CI #68
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "CI" | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- "main" | |
pull_request: | |
schedule: | |
- cron: "0 0 * * *" | |
jobs: | |
envs: | |
name: "Find environments" | |
runs-on: "ubuntu-latest" | |
outputs: | |
envs_test: "${{ steps.envs.outputs.envs_test }}" | |
envs_push: "${{ steps.envs.outputs.envs_push }}" | |
steps: | |
- name: "Checkout" | |
uses: "actions/checkout@v4" | |
with: | |
fetch-depth: 5 | |
ref: ${{ github.head_ref }} | |
- name: "Find environment" | |
id: "envs" | |
run: | | |
envs_test="[" | |
envs_push="[" | |
update_all= | |
if git diff --name-only HEAD~1 HEAD -- | grep -E "flake.nix|flake.lock|.github" ; then | |
echo detected major change | |
update_all=true | |
fi | |
while IFS= read manifest_path; do | |
env_path=$(realpath -s $(dirname $manifest_path)/../..) | |
rel_env_path="${env_path#$PWD/}" | |
if [ -f "$env_path/test.sh" ]; then | |
name=$(basename $env_path) | |
if [ "$update_all" != "true" ] && ( git diff --name-only HEAD~1 HEAD | grep -qv "$rel_env_path/" ; ) ; then | |
continue | |
fi | |
num_of_services=$(yq -oy '.services | length' $manifest_path) | |
start_services="true" | |
if [ "$num_of_services" -eq 0 ]; then | |
start_services="false" | |
fi | |
readarray systems < <(yq e -o=j -I=0 '.options.systems[]' $manifest_path) | |
comma_test="" | |
if [ "$envs_test" != "[" ]; then comma_test=","; fi | |
for system in "${systems[@]}"; do | |
system=$(echo $system | xargs) | |
envs_test="$envs_test$comma_test{\"example\":\"$name\",\"system\":\"$system\",\"start_services\":$start_services}" | |
comma_test="," | |
done | |
comma_push="" | |
if [ "$envs_push" != "[" ]; then comma_push=","; fi | |
envs_push="$envs_push$comma_push{\"example\":\"$name\"}" | |
fi | |
done <<< "$(find $PWD -name manifest.toml)" | |
envs_test="$envs_test]" | |
envs_push="$envs_push]" | |
echo "-- ENVS_TEST ---------------" | |
echo "$envs_test" | jq | |
echo "----------------------------" | |
echo "-- ENVS_PUSH ---------------" | |
echo "$envs_push" | jq | |
echo "----------------------------" | |
echo "envs_test=$envs_test" >> "$GITHUB_OUTPUT" | |
echo "envs_push=$envs_push" >> "$GITHUB_OUTPUT" | |
test: | |
name: "Test '${{ matrix.example }}' example on '${{ matrix.system }}'" | |
runs-on: "ubuntu-latest" | |
needs: | |
- "envs" | |
strategy: | |
fail-fast: false | |
matrix: | |
include: ${{ fromJSON(needs.envs.outputs.envs_test ) }} | |
steps: | |
- name: "Setup SSH" | |
uses: "webfactory/ssh-agent@v0.9.0" | |
with: | |
ssh-private-key: "${{ secrets.MANAGED_FLOXBOT_SSH_KEY }}" | |
- name: "Setup Tailscale" | |
uses: "tailscale/github-action@v2" | |
with: | |
args: "--timeout 30s --login-server ${{ vars.MANAGED_TAILSCALE_URL }}" | |
tags: "tag:ci" | |
authkey: "${{ secrets.MANAGED_TAILSCALE_AUTH_KEY }}" | |
- name: "Find remote server to run tests on" | |
run: | | |
set -eo pipefail | |
echo "${{ vars.MANAGED_REMOTE_BUILDERS }}" > machines | |
export REMOTE_SERVER=$(cat machines | grep ${{ matrix.system }} | cut -f1 -d' ' | cut -f3 -d'/' | head -1 | sed 's/nixbld@//' ; ) | |
export REMOTE_SERVER_USER_KNOWN_HOSTS_FILE=$(mktemp) | |
export REMOTE_PUBLIC_HOST_KEY=$(cat machines | grep ${{ matrix.system }} | tr -s ' ' | cut -f8 -d' ' | base64 -d ; ) | |
printf "%s %s\n" "$REMOTE_SERVER" "$REMOTE_PUBLIC_HOST_KEY" > "$REMOTE_SERVER_USER_KNOWN_HOSTS_FILE" | |
echo "REMOTE_SERVER: $REMOTE_SERVER" | |
echo "REMOTE_SERVER_USER_KNOWN_HOSTS_FILE: $REMOTE_SERVER_USER_KNOWN_HOSTS_FILE" | |
cat $REMOTE_SERVER_USER_KNOWN_HOSTS_FILE | |
echo "REMOTE_SERVER=$REMOTE_SERVER" >> $GITHUB_ENV | |
echo "REMOTE_SERVER_USER_KNOWN_HOSTS_FILE=$REMOTE_SERVER_USER_KNOWN_HOSTS_FILE" >> $GITHUB_ENV | |
- name: "Test environment" | |
run: | | |
ssh github@$REMOTE_SERVER \ | |
-oUserKnownHostsFile=$REMOTE_SERVER_USER_KNOWN_HOSTS_FILE \ | |
nix run \ | |
--accept-flake-config \ | |
--extra-experimental-features '"nix-command flakes"' \ | |
--option access-tokens "github.com=${{ secrets.MANAGED_FLOXBOT_GITHUB_ACCESS_TOKEN_REPO_SCOPE }}" \ | |
github:flox/floxenvs/${{ github.sha }}#apps.${{ matrix.system }}.test-${{ matrix.example }} -- ${{ matrix.start_services }} | |
push: | |
name: "Sync '${{ matrix.example }}' manifest" | |
runs-on: "ubuntu-latest" | |
if: (github.event_name == 'push' && github.ref_name == 'main') || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' | |
needs: | |
- "envs" | |
- "test" | |
env: | |
FLOX_BIN: "flox -vvv" | |
FLOX_REMOTE_OWNER: "flox" | |
FLOX_AUTH0_URL: "https://auth.flox.dev" | |
strategy: | |
matrix: | |
include: ${{ fromJSON(needs.envs.outputs.envs_push ) }} | |
steps: | |
- name: "Checkout" | |
uses: "actions/checkout@v4" | |
- name: "Install flox" | |
uses: "flox/install-flox-action@main" | |
- name: "Get FloxHub token" | |
run: | | |
echo "FLOX_FLOXHUB_TOKEN=$( | |
curl --request POST \ | |
--url $FLOX_AUTH0_URL/oauth/token \ | |
--header 'content-type: application/x-www-form-urlencoded' \ | |
--data "client_id=${{ secrets.MANAGED_FLOXENVS_AUTH0_CLIENT_ID }}" \ | |
--data "audience=https://hub.flox.dev/api" \ | |
--data "grant_type=client_credentials" \ | |
--data "client_secret=${{ secrets.MANAGED_FLOXENVS_AUTH0_CLIENT_SECRET }}" \ | |
| jq .access_token -r)" >> $GITHUB_ENV | |
- name: "Pull or Create remote environment" | |
run: | | |
pushd ./${{ matrix.example }} | |
if flox list --config --remote "$FLOX_REMOTE_OWNER/${{ matrix.example }}" >/dev/null; then | |
$FLOX_BIN pull --remote "$FLOX_REMOTE_OWNER/${{ matrix.example }}" --dir "remote" | |
else | |
echo "WARN: No environment $FLOX_REMOTE_OWNER/${{ matrix.example }} found on FloxHub" | |
echo "WARN: Creating a new environment ${{ matrix.example }}" | |
$FLOX_BIN init --name ${{ matrix.example }} --dir "remote" | |
$FLOX_BIN push --dir "remote" | |
fi | |
popd | |
- name: "Sync to remote environment" | |
run: | | |
pushd ./${{ matrix.example }} | |
cp -rf .flox/env/* remote/.flox/env/ | |
$FLOX_BIN edit --sync --dir "remote" | |
popd | |
- name: "Push to remote environment" | |
run: | | |
pushd ./${{ matrix.example }} | |
$FLOX_BIN push --dir "remote" | |
popd | |
report-failure: | |
name: "Report Failure" | |
runs-on: "ubuntu-latest" | |
if: ${{ failure() && github.ref == 'refs/heads/main' && (github.event_name == 'push' || github.event_name == 'schedule') }} | |
needs: | |
- "test" | |
- "push" | |
steps: | |
- name: "Slack Notification" | |
uses: "rtCamp/action-slack-notify@v2" | |
env: | |
SLACK_TITLE: "Something broke CI for floxenvs" | |
SLACK_FOOTER: "Thank you for caring" | |
SLACK_WEBHOOK: "${{ secrets.MANAGED_SLACK_WEBHOOK }}" | |
SLACK_USERNAME: "GitHub" | |
SLACK_ICON_EMOJI: ":poop:" | |
SLACK_COLOR: "#ff2800" # ferrari red -> https://encycolorpedia.com/ff2800 | |
SLACK_LINK_NAMES: true |