nixpkgs/.github/workflows/ci.yml at main · jonathanmorley/nixpkgs · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
name: CI

on:
  pull_request:
    branches: [main]
  push:
    branches: [main]

jobs:
  format:
    if: github.event_name == 'pull_request'
    runs-on: ubuntu-latest
    permissions:
      contents: write
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          ref: ${{ github.head_ref }}
      - uses: DeterminateSystems/determinate-nix-action@32cb6a5ae30bb0dfc996fa7baf8bf1ed28442fa4 # v3.17.3
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
      - name: Format
        run: nix fmt
      - name: Commit formatting changes
        run: |
          git config user.name "github-actions[bot]"
          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
          git add -A
          git diff --staged --quiet || git commit -m "style: auto-format with treefmt"
          git push

  nix:
    needs: format
    strategy:
      matrix:
        include:
          - runner: macos-latest
            system: aarch64-darwin
    runs-on: ${{ matrix.runner }}
    permissions:
      contents: read
      id-token: write
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - uses: DeterminateSystems/flake-checker-action@3164002371bc90729c68af0e24d5aacf20d7c9f6 # v12
      - uses: DeterminateSystems/determinate-nix-action@32cb6a5ae30bb0dfc996fa7baf8bf1ed28442fa4 # v3.17.3
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
      - name: Set up Cachix
        uses: cachix/cachix-action@1eb2ef646ac0255473d23a5907ad7b04ce94065c # v17
        with:
          name: jonathanmorley
          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
      - name: Check
        run: nix flake check --print-build-logs --no-update-lock-file
      - name: Switch
        run: |
          # Remove files that will be replaced by nix-darwin
          sudo rm -f /etc/shells /etc/zshenv /etc/nix/nix.custom.conf
          # Re-inject the GitHub token via NIX_CONFIG since removing nix.custom.conf
          # strips the access-tokens that determinate-nix-action configured
          sudo -i env NIX_CONFIG="extra-access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}" nix run nix-darwin -- switch --flake ${{ github.workspace }}#gha-${{ matrix.system }}