Skip to content

Commit

Permalink
asd
Browse files Browse the repository at this point in the history
  • Loading branch information
dbarrosop committed Jan 26, 2024
1 parent 25cbe68 commit b7fa417
Show file tree
Hide file tree
Showing 2 changed files with 140 additions and 19 deletions.
121 changes: 121 additions & 0 deletions .github/workflows/push_build_artifacts.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,121 @@
---
on:
pull_request:
push:
branches:
- main

jobs:
artifacts:
runs-on: ubuntu-latest
timeout-minutes: 30

permissions:
id-token: write
contents: write

strategy:
matrix:
platform:
- aarch64
fail-fast: true

steps:
- name: "Check out repository"
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ inputs.GIT_REF }}
token: ${{ secrets.GIT_TOKEN }}
submodules: true

- name: Configure aws
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::${{ secrets.AWS_PRODUCTION_CORE_ACCOUNT_ID }}:role/github-actions-nhost-${{ github.event.repository.name }}
aws-region: eu-central-1

- uses: nixbuild/nix-quick-install-action@v26
with:
nix_version: 2.16.2
nix_conf: |
experimental-features = nix-command flakes
sandbox = false
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
substituters = https://cache.nixos.org/?priority=40 s3://nhost-nix-cache?region=eu-central-1&priority=50
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= ${{ secrets.NIX_CACHE_PUB_KEY }}
builders-use-substitutes = true
- name: "Setup nix-remote-builder"
uses: dbarrosop/[email protected]
id: nix-remote-builder
with:
name: ${{ inputs.NAME }}-${{ inputs.GIT_REF }}
ami: ami-0a6fe6f4f55f8421a
instance-type: 't4g.xlarge'
region: "eu-central-1"
availability-zone: "eu-central-1c"
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}

- name: "Setup nix-remote-builder in nix.conf"
run: |
echo "builders = ssh://${{ steps.nix-remote-builder.outputs.publicDnsName }} aarch64-linux;" >> ~/.config/nix/nix.conf
if: ${{ ( matrix.platform == 'aarch64' ) && steps.verify-build.outputs.BUILD_NEEDED == 'yes' }}

- name: Cache nix store
uses: actions/cache@v4
with:
path: |
/nix/store/**
/nix/var/nix/*/*
/nix/var/nix/db/*
/nix/var/nix/db/*/**
!/nix/var/nix/daemon-socket/socket
!/nix/var/nix/userpool/*
!/nix/var/nix/gc.lock
!/nix/var/nix/db/big-lock
!/nix/var/nix/db/reserved
key: nix-${{ inputs.NAME }}-build-${{ runner.os }}-${{ matrix.platform }}-${{ hashFiles('nix/**.nix', 'flake.nix', 'flake.lock', '${{ inputs.PROJECT }}/**.nix') }}
restore-keys: nix-${{ inputs.NAME }}-build-${{ runner.OS }}-${{ matrix.platform }}-main
if: ${{ steps.verify-build.outputs.BUILD_NEEDED == 'yes' }}

- uses: docker/setup-qemu-action@v3
if: ${{ ( matrix.platform == 'aarch64' ) }}

- name: "Wait for remote builder to be ready"
run: |
set +e
max_attempts=6
retry_interval=10
attempt=1
while [ "$attempt" -le "$max_attempts" ]; do
echo "Checking SSH connection (attempt $attempt)..."
nc -zv ${{ steps.nix-remote-builder.outputs.publicDnsName }} 22
if [ $? -eq 0 ]; then
echo "success"
break
else
echo "SSH connection failed."
if [ "$attempt" -lt "$max_attempts" ]; then
echo "Retrying in $retry_interval seconds..."
sleep "$retry_interval"
else
echo "Exceeded maximum connection attempts."
exit 1
fi
fi
((attempt++))
done
if: ${{ ( matrix.platform == 'aarch64' ) && steps.verify-build.outputs.BUILD_NEEDED == 'yes' }}


- name: "Cache nix store on s3"
run: |
echo ${{ secrets.NIX_CACHE_PRIV_KEY }} > cache-priv-key.pem
nix build .\#devShells.${{ matrix.platform }}-linux.default
nix store sign --key-file cache-priv-key.pem --all
nix copy --to s3://nhost-nix-cache\?region=eu-central-1 .\#devShells.${{ matrix.platform }}-linux.default
- run: rm cache-priv-key.pem || echo "file not found"
if: always()
Original file line number Diff line number Diff line change
Expand Up @@ -42,27 +42,27 @@ jobs:
path: /nix
key: nix-update-deps-${{ hashFiles('flakes.nix', 'flake.lock') }}

- name: Update nix flakes
run: nix flake update
# - name: Update nix flakes
# run: nix flake update

- name: Create Pull Request
uses: peter-evans/create-pull-request@v5
with:
token: ${{ secrets.GITHUB_TOKEN }}
commit-message: Update dependencies
committer: GitHub <[email protected]>
author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
signoff: false
branch: automated/update-deps
delete-branch: true
title: '[Scheduled] Update dependencies'
body: |
Dependencies updated
# - name: Create Pull Request
# uses: peter-evans/create-pull-request@v5
# with:
# token: ${{ secrets.GITHUB_TOKEN }}
# commit-message: Update dependencies
# committer: GitHub <[email protected]>
# author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
# signoff: false
# branch: automated/update-deps
# delete-branch: true
# title: '[Scheduled] Update dependencies'
# body: |
# Dependencies updated

Note - If you see this PR and the checks haven't run, close and reopen the PR. See https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#triggering-further-workflow-runs
labels: |
dependencies
draft: false
# Note - If you see this PR and the checks haven't run, close and reopen the PR. See https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#triggering-further-workflow-runs
# labels: |
# dependencies
# draft: false

- name: "Cache nix store on s3"
run: |
Expand Down

0 comments on commit b7fa417

Please sign in to comment.