Skip to content

Commit

Permalink
Format nix.yml
Browse files Browse the repository at this point in the history
  • Loading branch information
@Atry
Atry committed Jul 15, 2022
1 parent 41e19d4 commit ac03eb6
Showing 1 changed file with 154 additions and 154 deletions.
308 changes: 154 additions & 154 deletions .github/workflows/nix.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,168 +15,168 @@ jobs:
fail-fast: false
matrix:
os:
- ubuntu-latest
- macos-latest
- ubuntu-latest
- macos-latest
runs-on: ${{matrix.os}}
continue-on-error: ${{ matrix.os == 'macos-latest' }}
steps:
- uses: actions/[email protected]
- uses: cachix/install-nix-action@v15
with:
extra_nix_config: |
extra-access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
extra-experimental-features = nix-command flakes
extra-substituters = s3://hhvm-nix-cache?region=us-west-2&endpoint=hhvm-nix-cache.s3-accelerate.amazonaws.com
extra-trusted-substituters = s3://hhvm-nix-cache?region=us-west-2&endpoint=hhvm-nix-cache.s3-accelerate.amazonaws.com
extra-trusted-public-keys = hhvm-nix-cache-1:MvKxscw16fAq6835oG8sbRgTGITb+1xGfYNhs+ee4yo=
- run: nix-build --no-sandbox
- run: nix profile install --print-build-logs --no-sandbox "git+file://$(pwd)?submodules=1&shallow=1"
- run: nix flake check --print-build-logs --no-sandbox "git+file://$(pwd)?submodules=1&shallow=1"
- run: hhvm --version
- run: nix flake check --print-build-logs --no-sandbox "git+file://$(pwd)?submodules=1&shallow=1"
- name: Build the deb package
if: runner.os == 'Linux'
run: nix bundle --print-build-logs --bundler "git+file://$(pwd)?submodules=1&shallow=1#deb" "git+file://$(pwd)?submodules=1&shallow=1"
- name: Show the deb package's information
if: runner.os == 'Linux'
run: dpkg-deb --info bundle.deb
- name: Show the deb package's content
if: runner.os == 'Linux'
run: dpkg-deb --contents bundle.deb
- name: Save the deb package as build artifact
if: runner.os == 'Linux'
uses: actions/upload-artifact@v2
with:
name: bundle.deb
path: bundle.deb
- name: Build the rpm package
if: runner.os == 'Linux'
run: nix bundle --print-build-logs --bundler "git+file://$(pwd)?submodules=1&shallow=1#rpm" "git+file://$(pwd)?submodules=1&shallow=1"
- name: Show the rpm package's information
if: runner.os == 'Linux'
run: rpm --query --info --package bundle.rpm
- name: Show the rpm package's content
if: runner.os == 'Linux'
run: rpm --query --list --package bundle.rpm
- name: Save the rpm package as build artifact
if: runner.os == 'Linux'
uses: actions/upload-artifact@v2
with:
name: bundle.rpm
path: bundle.rpm
- name: Assume the AWS role
continue-on-error: true
id: configure-aws-credentials
if: github.event_name != 'pull_request'
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: arn:aws:iam::223121549624:role/hhvm-github-actions
aws-region: us-west-2
- name: Sign Nix binaries with a private key downloaded from AWS Secrets Manager
if: steps.configure-aws-credentials.outcome == 'success'
run: nix store sign --recursive --key-file <(aws secretsmanager get-secret-value --secret-id hhvm-nix-cache-1 --query SecretString --output text) --print-build-logs --no-sandbox "git+file://$(pwd)?submodules=1&shallow=1"
- name: Upload Nix binaries to the binary cache server on S3
if: steps.configure-aws-credentials.outcome == 'success'
run: nix copy --to 's3://hhvm-nix-cache?region=us-west-2&endpoint=hhvm-nix-cache.s3-accelerate.amazonaws.com' --print-build-logs --no-sandbox "git+file://$(pwd)?submodules=1&shallow=1"
- uses: actions/[email protected]
- uses: cachix/install-nix-action@v15
with:
extra_nix_config: |
extra-access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
extra-experimental-features = nix-command flakes
extra-substituters = s3://hhvm-nix-cache?region=us-west-2&endpoint=hhvm-nix-cache.s3-accelerate.amazonaws.com
extra-trusted-substituters = s3://hhvm-nix-cache?region=us-west-2&endpoint=hhvm-nix-cache.s3-accelerate.amazonaws.com
extra-trusted-public-keys = hhvm-nix-cache-1:MvKxscw16fAq6835oG8sbRgTGITb+1xGfYNhs+ee4yo=
- run: nix-build --no-sandbox
- run: nix profile install --print-build-logs --no-sandbox "git+file://$(pwd)?submodules=1&shallow=1"
- run: nix flake check --print-build-logs --no-sandbox "git+file://$(pwd)?submodules=1&shallow=1"
- run: hhvm --version
- run: nix flake check --print-build-logs --no-sandbox "git+file://$(pwd)?submodules=1&shallow=1"
- name: Build the deb package
if: runner.os == 'Linux'
run: nix bundle --print-build-logs --bundler "git+file://$(pwd)?submodules=1&shallow=1#deb" "git+file://$(pwd)?submodules=1&shallow=1"
- name: Show the deb package's information
if: runner.os == 'Linux'
run: dpkg-deb --info bundle.deb
- name: Show the deb package's content
if: runner.os == 'Linux'
run: dpkg-deb --contents bundle.deb
- name: Save the deb package as build artifact
if: runner.os == 'Linux'
uses: actions/upload-artifact@v2
with:
name: bundle.deb
path: bundle.deb
- name: Build the rpm package
if: runner.os == 'Linux'
run: nix bundle --print-build-logs --bundler "git+file://$(pwd)?submodules=1&shallow=1#rpm" "git+file://$(pwd)?submodules=1&shallow=1"
- name: Show the rpm package's information
if: runner.os == 'Linux'
run: rpm --query --info --package bundle.rpm
- name: Show the rpm package's content
if: runner.os == 'Linux'
run: rpm --query --list --package bundle.rpm
- name: Save the rpm package as build artifact
if: runner.os == 'Linux'
uses: actions/upload-artifact@v2
with:
name: bundle.rpm
path: bundle.rpm
- name: Assume the AWS role
continue-on-error: true
id: configure-aws-credentials
if: github.event_name != 'pull_request'
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: arn:aws:iam::223121549624:role/hhvm-github-actions
aws-region: us-west-2
- name: Sign Nix binaries with a private key downloaded from AWS Secrets Manager
if: steps.configure-aws-credentials.outcome == 'success'
run: nix store sign --recursive --key-file <(aws secretsmanager get-secret-value --secret-id hhvm-nix-cache-1 --query SecretString --output text) --print-build-logs --no-sandbox "git+file://$(pwd)?submodules=1&shallow=1"
- name: Upload Nix binaries to the binary cache server on S3
if: steps.configure-aws-credentials.outcome == 'success'
run: nix copy --to 's3://hhvm-nix-cache?region=us-west-2&endpoint=hhvm-nix-cache.s3-accelerate.amazonaws.com' --print-build-logs --no-sandbox "git+file://$(pwd)?submodules=1&shallow=1"
upload-deb:
if: github.event_name == 'push' && github.ref_type == 'tag'
runs-on: ubuntu-latest
needs: build-and-test
steps:
- uses: actions/checkout@v3
- name: Download the bundle.deb from build-and-test job
uses: actions/download-artifact@v2
with:
name: bundle.deb
- name: Assume the AWS role
continue-on-error: true
id: configure-aws-credentials
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: arn:aws:iam::223121549624:role/hhvm-github-actions
aws-region: us-west-2
- name: Decrypt the GPG key
if: steps.configure-aws-credentials.outcome == 'success'
run: |
set -o pipefail
GPG_KEY_FILE="$(mktemp)" &&
aws kms decrypt \
--ciphertext-blob "fileb://$PWD/gpg-key.kms-ciphertext" \
--query Plaintext \
--output text |
base64 --decode > "$GPG_KEY_FILE" &&
echo "GPG_KEY_FILE=$GPG_KEY_FILE" >> $GITHUB_ENV
- name: Fetch the Nexus admin password
if: steps.configure-aws-credentials.outcome == 'success'
run: |
NEXUS_ADMIN_PASSWORD_FILE="$(mktemp)" &&
aws secretsmanager get-secret-value --secret-id nexus-admin-password-prod --query SecretString --output text > "$NEXUS_ADMIN_PASSWORD_FILE" &&
echo "NEXUS_ADMIN_PASSWORD_FILE=$NEXUS_ADMIN_PASSWORD_FILE" >> $GITHUB_ENV
- name: Upload the deb package
if: steps.configure-aws-credentials.outcome == 'success'
run: |
set -e
GPG_KEY="$(cat "$GPG_KEY_FILE")"
ESCAPED_GPG_KEY=\""${GPG_KEY//$'\n'/'\n'}"\"
function upload () {
GET_DISTRIBUTION_STATUS_CODE="$(
curl \
-o /dev/null \
-s -w "%{http_code}" \
-X GET \
-u "admin:$(cat "$NEXUS_ADMIN_PASSWORD_FILE")" \
"http://nexus-prod-lb-384239604.us-west-2.elb.amazonaws.com/service/rest/v1/repositories/deb-$1"
)"
case "$GET_DISTRIBUTION_STATUS_CODE" in
200)
echo "Skip distribution creation becuase it exists.";;
404)
- uses: actions/checkout@v3
- name: Download the bundle.deb from build-and-test job
uses: actions/download-artifact@v2
with:
name: bundle.deb
- name: Assume the AWS role
continue-on-error: true
id: configure-aws-credentials
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: arn:aws:iam::223121549624:role/hhvm-github-actions
aws-region: us-west-2
- name: Decrypt the GPG key
if: steps.configure-aws-credentials.outcome == 'success'
run: |
set -o pipefail
GPG_KEY_FILE="$(mktemp)" &&
aws kms decrypt \
--ciphertext-blob "fileb://$PWD/gpg-key.kms-ciphertext" \
--query Plaintext \
--output text |
base64 --decode > "$GPG_KEY_FILE" &&
echo "GPG_KEY_FILE=$GPG_KEY_FILE" >> $GITHUB_ENV
- name: Fetch the Nexus admin password
if: steps.configure-aws-credentials.outcome == 'success'
run: |
NEXUS_ADMIN_PASSWORD_FILE="$(mktemp)" &&
aws secretsmanager get-secret-value --secret-id nexus-admin-password-prod --query SecretString --output text > "$NEXUS_ADMIN_PASSWORD_FILE" &&
echo "NEXUS_ADMIN_PASSWORD_FILE=$NEXUS_ADMIN_PASSWORD_FILE" >> $GITHUB_ENV
- name: Upload the deb package
if: steps.configure-aws-credentials.outcome == 'success'
run: |
set -e
GPG_KEY="$(cat "$GPG_KEY_FILE")"
ESCAPED_GPG_KEY=\""${GPG_KEY//$'\n'/'\n'}"\"
function upload () {
GET_DISTRIBUTION_STATUS_CODE="$(
curl \
--fail \
-X POST \
-o /dev/null \
-s -w "%{http_code}" \
-X GET \
-u "admin:$(cat "$NEXUS_ADMIN_PASSWORD_FILE")" \
-H "Content-Type: application/json" \
--data-binary @- \
http://nexus-prod-lb-384239604.us-west-2.elb.amazonaws.com/service/rest/v1/repositories/apt/hosted \
<< EOF
{
"name": "deb-$1",
"online": true,
"storage": {
"blobStoreName": "default",
"strictContentTypeValidation": true,
"writePolicy": "allow_once"
},
"component": {
"proprietaryComponents": false
},
"apt": {
"distribution": "$1"
},
"aptSigning": {
"keypair": $ESCAPED_GPG_KEY
"http://nexus-prod-lb-384239604.us-west-2.elb.amazonaws.com/service/rest/v1/repositories/deb-$1"
)"
case "$GET_DISTRIBUTION_STATUS_CODE" in
200)
echo "Skip distribution creation becuase it exists.";;
404)
curl \
--fail \
-X POST \
-u "admin:$(cat "$NEXUS_ADMIN_PASSWORD_FILE")" \
-H "Content-Type: application/json" \
--data-binary @- \
http://nexus-prod-lb-384239604.us-west-2.elb.amazonaws.com/service/rest/v1/repositories/apt/hosted \
<< EOF
{
"name": "deb-$1",
"online": true,
"storage": {
"blobStoreName": "default",
"strictContentTypeValidation": true,
"writePolicy": "allow_once"
},
"component": {
"proprietaryComponents": false
},
"apt": {
"distribution": "$1"
},
"aptSigning": {
"keypair": $ESCAPED_GPG_KEY
}
}
EOF
;;
*)
echo "Unexpected HTTP status $GET_DISTRIBUTION_STATUS_CODE when
fetching http://nexus-prod-lb-384239604.us-west-2.elb.amazonaws.com/service/rest/v1/repositories/deb-$1"
;;
esac
curl \
--fail \
-X POST \
-u "admin:$(cat "$NEXUS_ADMIN_PASSWORD_FILE")" \
-H "Content-Type: multipart/form-data" \
--data-binary @bundle.deb \
"http://nexus-prod-lb-384239604.us-west-2.elb.amazonaws.com/repository/deb-$1/"
}
}
EOF
;;
*)
echo "Unexpected HTTP status $GET_DISTRIBUTION_STATUS_CODE when
fetching http://nexus-prod-lb-384239604.us-west-2.elb.amazonaws.com/service/rest/v1/repositories/deb-$1"
;;
esac
curl \
--fail \
-X POST \
-u "admin:$(cat "$NEXUS_ADMIN_PASSWORD_FILE")" \
-H "Content-Type: multipart/form-data" \
--data-binary @bundle.deb \
"http://nexus-prod-lb-384239604.us-west-2.elb.amazonaws.com/repository/deb-$1/"
}
if [[ "$GITHUB_REF_NAME" =~ HHVM-([0-9]+\.[0-9]+)\.[0-9]+ ]]
then
upload release-"${BASH_REMATCH[1]}"
upload release
elif [[ "$GITHUB_REF_NAME" =~ nightly-([0-9]+\.[0-9]+\.[0-9]+) ]]
then
upload nightly
fi
if [[ "$GITHUB_REF_NAME" =~ HHVM-([0-9]+\.[0-9]+)\.[0-9]+ ]]
then
upload release-"${BASH_REMATCH[1]}"
upload release
elif [[ "$GITHUB_REF_NAME" =~ nightly-([0-9]+\.[0-9]+\.[0-9]+) ]]
then
upload nightly
fi

0 comments on commit ac03eb6

Please sign in to comment.