diff --git a/.forgejo/workflows/eval-shell.yaml b/.forgejo/workflows/eval-shell.yaml new file mode 100644 index 0000000..7d5bae6 --- /dev/null +++ b/.forgejo/workflows/eval-shell.yaml @@ -0,0 +1,19 @@ +jobs: + build-shell: + runs-on: nix + steps: + - uses: actions/checkout@v3 + - env: + STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/ + STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} + STORE_USER: admin + name: Build and cache shell + run: nix-shell -A eval-shell --run "nix-build-and-cache -A devShell" +name: Build the shell +on: + pull_request: + branches: + - main + push: + branches: + - main diff --git a/default.nix b/default.nix index d03f4b4..c1d506f 100644 --- a/default.nix +++ b/default.nix @@ -180,6 +180,7 @@ in pre-commit.shellHook = git-checks.shellHook; check-workflows.shellHook = workflows.shellHook; eval-nodes.packages = [ scripts.cache-node ]; + eval-shell.packages = [ scripts.nix-build-and-cache ]; }; }; } diff --git a/scripts/cache-node.sh b/scripts/cache-node.sh index 1445255..fab3636 100755 --- a/scripts/cache-node.sh +++ b/scripts/cache-node.sh @@ -35,23 +35,4 @@ esac drv=$(colmena eval --instantiate -E "{ nodes, ... }: nodes.${BUILD_NODE}.${toplevel_path}" --show-trace) # Build the derivation and send it to the great beyond -nix-store --query --requisites --force-realise --include-outputs "$drv" | grep -v '.*\.drv' >paths.txt - -if [ "$STORE_PASSWORD" == "" ]; then - echo "No password given for the remote cache, uploading cannot take place." - exit 0 -fi - -cat <.netrc -default -login $STORE_USER -password $STORE_PASSWORD -EOF - -nix copy \ - --extra-experimental-features nix-command \ - --to "$STORE_ENDPOINT?compression=none" \ - --netrc-file .netrc \ - "$(nix-store --realise "$drv")" - -rm .netrc +push-to-cache "$(nix-store --realise "$drv")" diff --git a/scripts/default.nix b/scripts/default.nix index b73187a..6a021ff 100644 --- a/scripts/default.nix +++ b/scripts/default.nix @@ -20,7 +20,12 @@ let ; scripts = { - cache-node = [ colmena ]; + cache-node = [ + colmena + self.push-to-cache + ]; + push-to-cache = [ ]; + nix-build-and-cache = [ self.push-to-cache ]; check-deployment = [ colmena jq @@ -29,13 +34,14 @@ let launch-vm = [ colmena ]; list-nodes = [ jq ]; }; + + self = mapAttrs ( + name: runtimeInputs: + writeShellApplication { + inherit name runtimeInputs; + + text = builtins.readFile ./${name}.sh; + } + ) scripts; in - -mapAttrs ( - name: runtimeInputs: - writeShellApplication { - inherit name runtimeInputs; - - text = builtins.readFile ./${name}.sh; - } -) scripts +self diff --git a/scripts/nix-build-and-cache.sh b/scripts/nix-build-and-cache.sh new file mode 100644 index 0000000..48f33c4 --- /dev/null +++ b/scripts/nix-build-and-cache.sh @@ -0,0 +1,5 @@ +# SPDX-FileCopyrightText: 2024 Maurice Debray +# +# SPDX-License-Identifier: EUPL-1.2 + +push-to-cache "$(nix-build "$@")" diff --git a/workflows/eval-shell.nix b/workflows/eval-shell.nix new file mode 100644 index 0000000..3bdd043 --- /dev/null +++ b/workflows/eval-shell.nix @@ -0,0 +1,29 @@ +# SPDX-FileCopyrightText: 2024 Tom Hubrecht +# +# SPDX-License-Identifier: EUPL-1.2 + +{ + name = "Build the shell"; + on = { + pull_request.branches = [ "main" ]; + push.branches = [ "main" ]; + }; + + jobs = { + build-shell = { + runs-on = "nix"; + steps = [ + { uses = "actions/checkout@v3"; } + { + name = "Build and cache shell"; + run = ''nix-shell -A eval-shell --run "nix-build-and-cache -A devShell"''; + env = { + STORE_ENDPOINT = "https://tvix-store.dgnum.eu/infra-signing/"; + STORE_USER = "admin"; + STORE_PASSWORD = "\${{ secrets.STORE_PASSWORD }}"; + }; + } + ]; + }; + }; +}