diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index f5b1cd81..c4f005bb 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -13,98 +13,29 @@ on: workflow_dispatch: env: - NIX_PUBLIC_KEY: "ipso-binary-cache-1:UMRLNOKcCsb/a2dBhtcZhRZP4RN8yIDsSUwHTObu2w4=" - - # Note: these values are duplicated in the `UPLOAD_TO_CACHE` script. - BINARY_CACHE_BUCKET: "ipso-binary-cache" - BINARY_CACHE_ENDPOINT: "7065dc7f7d1813a29036535b4c4f4014.r2.cloudflarestorage.com" - # Avoid [rate # limiting](https://discourse.nixos.org/t/flakes-provide-github-api-token-for-rate-limiting/18609) # by allowing Nix to make authenticated GitHub requests. NIX_CONFIG: "access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}" - # The version of ipso to use for CI scripts that are written in the language. - CI_IPSO_VERSION: "v0.5" jobs: tests: - runs-on: ubuntu-latest - env: - POST_BUILD_HOOK: ".github/workflows/postBuildHook" + runs-on: nixos steps: - - uses: actions/checkout@v2.4.0 + - uses: actions/checkout@v4.0.0 with: # `./scripts/recheck` uses `git diff` which accesses the repo's history. `fetch-depth: 0` fetches all branches and history. fetch-depth: 0 - - - uses: cachix/install-nix-action@v24 - - # Used by `uploadToCache` to sign store paths. - - run: "sudo bash -c 'echo \"${{ secrets.NIX_SIGNING_KEY }}\" > /run/nix-signing-key'" - - # Grants the Nix daemon access to the bucket, which allows `nix build` to - # authenticate with the binary cache bucket and fetch cache items. - - run: sudo mkdir /root/.aws - - run: "sudo bash -c 'echo -e \"[default]\naws_access_key_id=${{ secrets.AWS_ACCESS_KEY_ID }}\naws_secret_access_key=${{ secrets.AWS_SECRET_ACCESS_KEY }}\" > /root/.aws/credentials'" - - # Grants the runner access to the bucket, which allows `pueue` to - # authenticate with the binary cache bucket when pushing signed cache items. - - run: sudo mkdir ~/.aws - - run: sudo chown runner ~/.aws - - run: "echo -e \"[default]\naws_access_key_id=${{ secrets.AWS_ACCESS_KEY_ID}}\naws_secret_access_key=${{ secrets.AWS_SECRET_ACCESS_KEY }}\" > ~/.aws/credentials" - - # Allow the Nix daemon to execute the post-build-hook script. - - run: "sudo chmod +x $POST_BUILD_HOOK" - - # Used in `postBuildHook`. - - run: sudo cp .github/workflows/uploadToCache /run/uploadToCache - - # [note: installing Ipso binary] - # - # Installing an Ipso release binary leads to more reliable Nix caching (versus using `nix - # profile install`). See . - - name: Install Ipso binary - run: | - mkdir -p $HOME/bin - curl -L \ - "https://github.com/LightAndLight/ipso/releases/download/$CI_IPSO_VERSION/ipso-linux-x86_64" \ - > $HOME/bin/ipso - chmod +x $HOME/bin/ipso - echo "$HOME/bin" >> $GITHUB_PATH - - - run: nix profile install nixpkgs#pueue - - # [note: nix profile install not adding to PATH] - # - # `nix profile install nixpkgs#pueue` used to "just work", but on 2023-03-02 I started getting - # `pueued: command not found` errors. So add it to the path manually. - # - # [Docs for `GITHUB_PATH`](https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#adding-a-system-path) - - run: echo "$(readlink ~/.nix-profile)/bin" >> $GITHUB_PATH - - - run: pueued -d - - - name: cache .cargo - uses: actions/cache@v3 - env: - cache-name: cache-crates-io-index - with: - path: | - ~/.cargo/registry/index - ~/.cargo/registry/src - key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('Cargo.lock') }} - restore-keys: | - ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('Cargo.lock') }} - ${{ runner.os }}-build-${{ env.cache-name }}- - - - name: "tests" + + - name: Run tests (pull request) if: github.event_name == 'pull_request' - run: > - nix develop .#tests - --extra-substituters "s3://$BINARY_CACHE_BUCKET?scheme=https&endpoint=$BINARY_CACHE_ENDPOINT" - --extra-trusted-public-keys "$NIX_PUBLIC_KEY" - --post-build-hook "$GITHUB_WORKSPACE/$POST_BUILD_HOOK" - -c ./scripts/recheck origin/$GITHUB_BASE_REF $GITHUB_REF_NAME + run: | + nix build .#test-package -L --option post-build-hook "" + export CARGO_HOME=$STATE_DIRECTORY/.cargo + export CARGO_TARGET_DIR=$(realpath --relative-to "$PWD" $STATE_DIRECTORY/target) + nix develop .#tests \ + --post-build-hook "$RUNNER_TEMP/postBuildHook-$GITHUB_RUN_ID-$GITHUB_RUN_NUMBER" \ + -c ./scripts/recheck origin/$GITHUB_BASE_REF $GITHUB_REF_NAME # `tests.yml` is currently set to run on pushes to `main`. When that happens, `$GITHUB_BASE_REF` # isn't set because it's not a pull request. Instead we use the most recent commit before the @@ -113,27 +44,26 @@ jobs: # as the "old" commit for `./scripts/recheck`. # # If it's a force push (which it really shouldn't be for main) then we skip this step. - - name: "tests" + - name: Run tests (push) if: github.event_name == 'push' && !github.event.forced run: > nix develop .#tests - --extra-substituters "s3://$BINARY_CACHE_BUCKET?scheme=https&endpoint=$BINARY_CACHE_ENDPOINT" - --extra-trusted-public-keys "$NIX_PUBLIC_KEY" - --post-build-hook "$GITHUB_WORKSPACE/$POST_BUILD_HOOK" + --post-build-hook "$RUNNER_TEMP/postBuildHook-$GITHUB_RUN_ID-$GITHUB_RUN_NUMBER" -c ./scripts/recheck ${{ github.event.before }} $GITHUB_REF_NAME - - - name: wait for uploads to finish - if: always() - run: pueue wait - - - name: log all uploads - if: always() - run: pueue log --json | jq '.[].task.original_command' -r - - - name: log failed uploads - if: always() - run: pueue log --json | jq 'to_entries[] | select(.value.task.status.Done != "Success") | .key' -r | xargs -r pueue log - - - name: check uploads succeeded - if: always() - run: "[ \"$(pueue log --json | jq 'to_entries[] | select(.value.task.status.Done != \"Success\") | .key' -r)\" == \"\" ]" \ No newline at end of file + + - name: Wait for uploads to finish + # This used to be always(), which can't be cancelled: + if: ${{ !cancelled() }} + run: pueue log --json | jq '.[].task | select(.label == "'$GITHUB_RUN_ID-$GITHUB_RUN_NUMBER'") | .id' | xargs -r pueue wait + + - name: Log all uploads + if: ${{ !cancelled() }} + run: pueue log --json | jq 'select(.[].task.label == "'$GITHUB_RUN_ID-$GITHUB_RUN_NUMBER'") | .[].task.original_command' -r + + - name: Log failed uploads + if: ${{ !cancelled() }} + run: pueue log --json | jq 'select(.[].task.label == "'$GITHUB_RUN_ID-$GITHUB_RUN_NUMBER'") | to_entries[] | select(.value.task.status.Done != "Success") | .key' -r | xargs -r pueue log + + - name: Check uploads succeeded + if: ${{ !cancelled() }} + run: "[ \"$(pueue log --json | jq 'select (.[].task.label == \"'$GITHUB_RUN_ID-$GITHUB_RUN_NUMBER'\") | to_entries[] | select(.value.task.status.Done != \"Success\") | .key' -r)\" == \"\" ]" \ No newline at end of file diff --git a/flake.nix b/flake.nix index da4c75bd..5dae785a 100644 --- a/flake.nix +++ b/flake.nix @@ -35,6 +35,15 @@ ipso-cli = (rustPkgs { release = true; }).workspace.ipso-cli {}; ipso-golden = pkgs.haskell.lib.justStaticExecutables (import ./tests/golden { inherit pkgs; }); ipso-shebang = pkgs.haskell.lib.justStaticExecutables (import ./tests/shebang { inherit pkgs; }); + test-package = pkgs.stdenv.mkDerivation { + name = "test-package"; + unpackPhase = "true"; + buildPhase = "true"; + installPhase = '' + mkdir $out + echo "test 4" > $out/test + ''; + }; }; defaultPackage = packages.ipso-cli; diff --git a/scripts/golden b/scripts/golden index 10c27a44..74d95569 100755 --- a/scripts/golden +++ b/scripts/golden @@ -2,4 +2,4 @@ set -e cargo build -ipso-golden --bin "$PWD/target/debug/ipso" --dir examples "$@" \ No newline at end of file +ipso-golden --bin "$PWD/${CARGO_TARGET_DIR:-target}/debug/ipso" --dir examples "$@" \ No newline at end of file diff --git a/scripts/shebang b/scripts/shebang index d58d9f73..ef1573a9 100755 --- a/scripts/shebang +++ b/scripts/shebang @@ -2,4 +2,4 @@ set -e cargo build -env PATH="$PATH:$PWD/target/debug" ipso-shebang --dir examples/shebang "$@" \ No newline at end of file +env PATH="$PATH:$PWD/${CARGO_TARGET_DIR:-target}/debug" ipso-shebang --dir examples/shebang "$@" \ No newline at end of file