Update Nix dependencies #18284
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Build and populate cache" | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| jobs: | |
| build: | |
| if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository | |
| name: Build | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| cachixName: | |
| - reedrw | |
| output: | |
| - reed@nixos-desktop | |
| - reed@nixos-t480 | |
| - reed@nixos-t400 | |
| - nixos-desktop-no-home-manager | |
| - nixos-t480-no-home-manager | |
| - nixos-t400-no-home-manager | |
| - nixos-vm | |
| - nix-shell | |
| runs-on: ubuntu-latest | |
| steps: | |
| # # Uncomment if GitHub Actions jobs start failing from lack of space | |
| # - name: Cleanup Disk | |
| # uses: jlumbroso/free-disk-space@main | |
| # Deleting android library saves ~14gb of space | |
| - name: Cleanup Disk | |
| run: sudo rm -rf /usr/local/lib/android | |
| - name: Install Doppler CLI | |
| uses: dopplerhq/cli-action@v3 | |
| - name: Pass all secrets to next steps | |
| run: | | |
| while read -rd $'' line; do echo "$line" >> $GITHUB_ENV; done < <( doppler secrets download --no-file --format=json | jq "." | grep -v 'DOPPLER_\(CONFIG\|ENVIRONMENT\|PROJECT\)' | jq -r 'to_entries|map("\(.key)<<EOF\n\(.value)\nEOF\u0000")[]' ) | |
| while read -r line; do echo "::add-mask::$line"; done < <( doppler secrets download --no-file --format=json | jq "." | grep -v 'DOPPLER_\(CONFIG\|ENVIRONMENT\|PROJECT\)' | jq -r 'to_entries|map("\(.value)\u0000")[]' ) | |
| env: | |
| DOPPLER_TOKEN: ${{ secrets.DOPPLER_TOKEN }} | |
| - uses: tibdex/[email protected] | |
| if: ${{ github.event_name == 'pull_request' && github.head_ref == 'update-dependencies' }} | |
| id: generate-token | |
| with: | |
| app_id: ${{ env.APP_ID }} | |
| private_key: ${{ env.APP_PRIVATE_KEY }} | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install Nix | |
| uses: DeterminateSystems/nix-installer-action@v16 | |
| with: | |
| source-url: "https://install.lix.systems/lix/lix-installer-x86_64-linux" | |
| logger: pretty | |
| - name: Install Cachix | |
| uses: cachix/cachix-action@v15 | |
| with: | |
| name: ${{ matrix.cachixName }} | |
| signingKey: '${{ env.CACHIX_SIGNING_KEY }}' | |
| pushFilter: '(-source$|-src$|\.tar\.gz$|\.xpi$)' | |
| - name: Build | |
| run: | | |
| set -x | |
| if [[ "${{ matrix.output }}" == "nix-shell" ]]; then | |
| buildCommand="nix develop --accept-flake-config --show-trace --command bash -c 'exit'" | |
| else | |
| buildCommand="./install.sh -v --build ${{ matrix.output }}" | |
| fi | |
| $buildCommand | |
| env: | |
| NIXPKGS_ALLOW_UNFREE: 1 | |
| - name: Calculate diff between closures | |
| id: diff | |
| continue-on-error: true | |
| if: ${{ github.event_name == 'pull_request' | |
| && github.head_ref == 'update-dependencies' | |
| && matrix.output != 'nix-shell' }} | |
| run: | | |
| ./install.sh -v --build ${{ matrix.output }} -o result-new | |
| git checkout "$(git rev-parse @~)" | |
| ./install.sh -v --build ${{ matrix.output }} -o result-old | |
| echo "diff_closure<<EOF" >> $GITHUB_ENV | |
| # TODO remove pipe to sed when NixOS/nix#4626 is fixed | |
| nix store diff-closures ./result-old ./result-new | sed 's/\x1b\[[0-9;]*m//g' >> $GITHUB_ENV | |
| echo "EOF" >> $GITHUB_ENV | |
| env: | |
| NIXPKGS_ALLOW_UNFREE: 1 | |
| - name: Post diff to PR comment | |
| if: ${{ steps.diff.outcome == 'success' && env.diff_closure != '' }} | |
| uses: phulsechinmay/[email protected] | |
| with: | |
| message: | | |
| ### Closure diff for `${{ matrix.output }}` | |
| ``` | |
| ${{ env.diff_closure }} | |
| ``` | |
| GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} | |
| COMMENT_IDENTIFIER: closure-diff-${{ matrix.output }} | |
| telegram: | |
| name: Telegram | |
| needs: build | |
| runs-on: ubuntu-latest | |
| if: always() | |
| steps: | |
| - name: Install Doppler CLI | |
| uses: dopplerhq/cli-action@v3 | |
| - name: Pass all secrets to next steps | |
| run: | | |
| while read -rd $'' line; do echo "$line" >> $GITHUB_ENV; done < <( doppler secrets download --no-file --format=json | jq "." | grep -v 'DOPPLER_\(CONFIG\|ENVIRONMENT\|PROJECT\)' | jq -r 'to_entries|map("\(.key)<<EOF\n\(.value)\nEOF\u0000")[]' ) | |
| while read -r line; do echo "::add-mask::$line"; done < <( doppler secrets download --no-file --format=json | jq "." | grep -v 'DOPPLER_\(CONFIG\|ENVIRONMENT\|PROJECT\)' | jq -r 'to_entries|map("\(.value)\u0000")[]' ) | |
| env: | |
| DOPPLER_TOKEN: ${{ secrets.DOPPLER_TOKEN }} | |
| - name: Get workflow conclusion | |
| uses: technote-space/[email protected] | |
| - name: Send notification | |
| uses: yanzay/[email protected] | |
| with: | |
| chat: ${{ env.NOTIFICATION_CHAT_ID }} | |
| token: ${{ env.NOTIFICATION_TOKEN }} | |
| status: ${{ env.WORKFLOW_CONCLUSION }} | |
| if: env.WORKFLOW_CONCLUSION != 'success' |