refactor(ci): Separate jobs into individual files #16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "CI" | |
on: | |
push: | |
branches: | |
- 'main' | |
pull_request: | |
jobs: | |
main: | |
runs-on: ${{ matrix.system }} | |
permissions: | |
contents: read | |
strategy: | |
matrix: | |
system: [ x86_64-linux, aarch64-darwin, x86_64-darwin ] | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: cachix/cachix-action@v14 | |
if: github.ref == 'refs/heads/main' | |
with: | |
name: om | |
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
skipPush: true | |
- name: Build | |
run: | | |
# Prep systems list | |
# https://github.com/srid/nixci/issues/83 | |
mkdir ~/systems | |
echo '{ outputs = _: {}; }' > ~/systems/flake.nix | |
echo '[ "${{ matrix.system }}" ]' > ~/systems/default.nix | |
# Build all flake outputs | |
nixci \ | |
--extra-access-tokens ${{ secrets.GITHUB_TOKEN }} \ | |
build --systems "path:$HOME/systems" | |
- name: Check static binary size | |
if: matrix.system == 'x86_64-linux' | |
run: nix run .#check-closure-size | |
- name: nix build | |
if: matrix.system != 'x86_64-darwin' | |
run: echo "om_static_binary_path=$(nix build --no-link --print-out-paths)" >> "$GITHUB_ENV" | |
- name: Upload om static binary | |
if: matrix.system != 'x86_64-darwin' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: om-${{ matrix.system }} | |
path: ${{ env.om_static_binary_path }}/bin/om | |
- name: nix run | |
run: nix run . -- --help | |
# First, build the repos used in the test to cache them locally, so as | |
# to avoid GitHub rate limits during the integration test (which | |
# doesn't use the token) | |
- name: Tests (preparation) | |
if: matrix.system != 'x86_64-darwin' | |
run: | | |
nixci --extra-access-tokens "github.com=${{ secrets.GITHUB_TOKEN }}" build "github:srid/haskell-multi-nix/c85563721c388629fa9e538a1d97274861bc8321" -- --no-link | |
nixci --extra-access-tokens "github.com=${{ secrets.GITHUB_TOKEN }}" build "github:juspay/services-flake/3d764f19d0a121915447641fe49a9b8d02777ff8" -- --no-link | |
- name: Tests | |
# Too slow on rosetta | |
if: matrix.system != 'x86_64-darwin' | |
run: | | |
# We disable some tests (e.g.: omnix-cli tests) on Nix due to | |
# sandboxing issues. | |
nix \ | |
--option system "${{ matrix.system }}" \ | |
--extra-access-tokens "github.com=${{ secrets.GITHUB_TOKEN }}" \ | |
--accept-flake-config \ | |
develop -c cargo test | |
- name: Push to cachix | |
if: github.ref == 'refs/heads/main' | |
run: nix --option system "${{ matrix.system }}" run .#cachix-push | |
trigger-static-binary-check: | |
needs: main | |
runs-on: ${{ matrix.system }} | |
strategy: | |
matrix: | |
system: [ ubuntu-latest, macos-latest ] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Run static binary workflow | |
uses: ./.github/workflows/static-binary-check | |
with: | |
system: ${{ matrix.system }} |