chore: Update lockfile of `sharing` flox environment #1050

Workflow file for this run

	name: "CI"

	on:
	workflow_dispatch:
	push:
	branches:
	- "main"
	- "preview"
	pull_request:
	schedule:
	- cron: "0 0 * * *"

	env:
	FLOX_DISABLE_METRICS: "true"

	jobs:

	envs:
	name: "Find environments"
	runs-on: "ubuntu-latest"
	timeout-minutes: 30

	outputs:
	envs_per_system: "${{ steps.envs.outputs.envs_per_system }}"
	envs_only: "${{ steps.envs.outputs.envs_only }}"

	steps:
	- name: "Checkout"
	uses: "actions/checkout@v4"
	with:
	fetch-depth: 0
	ref: ${{ github.head_ref }}

	- name: "Find environment"
	id: "envs"
	run: \|
	envs_per_system="["
	envs_only="["

	update_all=${{ github.event_name == 'schedule' && 'true' \|\| '' }}
	BASE_SHA="${{ github.event_name == 'pull_request' && github.event.pull_request.base.sha \|\| 'HEAD~1' }}"
	if git diff --name-only $BASE_SHA HEAD -- \| grep -E "flake.nix\|flake.lock\|.github" ; then
	echo "detected major change"
	update_all=true
	fi

	while IFS= read manifest_path; do
	env_path=$(realpath -s $(dirname $manifest_path)/../..)
	rel_env_path="${env_path#$PWD/}"
	echo "env_path=$env_path"
	echo "rel_env_path=$rel_env_path"
	if [ -f "$env_path/test.sh" ] && [ "$update_all" == "true" ] \|\| ( git diff --name-only $BASE_SHA HEAD \| grep -q "$rel_env_path/" ; ); then
	name=$(basename $env_path)

	num_of_services=$(yq -oy '.services \| length' $manifest_path)
	start_services="true"
	if [ "$num_of_services" -eq 0 ]; then
	start_services="false"
	fi

	readarray systems < <(yq e -o=j -I=0 '.options.systems[]' $manifest_path)
	comma_per_system=""
	if [ "$envs_per_system" != "[" ]; then comma_per_system=","; fi
	for system in "${systems[@]}"; do
	system=$(echo $system \| xargs)
	envs_per_system="$envs_per_system$comma_per_system{\"example\":\"$name\",\"system\":\"$system\",\"start_services\":$start_services}"
	comma_per_system=","
	done

	comma_only=""
	if [ "$envs_only" != "[" ]; then comma_only=","; fi
	envs_only="$envs_only$comma_only{\"example\":\"$name\"}"
	fi
	done <<< "$(find $PWD -name manifest.toml)"
	envs_per_system="$envs_per_system]"
	envs_only="$envs_only]"

	echo "-- envs_per_system ---------"
	echo "$envs_per_system" \| jq
	echo "----------------------------"

	echo "-- envs_only ---------------"
	echo "$envs_only" \| jq
	echo "----------------------------"

	echo "envs_per_system=$envs_per_system" >> "$GITHUB_OUTPUT"
	echo "envs_only=$envs_only" >> "$GITHUB_OUTPUT"

	test:
	name: "Test '${{ matrix.example }}' example on '${{ matrix.system }}'"
	runs-on: "ubuntu-latest"
	timeout-minutes: 30

	needs:
	- "envs"

	strategy:
	fail-fast: false
	max-parallel: 8
	matrix:
	include: ${{ fromJSON(needs.envs.outputs.envs_per_system ) }}

	steps:
	- name: "Setup SSH"
	uses: "webfactory/[email protected]"
	with:
	ssh-private-key: "${{ secrets.MANAGED_FLOXBOT_SSH_KEY }}"

	- name: "Setup Tailscale"
	uses: "tailscale/github-action@v3"
	with:
	args: "--timeout 30s --login-server ${{ vars.MANAGED_TAILSCALE_URL }}"
	tags: "tag:ci"
	authkey: "${{ secrets.MANAGED_TAILSCALE_AUTH_KEY }}"

	- name: "Find remote server to run tests on"
	run: \|
	set -eo pipefail
	echo "${{ vars.MANAGED_REMOTE_BUILDERS }}" > machines
	export REMOTE_SERVER_ENTRY=$(cat machines \| shuf \| grep ${{ matrix.system }} \| head -1 ; )
	export REMOTE_SERVER_ADDRESS=$(echo "$REMOTE_SERVER_ENTRY" \| cut -f1 -d' ' \| cut -f3 -d'/' \| sed 's/nixbld@//' ; )
	export REMOTE_SERVER_USER_KNOWN_HOSTS_FILE=$(mktemp)
	export REMOTE_SERVER_PUBLIC_HOST_KEY=$(echo "$REMOTE_SERVER_ENTRY" \| tr -s ' ' \| cut -f8 -d' ' \| base64 -d ; )
	printf "%s %s\n" "$REMOTE_SERVER_ADDRESS" "$REMOTE_SERVER_PUBLIC_HOST_KEY" > "$REMOTE_SERVER_USER_KNOWN_HOSTS_FILE"
	echo "REMOTE_SERVER_ADDRESS: $REMOTE_SERVER_ADDRESS"
	echo "REMOTE_SERVER_USER_KNOWN_HOSTS_FILE: $REMOTE_SERVER_USER_KNOWN_HOSTS_FILE"
	cat $REMOTE_SERVER_USER_KNOWN_HOSTS_FILE
	echo "REMOTE_SERVER_ADDRESS=$REMOTE_SERVER_ADDRESS" >> $GITHUB_ENV
	echo "REMOTE_SERVER_USER_KNOWN_HOSTS_FILE=$REMOTE_SERVER_USER_KNOWN_HOSTS_FILE" >> $GITHUB_ENV

	- name: "Test environment"
	run: \|
	ssh github@$REMOTE_SERVER_ADDRESS \
	-oUserKnownHostsFile=$REMOTE_SERVER_USER_KNOWN_HOSTS_FILE \
	nix run \
	--accept-flake-config \
	--extra-experimental-features '"nix-command flakes"' \
	--option access-tokens "github.com=${{ secrets.MANAGED_FLOXBOT_GITHUB_ACCESS_TOKEN_REPO_SCOPE }}" \
	github:flox/floxenvs/${{ github.sha }}#apps.${{ matrix.system }}.test-${{ matrix.example }} -- ${{ matrix.start_services }}

	outputs:
	job: "${{ matrix.example }}"
	system: "${{ matrix.system }}"

	containarize:
	name: "Containarize '${{ matrix.example }}'"
	runs-on: "ubuntu-latest"
	timeout-minutes: 30

	if: (github.event_name == 'push' && github.ref_name == 'main') \|\| github.event_name == 'workflow_dispatch' \|\| github.event_name == 'schedule'

	needs:
	- "envs"
	- "test"

	env:
	FLOX_BIN: "flox -vvv"


	permissions:
	contents: "read"
	packages: "write"
	attestations: "write"
	id-token: "write"

	strategy:
	fail-fast: false
	max-parallel: 8
	matrix:
	include: ${{ fromJSON(needs.envs.outputs.envs_only ) }}

	steps:
	- name: "Checkout"
	uses: "actions/checkout@v4"

	- name: "Install flox"
	uses: "flox/install-flox-action@main"

	- name: "Login to Github Container Registry"
	uses: "docker/login-action@v3"
	with:
	registry: "ghcr.io"
	username: "${{ github.actor }}"
	password: "${{ secrets.GITHUB_TOKEN }}"

	- name: "Containarize"
	run: \|
	export NIX_CONFIG='extra-experimental-features = nix-command flakes'
	flox containerize -d ./${{ matrix.example }}

	- name: "Tag & Push"
	run: \|
	docker tag ${{ matrix.example }}:latest ghcr.io/flox/floxenvs:${{ matrix.example }}-latest
	docker push ghcr.io/flox/floxenvs:${{ matrix.example }}-latest


	push:
	name: "Sync '${{ matrix.example }}' manifest"
	runs-on: "ubuntu-latest"
	timeout-minutes: 30

	if: (github.event_name == 'push' && github.ref_name == 'main') \|\| github.event_name == 'workflow_dispatch' \|\| github.event_name == 'schedule'

	needs:
	- "envs"
	- "test"

	env:
	FLOX_BIN: "flox -vvv"
	FLOX_REMOTE_OWNER: "flox"
	FLOX_AUTH0_URL: "https://auth.flox.dev"

	strategy:
	fail-fast: false
	max-parallel: 8
	matrix:
	include: ${{ fromJSON(needs.envs.outputs.envs_only ) }}

	steps:
	- name: "Checkout"
	uses: "actions/checkout@v4"

	- name: "Install flox"
	uses: "flox/install-flox-action@main"

	- name: "Get FloxHub token"
	run: \|
	echo "FLOX_FLOXHUB_TOKEN=$(
	curl --request POST \
	--url $FLOX_AUTH0_URL/oauth/token \
	--header 'content-type: application/x-www-form-urlencoded' \
	--data "client_id=${{ secrets.MANAGED_FLOXENVS_AUTH0_CLIENT_ID }}" \
	--data "audience=https://hub.flox.dev/api" \
	--data "grant_type=client_credentials" \
	--data "client_secret=${{ secrets.MANAGED_FLOXENVS_AUTH0_CLIENT_SECRET }}" \
	\| jq .access_token -r)" >> $GITHUB_ENV

	- name: "Pull or Create remote environment"
	run: \|
	pushd ./${{ matrix.example }}
	if flox list --config --remote "$FLOX_REMOTE_OWNER/${{ matrix.example }}" >/dev/null; then
	$FLOX_BIN pull --remote "$FLOX_REMOTE_OWNER/${{ matrix.example }}" --dir "remote"
	else
	echo "WARN: No environment $FLOX_REMOTE_OWNER/${{ matrix.example }} found on FloxHub"
	echo "WARN: Creating a new environment ${{ matrix.example }}"
	$FLOX_BIN init --name ${{ matrix.example }} --dir "remote"
	$FLOX_BIN push --dir "remote"
	fi
	popd

	- name: "Sync to remote environment"
	run: \|
	pushd ./${{ matrix.example }}
	cp -rf .flox/env/* remote/.flox/env/
	$FLOX_BIN edit --sync --dir "remote"
	popd

	- name: "Push to remote environment"
	run: \|
	pushd ./${{ matrix.example }}
	$FLOX_BIN push --dir "remote"
	popd

	auto-merge:
	name: "Auto Merge PRs"
	runs-on: "ubuntu-latest"

	# if: ${{ github.actor == 'floxbot' && github.event_name == 'pull_request'}} # Detect that the PR author is floxbot
	steps:
	- name: "Enable auto-merge for Dependabot PRs"
	run: \|
	echo Header
	echo gh pr merge --auto --merge "$PR_URL"
	echo Footer
	env:
	PR_URL: ${{github.event.pull_request.html_url}}
	GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}


	report-failure:
	name: "Report Failure"
	runs-on: "ubuntu-latest"

	if: ${{ failure() && github.ref == 'refs/heads/main' && (github.event_name == 'push' \|\| github.event_name == 'schedule') }}

	needs:
	- "test"
	- "push"
	- "containarize"

	steps:
	- name: "Prepare message"
	id: "envs"
	run: \|
	message="$(echo '${{toJSON(needs)}}' \| jq -r 'map(select(.result == "failure")) \| .[] \| "floxenvs: \(.outputs.job) on \(.outputs.system) had \(.result)"')"
	echo "message='$message'" >> "$GITHUB_OUTPUT"
	- name: "Slack Notification"
	uses: "rtCamp/action-slack-notify@v2"
	env:
	SLACK_CHANNEL: "team-content"
	SLACK_TITLE: "${{ steps.envs.outputs.message }}"
	SLACK_FOOTER: "Thanks for looking at it."
	SLACK_WEBHOOK: "${{ secrets.MANAGED_SLACK_WEBHOOK }}"
	SLACK_USERNAME: "GitHub"
	SLACK_ICON_EMOJI: ":poop:"
	SLACK_COLOR: "#ff2800" # ferrari red -> https://encycolorpedia.com/ff2800
	SLACK_LINK_NAMES: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: Update lockfile of `sharing` flox environment #1050

Workflow file

chore: Update lockfile of `sharing` flox environment #1050

Jobs

Run details

Workflow file for this run

chore: Update lockfile of sharing flox environment #1050

Workflow file

Workflow file for this run

chore: Update lockfile of `sharing` flox environment #1050