Skip to content

Commit

Permalink
initial migration from ea97fef2cc04affbb8d14bb3ba30424fb0cee92e commi…
Browse files Browse the repository at this point in the history 
…t from install-flox-action
  • Loading branch information
@garbas
garbas committed May 31, 2024
0 parents commit b6dfe2c
Show file tree
Hide file tree
Showing 42 changed files with 94,940 additions and 0 deletions.
1 change: 1 addition & 0 deletions .envrc
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
use flake
1 change: 1 addition & 0 deletions .gitattributes
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
dist/** -diff linguist-generated=true
5 changes: 5 additions & 0 deletions .github/codeql/codeql-config.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
name: JavaScript CodeQL Configuration

paths-ignore:
- node_modules
- dist
35 changes: 35 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
version: 2
updates:

- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
open-pull-requests-limit: 1
commit-message:
prefix: "chore"
include: "scope"
groups:
all:
patterns:
- "*"
labels:
- "chore"
- "team-developer-support"

- package-ecosystem: "npm"
directory: '/'
schedule:
interval: "weekly"
open-pull-requests-limit: 1
commit-message:
prefix: "chore"
include: "scope"
groups:
all:
patterns:
- "*"
labels:
- "chore"
- "team-developer-support"

213 changes: 213 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,213 @@
name: "CI"

on:
pull_request:
push:
branches:
- "main"
schedule:
- cron: '20 2 * * *'

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:

test-javascript:
name: "JavaScript Tests"
runs-on: ${{ matrix.os }}

strategy:
matrix:
os:
- "ubuntu-latest"
- "ghcr.io/cirruslabs/macos-sonoma-xcode:latest"

steps:
- name: "Checkout"
uses: "actions/checkout@v4"

- name: "Install Nix"
uses: "cachix/install-nix-action@V27"

- name: "Cache Dependencies"
id: cache
uses: "actions/cache@8070854e57d983bdd2887b0a708ad985f77398ab"
env:
GITHUB_ACTIONS_RUNNER_FORCED_NODE_VERSION: node20
with:
key: npm-${{ matrix.os }}-${{ hashFiles('package-lock.json') }}
path: ./node_modules
restore-keys: |
npm-feature-${{ matrix.os }}-${{ hashFiles('package-lock.json') }}
npm-feature-${{ matrix.os }}-
npm-feature-
npm-
- name: "Install Dependencies"
if: steps.cache.outputs.cache-hit != 'true'
run: nix develop --command npm ci

- name: "Check Format"
run: nix develop --command npm run format:check

- name: "Test"
run: nix develop --command npm run ci-test

test-minimal-action:
name: "Minimal - Github Action Test"
runs-on: ${{ matrix.os }}

strategy:
matrix:
os:
- "ubuntu-latest"
- "ghcr.io/cirruslabs/macos-sonoma-xcode:latest"
# TODO: test with different flox versions
#flox-version:
# - stable
# - prerelease

steps:
- name: "Checkout"
uses: "actions/checkout@v4"

- name: "Test Local Action"
uses: "./"
with:
github-access-token: "${{ secrets.MANAGED_GITHUB_ACCESS_TOKEN }}"

- name: "Test: flox --version"
run: |
flox --version
test-all-action:
name: "All - Github Action Test"
runs-on: ${{ matrix.os }}

strategy:
matrix:
os:
- "ubuntu-latest"
- "ghcr.io/cirruslabs/macos-sonoma-xcode:latest"

steps:
- name: "Checkout"
uses: "actions/checkout@v4"

- name: "Setup Tailscale"
if: ${{ runner.os == 'Linux' }}
uses: "tailscale/github-action@v2"
with:
args: "--timeout 30s --login-server ${{ vars.MANAGED_TAILSCALE_URL }}"
tags: tag:ci
authkey: "${{ secrets.MANAGED_TAILSCALE_AUTH_KEY }}"

- name: "Test Local Action"
uses: "./"
with:
github-access-token: "${{ secrets.MANAGED_FLOXBOT_GITHUB_ACCESS_TOKEN_REPO_SCOPE }}"
substituter: "${{ vars.MANAGED_CACHE_PUBLIC_S3_BUCKET }}"
substituter-key: "${{ secrets.MANAGED_CACHE_PUBLIC_SECRET_KEY }}"
aws-access-key-id: "${{ secrets.MANAGED_CACHE_PUBLIC_AWS_ACCESS_KEY_ID }}"
aws-secret-access-key: "${{ secrets.MANAGED_CACHE_PUBLIC_AWS_SECRET_ACCESS_KEY }}"
ssh-key: "${{ secrets.MANAGED_FLOXBOT_SSH_KEY }}"
remote-builders: "${{ runner.os == 'Linux' && vars.MANAGED_REMOTE_BUILDERS || '' }}"

- name: "Test Remote Builders"
if: ${{ runner.os == 'Linux' }} # tailscale Action does not work on MacOS
env:
# XXX: This is needed until we are in this limbo state and our "new" ui is
# not ready yet
FLOX_BASH_PASSTHRU: true
run: |
export NIX_CONFIG="experimental-features = nix-command flakes"
RAND=$RANDOM
nix build -vv -L --impure --expr '(with import <nixpkgs> { system = "x86_64-linux"; }; runCommand "foo-'"$RAND"'" {} "uname -mo > $out")'
nix build -vv -L --impure --expr '(with import <nixpkgs> { system = "aarch64-linux"; }; runCommand "foo-'"$RAND"'" {} "uname -mo > $out")'
nix build -vv -L --impure --expr '(with import <nixpkgs> { system = "x86_64-darwin"; }; runCommand "foo-'"$RAND"'" {} "uname -mo > $out")'
nix build -vv -L --impure --expr '(with import <nixpkgs> { system = "aarch64-darwin"; }; runCommand "foo-'"$RAND"'" {} "uname -mo > $out")'
cd example
nix build --no-write-lock-file
echo "contents of /tmp/drv-paths:"
cat /tmp/drv-paths
test-nix-action:
name: "Nix - test integration with Nix"
runs-on: ${{ matrix.os }}

strategy:
matrix:
os:
- "ubuntu-latest"
- "ghcr.io/cirruslabs/macos-sonoma-xcode:latest"

steps:
- name: "Checkout"
uses: "actions/checkout@v4"

- name: "Install Nix"
uses: "cachix/install-nix-action@V27"
with:
nix_path: nixpkgs=channel:nixos-unstable

- name: "Setup Tailscale"
if: ${{ runner.os == 'Linux' }}
uses: "tailscale/github-action@v2"
with:
args: "--timeout 30s --login-server ${{ vars.MANAGED_TAILSCALE_URL }}"
tags: tag:ci
authkey: "${{ secrets.MANAGED_TAILSCALE_AUTH_KEY }}"

- name: "Test Local Action"
uses: "./"
with:
github-access-token: "${{ secrets.MANAGED_FLOXBOT_GITHUB_ACCESS_TOKEN_REPO_SCOPE }}"
substituter: "${{ vars.MANAGED_CACHE_PUBLIC_S3_BUCKET }}"
substituter-key: "${{ secrets.MANAGED_CACHE_PUBLIC_SECRET_KEY }}"
aws-access-key-id: "${{ secrets.MANAGED_CACHE_PUBLIC_AWS_ACCESS_KEY_ID }}"
aws-secret-access-key: "${{ secrets.MANAGED_CACHE_PUBLIC_AWS_SECRET_ACCESS_KEY }}"
ssh-key: "${{ secrets.MANAGED_FLOXBOT_SSH_KEY }}"
remote-builders: "${{ runner.os == 'Linux' && vars.MANAGED_REMOTE_BUILDERS || '' }}"

- name: "Test Remote Builders"
if: ${{ runner.os == 'Linux' }}
env:
# XXX: This is needed until we are in this limbo state and our "new" ui is
# not ready yet
FLOX_BASH_PASSTHRU: true
run: |
export NIX_CONFIG="experimental-features = nix-command flakes"
RAND=$RANDOM
nix build -L --impure --expr '(with import <nixpkgs> { system = "x86_64-linux"; }; runCommand "foo-'"$RAND"'" {} "uname -mo > $out")'
nix build -L --impure --expr '(with import <nixpkgs> { system = "aarch64-linux"; }; runCommand "foo-'"$RAND"'" {} "uname -mo > $out")'
nix build -L --impure --expr '(with import <nixpkgs> { system = "x86_64-darwin"; }; runCommand "foo-'"$RAND"'" {} "uname -mo > $out")'
nix build -L --impure --expr '(with import <nixpkgs> { system = "aarch64-darwin"; }; runCommand "foo-'"$RAND"'" {} "uname -mo > $out")'
cd example
nix build --no-write-lock-file
report-failure:
name: "Report Failure"
runs-on: "ubuntu-latest"

if: ${{ failure() && github.ref == 'refs/heads/main' && (github.event_name == 'push' || github.event_name == 'schedule') }}

needs:
- "test-javascript"
- "test-minimal-action"
- "test-all-action"
- "test-nix-action"

steps:
- name: "Slack Notification"
uses: "rtCamp/action-slack-notify@v2"
env:
SLACK_TITLE: "Something broke CI for flox/flox on main"
SLACK_FOOTER: "Thank you for caring"
SLACK_WEBHOOK: "${{ secrets.MANAGED_SLACK_WEBHOOK }}"
SLACK_USERNAME: "GitHub"
SLACK_ICON_EMOJI: ":poop:"
SLACK_COLOR: "#ff2800" # ferrari red -> https://encycolorpedia.com/ff2800
SLACK_LINK_NAMES: true
52 changes: 52 additions & 0 deletions .github/workflows/update-dist.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
# In JavaScript actions, `dist/index.js` is a special file. When you reference
# an action with `uses:`, `dist/index.js` is the code that will be run. For this
# project, the `dist/index.js` file is generated from other source files through
# the build process. We need to make sure that the checked-in `dist/index.js`
# file matches what is expected from the build.
#
# This workflow will fail if the checked-in `dist/index.js` file does not match
# what is expected from the build.
name: "Update dist/index.js"

on:
push:
branches:
- main
paths-ignore:
- '**.md'
pull_request:
paths-ignore:
- '**.md'
workflow_dispatch:

jobs:
check-dist:
name: "Check dist/"
runs-on: ubuntu-latest

permissions:
contents: read
statuses: write

steps:
- name: "Checkout"
uses: actions/checkout@v4

- name: "Install Nix"
uses: cachix/install-nix-action@V27

- name: "Install Dependencies"
run: nix develop --command npm ci

- name: "Build dist/ Directory"
run: nix develop --command npm run all

- name: "Compare Expected and Actual Directories"
id: diff
run: git status

- name: "Commit changes"
uses: stefanzweifel/git-auto-commit-action@v5
with:
file_pattern: "dist/index.js badges/coverage.svg"
commit_message: "chore(deps): Update dist/"
22 changes: 22 additions & 0 deletions .github/workflows/update-flake-lock.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
name: "Update flake.lock"

on:
workflow_dispatch: # allows manual triggering
schedule:
- cron: '0 0 * * 0' # runs weekly on Sunday at 00:00

jobs:
lockfile:
runs-on: ubuntu-latest
steps:

- name: "Checkout"
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: "Install Nix"
uses: cachix/install-nix-action@V27

- name: "Update flake.lock"
uses: DeterminateSystems/update-flake-lock@v21
Loading

0 comments on commit b6dfe2c

Please sign in to comment.