Release v0.37.2 #223
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Upload Amazon Images | |
| permissions: | |
| contents: read | |
| on: | |
| pull_request: | |
| merge_group: | |
| push: | |
| branches: [main] | |
| jobs: | |
| nix-checks: | |
| name: Basic Nix checks | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: DeterminateSystems/flake-checker-action@main | |
| with: | |
| fail-mode: false | |
| - uses: DeterminateSystems/nix-installer-action@main | |
| - uses: DeterminateSystems/magic-nix-cache-action@main | |
| - name: Check Nix formatting | |
| run: | | |
| nix develop --command nixpkgs-fmt --check flake.nix | |
| - name: nix flake check | |
| run: | | |
| nix flake check --all-systems | |
| - name: Check external links in README | |
| run: | | |
| nix develop --command \ | |
| lychee README.md | |
| - name: check image label | |
| run: | | |
| label="$(nix eval --raw .#nixosConfigurations.x86_64-linux.config.system.nixos.label)" | |
| echo "checking label '$label'..." | |
| set -x | |
| echo "${label}" | grep -E '^[0-9][0-9]\.[0-9][0-9]\..*'; | |
| build-ami: | |
| name: Upload NixOS AMI | |
| runs-on: ${{ matrix.system.runner }} | |
| environment: ${{ (github.event_name == 'push' && github.ref == 'refs/heads/main') && 'production' || '' }} | |
| permissions: | |
| contents: read | |
| id-token: write | |
| env: | |
| s3-bucket: detsys-nixos-images-20240916205705854200000001 | |
| strategy: | |
| matrix: | |
| system: | |
| - nix-system: x86_64-linux | |
| runner: ubuntu-latest | |
| - nix-system: aarch64-linux | |
| runner: UbuntuLatest32Cores128GArm | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: DeterminateSystems/nix-installer-action@main | |
| with: | |
| flakehub: true | |
| extra-conf: | | |
| extra-system-features = kvm | |
| # note: no magic-nix-cache. The build is nearly trivial, except for the gigantic disk image at the end. | |
| # No need to cache that monstrosity. | |
| - id: build-disk-image | |
| run: | | |
| nix build -L .#"diskImages.${{ matrix.system.nix-system }}.aws" | |
| suffix=$(readlink ./result | cut -d'/' -f4 | cut -d'-' -f1) | |
| echo "suffix=$suffix" >> "$GITHUB_OUTPUT" | |
| - uses: aws-actions/configure-aws-credentials@v4 | |
| if: github.event_name == 'merge_group' || github.event_name == 'push' | |
| with: | |
| role-to-assume: arn:aws:iam::535002876703:role/upload-ami | |
| aws-region: us-east-2 | |
| - name: Upload Smoke test AMI | |
| if: github.event_name == 'merge_group' || github.event_name == 'push' | |
| id: upload-smoke-test-ami | |
| run: | | |
| epoch="$(nix eval --raw .#epoch)" | |
| prefix="smoketest/epoch-${epoch}/" | |
| image_ids=$(nix develop --command upload-ami \ | |
| --image-info "./result/nix-support/image-info.json" \ | |
| --prefix "${prefix}" \ | |
| --s3-bucket "${{ env.s3-bucket }}" \ | |
| --run-id '${{ steps.build-disk-image.outputs.suffix }}') | |
| echo "image_ids=$image_ids" >> "$GITHUB_OUTPUT" | |
| - name: Smoke test | |
| if: github.event_name == 'merge_group' || github.event_name == 'push' | |
| id: smoke-test | |
| # NOTE: make sure smoke test isn't cancelled so that the instance gets cleaned up | |
| run: | | |
| image_ids='${{ steps.upload-smoke-test-ami.outputs.image_ids }}' | |
| image_id=$(echo "$image_ids" | jq -r '.["us-east-2"]') | |
| nix run .#smoke-test -- \ | |
| --image-id "$image_id" \ | |
| --run-id "${{ github.run_id }}-${{ github.run_attempt }}" \ | |
| --no-spot | |
| - name: Clean up smoke test | |
| # NOTE(colemickens): NixOS/amis#smoke-test has a finally to teardown instance, this is workflow-cancellation protection | |
| if: ${{ cancelled() && (github.event_name == 'merge_group' || github.event_name == 'push') }} | |
| run: | | |
| image_ids='${{ steps.upload-smoke-test-ami.outputs.image_ids }}' | |
| image_id=$(echo "$image_ids" | jq -r '.["us-east-2"]') | |
| nix run .#smoke-test -- \ | |
| --image-id "$image_id" \ | |
| --run-id "${{ github.run_id }}-${{ github.run_attempt }}" \ | |
| --cancel | |
| - name: Upload AMIs to all available regions | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| run: | | |
| epoch="$(nix eval --raw .#epoch)" | |
| prefix="determinate/nixos/epoch-${epoch}/" | |
| nix develop --command upload-ami \ | |
| --image-info "./result/nix-support/image-info.json" \ | |
| --prefix "${prefix}" \ | |
| --s3-bucket "detsys-nixos-images-20240916205705854200000001" \ | |
| --run-id "${{ github.run_id }}-${{ github.run_attempt }}" \ | |
| --copy-to-regions \ | |
| --public | |
| cache-dev-environment: | |
| name: Cache Nix development environment in FlakeHub Cache | |
| runs-on: ${{ matrix.system.runner }} | |
| permissions: | |
| contents: read | |
| id-token: write | |
| strategy: | |
| matrix: | |
| system: | |
| - nix-system: x86_64-linux | |
| runner: ubuntu-latest | |
| - nix-system: aarch64-linux | |
| runner: UbuntuLatest32Cores128GArm | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: DeterminateSystems/nix-installer-action@main | |
| with: | |
| flakehub: true | |
| - uses: DeterminateSystems/magic-nix-cache-action@main | |
| - run: | | |
| nix build .#devShells.${{ matrix.system.nix-system }}.default | |
| notify-for-update-prs: | |
| name: Notify Discord for update_flake_lock_action PRs | |
| runs-on: ubuntu-latest | |
| needs: | |
| - nix-checks | |
| - build-ami | |
| if: always() && github.head_ref == 'update_flake_lock_action' | |
| steps: | |
| - name: Notify | |
| uses: rjstone/discord-webhook-notify@v1 | |
| with: | |
| severity: info | |
| details: NixOS AMIs Update - ${{ needs.build-ami.result }} | |
| webhookUrl: ${{ secrets.DISCORD_WEBHOOK_URL }} |