Graham/fh 496 nix installer incorrectly validates fstab entries #1798
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release PR | |
concurrency: | |
group: release | |
on: | |
pull_request: | |
types: | |
- opened | |
- reopened | |
- synchronize | |
- labeled | |
permissions: | |
id-token: "write" | |
contents: "read" | |
jobs: | |
build-x86_64-linux: | |
# Only intra-repo PRs are allowed to have PR artifacts uploaded | |
# We only want to trigger once the upload once in the case the upload label is added, not when any label is added | |
if: | | |
always() && !failure() && !cancelled() | |
&& github.event.pull_request.head.repo.full_name == 'DeterminateSystems/nix-installer' | |
&& ( | |
(github.event.action == 'labeled' && github.event.label.name == 'upload to s3') | |
|| (github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'upload to s3')) | |
) | |
uses: ./.github/workflows/build-x86_64-linux.yml | |
with: | |
cache-key: release-x86_64-linux-artifacts-${{ github.sha }} | |
build-aarch64-linux: | |
# Only intra-repo PRs are allowed to have PR artifacts uploaded | |
# We only want to trigger once the upload once in the case the upload label is added, not when any label is added | |
if: | | |
always() && !failure() && !cancelled() | |
&& github.event.pull_request.head.repo.full_name == 'DeterminateSystems/nix-installer' | |
&& ( | |
(github.event.action == 'labeled' && github.event.label.name == 'upload to s3') | |
|| (github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'upload to s3')) | |
) | |
uses: ./.github/workflows/build-aarch64-linux.yml | |
with: | |
cache-key: release-aarch64-linux-artifacts-${{ github.sha }} | |
build-x86_64-darwin: | |
# Only intra-repo PRs are allowed to have PR artifacts uploaded | |
# We only want to trigger once the upload once in the case the upload label is added, not when any label is added | |
if: | | |
always() && !failure() && !cancelled() | |
&& github.event.pull_request.head.repo.full_name == 'DeterminateSystems/nix-installer' | |
&& ( | |
(github.event.action == 'labeled' && github.event.label.name == 'upload to s3') | |
|| (github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'upload to s3')) | |
) | |
uses: ./.github/workflows/build-x86_64-darwin.yml | |
with: | |
cache-key: release-x86_64-darwin-artifacts-${{ github.sha }} | |
build-aarch64-darwin: | |
# Only intra-repo PRs are allowed to have PR artifacts uploaded | |
# We only want to trigger once the upload once in the case the upload label is added, not when any label is added | |
if: | | |
always() && !failure() && !cancelled() | |
&& github.event.pull_request.head.repo.full_name == 'DeterminateSystems/nix-installer' | |
&& ( | |
(github.event.action == 'labeled' && github.event.label.name == 'upload to s3') | |
|| (github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'upload to s3')) | |
) | |
uses: ./.github/workflows/build-aarch64-darwin.yml | |
with: | |
cache-key: release-aarch64-darwin-artifacts-${{ github.sha }} | |
release: | |
# Only intra-repo PRs are allowed to have PR artifacts uploaded | |
# We only want to trigger once the upload once in the case the upload label is added, not when any label is added | |
if: | | |
always() && !failure() && !cancelled() | |
&& github.event.pull_request.head.repo.full_name == 'DeterminateSystems/nix-installer' | |
&& ( | |
(github.event.action == 'labeled' && github.event.label.name == 'upload to s3') | |
|| (github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'upload to s3')) | |
) | |
runs-on: ubuntu-latest | |
needs: | |
- build-x86_64-linux | |
- build-aarch64-linux | |
- build-x86_64-darwin | |
- build-aarch64-darwin | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Create artifacts directory | |
run: mkdir -p ./artifacts | |
- name: Fetch cached x86_64-linux binary | |
uses: actions/cache/restore@v3 | |
with: | |
path: nix-installer | |
key: release-x86_64-linux-artifacts-${{ github.sha }} | |
- name: Move artifact to artifacts directory | |
run: mv ./nix-installer ./artifacts/nix-installer-x86_64-linux | |
- name: Fetch cached aarch64-linux binary | |
uses: actions/cache/restore@v3 | |
with: | |
path: nix-installer | |
key: release-aarch64-linux-artifacts-${{ github.sha }} | |
- name: Move artifact to artifacts directory | |
run: mv ./nix-installer ./artifacts/nix-installer-aarch64-linux | |
- name: Fetch cached x86_64-darwin binary | |
uses: actions/cache/restore@v3 | |
with: | |
path: nix-installer | |
key: release-x86_64-darwin-artifacts-${{ github.sha }} | |
- name: Move artifact to artifacts directory | |
run: mv ./nix-installer ./artifacts/nix-installer-x86_64-darwin | |
- name: Fetch cached aarch64-darwin binary | |
uses: actions/cache/restore@v3 | |
with: | |
path: nix-installer | |
key: release-aarch64-darwin-artifacts-${{ github.sha }} | |
- name: Move artifact to artifacts directory | |
run: mv ./nix-installer ./artifacts/nix-installer-aarch64-darwin | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
role-to-assume: ${{ secrets.AWS_S3_UPLOAD_ROLE }} | |
aws-region: us-east-2 | |
- name: Publish Release (PR) | |
env: | |
AWS_BUCKET: ${{ secrets.AWS_S3_UPLOAD_BUCKET }} | |
run: | | |
PR="pr_${{ github.event.pull_request.number }}" | |
GIT_ISH="${{ github.event.pull_request.head.sha }}" | |
./upload_s3.sh "$PR" "$GIT_ISH" "https://install.determinate.systems/nix/rev/$GIT_ISH" | |
- name: Install Instructions (PR) | |
run: | | |
cat <<EOF | |
This commit can be installed by running the following command: | |
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix/rev/${{ github.event.pull_request.head.sha }} | sh -s -- install | |
The latest commit from this PR can be installed by running the following command: | |
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix/pr/${{ github.event.pull_request.number }} | sh -s -- install | |
EOF |