.github/workflows/build.yml at python-updates · tjh.dev/nixpkgs

tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
nixpkgs / .github / workflows / build.yml
at python-updates 3.3 kB view raw
  1name: Build
  2
  3on:
  4  workflow_call:
  5    inputs:
  6      baseBranch:
  7        required: true
  8        type: string
  9      mergedSha:
 10        required: true
 11        type: string
 12    secrets:
 13      CACHIX_AUTH_TOKEN:
 14        required: true
 15
 16permissions: {}
 17
 18defaults:
 19  run:
 20    shell: bash
 21
 22jobs:
 23  build:
 24    strategy:
 25      fail-fast: false
 26      matrix:
 27        include:
 28          - runner: ubuntu-24.04
 29            system: x86_64-linux
 30            builds: [shell, manual-nixos, lib-tests, tarball]
 31            desc: shell, docs, lib, tarball
 32          - runner: ubuntu-24.04-arm
 33            system: aarch64-linux
 34            builds: [shell, manual-nixos, manual-nixpkgs, manual-nixpkgs-tests]
 35            desc: shell, docs
 36          - runner: macos-13
 37            system: x86_64-darwin
 38            builds: [shell]
 39            desc: shell
 40          - runner: macos-14
 41            system: aarch64-darwin
 42            builds: [shell]
 43            desc: shell
 44    name: '${{ matrix.system }}: ${{ matrix.desc }}'
 45    runs-on: ${{ matrix.runner }}
 46    steps:
 47      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 48        with:
 49          sparse-checkout: .github/actions
 50      - name: Check if the PR can be merged and checkout the merge commit
 51        uses: ./.github/actions/get-merge-commit
 52        with:
 53          mergedSha: ${{ inputs.mergedSha }}
 54          merged-as-untrusted: true
 55
 56      - uses: cachix/install-nix-action@f0fe604f8a612776892427721526b4c7cfb23aba # v31
 57        with:
 58          extra_nix_config: sandbox = true
 59
 60      - uses: cachix/cachix-action@0fc020193b5a1fa3ac4575aa3a7d3aa6a35435ad # v16
 61        with:
 62          # This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere.
 63          name: nixpkgs-ci
 64          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
 65
 66      - name: Build shell
 67        if: contains(matrix.builds, 'shell')
 68        run: nix-build untrusted/ci -A shell
 69
 70      - name: Build NixOS manual
 71        if: |
 72          contains(matrix.builds, 'manual-nixos') && !cancelled() &&
 73          contains(fromJSON(inputs.baseBranch).type, 'primary')
 74        run: nix-build untrusted/ci -A manual-nixos --argstr system ${{ matrix.system }} --out-link nixos-manual
 75
 76      - name: Build Nixpkgs manual
 77        if: contains(matrix.builds, 'manual-nixpkgs') && !cancelled()
 78        run: nix-build untrusted/ci -A manual-nixpkgs -A manual-nixpkgs-tests
 79
 80      - name: Build Nixpkgs manual tests
 81        if: contains(matrix.builds, 'manual-nixpkgs-tests') && !cancelled()
 82        run: nix-build untrusted/ci -A manual-nixpkgs-tests
 83
 84      - name: Build lib tests
 85        if: contains(matrix.builds, 'lib-tests') && !cancelled()
 86        run: nix-build untrusted/ci -A lib-tests
 87
 88      - name: Build tarball
 89        if: contains(matrix.builds, 'tarball') && !cancelled()
 90        run: nix-build untrusted/ci -A tarball
 91
 92      - name: Upload NixOS manual
 93        if: |
 94          contains(matrix.builds, 'manual-nixos') && !cancelled() &&
 95          contains(fromJSON(inputs.baseBranch).type, 'primary')
 96        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
 97        with:
 98          name: nixos-manual-${{ matrix.system }}
 99          path: nixos-manual
100          if-no-files-found: error