-
-
Notifications
You must be signed in to change notification settings - Fork 18
135 lines (111 loc) · 4.15 KB
/
build-test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
name: Build & tests
on:
push:
branches:
- "**"
- "!main"
jobs:
build-cross:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: cachix/install-nix-action@v20
with:
nix_path: nixpkgs=channel:nixos-unstable
- uses: cachix/cachix-action@v12
with:
name: novops
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- uses: actions/cache@v3
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
target/
key: ${{ runner.os }}-${{ runner.arch }}-build-cross
- run: nix develop .#cross -c task build-cross-linux
# Can't include darwin targets as not possible to use it on CI directly for now
# since it requires custom Docker images which can't be published as per Apple licenses
# - run: nix develop .#cross -c task build-cross-macos
# Build and push to cachix
build-flake:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: cachix/install-nix-action@v20
with:
nix_path: nixpkgs=channel:nixos-unstable
- uses: cachix/cachix-action@v12
with:
name: novops
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- run: nix build --json | jq -r '.[].outputs | to_entries[].value' | cachix push novops
test-all:
runs-on: ubuntu-latest
steps:
# Cache
- uses: actions/checkout@v3
- uses: nixbuild/nix-quick-install-action@v27
- name: Restore and cache Nix store
uses: nix-community/cache-nix-action@v5
with:
# restore and save a cache using this key
primary-key: nix-${{ runner.os }}-${{ hashFiles('**/*.nix') }}
# if there's no cache hit, restore a cache by this prefix
restore-prefixes-first-match: nix-${{ runner.os }}-
# do purge caches
purge: true
# purge all versions of the cache
purge-prefixes: cache-${{ runner.os }}-
# created more than this number of seconds ago relative to the start of the `Post Restore` phase
purge-created: 259200 # 3 days
# except the version with the `primary-key`, if it exists
purge-primary-key: never
- uses: cachix/cachix-action@v12
with:
name: novops
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- uses: actions/cache@v3
name: setup Cargo cache
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
target/
key: ${{ runner.os }}-${{ runner.arch }}-cargo
- uses: actions/cache@v4
name: Setup pnpm cache
with:
path: ${{ env.PNPM_HOME }}/store
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
restore-keys: |
${{ runner.os }}-pnpm-store-
# Cloud login
- uses: google-github-actions/auth@v2
with:
credentials_json: '${{ secrets.GOOGLE_CREDENTIALS }}'
- uses: azure/login@v2
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
# Run tests
- run: nix develop -c task test-setup
env:
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
# Pulumi Azure Native provider auth
# Still required by Pulumi despite already previou az log-in
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
- run: nix develop -c task test-run
- run: nix develop -c task test-teardown
env:
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}