Skip to content

chore(deps): update distroless_base docker digest to 7a4bffc #1846

chore(deps): update distroless_base docker digest to 7a4bffc

chore(deps): update distroless_base docker digest to 7a4bffc #1846

Workflow file for this run

name: Continuous integration
on:
push:
branches: master
pull_request:
branches: master
workflow_dispatch: # allows manual triggering
workflow_call: # allows call from another workflow
schedule:
- cron: '1 11 * * *'
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/master' }}
jobs:
test-nixpkgs:
name: Build & Test - Nixpkgs - ${{ matrix.bzlmodEnabled && 'bzlmod' || 'workspace' }} ${{ matrix.withNixRemote && '- NixRemote ' || '' }}- ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os:
- ubuntu-latest
- macos-12
bzlmodEnabled:
- true
- false
withNixRemote:
- true
- false
exclude:
# skip nix remote jobs on MacOS
- os: macos-12
withNixRemote: true
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v30
with:
nix_path: nixpkgs=./docs/nixpkgs.nix
- uses: ./.github/actions/configure_bazelrc
with:
buildbuddy_api_key: ${{ secrets.BUILDBUDDY_API_KEY }}
- name: Start remote Nix server
if: matrix.withNixRemote
run: |
# Generate temporary SSH keys.
mkdir -p $HOME/.ssh
mkdir -p .github/nix-server/keys
ssh-keygen -t ed25519 -f .github/nix-server/keys/ci -C ci-nix-server -q -N ""
docker build -t nix-server -f .github/nix-server/Dockerfile .
docker run -d -p 2222:22 nix-server
cp .github/nix-server/keys/* $HOME/.ssh/
sudo cp .github/nix-server/config /etc/ssh/ssh_config
echo "Setting BAZEL_NIX_REMOTE env variable"
echo BAZEL_NIX_REMOTE=nix-server >> "$GITHUB_ENV"
- name: Build & test
env:
BZLMOD_ENABLED: ${{ matrix.bzlmodEnabled }}
run: |
nix-shell --pure \
--keep GITHUB_STEP_SUMMARY \
--keep GITHUB_REPOSITORY \
--keep BZLMOD_ENABLED \
--keep BAZEL_NIX_REMOTE \
--run 'bash .github/build-and-test'
test-examples:
name: Build & Test - Examples
strategy:
fail-fast: false
matrix:
os:
- ubuntu-latest
- macos-12
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v30
with:
nix_path: nixpkgs=./nixpkgs.nix
- uses: ./.github/actions/configure_bazelrc
with:
buildbuddy_api_key: ${{ secrets.BUILDBUDDY_API_KEY }}
- name: Build & test
run: |
skip() {
echo "Will skip $(head -n1 $2/README.md) ${1%_nix} Nix"
local p="$1[@]"
read -a ${1} <<< $(echo ${!p//$2})
}
pushd examples/cc-template
echo
echo "::group::Running $(head -n1 README.md) with Nix, WORKSPACE"
nix develop --command bazel run --noenable_bzlmod //src:hello-world
popd
pushd examples/cc-template
echo
echo "::group::Running $(head -n1 README.md) with Nix, bzlmod"
nix develop --command bazel run --enable_bzlmod //src:hello-world
popd
pushd examples/toolchains
with_nix=( $(ls) )
without_nix=( cc go java )
for dir in "${with_nix[@]}"; do
pushd "$dir"
echo
example_name="$(head -n1 README.md) with Nix"
if [[ -f skip-on-ci ]]; then
echo "Skipping $example_name"
popd
continue
else
echo "::group::Running $example_name"
nix-shell --pure --keep GITHUB_STEP_SUMMARY --keep GITHUB_REPOSITORY --keep BZLMOD_ENABLED --keep BAZEL_NIX_REMOTE --command 'bazel run --config=nix :hello'
# TODO: all toolchains should run without Nixpkgs
fi
popd
done
for dir in "${without_nix[@]}"; do
pushd "$dir"
echo
echo "::group::Running $(head -n1 README.md) without Nix"
bazel run :hello
popd
done
popd
- name: Build bazel-nix-python-container with Nix
uses: tweag/run-nix-shell@v0
if: ${{ runner.os == 'Linux' }}
with:
pure: false
working-directory: examples/python-container
run: bazel build :hello_image
- name: Run bazel-nix-flakes-example with Nix
uses: tweag/run-nix-shell@v0
if: ${{ runner.os == 'Linux' }}
with:
pure: false
working-directory: examples/flakes
run: bazel run --crosstool_top=@nixpkgs_config_cc//:toolchain :hello
all_ci_tests:
runs-on: ubuntu-latest
needs:
- test-nixpkgs
- test-examples
if: ${{ always() }}
steps:
- uses: cgrindel/gha_join_jobs@794a2d117251f22607f1aab937d3fd3eaaf9a2f5 # v1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}