100 lines
4.1 KiB
YAML
100 lines
4.1 KiB
YAML
name: Nix CI
|
|
on:
|
|
push:
|
|
branches:
|
|
- master
|
|
tags:
|
|
- '*'
|
|
pull_request:
|
|
branches:
|
|
- master
|
|
|
|
jobs:
|
|
Build:
|
|
runs-on: ${{ matrix.os }}
|
|
defaults:
|
|
run:
|
|
# Can't use `nix-shell` without configured nixpkgs path on macOS
|
|
shell: nix -v --experimental-features "nix-command flakes" run .#ciShell -- bash -euxo pipefail {0}
|
|
strategy:
|
|
matrix:
|
|
include:
|
|
- name: Linux
|
|
os: ubuntu-latest
|
|
# latest builds on https://hydra.nixos.org/jobset/nix/master/all at the time
|
|
nix_url: https://hydra.nixos.org/build/135773533/download/1/nix-2.4pre20210125_36c4d6f-x86_64-linux.tar.xz
|
|
- name: macOS
|
|
os: macos-latest
|
|
nix_url: https://hydra.nixos.org/build/135773542/download/1/nix-2.4pre20210125_36c4d6f-x86_64-darwin.tar.xz
|
|
# complete all jobs
|
|
fail-fast: false
|
|
name: ${{ matrix.name }}
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v2
|
|
# Install flakes-enabled Nix manually from Hydra since `install-nix-action` doesn't accept raw tarballs
|
|
- name: Install Nix
|
|
shell: bash -euo pipefail {0}
|
|
run: |
|
|
curl ${{ matrix.nix_url }} | tar -xJ
|
|
# Do a single-user install so actions/cache doesn't get confused about permissions
|
|
nix-*/install --no-daemon --no-channel-add --darwin-use-unencrypted-nix-store-volume
|
|
rm -rf nix-*
|
|
# Call `install-nix-action` anyways to run its Actions-specific setup
|
|
- name: Setup Nix
|
|
uses: cachix/install-nix-action@v12
|
|
- name: Fixup install-nix-action
|
|
shell: bash -euo pipefail {0}
|
|
run: |
|
|
# the path set by install-nix-action is valid only for multi-user installations
|
|
echo "NIX_SSL_CERT_FILE=$HOME/.nix-profile/etc/ssl/certs/ca-bundle.crt" > $GITHUB_ENV
|
|
if: matrix.name == 'macOS'
|
|
- name: Further setup Nix
|
|
run: |
|
|
mkdir -p ~/.config/nix
|
|
echo '
|
|
max-jobs = auto
|
|
extra-sandbox-paths = /nix/var/cache/ccache
|
|
extra-trusted-substituters = https://lean4.cachix.org/
|
|
extra-trusted-public-keys = lean4.cachix.org-1:mawtxSxcaiWE24xCXXgh3qnvlTkyU7evRRnGeAhD4Wk=' > ~/.config/nix/nix.conf
|
|
sudo mkdir -m0770 -p /nix/var/cache/ccache
|
|
# macOS standard chown doesn't support --reference
|
|
nix shell .#nixpkgs.coreutils -c sudo chown --reference=/nix /nix/var/cache/ccache
|
|
echo 'max_size = 50M' > /nix/var/cache/ccache/ccache.conf
|
|
|
|
# install & use Cachix manually since `cachix-action` pushes *all* derivations (incl. `$mod-deps`, stage 2&3, etc.)
|
|
nix-env -iA cachix -f https://cachix.org/api/v1/install
|
|
- name: Setup CCache Cache
|
|
uses: actions/cache@v2
|
|
with:
|
|
path: /nix/var/cache/ccache
|
|
key: ${{ matrix.name }}-nix-ccache-${{ github.sha }}
|
|
# fall back to (latest) previous cache
|
|
restore-keys: |
|
|
${{ matrix.name }}-nix-ccache
|
|
- name: Build
|
|
run: |
|
|
# .o files are not a runtime dependency on macOS because of lack of thin archives
|
|
nix build -v --print-build-logs .#stage0 .#stage1 .#Lean.oTree -o push-build
|
|
- name: Test
|
|
run: |
|
|
nix build -v --print-build-logs .#test -o push-test
|
|
- name: Build manual
|
|
run: |
|
|
nix build -v --print-build-logs .#mdbook .#doc-test -o push-doc
|
|
nix build -v --print-build-logs .#doc
|
|
if: matrix.name == 'Linux'
|
|
- name: Push to Cachix
|
|
run: |
|
|
[ -z "$CACHIX_AUTH_TOKEN" ] || cachix push -j4 lean4 ./push-* || true
|
|
env:
|
|
CACHIX_AUTH_TOKEN: '${{ secrets.CACHIX_AUTH_TOKEN }}'
|
|
- name: Publish manual
|
|
uses: peaceiris/actions-gh-pages@v3
|
|
with:
|
|
github_token: ${{ secrets.GITHUB_TOKEN }}
|
|
publish_dir: ./result
|
|
destination_dir: ./doc
|
|
if: matrix.name == 'Linux' && github.ref == 'refs/heads/master' && github.event_name == 'push'
|
|
- name: CCache stats
|
|
run: CCACHE_DIR=/nix/var/cache/ccache nix run .#nixpkgs.ccache -- -s
|