Nix CI/CD #633
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Nix CI/CD | |
| on: | |
| push: | |
| pull_request: | |
| merge_group: | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| jobs: | |
| # set up variables shared between jobs | |
| global-vars: | |
| name: Setup global variables | |
| runs-on: ubuntu-latest | |
| outputs: | |
| nix-conf: ${{ steps.nix-conf.outputs.nix-conf }} | |
| steps: | |
| - name: Export Nix config | |
| id: nix-conf | |
| run: | | |
| { | |
| echo 'nix-conf<<NIX_EOF' | |
| echo 'extra-trusted-substituters = https://roar-qutrc.cachix.org https://ros.cachix.org' | |
| echo 'extra-trusted-public-keys = roar-qutrc.cachix.org-1:ZKgHZSSHH2hOAN7+83gv1gkraXze5LSEzdocPAEBNnA= ros.cachix.org-1:dSyZxI8geDCJrwgvCOHDoAfOm5sV1wCPjBkKL+38Rvo=' | |
| echo 'NIX_EOF' | |
| } >> "$GITHUB_OUTPUT" | |
| # get the file changes to filter other jobs | |
| changes: | |
| name: Detect changes | |
| runs-on: ubuntu-latest | |
| outputs: | |
| manual: ${{ github.event_name == 'workflow_dispatch'}} | |
| software: ${{ steps.filter.outputs.software }} | |
| docs: ${{ steps.filter.outputs.docs }} | |
| docs-shell: ${{ steps.filter.outputs.docs-shell }} | |
| formatter-config: ${{ steps.filter.outputs.formatter-config }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dorny/paths-filter@v3 | |
| id: filter | |
| with: | |
| filters: .github/filters.yaml | |
| # We don't want to run commit actions on pull request workflows (ie, after the merge commit), | |
| # only on push, so all commit+push steps are filtered by the event name | |
| format: | |
| name: Format and lint | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| # needed to push changes if needed | |
| permissions: | |
| contents: write | |
| runs-on: ubuntu-latest | |
| needs: [changes, global-vars] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: nixbuild/nix-quick-install-action@v29 | |
| with: | |
| nix_conf: ${{ needs.global-vars.outputs.nix-conf }} | |
| - name: Update `treefmt.toml` | |
| if: ${{ (github.event_name != 'pull_request') && (needs.changes.outputs.formatter-config == 'true') }} | |
| id: update-config | |
| run: nix run -L .#tools.treefmt-write-config | |
| - uses: stefanzweifel/git-auto-commit-action@v5 | |
| if: ${{ steps.update-config.outcome == 'success' }} | |
| with: | |
| commit_message: "chore: Update `treefmt.toml`" | |
| - name: Format and lint repository | |
| run: nix fmt | |
| - uses: stefanzweifel/git-auto-commit-action@v5 | |
| if: ${{ github.event_name != 'pull_request' }} | |
| id: push-format | |
| with: | |
| commit_message: "chore: Format and lint" | |
| docs-shell: | |
| name: Build docs dev shell | |
| runs-on: ubuntu-latest | |
| environment: binary-deployment | |
| if: ${{ (needs.changes.outputs.docs-shell == 'true') || (needs.changes.outputs.manual == 'true') }} | |
| needs: [changes, format, global-vars] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: nixbuild/nix-quick-install-action@v29 | |
| with: | |
| nix_conf: ${{ needs.global-vars.outputs.nix-conf }} | |
| - name: Upload docs dev shell to Cachix | |
| run: nix run -L .#scripts.cachix.docs-shell | |
| env: | |
| CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
| docs: | |
| name: Build docs | |
| runs-on: ubuntu-latest | |
| environment: docs-deployment | |
| if: ${{ (needs.changes.outputs.docs == 'true') || (needs.changes.outputs.manual == 'true') }} | |
| needs: [changes, format, docs-shell, global-vars] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: nixbuild/nix-quick-install-action@v29 | |
| with: | |
| nix_conf: ${{ needs.global-vars.outputs.nix-conf }} | |
| - name: Build docs | |
| run: nix build -L .#docs | |
| # From here, deploying to the website repo | |
| - name: Checkout website repo | |
| # only run on origin main branch | |
| if: ${{ (github.event_name != 'pull_request') && (github.repository == 'ROAR-QUTRC/perseus-v2') && (github.ref == 'refs/heads/main') }} | |
| id: checkout-website | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: ROAR-QUTRC/roar-qutrc.github.io | |
| ssh-key: ${{ secrets.DOCS_DEPLOY_KEY }} | |
| path: docs | |
| - name: Update docs in checked out repo | |
| if: ${{ steps.checkout-website.outcome == 'success' }} | |
| run: | | |
| rm -rf docs/* | |
| cp -a result/html/. docs/ | |
| - uses: stefanzweifel/git-auto-commit-action@v5 | |
| name: Commit and push changes | |
| if: ${{ steps.checkout-website.outcome == 'success' }} | |
| with: | |
| commit_message: "Update generated docs" | |
| repository: ./docs | |
| build: | |
| name: Build software | |
| runs-on: ubuntu-latest | |
| environment: binary-deployment | |
| if: ${{ (needs.changes.outputs.software == 'true') || (needs.changes.outputs.manual == 'true') }} | |
| needs: [changes, format, global-vars] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: nixbuild/nix-quick-install-action@v29 | |
| with: | |
| nix_conf: ${{ needs.global-vars.outputs.nix-conf }} | |
| - name: Build repository | |
| run: nix build -L | |
| - name: Upload build to Cachix | |
| run: nix run -L .#scripts.cachix.build | |
| - name: Test dev shell | |
| run: nix develop -L -c echo 'Shell test success' | |
| - name: Upload dev shell to Cachix | |
| run: nix run -L .#scripts.cachix.shell | |
| - name: Run flake checks | |
| run: nix flake check -L | |
| env: | |
| CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} |