Warn on mnc usage #285
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
merge_group: | |
pull_request: | |
push: | |
branches: [main] | |
jobs: | |
build: | |
name: Build | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install Nix | |
uses: DeterminateSystems/nix-installer-action@main | |
- uses: DeterminateSystems/magic-nix-cache-action@main | |
- name: Check shell scripts | |
run: | | |
nix develop --command shellcheck ./.github/workflows/cache-test.sh | |
- uses: DeterminateSystems/nix-installer-action@main | |
- name: Install pnpm dependencies | |
run: nix develop --command pnpm install | |
- name: Check formatting | |
run: nix develop --command pnpm run check-fmt | |
- name: Lint | |
run: nix develop --command pnpm run lint | |
- name: Build | |
run: nix develop --command pnpm run build | |
- name: Package | |
run: nix develop --command pnpm run package | |
- run: git status --porcelain=v1 | |
- run: git diff --exit-code | |
test-no-nix: | |
needs: build | |
name: "Test: Nix not installed" | |
runs-on: ubuntu-22.04 | |
permissions: | |
id-token: "write" | |
contents: "read" | |
env: | |
ACTIONS_STEP_DEBUG: true | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Cache the store | |
uses: ./ | |
with: | |
_internal-strict-mode: true | |
run-x86_64-linux-untrusted: | |
needs: build | |
name: Run x86_64-linux, Untrusted | |
runs-on: ubuntu-22.04 | |
permissions: | |
id-token: "write" | |
contents: "read" | |
env: | |
ACTIONS_STEP_DEBUG: true | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install Nix | |
uses: DeterminateSystems/nix-installer-action@main | |
with: | |
flakehub: true | |
extra-conf: | | |
narinfo-cache-negative-ttl = 0 | |
trusted-users = root | |
- name: Cache the store | |
uses: ./ | |
with: | |
_internal-strict-mode: true | |
run-systems: | |
if: github.event_name == 'merge_group' | |
needs: build | |
name: "Test: ${{ matrix.systems.nix-system }} gha:${{matrix.use-gha-cache}},fhc:${{matrix.use-flakehub}},id:${{matrix.id-token}},determinate:${{matrix.determinate}}" | |
runs-on: "${{ matrix.systems.runner }}" | |
permissions: | |
id-token: "write" | |
contents: "read" | |
env: | |
ACTIONS_STEP_DEBUG: true | |
strategy: | |
fail-fast: false | |
matrix: | |
determinate: [true, false] | |
use-gha-cache: ["disabled", "no-preference", "enabled"] | |
use-flakehub: ["disabled", "no-preference", "enabled"] | |
id-token: ["write", "none"] | |
systems: | |
- nix-system: "aarch64-darwin" | |
runner: "macos-latest" | |
- nix-system: "x86_64-darwin" | |
runner: "macos-13" | |
- nix-system: "aarch64-linux" | |
runner: "namespace-profile-default-arm64" | |
- nix-system: "x86_64-linux" | |
runner: "ubuntu-22.04" | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install Nix on ${{ matrix.systems.nix-system }} system | |
uses: DeterminateSystems/nix-installer-action@main | |
with: | |
_internal-obliterate-actions-id-token-request-variables: ${{ matrix.id-token == 'none' }} | |
determinate: ${{ matrix.determinate }} | |
extra-conf: | | |
narinfo-cache-negative-ttl = 0 | |
- name: Cache the store | |
uses: ./ | |
with: | |
_internal-strict-mode: true | |
_internal-obliterate-actions-id-token-request-variables: ${{ matrix.id-token == 'none' }} | |
use-gha-cache: ${{ matrix.use-gha-cache }} | |
use-flakehub: ${{ matrix.use-flakehub }} | |
- name: Check the cache for liveness | |
env: | |
EXPECT_FLAKEHUB: ${{ toJson(matrix.use-flakehub != 'disabled' && matrix.id-token == 'write') }} | |
EXPECT_GITHUB_CACHE: ${{ toJson( | |
(matrix.use-gha-cache != 'disabled') | |
&& ( | |
(!(matrix.use-flakehub != 'disabled' && matrix.id-token == 'write')) | |
|| (matrix.use-gha-cache == 'enabled') | |
) | |
) }} | |
run: | | |
.github/workflows/cache-test.sh | |
success: | |
runs-on: ubuntu-latest | |
needs: run-systems | |
steps: | |
- run: "true" | |
- run: | | |
echo "A dependent in the build matrix failed." | |
exit 1 | |
if: | | |
contains(needs.*.result, 'failure') || | |
contains(needs.*.result, 'cancelled') |