name: CI on: merge_group: pull_request: push: branches: [main] jobs: build: name: Build runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 - name: Install Nix uses: DeterminateSystems/nix-installer-action@main - uses: DeterminateSystems/magic-nix-cache-action@main - name: Check shell scripts run: | nix develop --command shellcheck ./.github/workflows/cache-test.sh - uses: DeterminateSystems/nix-installer-action@main - name: Install pnpm dependencies run: nix develop --command pnpm install - name: Check formatting run: nix develop --command pnpm run check-fmt - name: Lint run: nix develop --command pnpm run lint - name: Build run: nix develop --command pnpm run build - name: Package run: nix develop --command pnpm run package - run: git status --porcelain=v1 - run: git diff --exit-code test-no-nix: needs: build name: "Test: Nix not installed" runs-on: ubuntu-22.04 permissions: id-token: "write" contents: "read" env: ACTIONS_STEP_DEBUG: true steps: - uses: actions/checkout@v4 - name: Cache the store uses: ./ with: _internal-strict-mode: true run-x86_64-linux-untrusted: needs: build name: Run x86_64-linux, Untrusted runs-on: ubuntu-22.04 permissions: id-token: "write" contents: "read" env: ACTIONS_STEP_DEBUG: true steps: - uses: actions/checkout@v4 - name: Install Nix uses: DeterminateSystems/nix-installer-action@main with: flakehub: true extra-conf: | narinfo-cache-negative-ttl = 0 trusted-users = root - name: Cache the store uses: ./ with: _internal-strict-mode: true run-systems: if: github.event_name == 'merge_group' needs: build name: "Test: ${{ matrix.systems.nix-system }} gha:${{matrix.use-gha-cache}},fhc:${{matrix.use-flakehub}},id:${{matrix.id-token}},determinate:${{matrix.determinate}}" runs-on: "${{ matrix.systems.runner }}" permissions: id-token: "write" contents: "read" env: ACTIONS_STEP_DEBUG: true strategy: fail-fast: false matrix: determinate: [true, false] use-gha-cache: ["disabled", "no-preference", "enabled"] use-flakehub: ["disabled", "no-preference", "enabled"] id-token: ["write", "none"] systems: - nix-system: "aarch64-darwin" runner: "macos-latest" - nix-system: "x86_64-darwin" runner: "macos-13" - nix-system: "aarch64-linux" runner: "namespace-profile-default-arm64" - nix-system: "x86_64-linux" runner: "ubuntu-22.04" steps: - uses: actions/checkout@v4 - name: Install Nix on ${{ matrix.systems.nix-system }} system uses: DeterminateSystems/nix-installer-action@main with: _internal-obliterate-actions-id-token-request-variables: ${{ matrix.id-token == 'none' }} determinate: ${{ matrix.determinate }} extra-conf: | narinfo-cache-negative-ttl = 0 - name: Cache the store uses: ./ with: _internal-strict-mode: true _internal-obliterate-actions-id-token-request-variables: ${{ matrix.id-token == 'none' }} use-gha-cache: ${{ matrix.use-gha-cache }} use-flakehub: ${{ matrix.use-flakehub }} - name: Check the cache for liveness env: EXPECT_FLAKEHUB: ${{ toJson(matrix.use-flakehub != 'disabled' && matrix.id-token == 'write') }} EXPECT_GITHUB_CACHE: ${{ toJson( (matrix.use-gha-cache != 'disabled') && ( (!(matrix.use-flakehub != 'disabled' && matrix.id-token == 'write')) || (matrix.use-gha-cache == 'enabled') ) ) }} run: | .github/workflows/cache-test.sh success: runs-on: ubuntu-latest needs: run-systems steps: - run: "true" - run: | echo "A dependent in the build matrix failed." exit 1 if: | contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')