Initial commit #14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Check, test, clippy | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| CARGO_INCREMENTAL: 0 | |
| CARGO_TERM_COLOR: always | |
| NIX_SIGNING_PUBLIC_KEY: "ellipsis-labs:eug33YU0s2/K/BgiOtEta1cwNIzERtIybNATLOBsrEA=" | |
| NIX_CACHE_URI: "s3://atlas-nix-cache?compression=zstd¶llel-compression=true&endpoint=6a2b885167c20bd5dd1d3bcb4b09760f.r2.cloudflarestorage.com" | |
| jobs: | |
| check: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - run: rustup update | |
| - uses: ./.github/actions/rust-cache | |
| with: | |
| cache-name: check | |
| - run: cargo check --all-targets | |
| test: | |
| runs-on: ${{ matrix.os }} | |
| needs: [check] | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - run: rustup update | |
| - uses: ./.github/actions/rust-cache | |
| with: | |
| cache-name: test | |
| - name: Install cargo-binstall | |
| uses: cargo-bins/cargo-binstall@main | |
| - name: Install cargo-nextest | |
| run: cargo binstall --no-confirm cargo-nextest | |
| - run: cargo nextest run --profile ci --cargo-profile ci | |
| clippy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - run: rustup update | |
| - uses: ./.github/actions/rust-cache | |
| with: | |
| cache-name: clippy | |
| - run: cargo clippy --all-targets -- -D warnings | |
| fmt: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - run: rustup toolchain install nightly --component rustfmt | |
| - run: cargo +nightly fmt --check | |
| deny: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install cargo-binstall | |
| uses: cargo-bins/cargo-binstall@main | |
| - name: Install cargo-deny | |
| run: cargo binstall --no-confirm cargo-deny | |
| - run: cargo deny check | |
| audit: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install cargo-binstall | |
| uses: cargo-bins/cargo-binstall@main | |
| - name: Install cargo-audit | |
| run: cargo binstall --no-confirm cargo-audit | |
| - run: cargo audit | |
| cross-build: | |
| runs-on: ${{ matrix.target.runner }} | |
| needs: [test, clippy, fmt, deny, audit] | |
| strategy: | |
| matrix: | |
| target: | |
| - { arch: x86_64-linux, runner: ubuntu-latest } | |
| - { arch: aarch64-linux, runner: ubuntu-latest } | |
| - { arch: aarch64-darwin, runner: macos-latest } | |
| - { arch: x86_64-darwin, runner: macos-latest } | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Configure R2 credentials | |
| uses: ./.github/actions/setup-r2-credentials | |
| with: | |
| r2-access-key-id: ${{ secrets.R2_ACCESS_KEY_ID }} | |
| r2-secret-access-key: ${{ secrets.R2_SECRET_ACCESS_KEY }} | |
| - name: Install nix | |
| uses: nixbuild/nix-quick-install-action@v32 | |
| with: | |
| nix_conf: | | |
| substituters = ${{ env.NIX_CACHE_URI }} https://cache.nixos.org/ | |
| extra-trusted-public-keys = ${{ env.NIX_SIGNING_PUBLIC_KEY }} | |
| - uses: ./.github/actions/rust-cache | |
| with: | |
| cache-name: cross-build | |
| - name: Determine rust target | |
| id: rust-target | |
| run: | | |
| case "${{ matrix.target.arch }}" in | |
| "x86_64-linux") | |
| echo "rust_target=x86_64-unknown-linux-musl" >> $GITHUB_OUTPUT | |
| ;; | |
| "aarch64-linux") | |
| echo "rust_target=aarch64-unknown-linux-musl" >> $GITHUB_OUTPUT | |
| ;; | |
| "x86_64-darwin") | |
| echo "rust_target=x86_64-apple-darwin" >> $GITHUB_OUTPUT | |
| ;; | |
| "aarch64-darwin") | |
| echo "rust_target=aarch64-apple-darwin" >> $GITHUB_OUTPUT | |
| ;; | |
| esac | |
| - name: Capture Nix store before build | |
| id: nix-store-before | |
| run: | | |
| # Capture current nix store paths before nix develop | |
| nix path-info --all | cut -d' ' -f1 | sort > /tmp/store-before.txt | |
| echo "Store paths captured: $(wc -l < /tmp/store-before.txt)" | |
| - name: Build binary | |
| run: | | |
| nix develop .#crossBuildShell-${{ matrix.target.arch }} -c \ | |
| cargo build --locked --release | |
| - name: Upload artifacts from cross-build | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: cargo-ferris-wheel-${{ matrix.target.arch }} | |
| path: target/${{ steps.rust-target.outputs.rust_target }}/release/cargo-ferris-wheel | |
| retention-days: 5 | |
| if-no-files-found: error | |
| - name: Upload new Nix store paths to cache | |
| run: | | |
| # Capture nix store paths after nix develop | |
| nix path-info --all | cut -d' ' -f1 | sort > /tmp/store-after.txt | |
| # Find new paths that were built locally | |
| NEW_PATHS=$(comm -13 /tmp/store-before.txt /tmp/store-after.txt) | |
| if [ -n "$NEW_PATHS" ]; then | |
| echo "Found new store paths to upload:" | |
| echo "$NEW_PATHS" | head -20 || true | |
| echo "Total new paths: $(echo "$NEW_PATHS" | wc -l)" | |
| echo ${{ secrets.NIX_SIGNING_KEY }} >> /tmp/nix-signing-key.txt | |
| # The nix-installer-with-cache action sets up the signing key in nix.conf | |
| # Upload new paths to R2 cache with proper signing | |
| echo "$NEW_PATHS" | xargs nix copy --to "${{ env.NIX_CACHE_URI }}&secret-key=/tmp/nix-signing-key.txt" || { | |
| echo "Warning: Some paths failed to upload, but continuing..." | |
| } | |
| else | |
| echo "No new store paths found - all dependencies were already cached" | |
| fi |