From d39cc5ac0d226472f663267b7ff1e88ffd2c3f41 Mon Sep 17 00:00:00 2001
From: Wolfgang Walther <walther@technowledgy.de>
Date: Thu, 29 May 2025 21:51:14 +0200
Subject: [PATCH] workflows/build: build all the basics in a single workflow

This new workflow builds both manuals, the shell and the lib tests all
in a matrix of four jobs. This allows re-using the shared checkout and
the pinned nixpkgs download and saves time in the most likely cache: No
changes, just download from cache. Each step checks the cancelled
condition, which causes it to run even if the previous steps failed.
This way we get a full picture even if the first step fails immediately.

This could later be optimized to build more in parallel as well, but
we'll first need to clear the conditions on building the manuals on the
master branch only.

This reduces the number of jobs from up to 8 to 4 for this part.

(cherry picked from commit cd82aa54f525559f157360c3432d923bae3798a8)
---
 .../{manual-nixos-v2.yml => build.yml}        | 46 ++++++++++++----
 .github/workflows/check-shell.yml             | 55 -------------------
 .github/workflows/lib-tests.yml               | 44 ---------------
 .github/workflows/manual-nixpkgs-v2.yml       | 43 ---------------
 4 files changed, 36 insertions(+), 152 deletions(-)
 rename .github/workflows/{manual-nixos-v2.yml => build.yml} (52%)
 delete mode 100644 .github/workflows/check-shell.yml
 delete mode 100644 .github/workflows/lib-tests.yml
 delete mode 100644 .github/workflows/manual-nixpkgs-v2.yml

diff --git a/.github/workflows/manual-nixos-v2.yml b/.github/workflows/build.yml
similarity index 52%
rename from .github/workflows/manual-nixos-v2.yml
rename to .github/workflows/build.yml
index 347668a0ea79..d92f73eb0d3a 100644
--- a/.github/workflows/manual-nixos-v2.yml
+++ b/.github/workflows/build.yml
@@ -1,13 +1,10 @@
-name: "Build NixOS manual v2"
+name: Build
 
 on:
   pull_request:
     paths:
-      - .github/workflows/manual-nixos-v2.yml
+      - .github/workflows/build.yml
   pull_request_target:
-    branches:
-      - master
-      - release-*
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.head_ref || github.run_id }}
@@ -20,16 +17,24 @@ defaults:
     shell: bash
 
 jobs:
-  nixos:
-    name: nixos-manual-build
+  build:
     strategy:
       fail-fast: false
       matrix:
         include:
           - runner: ubuntu-24.04
             system: x86_64-linux
+            builds: [shell,manual-nixos,lib-tests]
           - runner: ubuntu-24.04-arm
             system: aarch64-linux
+            builds: [shell,manual-nixos,manual-nixpkgs,manual-nixpkgs-tests]
+          - runner: macos-13
+            system: x86_64-darwin
+            builds: [shell]
+          - runner: macos-14
+            system: aarch64-darwin
+            builds: [shell]
+    name: ${{ matrix.system }}
     runs-on: ${{ matrix.runner }}
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -50,13 +55,34 @@ jobs:
           name: nixpkgs-ci
           authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
 
+      - name: Build shell
+        if: contains(matrix.builds, 'shell')
+        run: nix-build untrusted/ci -A shell
+
       - name: Build NixOS manual
-        id: build-manual
-        run: nix-build untrusted/ci -A manual-nixos --argstr system ${{ matrix.system }}
+        if: |
+          contains(matrix.builds, 'manual-nixos') && !cancelled() &&
+          (github.base_ref == 'master' || startsWith(github.base_ref, 'release-'))
+        run: nix-build untrusted/ci -A manual-nixos --argstr system ${{ matrix.system }} --out-link nixos-manual
+
+      - name: Build Nixpkgs manual
+        if: contains(matrix.builds, 'manual-nixpkgs') && !cancelled()
+        run: nix-build untrusted/ci -A manual-nixpkgs -A manual-nixpkgs-tests
+
+      - name: Build Nixpkgs manual tests
+        if: contains(matrix.builds, 'manual-nixpkgs-tests') && !cancelled()
+        run: nix-build untrusted/ci -A manual-nixpkgs-tests
+
+      - name: Build lib tests
+        if: contains(matrix.builds, 'lib-tests') && !cancelled()
+        run: nix-build untrusted/ci -A lib-tests
 
       - name: Upload NixOS manual
+        if: |
+          contains(matrix.builds, 'manual-nixos') && !cancelled() &&
+          (github.base_ref == 'master' || startsWith(github.base_ref, 'release-'))
         uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: nixos-manual-${{ matrix.system }}
-          path: result/
+          path: nixos-manual
           if-no-files-found: error
diff --git a/.github/workflows/check-shell.yml b/.github/workflows/check-shell.yml
deleted file mode 100644
index 5f25b45ac163..000000000000
--- a/.github/workflows/check-shell.yml
+++ /dev/null
@@ -1,55 +0,0 @@
-name: "Check shell"
-
-on:
-  pull_request:
-    paths:
-      - .github/workflows/check-shell.yml
-  pull_request_target:
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.head_ref || github.run_id }}
-  cancel-in-progress: true
-
-permissions: {}
-
-defaults:
-  run:
-    shell: bash
-
-jobs:
-  shell-check:
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - runner: ubuntu-24.04
-            system: x86_64-linux
-          - runner: ubuntu-24.04-arm
-            system: aarch64-linux
-          - runner: macos-13
-            system: x86_64-darwin
-          - runner: macos-14
-            system: aarch64-darwin
-
-    name: shell-check-${{ matrix.system }}
-    runs-on: ${{ matrix.runner }}
-
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          sparse-checkout: .github/actions
-      - name: Check if the PR can be merged and checkout the merge commit
-        uses: ./.github/actions/get-merge-commit
-        with:
-          merged-as-untrusted: true
-
-      - uses: cachix/install-nix-action@17fe5fb4a23ad6cbbe47d6b3f359611ad276644c # v31
-
-      - uses: cachix/cachix-action@0fc020193b5a1fa3ac4575aa3a7d3aa6a35435ad # v16
-        with:
-          # This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere.
-          name: nixpkgs-ci
-          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
-
-      - name: Build shell
-        run: nix-build untrusted/ci -A shell
diff --git a/.github/workflows/lib-tests.yml b/.github/workflows/lib-tests.yml
deleted file mode 100644
index a8efbde6fd69..000000000000
--- a/.github/workflows/lib-tests.yml
+++ /dev/null
@@ -1,44 +0,0 @@
-name: "Building Nixpkgs lib-tests"
-
-on:
-  pull_request:
-    paths:
-      - .github/workflows/lib-tests.yml
-  pull_request_target:
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.head_ref || github.run_id }}
-  cancel-in-progress: true
-
-permissions: {}
-
-defaults:
-  run:
-    shell: bash
-
-jobs:
-  nixpkgs-lib-tests:
-    name: nixpkgs-lib-tests
-    runs-on: ubuntu-24.04
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          sparse-checkout: .github/actions
-      - name: Check if the PR can be merged and checkout the merge commit
-        uses: ./.github/actions/get-merge-commit
-        with:
-          merged-as-untrusted: true
-
-      - uses: cachix/install-nix-action@17fe5fb4a23ad6cbbe47d6b3f359611ad276644c # v31
-        with:
-          extra_nix_config: sandbox = true
-
-      - uses: cachix/cachix-action@0fc020193b5a1fa3ac4575aa3a7d3aa6a35435ad # v16
-        with:
-          # This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere.
-          name: nixpkgs-ci
-          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
-
-      - name: Building Nixpkgs lib-tests
-        run: |
-          nix-build untrusted/ci -A lib-tests
diff --git a/.github/workflows/manual-nixpkgs-v2.yml b/.github/workflows/manual-nixpkgs-v2.yml
deleted file mode 100644
index 1bd1e950578d..000000000000
--- a/.github/workflows/manual-nixpkgs-v2.yml
+++ /dev/null
@@ -1,43 +0,0 @@
-name: "Build Nixpkgs manual v2"
-
-on:
-  pull_request:
-    paths:
-      - .github/workflows/manual-nixpkgs-v2.yml
-  pull_request_target:
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.head_ref || github.run_id }}
-  cancel-in-progress: true
-
-permissions: {}
-
-defaults:
-  run:
-    shell: bash
-
-jobs:
-  nixpkgs:
-    name: nixpkgs-manual-build
-    runs-on: ubuntu-24.04-arm
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          sparse-checkout: .github/actions
-      - name: Check if the PR can be merged and checkout the merge commit
-        uses: ./.github/actions/get-merge-commit
-        with:
-          merged-as-untrusted: true
-
-      - uses: cachix/install-nix-action@17fe5fb4a23ad6cbbe47d6b3f359611ad276644c # v31
-        with:
-          extra_nix_config: sandbox = true
-
-      - uses: cachix/cachix-action@0fc020193b5a1fa3ac4575aa3a7d3aa6a35435ad # v16
-        with:
-          # This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere.
-          name: nixpkgs-ci
-          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
-
-      - name: Building Nixpkgs manual
-        run: nix-build untrusted/ci -A manual-nixpkgs -A manual-nixpkgs-tests