wip #331
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build & tests | |
| on: | |
| push: | |
| branches: | |
| - "**" | |
| - "!main" | |
| jobs: | |
| build-cross: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: cachix/install-nix-action@v20 | |
| with: | |
| nix_path: nixpkgs=channel:nixos-unstable | |
| - uses: cachix/cachix-action@v12 | |
| with: | |
| name: novops | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| - uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| target/ | |
| key: ${{ runner.os }}-${{ runner.arch }}-build-cross | |
| - run: nix develop .#cross -c task build-cross-linux | |
| # Can't include darwin targets as not possible to use it on CI directly for now | |
| # since it requires custom Docker images which can't be published as per Apple licenses | |
| # - run: nix develop .#cross -c task build-cross-macos | |
| # Build and push to cachix | |
| build-flake: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: cachix/install-nix-action@v20 | |
| with: | |
| nix_path: nixpkgs=channel:nixos-unstable | |
| - uses: cachix/cachix-action@v12 | |
| with: | |
| name: novops | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| - run: nix build --json | jq -r '.[].outputs | to_entries[].value' | cachix push novops | |
| test-all: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Cache | |
| - uses: actions/checkout@v3 | |
| - uses: nixbuild/nix-quick-install-action@v27 | |
| - name: Restore and cache Nix store | |
| uses: nix-community/cache-nix-action@v5 | |
| with: | |
| # restore and save a cache using this key | |
| primary-key: nix-${{ runner.os }}-${{ hashFiles('**/*.nix') }} | |
| # if there's no cache hit, restore a cache by this prefix | |
| restore-prefixes-first-match: nix-${{ runner.os }}- | |
| # do purge caches | |
| purge: true | |
| # purge all versions of the cache | |
| purge-prefixes: cache-${{ runner.os }}- | |
| # created more than this number of seconds ago relative to the start of the `Post Restore` phase | |
| purge-created: 259200 # 3 days | |
| # except the version with the `primary-key`, if it exists | |
| purge-primary-key: never | |
| - uses: cachix/cachix-action@v12 | |
| with: | |
| name: novops | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| - uses: actions/cache@v3 | |
| name: setup Cargo cache | |
| with: | |
| path: | | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| target/ | |
| key: ${{ runner.os }}-${{ runner.arch }}-cargo | |
| - uses: actions/cache@v4 | |
| name: Setup pnpm cache | |
| with: | |
| path: ${{ env.PNPM_HOME }}/store | |
| key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pnpm-store- | |
| # Cloud login | |
| - uses: google-github-actions/auth@v2 | |
| with: | |
| credentials_json: '${{ secrets.GOOGLE_CREDENTIALS }}' | |
| - uses: azure/login@v2 | |
| with: | |
| creds: ${{ secrets.AZURE_CREDENTIALS }} | |
| # Run tests | |
| - run: nix develop -c task test-setup | |
| env: | |
| PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
| # Pulumi Azure Native provider auth | |
| # Still required by Pulumi despite already previou az log-in | |
| ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} | |
| ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} | |
| ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} | |
| ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} | |
| - run: nix develop -c task test-run | |
| - run: nix develop -c task test-teardown | |
| env: | |
| PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
| ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} | |
| ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} | |
| ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} | |
| ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} |