mirror of
https://github.com/CHN-beta/nixpkgs.git
synced 2026-01-11 18:32:23 +08:00
e3ff0fab42
Pushing the source path to cachix is pointless, because the only source
we're using is Nixpkgs - and that will always be available already via
checkout. No need to ever substitute it, so no need to push it either.
(cherry picked from commit 2400bdf0d4)
106 lines
3.6 KiB
YAML
106 lines
3.6 KiB
YAML
name: Build
|
|
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
baseBranch:
|
|
required: true
|
|
type: string
|
|
mergedSha:
|
|
required: true
|
|
type: string
|
|
secrets:
|
|
CACHIX_AUTH_TOKEN:
|
|
required: true
|
|
|
|
permissions: {}
|
|
|
|
defaults:
|
|
run:
|
|
shell: bash
|
|
|
|
jobs:
|
|
build:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- runner: ubuntu-24.04
|
|
name: x86_64-linux
|
|
systems: x86_64-linux
|
|
builds: [shell, manual-nixos, lib-tests, tarball]
|
|
desc: shell, docs, lib, tarball
|
|
- runner: ubuntu-24.04-arm
|
|
name: aarch64-linux
|
|
systems: aarch64-linux
|
|
builds: [shell, manual-nixos, manual-nixpkgs, manual-nixpkgs-tests]
|
|
desc: shell, docs
|
|
- runner: macos-14
|
|
name: darwin
|
|
systems: aarch64-darwin x86_64-darwin
|
|
builds: [shell]
|
|
desc: shell
|
|
name: '${{ matrix.name }}: ${{ matrix.desc }}'
|
|
runs-on: ${{ matrix.runner }}
|
|
timeout-minutes: 60
|
|
steps:
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
with:
|
|
sparse-checkout: .github/actions
|
|
- name: Check if the PR can be merged and checkout the merge commit
|
|
uses: ./.github/actions/get-merge-commit
|
|
with:
|
|
mergedSha: ${{ inputs.mergedSha }}
|
|
merged-as-untrusted: true
|
|
pinnedFrom: untrusted
|
|
|
|
- uses: cachix/install-nix-action@fc6e360bedc9ee72d75e701397f0bb30dce77568 # v31
|
|
with:
|
|
# Sandbox is disabled on MacOS by default.
|
|
extra_nix_config: sandbox = true
|
|
|
|
- uses: cachix/cachix-action@0fc020193b5a1fa3ac4575aa3a7d3aa6a35435ad # v16
|
|
with:
|
|
# The nixpkgs-ci cache should not be trusted or used outside of Nixpkgs and its forks' CI.
|
|
name: ${{ vars.CACHIX_NAME || 'nixpkgs-ci' }}
|
|
extraPullNames: nixpkgs-ci
|
|
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
|
|
pushFilter: -source$
|
|
|
|
- run: nix-env --install -f pinned -A nix-build-uncached
|
|
|
|
- name: Build shell
|
|
if: contains(matrix.builds, 'shell')
|
|
run: echo "${{ matrix.systems }}" | xargs -n1 nix-build-uncached untrusted/ci --arg nixpkgs ./pinned -A shell --argstr system
|
|
|
|
- name: Build NixOS manual
|
|
if: |
|
|
contains(matrix.builds, 'manual-nixos') && !cancelled() &&
|
|
contains(fromJSON(inputs.baseBranch).type, 'primary')
|
|
run: nix-build-uncached untrusted/ci --arg nixpkgs ./pinned -A manual-nixos --out-link nixos-manual
|
|
|
|
- name: Build Nixpkgs manual
|
|
if: contains(matrix.builds, 'manual-nixpkgs') && !cancelled()
|
|
run: nix-build-uncached untrusted/ci --arg nixpkgs ./pinned -A manual-nixpkgs -A manual-nixpkgs-tests
|
|
|
|
- name: Build Nixpkgs manual tests
|
|
if: contains(matrix.builds, 'manual-nixpkgs-tests') && !cancelled()
|
|
run: nix-build-uncached untrusted/ci --arg nixpkgs ./pinned -A manual-nixpkgs-tests
|
|
|
|
- name: Build lib tests
|
|
if: contains(matrix.builds, 'lib-tests') && !cancelled()
|
|
run: nix-build-uncached untrusted/ci --arg nixpkgs ./pinned -A lib-tests
|
|
|
|
- name: Build tarball
|
|
if: contains(matrix.builds, 'tarball') && !cancelled()
|
|
run: nix-build-uncached untrusted/ci --arg nixpkgs ./pinned -A tarball
|
|
|
|
- name: Upload NixOS manual
|
|
if: |
|
|
contains(matrix.builds, 'manual-nixos') && !cancelled() &&
|
|
contains(fromJSON(inputs.baseBranch).type, 'primary')
|
|
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
|
|
with:
|
|
name: nixos-manual-${{ matrix.name }}
|
|
path: nixos-manual
|