qemu-screamer: Just inline the derivation to avoid restrict-eval is…
#230
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Build and populate cache" | |
| on: | |
| workflow_dispatch: # allows manual triggering | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| - master | |
| schedule: | |
| # rebuild everyday at 3:30 | |
| # TIP: Choose a random time here so not all repositories are build at once: | |
| # https://www.random.org/clock-times/?num=1&earliest=01%3A00&latest=08%3A00&interval=5&format=html&rnd=new | |
| - cron: '30 3 * * *' | |
| jobs: | |
| define-matrix: | |
| name: Define job matrix | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.matrix.outputs.matrix }} | |
| steps: | |
| - name: Define matrix | |
| id: matrix | |
| run: | | |
| jq -nrf /dev/stdin << 'EOF' > "$GITHUB_OUTPUT" | |
| "Rhys-T" as $nurRepo | | |
| "rhys-t" as $cachixName | | |
| [ | |
| "Linux x86-64/ubuntu-latest", | |
| "Linux ARM64/ubuntu-latest+qemu-aarch64-linux", | |
| "macOS x86-64/macos-13", | |
| "macOS ARM64/macos-latest", | |
| empty] as $runners | | |
| [ | |
| "nixpkgs-unstable", | |
| "nixos-unstable", | |
| "nixos-24.05", | |
| empty] as $nixpkgss | | |
| [ | |
| "base", | |
| "hbmame", | |
| "qemu-screamer", | |
| empty] as $subsets | | |
| {include: [ | |
| $runners[] as $runner | | |
| $nixpkgss[] as $nixpkgs | | |
| ($runner | split("/")) as [$displayRunner, $runner] | | |
| select(($runner | startswith("ubuntu")) or ($nixpkgs | startswith("nixpkgs"))) | | |
| ($runner | split("+qemu-")) as [$runner, $qemuSystem] | | |
| (if $qemuSystem then $subsets[] else "all" end) as $subset | | |
| {$displayRunner, $runner, $qemuSystem, $nixpkgs, $subset, $nurRepo, $cachixName} | |
| ]} | | |
| @json "matrix=\(.)" | |
| EOF | |
| tests: | |
| needs: define-matrix | |
| strategy: | |
| matrix: ${{ fromJson(needs.define-matrix.outputs.matrix) }} | |
| name: ${{ matrix.displayRunner }} - ${{ matrix.nixpkgs }} - ${{ matrix.subset }} | |
| runs-on: ${{ matrix.runner }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install qemu-user-static | |
| if: ${{ matrix.qemuSystem != null }} | |
| run: sudo apt install qemu-user-static | |
| - name: Install nix | |
| uses: cachix/install-nix-action@v30 | |
| with: | |
| nix_path: "nixpkgs=https://github.com/NixOS/nixpkgs/archive/refs/heads/${{ matrix.nixpkgs }}.tar.gz" | |
| extra_nix_config: | | |
| experimental-features = nix-command flakes | |
| access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
| ${{ matrix.qemuSystem && format('extra-platforms = {0}', matrix.qemuSystem)}} | |
| - name: Show nixpkgs version | |
| run: nix-instantiate --eval -E '(import <nixpkgs> {}).lib.version' | |
| - name: Setup cachix | |
| uses: cachix/cachix-action@v15 | |
| # Don't replace <YOUR_CACHIX_NAME> here! | |
| if: ${{ matrix.cachixName != '<YOUR_CACHIX_NAME>' }} | |
| with: | |
| name: ${{ matrix.cachixName }} | |
| signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| - name: Check evaluation | |
| run: | | |
| nix-env -f . -qa \* --meta --xml \ | |
| --allowed-uris https://static.rust-lang.org \ | |
| --option restrict-eval true \ | |
| --option allow-import-from-derivation true \ | |
| --drv-path --show-trace \ | |
| -I nixpkgs=$(nix-instantiate --find-file nixpkgs) \ | |
| -I $PWD | |
| - name: Build nix packages | |
| # run: nix shell -f '<nixpkgs>' nix-build-uncached -c nix-build-uncached ci.nix -A cacheOutputs | |
| run: nix shell -f '.' nix-build-uncached-logging -c nix-build-uncached ci.nix --keep-going ${{ matrix.qemuSystem && format('--argstr platform {0}', matrix.qemuSystem) }} --argstr subsetName ${{ matrix.subset }} -A cacheOutputs | |
| # - name: Upload debug info | |
| # if: '!cancelled()' | |
| # uses: actions/upload-artifact@v4 | |
| # with: | |
| # name: Rhys-T-nur-packages-debug-${{ matrix.runner }}-${{ matrix.nixpkgs }}-${{ matrix.subset }} | |
| # path: | | |
| # /nix/store/*drl-unwrapped*.drv | |
| # /nix/store/*drl-env-test* | |
| # /nix/var/log/nix/drvs/*/*drl-unwrapped* | |
| # if-no-files-found: ignore | |
| - name: Trigger NUR update | |
| # Don't replace <YOUR_REPO_NAME> here! | |
| if: ${{ matrix.nurRepo != '<YOUR_REPO_NAME>' }} | |
| run: curl -XPOST "https://nur-update.nix-community.org/update?repo=${{ matrix.nurRepo }}" |