infra/.forgejo/workflows/check.yml

72 lines
2.7 KiB
YAML

name: Flake checks
on: [pull_request]
env:
USER: ci
jobs:
Check:
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: https://code.forgejo.org/actions/checkout@v4
- uses: https://github.com/nixbuild/nix-quick-install-action@v27
with:
load_nixConfig: false
nix_conf: |
substituters = https://cache.nixos.org/ https://nix-community.cachix.org
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=
keep-outputs = true
- name: Calculate flake.lock hash
id: flake-lock-hash
run: |
echo "hash=$(md5sum flake.lock | awk '{print $1}')" >> $GITHUB_OUTPUT
- name: Restore and cache Nix store
uses: https://github.com/nix-community/cache-nix-action@v4.0.3
id: nix-store-cache
with:
key: cache-${{ runner.os }}-nix-store-${{ steps.flake-lock-hash.outputs.hash }}
restore-keys: |
cache-${{ runner.os }}-nix-store-
gc-linux: true
gc-max-store-size-linux: 10000000000
purge-caches: true
purge-key: cache-${{ runner.os }}-nix-store-
purge-created: true
purge-created-max-age: 42
- name: Prepare cachix
uses: https://github.com/cachix/cachix-action@v14
with:
name: pub-solar
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
useDaemon: false
- name: Run flake checks
run: |
# Prevent cache garbage collection by creating GC roots
for target in $(nix flake show --json --all-systems | jq '
.["nixosConfigurations"] |
to_entries[] |
.key
' | tr -d '"'
); do
nix --print-build-logs --verbose --accept-flake-config --access-tokens '' \
build --out-link ./result-$target ".#nixosConfigurations.${target}.config.system.build.toplevel"
done
nix --print-build-logs --verbose --accept-flake-config --access-tokens '' flake check
# Add GC roots for flake inputs, too
# https://github.com/NixOS/nix/issues/4250#issuecomment-1146878407
mkdir --parents "$NIX_USER_PROFILE_DIR"
gc_root_prefix="$NIX_USER_PROFILE_DIR"/infra-flake-
echo "Adding gcroots flake inputs with prefix $gc_root_prefix ..."
nix flake archive --json 2>/dev/null | jq --raw-output '.inputs | to_entries[] | "ln --force --symbolic --no-target-directory "+.value.path+" \"'"$gc_root_prefix"'"+.key+"\""' | while read -r line; do
eval "$line"
done