name: "CI" on: pull_request: push: branches: # NOTE: make sure any branches here are also valid directory names, # otherwise creating the directory and uploading to s3 will fail - detsys-main - main - master merge_group: release: types: - published permissions: id-token: "write" contents: "read" pull-requests: "write" statuses: "write" deployments: "write" jobs: eval: runs-on: UbuntuLatest32Cores128G steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - uses: DeterminateSystems/determinate-nix-action@main - run: nix flake show --all-systems --json build_x86_64-linux: uses: ./.github/workflows/build.yml with: system: x86_64-linux runner: namespace-profile-linuxamd32c64g-cache runner_for_virt: UbuntuLatest32Cores128G runner_small: ubuntu-latest run_tests: true run_vm_tests: true run_regression_tests: true publish_manual: true secrets: manual_netlify_auth_token: ${{ secrets.NETLIFY_AUTH_TOKEN }} manual_netlify_site_id: ${{ secrets.NETLIFY_SITE_ID }} build_aarch64-linux: uses: ./.github/workflows/build.yml with: if: ${{ github.event_name != 'pull_request' }} system: aarch64-linux runner: UbuntuLatest32Cores128GArm runner_for_virt: UbuntuLatest32Cores128GArm runner_small: UbuntuLatest32Cores128GArm build_x86_64-darwin: uses: ./.github/workflows/build.yml with: if: ${{ github.event_name != 'pull_request' }} system: x86_64-darwin runner: macos-latest-large runner_for_virt: macos-latest-large runner_small: macos-latest-large run_tests: false build_aarch64-darwin: uses: ./.github/workflows/build.yml with: system: aarch64-darwin runner: namespace-profile-mac-m2-12c28g runner_for_virt: namespace-profile-mac-m2-12c28g runner_small: macos-latest-xlarge success: runs-on: ubuntu-latest needs: - eval - build_x86_64-linux - build_aarch64-linux - build_x86_64-darwin - build_aarch64-darwin if: ${{ always() }} steps: - run: "true" - run: | echo "A dependent in the build matrix failed:" echo "$needs" exit 1 env: needs: ${{ toJSON(needs) }} if: | contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') - uses: actions/checkout@v4 - uses: DeterminateSystems/determinate-nix-action@main - name: Create artifacts directory run: mkdir -p ./artifacts - name: Fetch artifacts uses: actions/download-artifact@v4 with: path: downloaded - name: Move downloaded artifacts to artifacts directory run: | for dir in ./downloaded/*; do arch="$(basename "$dir")" mv "$dir"/*.xz ./artifacts/"${arch}" done - name: Build fallback-paths.nix if: ${{ github.event_name != 'pull_request' }} run: | nix build .#fallbackPathsNix --out-link fallback cat fallback > ./artifacts/fallback-paths.nix - uses: DeterminateSystems/push-artifact-ids@main with: s3_upload_role: ${{ secrets.AWS_S3_UPLOAD_ROLE_ARN }} bucket: ${{ secrets.AWS_S3_UPLOAD_BUCKET_NAME }} directory: ./artifacts ids_project_name: determinate-nix ids_binary_prefix: determinate-nix skip_acl: true allowed_branches: '["detsys-main"]' publish: needs: - success if: (!github.repository.fork && (github.ref == format('refs/heads/{0}', github.event.repository.default_branch) || startsWith(github.ref, 'refs/tags/'))) environment: ${{ github.event_name == 'release' && 'production' || '' }} runs-on: ubuntu-latest permissions: contents: read id-token: write steps: - uses: actions/checkout@v4 - uses: DeterminateSystems/determinate-nix-action@main - uses: DeterminateSystems/flakehub-push@main with: rolling: ${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }} visibility: "public" tag: "${{ github.ref_name }}"