mirror of
https://github.com/rosenpass/rosenpass.git
synced 2025-12-05 20:40:02 -08:00
50501f37fd
There still is ambiguity between the script's output and the current CI pipelines, usage not recommend. Signed-off-by: wucke13 <wucke13+github@gmail.com>
201 lines
5.2 KiB
Nu
Executable File
201 lines
5.2 KiB
Nu
Executable File
#!/usr/bin/env nu
|
|
|
|
use std log
|
|
|
|
# cd to git root
|
|
cd (git rev-parse --show-toplevel)
|
|
|
|
# check if a subject depends on a potential dependency
|
|
def depends [
|
|
subject:string # package to examine
|
|
maybe_dep:string # maybe a dependency of subject
|
|
] {
|
|
not ( nix why-depends --quiet --derivation $subject $maybe_dep | is-empty )
|
|
}
|
|
|
|
# get attribute names of the attribute set
|
|
def get-attr-names [
|
|
expr: # nix expression to get attrNames of
|
|
] {
|
|
nix eval --json $expr --apply builtins.attrNames | from json
|
|
}
|
|
|
|
def job-id [
|
|
system:string,
|
|
derivation:string,
|
|
] {
|
|
$"($system)---($derivation)"
|
|
}
|
|
|
|
# map from nixos system to github runner type
|
|
let systems_map = {
|
|
# aarch64-darwin
|
|
# aarch64-linux
|
|
|
|
i686-linux: ubicloud-standard-2-ubuntu-2204,
|
|
x86_64-darwin: macos-13,
|
|
x86_64-linux: ubicloud-standard-2-ubuntu-2204
|
|
}
|
|
|
|
let targets = (get-attr-names ".#packages"
|
|
| par-each {|system| { $system : (get-attr-names $".#packages.($system)") } }
|
|
| reduce {|it, acc| $acc | merge $it }
|
|
)
|
|
|
|
mut cachix_workflow = {
|
|
name: "Nix",
|
|
permissions: {contents: write},
|
|
on: {
|
|
pull_request: null,
|
|
push: {branches: [main]}
|
|
},
|
|
jobs: {},
|
|
}
|
|
|
|
mut release_workflow = {
|
|
name: "Release",
|
|
permissions: {contents: write},
|
|
on: { push: {tags: ["v*"]} },
|
|
jobs: {},
|
|
}
|
|
|
|
let runner_setup = [
|
|
{
|
|
uses: "actions/checkout@v4"
|
|
}
|
|
{
|
|
uses: "cachix/install-nix-action@v30",
|
|
}
|
|
{
|
|
uses: "cachix/cachix-action@v15",
|
|
with: {
|
|
name: rosenpass,
|
|
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
|
|
}
|
|
}
|
|
]
|
|
|
|
for system in ($targets | columns) {
|
|
if ($systems_map | get -i $system | is-empty) {
|
|
log info $"skipping ($system), since there are no GH-Actions runners for it"
|
|
continue
|
|
}
|
|
|
|
# lookup the correct runner for $system
|
|
let runs_on = [ ($systems_map | get $system) ]
|
|
|
|
# add jobs for all derivations
|
|
let derivations = ($targets | get $system)
|
|
for derivation in $derivations {
|
|
|
|
if ($system == "i686-linux") and ($derivation | str contains "static") {
|
|
log info $"skipping ($system).($derivation), due to liboqs 0.8 not present in oqs-sys"
|
|
continue
|
|
}
|
|
|
|
if ($system == "i686-linux") and ($derivation | str contains "release-package") {
|
|
log info $"skipping ($system).($derivation), due to liboqs 0.8 not present in oqs-sys"
|
|
continue
|
|
}
|
|
|
|
# job_id for GH-Actions
|
|
let id = ( job-id $system $derivation )
|
|
|
|
# name displayed
|
|
let name = $"($system).($derivation)"
|
|
|
|
# collection of dependencies
|
|
# TODO currently only considers dependencies on the same $system
|
|
let needs = ($derivations
|
|
| filter {|it| $it != $derivation and $it != "default" } # filter out self and default
|
|
| par-each {|it| {
|
|
name: $it, # the other derivation
|
|
# does self depend on $it?
|
|
needed: (depends $".#packages.($system).($derivation)" $".#packages.($system).($it)")
|
|
} }
|
|
| filter {|it| $it.needed}
|
|
| each {|it| job-id $system $it.name}
|
|
| sort
|
|
)
|
|
|
|
mut new_job = {
|
|
name: $"Build ($name)",
|
|
"runs-on": $runs_on,
|
|
needs: $needs,
|
|
steps: ($runner_setup | append [
|
|
{
|
|
name: Build,
|
|
run: $"nix build .#packages.($system).($derivation) --print-build-logs"
|
|
}
|
|
])
|
|
}
|
|
$cachix_workflow.jobs = ($cachix_workflow.jobs | insert $id $new_job )
|
|
}
|
|
|
|
# add check job
|
|
$cachix_workflow.jobs = ($cachix_workflow.jobs | insert $"($system)---check" {
|
|
name: $"Run Nix checks on ($system)",
|
|
"runs-on": $runs_on,
|
|
steps: ($runner_setup | append {
|
|
name: Check,
|
|
run: "nix flake check . --print-build-logs"
|
|
})
|
|
})
|
|
|
|
# add release job
|
|
$release_workflow.jobs = ($release_workflow.jobs | insert $"($system)---release" {
|
|
name: $"Build release artifacts for ($system)",
|
|
"runs-on": $runs_on,
|
|
steps: ($runner_setup | append [
|
|
{
|
|
name: "Build release",
|
|
run: "nix build .#release-package --print-build-logs"
|
|
}
|
|
{
|
|
name: Release,
|
|
uses: "softprops/action-gh-release@v2",
|
|
with: {
|
|
draft: "${{ contains(github.ref_name, 'rc') }}",
|
|
prerelease: "${{ contains(github.ref_name, 'alpha') || contains(github.ref_name, 'beta') }}",
|
|
files: "result/*"
|
|
}
|
|
}
|
|
])
|
|
})
|
|
}
|
|
|
|
# add whitepaper job with upload
|
|
let system = "x86_64-linux"
|
|
$cachix_workflow.jobs = ($cachix_workflow.jobs | insert $"($system)---whitepaper-upload" {
|
|
name: $"Upload whitepaper ($system)",
|
|
"runs-on": ($systems_map | get $system),
|
|
"if": "${{ github.ref == 'refs/heads/main' }}",
|
|
steps: ($runner_setup | append [
|
|
{
|
|
name: "Git add git sha and commit",
|
|
run: "cd papers && ./tex/gitinfo2.sh && git add gitHeadInfo.gin"
|
|
}
|
|
{
|
|
name: Build,
|
|
run: $"nix build .#packages.($system).whitepaper --print-build-logs"
|
|
}
|
|
{
|
|
name: "Deploy PDF artifacts",
|
|
uses: "peaceiris/actions-gh-pages@v4",
|
|
with: {
|
|
github_token: "${{ secrets.GITHUB_TOKEN }}",
|
|
publish_dir: result/,
|
|
publish_branch: papers-pdf,
|
|
force_orphan: true
|
|
}
|
|
}
|
|
])
|
|
})
|
|
|
|
log info "saving nix-cachix workflow"
|
|
$cachix_workflow | to yaml | save --force .github/workflows/nix.yaml
|
|
$release_workflow | to yaml | save --force .github/workflows/release.yaml
|
|
|
|
log info "prettify generated yaml"
|
|
prettier -w .github/workflows/
|