-
-
Notifications
You must be signed in to change notification settings - Fork 17
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #56 from PierreBeucher/nix-ci
chore: Nix & Cachix CI config
- Loading branch information
Showing
11 changed files
with
248 additions
and
236 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -5,4 +5,5 @@ tests/ | |
.novops.yml | ||
README.md | ||
Makefile | ||
docs/ | ||
docs/ | ||
build/cache |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,84 +1,188 @@ | ||
name: Build and test | ||
|
||
# Same jobs are used for testing or releasing | ||
on: | ||
push: | ||
branches: | ||
- main | ||
tags: | ||
- "v*.*.*" | ||
pull_request: | ||
workflow_dispatch: | ||
|
||
jobs: | ||
|
||
cargo_test: | ||
name: Cargo tests | ||
cargo-build: | ||
name: cargo build, test & doc | ||
runs-on: ubuntu-latest | ||
if: "! startsWith(github.event.ref, 'refs/tags/v')" # No need to run on release | ||
steps: | ||
- uses: actions/checkout@v3 | ||
|
||
# cache | ||
- uses: cachix/install-nix-action@v20 | ||
with: | ||
nix_path: nixpkgs=channel:nixos-unstable | ||
|
||
- uses: cachix/cachix-action@v12 | ||
with: | ||
name: novops | ||
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | ||
|
||
- uses: actions/cache@v3 | ||
with: | ||
path: | | ||
~/.cargo/bin/ | ||
~/.cargo/registry/index/ | ||
~/.cargo/registry/cache/ | ||
~/.cargo/git/db/ | ||
target/ | ||
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | ||
- uses: dtolnay/rust-toolchain@stable | ||
with: | ||
toolchain: stable | ||
target/ | ||
key: ${{ runner.os }}-${{ runner.arch }}-cargo | ||
|
||
# Deploy services used for test (Hashicorp Vault, etc.) | ||
- uses: isbang/[email protected] | ||
- uses: actions/cache@v3 | ||
with: | ||
compose-file: "./tests/docker-compose.yml" | ||
down-flags: "--volumes" | ||
path: | | ||
~/.local/share/containers/storage/ | ||
key: ${{ runner.os }}-${{ runner.arch }}-podman | ||
|
||
# build and test | ||
- run: nix develop -c make test | ||
|
||
# doc | ||
- name: Setup Pages # Useful? Not sure | ||
uses: actions/configure-pages@v3 | ||
|
||
- name: build mdBook site | ||
run: nix develop -c make doc | ||
|
||
- run: cargo test | ||
- name: Upload mdBook artifact | ||
uses: actions/upload-pages-artifact@v1 | ||
with: | ||
path: ./docs/book | ||
|
||
docker_build: | ||
name: Docker build | ||
image-build: | ||
name: container image & static binary build | ||
if: github.ref != 'refs/heads/main' # No need to run on main | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v3 | ||
|
||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v2 | ||
|
||
- name: Build | ||
uses: docker/build-push-action@v4 | ||
- uses: cachix/install-nix-action@v20 | ||
with: | ||
nix_path: nixpkgs=channel:nixos-unstable | ||
|
||
- uses: cachix/cachix-action@v12 | ||
with: | ||
name: novops | ||
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | ||
|
||
- uses: actions/cache@v3 | ||
with: | ||
cache-from: type=gha | ||
cache-to: type=gha,mode=max | ||
outputs: "type=local,dest=novops-build" | ||
path: | | ||
build/cache | ||
key: ${{ runner.os }}-${{ runner.arch }}-podman | ||
|
||
- run: nix develop -c make build-image build-binary | ||
|
||
- name: Upload binary artifact | ||
- name: Upload built artifacts | ||
uses: actions/upload-artifact@v3 | ||
with: | ||
name: novops-binary | ||
name: novops-build | ||
if-no-files-found: error | ||
path: | | ||
novops-build/novops | ||
build/novops | ||
build/novops.zip | ||
build/novops.zip.sha256sum | ||
build/image.tar | ||
load_novops: | ||
name: run Novops commands | ||
test-novops-cli: | ||
name: run novops commands | ||
runs-on: ubuntu-latest | ||
needs: docker_build | ||
needs: image-build | ||
steps: | ||
- uses: actions/checkout@v3 | ||
- name: Download novops artifact | ||
|
||
- name: download novops artifacts | ||
uses: actions/download-artifact@v3 | ||
with: | ||
name: novops-binary | ||
name: novops-build | ||
path: build | ||
|
||
- name: novops load | ||
run: | | ||
chmod +x ./novops | ||
./novops load -c tests/.novops.plain-strings.yml -s .envrc -e dev | ||
ls -al build | ||
chmod +x build/novops | ||
build/novops load -c tests/.novops.plain-strings.yml -s .envrc -e dev | ||
cat .envrc >> "$GITHUB_ENV" | ||
- name: check novops loaded values | ||
run: env | grep MY_APP_HOST | ||
|
||
- name: novops run and check var | ||
run: | | ||
./novops run -c tests/.novops.plain-strings.yml -e dev -- sh -c "env | grep DOG_PATH" | ||
build/novops run -c tests/.novops.plain-strings.yml -e dev -- sh -c "env | grep DOG_PATH" | ||
# | ||
# main / release only | ||
# | ||
|
||
# Deploy doc from main branch | ||
doc-deploy: | ||
name: doc deploy | ||
permissions: | ||
contents: read | ||
pages: write | ||
id-token: write | ||
if: github.ref == 'refs/heads/main' | ||
environment: | ||
name: github-pages | ||
url: ${{ steps.deployment.outputs.page_url }} | ||
runs-on: ubuntu-latest | ||
needs: cargo-build | ||
steps: | ||
- name: Deploy to GitHub Pages | ||
id: deployment | ||
uses: actions/deploy-pages@v2 | ||
|
||
# Update / create release from main branch | ||
release-please: | ||
name: release please | ||
runs-on: ubuntu-latest | ||
if: github.ref == 'refs/heads/main' | ||
steps: | ||
- uses: actions/checkout@v3 | ||
|
||
- uses: cachix/install-nix-action@v20 | ||
with: | ||
nix_path: nixpkgs=channel:nixos-unstable | ||
|
||
- uses: cachix/cachix-action@v12 | ||
with: | ||
name: novops | ||
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | ||
|
||
- run: nix develop -c make release | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }} | ||
|
||
# Upload artifacts for release tags | ||
release-artifacts: | ||
name: publish release artifacts | ||
permissions: | ||
contents: write | ||
pull-requests: write | ||
if: startsWith(github.event.ref, 'refs/tags/v') | ||
runs-on: ubuntu-latest | ||
steps: | ||
|
||
- name: download novops artifacts | ||
uses: actions/download-artifact@v3 | ||
with: | ||
name: novops-build | ||
path: build | ||
|
||
- run: nix develop -c make docker-publish | ||
|
||
- run: nix develop -c make release-artifacts | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }} |
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.