chore(cache): Change trusted-public-key #1682
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "CI" | |
| on: | |
| push: | |
| branches: | |
| - "main" | |
| - "ci/**" | |
| pull_request: | |
| jobs: | |
| website: | |
| if: github.ref == 'refs/heads/main' | |
| needs: main | |
| uses: ./.github/workflows/website.yaml | |
| with: | |
| static-site-path: ${{ needs.main.outputs.OMWEBSITE }} | |
| secrets: inherit | |
| main: | |
| runs-on: ${{ matrix.system }} | |
| permissions: | |
| contents: read | |
| outputs: | |
| # It is important to match the matrix.system here | |
| # With that of website.yaml | |
| OMWEBSITE: ${{ steps.omci.outputs.OMWEBSITE_x86_64-linux }} | |
| strategy: | |
| matrix: | |
| system: [x86_64-linux, aarch64-linux, aarch64-darwin, x86_64-darwin] | |
| isMain: | |
| - ${{ contains(github.ref, 'main') }} | |
| # Excluded emulated builds on PRs | |
| exclude: | |
| - system: aarch64-linux | |
| isMain: false | |
| - system: x86_64-darwin | |
| isMain: false | |
| fail-fast: false | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # Build omnix first, so we can use it to build the rest of the flake outputs. | |
| # This also separates the CI log for both these obviously distinct steps. | |
| - name: Build Omnix package | |
| run: nix build --no-link --print-out-paths --accept-flake-config | |
| # Build flake outputs | |
| # Run omnix using self. | |
| - name: Omnix CI | |
| run: | | |
| nix --accept-flake-config run . -- ci run \ | |
| --extra-access-tokens ${{ secrets.GITHUB_TOKEN }} \ | |
| --systems "${{ matrix.system }}" \ | |
| --results=$HOME/omci.json \ | |
| -- --accept-flake-config | |
| - name: Omnix results | |
| id: omci | |
| run: | | |
| cat $HOME/omci.json | jq | |
| # Retrieve the store path for the given package out of the given subflake. | |
| get_output() { | |
| subflake=$1 name=$2 \ | |
| jq -r '.result.[$ENV.subflake].build.byName.[$ENV.name]' < $HOME/omci.json | |
| } | |
| echo "OMCIJSON_PATH=$HOME/omci.json" >> "$GITHUB_OUTPUT" | |
| echo "OMCIJSON=$(cat $HOME/omci.json)" >> "$GITHUB_OUTPUT" | |
| echo "OMPACKAGE=$(get_output omnix omnix-cli)" >> "$GITHUB_OUTPUT" | |
| echo "OMWEBSITE_${{ matrix.system }}=$(get_output doc omnix-mdbook-site)" >> "$GITHUB_OUTPUT" | |
| - name: "Omnix: Upload results" | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: omci-${{ matrix.system }}.json | |
| path: ${{ steps.omci.outputs.OMCIJSON_PATH }} | |
| if-no-files-found: error | |
| # Login to the Attic with the token that allows pushing Nix store objects to the cache | |
| - name: Attic login | |
| if: github.ref == 'refs/heads/main' | |
| run: attic login chutney https://cache.nixos.asia ${{ secrets.ATTIC_LOGIN_TOKEN }} | |
| # Push the Nix cache | |
| - name: Push to attic | |
| if: github.ref == 'refs/heads/main' | |
| run: attic push chutney:oss $HOME/omci.json | |