56d29bbae1
Because we have Rosetta, we can use a single darwin runner to build both shells. Most time is spent for downloading Nix and checking out Nixpkgs anyway and this can be saved if only run once. Also, this prepares for the deprecation of the old macos-13 runners, which were based on x86_64 CPUs in September 2025: https://github.blog/changelog/2025-07-11-upcoming-changes-to-macos-hosted-runners-macos-latest-migration-and-xcode-support-policy-updates/
104 lines
3.5 KiB
YAML
104 lines
3.5 KiB
YAML
name: Build
|
|
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
baseBranch:
|
|
required: true
|
|
type: string
|
|
mergedSha:
|
|
required: true
|
|
type: string
|
|
secrets:
|
|
CACHIX_AUTH_TOKEN:
|
|
required: true
|
|
|
|
permissions: {}
|
|
|
|
defaults:
|
|
run:
|
|
shell: bash
|
|
|
|
jobs:
|
|
build:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- runner: ubuntu-24.04
|
|
name: x86_64-linux
|
|
systems: x86_64-linux
|
|
builds: [shell, manual-nixos, lib-tests, tarball]
|
|
desc: shell, docs, lib, tarball
|
|
- runner: ubuntu-24.04-arm
|
|
name: aarch64-linux
|
|
systems: aarch64-linux
|
|
builds: [shell, manual-nixos, manual-nixpkgs, manual-nixpkgs-tests]
|
|
desc: shell, docs
|
|
- runner: macos-14
|
|
name: darwin
|
|
systems: aarch64-darwin x86_64-darwin
|
|
builds: [shell]
|
|
desc: shell
|
|
name: '${{ matrix.name }}: ${{ matrix.desc }}'
|
|
runs-on: ${{ matrix.runner }}
|
|
timeout-minutes: 60
|
|
steps:
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
with:
|
|
sparse-checkout: .github/actions
|
|
- name: Check if the PR can be merged and checkout the merge commit
|
|
uses: ./.github/actions/get-merge-commit
|
|
with:
|
|
mergedSha: ${{ inputs.mergedSha }}
|
|
merged-as-untrusted: true
|
|
pinnedFrom: untrusted
|
|
|
|
- uses: cachix/install-nix-action@fc6e360bedc9ee72d75e701397f0bb30dce77568 # v31
|
|
with:
|
|
# Sandbox is disabled on MacOS by default.
|
|
extra_nix_config: sandbox = true
|
|
|
|
- uses: cachix/cachix-action@0fc020193b5a1fa3ac4575aa3a7d3aa6a35435ad # v16
|
|
with:
|
|
# This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere.
|
|
name: nixpkgs-ci
|
|
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
|
|
|
|
- run: nix-env --install -f pinned -A nix-build-uncached
|
|
|
|
- name: Build shell
|
|
if: contains(matrix.builds, 'shell')
|
|
run: echo "${{ matrix.systems }}" | xargs -n1 nix-build-uncached untrusted/ci --arg nixpkgs ./pinned -A shell --argstr system
|
|
|
|
- name: Build NixOS manual
|
|
if: |
|
|
contains(matrix.builds, 'manual-nixos') && !cancelled() &&
|
|
contains(fromJSON(inputs.baseBranch).type, 'primary')
|
|
run: nix-build-uncached untrusted/ci --arg nixpkgs ./pinned -A manual-nixos --out-link nixos-manual
|
|
|
|
- name: Build Nixpkgs manual
|
|
if: contains(matrix.builds, 'manual-nixpkgs') && !cancelled()
|
|
run: nix-build-uncached untrusted/ci --arg nixpkgs ./pinned -A manual-nixpkgs -A manual-nixpkgs-tests
|
|
|
|
- name: Build Nixpkgs manual tests
|
|
if: contains(matrix.builds, 'manual-nixpkgs-tests') && !cancelled()
|
|
run: nix-build-uncached untrusted/ci --arg nixpkgs ./pinned -A manual-nixpkgs-tests
|
|
|
|
- name: Build lib tests
|
|
if: contains(matrix.builds, 'lib-tests') && !cancelled()
|
|
run: nix-build-uncached untrusted/ci --arg nixpkgs ./pinned -A lib-tests
|
|
|
|
- name: Build tarball
|
|
if: contains(matrix.builds, 'tarball') && !cancelled()
|
|
run: nix-build-uncached untrusted/ci --arg nixpkgs ./pinned -A tarball
|
|
|
|
- name: Upload NixOS manual
|
|
if: |
|
|
contains(matrix.builds, 'manual-nixos') && !cancelled() &&
|
|
contains(fromJSON(inputs.baseBranch).type, 'primary')
|
|
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
|
|
with:
|
|
name: nixos-manual-${{ matrix.name }}
|
|
path: nixos-manual
|