + run: nix build .#packages.x86_64-linux.seL4-kernel-x64 --print-build-logs + x86_64-linux---seL4-moritz-fork-arm: + name: Build x86_64-linux.seL4-moritz-fork-arm + runs-on: + - ubuntu-latest + needs: + - x86_64-linux---guardonce + - x86_64-linux---seL4-deps + - x86_64-linux---pyfdt + steps: + - uses: actions/checkout@v3 + - uses: cachix/install-nix-action@v22 + with: + nix_path: nixpkgs=channel:nixos-unstable + - uses: cachix/cachix-action@v12 + with: + name: dlr-ft + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + - name: Build + run: nix build .#packages.x86_64-linux.seL4-moritz-fork-arm --print-build-logs + x86_64-linux---seL4-moritz-fork-arm-hyp: + name: Build x86_64-linux.seL4-moritz-fork-arm-hyp + runs-on: + - ubuntu-latest + needs: + - x86_64-linux---guardonce + - x86_64-linux---seL4-moritz-fork-arm-mcs + - x86_64-linux---pyfdt + - x86_64-linux---seL4-deps + steps: + - uses: actions/checkout@v3 + - uses: cachix/install-nix-action@v22 + with: + nix_path: nixpkgs=channel:nixos-unstable + - uses: cachix/cachix-action@v12 + with: + name: dlr-ft + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + - name: Build + run: nix build .#packages.x86_64-linux.seL4-moritz-fork-arm-hyp --print-build-logs + x86_64-linux---seL4-moritz-fork-arm-mcs: + name: Build x86_64-linux.seL4-moritz-fork-arm-mcs + runs-on: + - ubuntu-latest + needs: + - x86_64-linux---seL4-deps + - x86_64-linux---pyfdt + - x86_64-linux---guardonce + - x86_64-linux---seL4-moritz-fork-arm-hyp + steps: + - uses: actions/checkout@v3 + - uses: cachix/install-nix-action@v22 + with: + nix_path: nixpkgs=channel:nixos-unstable + - uses: cachix/cachix-action@v12 + with: + name: dlr-ft + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + - name: Build + run: nix build .#packages.x86_64-linux.seL4-moritz-fork-arm-mcs --print-build-logs + x86_64-linux---seL4-moritz-fork-riscv64: + name: Build x86_64-linux.seL4-moritz-fork-riscv64 + runs-on: + - ubuntu-latest + needs: + - x86_64-linux---pyfdt + - x86_64-linux---seL4-moritz-fork-riscv64-mcs + - x86_64-linux---guardonce + - x86_64-linux---seL4-deps + steps: + - uses: actions/checkout@v3 + - uses: cachix/install-nix-action@v22 + with: + nix_path: nixpkgs=channel:nixos-unstable + - uses: cachix/cachix-action@v12 + with: + name: dlr-ft + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + - name: Build + run: nix build .#packages.x86_64-linux.seL4-moritz-fork-riscv64 --print-build-logs + x86_64-linux---seL4-moritz-fork-riscv64-mcs: + name: Build x86_64-linux.seL4-moritz-fork-riscv64-mcs + runs-on: + - ubuntu-latest + needs: + - x86_64-linux---guardonce + - x86_64-linux---seL4-moritz-fork-riscv64 + - x86_64-linux---seL4-deps + - x86_64-linux---pyfdt + steps: + - uses: actions/checkout@v3 + - uses: cachix/install-nix-action@v22 + with: + nix_path: nixpkgs=channel:nixos-unstable + - uses: cachix/cachix-action@v12 + with: + name: dlr-ft + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + - name: Build + run: nix build .#packages.x86_64-linux.seL4-moritz-fork-riscv64-mcs --print-build-logs + x86_64-linux---seL4-moritz-fork-x64: + name: Build x86_64-linux.seL4-moritz-fork-x64 + runs-on: + - ubuntu-latest + needs: + - x86_64-linux---seL4-test-source + - x86_64-linux---pyfdt + - x86_64-linux---seL4-deps + - x86_64-linux---guardonce + steps: + - uses: actions/checkout@v3 + - uses: cachix/install-nix-action@v22 + with: + nix_path: nixpkgs=channel:nixos-unstable + - uses: cachix/cachix-action@v12 + with: + name: dlr-ft + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + - name: Build + run: nix build .#packages.x86_64-linux.seL4-moritz-fork-x64 --print-build-logs + x86_64-linux---seL4-test-source: + name: Build x86_64-linux.seL4-test-source + runs-on: + - ubuntu-latest + needs: [] + steps: + - uses: actions/checkout@v3 + - uses: cachix/install-nix-action@v22 + with: + nix_path: nixpkgs=channel:nixos-unstable + - uses: cachix/cachix-action@v12 + with: + name: dlr-ft + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + - name: Build + run: nix build .#packages.x86_64-linux.seL4-test-source --print-build-logs + x86_64-linux---check: + name: Run Nix checks on x86_64-linux + runs-on: + - ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: cachix/install-nix-action@v22 + with: + nix_path: nixpkgs=channel:nixos-unstable + - uses: cachix/cachix-action@v12 + with: + name: dlr-ft + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + - name: Check + run: nix flake check . --print-build-logs diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..1509bb5 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,29 @@ +name: Release +permissions: + contents: write +on: + push: + tags: + - v* +jobs: + x86_64-linux---release: + name: Build release artifacts for x86_64-linux + runs-on: + - ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: cachix/install-nix-action@v22 + with: + nix_path: nixpkgs=channel:nixos-unstable + - uses: cachix/cachix-action@v12 + with: + name: dlr-ft + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + - name: Build release + run: nix build .#release-package --print-build-logs + - name: Release + uses: softprops/action-gh-release@v1 + with: + draft: ${{ contains(github.ref_name, 'rc') }} + prerelease: ${{ contains(github.ref_name, 'alpha') || contains(github.ref_name, 'beta') }} + files: result/* diff --git a/README.md b/README.md new file mode 100644 index 0000000..b9c2a17 --- /dev/null +++ b/README.md @@ -0,0 +1,5 @@ +# seL4 Nix utils readme + +![Nix](https://github.com/dlr-ft/seL4-nix-utils/actions/workflows/nix.yaml/badge.svg) + +This repo contains a number of Nix expressions for the seL4 ecosystem.