Skip to content

Commit

Permalink
build: Switch to using nix in CI
Browse files Browse the repository at this point in the history
  • Loading branch information
@bow
bow committed Jul 26, 2024
1 parent df9311c commit 60279a0
Show file tree
Hide file tree
Showing 5 changed files with 110 additions and 224 deletions.
26 changes: 26 additions & 0 deletions .github/actions/setup-nix/action.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
---
name: Setup Nix and Cachix

description: Checkout the repository, setup nix, and setup cachix

inputs:
nix_path:
default: nixpkgs=flake:nixpkgs
cachix_name:
default: bow
cachix_auth_token:
required: true

runs:
using: composite
steps:
- name: Install Nix
uses: cachix/install-nix-action@v27
with:
nix_path: ${{ inputs.nix_path }}

- name: Install Cachix
uses: cachix/cachix-action@v15
with:
name: ${{ inputs.cachix_name }}
authToken: '${{ inputs.cachix_auth_token }}'
137 changes: 49 additions & 88 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,42 +26,27 @@ jobs:
- name: Checkout repo
uses: actions/checkout@v4

- name: Install Python
uses: actions/setup-python@v5
- name: Set up Nix
uses: ./.github/actions/setup-nix
with:
python-version: ${{ matrix.python-version }}

- name: Setup poetry cache
uses: actions/cache@v4
id: cache-poetry
with:
path: ~/.virtualenvs
# yamllint disable-line rule:line-length
key: ${{runner.os}}-${{ env.pythonLocation }}-${{ matrix.python-version }}-v3-${{ hashFiles('**/poetry.lock') }}

- name: Install and configure dependencies
run: |
pip install poetry poetry-dynamic-versioning
poetry config virtualenvs.in-project false
poetry config virtualenvs.path ~/.virtualenvs
- name: Install package
run: poetry install
if: steps.cache-poetry.outputs.cache-hit != 'true'
cachix_auth_token: '${{ secrets.CACHIX_AUTH_TOKEN }}'

- name: Run tests
run: make test
run: |
if [ "${{ matrix.python-version }}" = "3.11" ]; then
nix develop .#ciPy311 --command make test
else
nix develop .#ci --command make test
fi
- name: Upload test report
if: always()
uses: mikepenz/action-junit-report@v4
with:
check_name: Test python ${{ matrix.python-version }} report
check_name: Test report
report_paths: '**/.junit.xml'
annotate_only: true

- name: Upload coverage
if: matrix.python-version == '3.12'
uses: paambaati/[email protected]
env:
CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }}
Expand Down Expand Up @@ -90,31 +75,20 @@ jobs:
- name: Checkout repo
uses: actions/checkout@v4

- name: Install Python
uses: actions/setup-python@v5
with:
python-version: "3.12"

- name: Setup poetry cache
uses: actions/cache@v4
id: cache-poetry
- name: Set up Nix
uses: ./.github/actions/setup-nix
with:
path: ~/.virtualenvs
# yamllint disable-line rule:line-length
key: ${{runner.os}}-${{ env.pythonLocation }}-${{ matrix.lint.rule }}-v3-${{ hashFiles('**/poetry.lock') }}

- name: Install and configure dependencies
run: |
pip install poetry poetry-dynamic-versioning
poetry config virtualenvs.in-project false
poetry config virtualenvs.path ~/.virtualenvs
- name: Install package
run: poetry install
if: steps.cache-poetry.outputs.cache-hit != 'true'
cachix_auth_token: '${{ secrets.CACHIX_AUTH_TOKEN }}'

- name: ${{ matrix.lint.name }}
run: make ${{ matrix.lint.rule }}
run: |
if [ "${{ matrix.lint.rule }}" = "scan-sec-deps" ]; then
nix develop .#ci --command make ${{ matrix.lint.rule }} \
|| (echo "::warning file=scan-sec-deps::Scan dependencies failed with exit code $?.")
else
nix develop .#ci --command make ${{ matrix.lint.rule }}
fi
continue-on-error: ${{ matrix.lint.rule == 'scan-sec-deps' }}

pub-image:
name: Publish Docker image
Expand All @@ -123,46 +97,33 @@ jobs:
steps:
- name: Checkout repo
uses: actions/checkout@v4
with:
# Ensure all git history is cloned, so we can infer the correct version in Docker.
fetch-depth: 0

- name: Setup docker buildx
if: github.event_name != 'pull_request'
uses: docker/setup-buildx-action@v3

- name: Extract metadata for image
if: github.event_name != 'pull_request'
id: meta
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/${{ github.repository }}
tags: |
type=semver,pattern={{version}}
type=raw,value=latest,enable={{is_default_branch}}
flavor: |
latest=true
- name: Get current time
run: |
echo "BUILD_TIME=$(date -u '+%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_ENV
- name: Login to container registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Build and publish image
if: github.event_name != 'pull_request'
uses: docker/build-push-action@v5
- name: Set up Nix
uses: ./.github/actions/setup-nix
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
build-args: |
REVISION=${{ github.sha }}
BUILD_TIME=${{ env.BUILD_TIME }}
cachix_auth_token: '${{ secrets.CACHIX_AUTH_TOKEN }}'

- name: Set image tag
run: >
if [ "${{ github.ref_type }}" = "tag" ] && [ -n "${{ github.ref_name }}" ]; then
echo "IMG_TAG=$(echo ${{ github.ref_name }} | sed 's/^v//')" >> ${GITHUB_ENV}
else
echo "IMG_TAG=latest" >> ${GITHUB_ENV}
fi
- name: Update pyproject.toml version with
if: github.ref_type == 'tag' && github.ref_name != ''
run: nix develop --command poetry dynamic-versioning

- name: Capture current commit hash
run: printf "${{ github.sha }}" > .rev && git add .rev

- name: Build and push image to registry
run: >
nix build .#dockerArchiveStreamer
&& ./result
| gzip --fast
| skopeo copy
--dest-creds ${{ github.repository_owner }}:${{ secrets.GITHUB_TOKEN }}
docker-archive:/dev/stdin
docker://ghcr.io/${{ github.repository }}:${IMG_TAG}
47 changes: 0 additions & 47 deletions Dockerfile
View file

This file was deleted.

Loading

0 comments on commit 60279a0

Please sign in to comment.