Skip to content

GHA: Update install-nix-action and checkout #234

GHA: Update install-nix-action and checkout

GHA: Update install-nix-action and checkout #234

Workflow file for this run

---
# This workflow runs when PRs are merged and tags/builds/publishes a release.
# Run when PRs to main are closed.
on:
pull_request:
types:
- closed
branches:
- main
name: Build and publish a release
jobs:
# We make `if_merged` a `needs:` of the other jobs here to only run this
# workflow on merged PRs.
if_merged:
name: Check that PR was merged and not closed
if: github.event.pull_request.merged == true
&& contains(github.event.pull_request.labels.*.name, 'release')
runs-on: ubuntu-latest
steps:
- run: |
echo "This is a canonical hack to run GitHub Actions on merged PRs"
echo "See: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#running-your-pull_request-workflow-when-a-pull-request-merges"
- name: Comment on PR with link to this action
uses: peter-evans/create-or-update-comment@67dcc547d311b736a8e6c5c236542148a47adc3d # v2.1.1
with:
issue-number: ${{ github.event.pull_request.number }}
body: |
[This release is now being built.][run]
[run]: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
version:
name: Get version number
needs: if_merged
runs-on: ubuntu-latest
outputs:
version: ${{ steps.get_cargo_metadata.outputs.version }}
steps:
- name: Checkout code
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: cachix/install-nix-action@7be5dee1421f63d07e71ce6e0a9f8a4b07c2a487 # v31.6.1
with:
github_access_token: ${{ secrets.GITHUB_TOKEN }}
extra_nix_config: |
extra-experimental-features = nix-command flakes
accept-flake-config = true
- name: Get version number
id: get_cargo_metadata
run: echo "version=$(nix run .#get-crate-version)" >> "$GITHUB_OUTPUT"
build:
name: Release Build
# Now we're ready to do the release build. In this step, we upload
# "artifacts" which lets us share files between jobs (the artifacts are
# downloaded by the next job, `upload`) and aggregate files from different
# parts of the matrix (so we can have the macOS and Linux executables in
# the next job).
needs: if_merged
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest, macos-latest]
steps:
- name: Checkout code
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Install rustup
uses: dtolnay/rust-toolchain@4305c38b25d97ef35a8ad1f985ccf2d2242004f2 # stable
if: runner.os == 'macOS'
with:
target: x86_64-apple-darwin, aarch64-apple-darwin
- name: Log versions
if: runner.os == 'macOS'
run: which -a rustup && rustup --version
- name: Build (macOS, x86_64)
if: runner.os == 'macOS'
# Nix cross-compilation is broken on macOS, but cargo works fine.
# See: https://github.com/NixOS/nixpkgs/issues/180771
run: cargo build --release --target x86_64-apple-darwin
- name: Build (macOS, aarch64)
if: runner.os == 'macOS'
run: cargo build --release --target aarch64-apple-darwin
- name: Create macOS universal executable
if: runner.os == 'macOS'
run: |
lipo -create -output target/release/ghciwatch-macos \
target/x86_64-apple-darwin/release/ghciwatch \
target/aarch64-apple-darwin/release/ghciwatch
- uses: cachix/install-nix-action@7be5dee1421f63d07e71ce6e0a9f8a4b07c2a487 # v31.6.1
if: runner.os == 'Linux'
with:
github_access_token: ${{ secrets.GITHUB_TOKEN }}
extra_nix_config: |
extra-experimental-features = nix-command flakes
accept-flake-config = true
- name: Create target directory (Linux)
if: runner.os == 'Linux'
run: mkdir -p target/
- name: Build (Linux, x86_64)
if: runner.os == 'Linux'
run: |
mkdir -p target/
RESULT=$(nix build --no-link --print-out-paths --print-build-logs .#ghciwatch)
cp "$RESULT/bin/ghciwatch" target/ghciwatch-x86_64-linux
- name: Build (Linux, aarch64)
if: runner.os == 'Linux'
run: |
RESULT=$(nix build --no-link --print-out-paths --print-build-logs .#ghciwatch-aarch64-linux)
cp "$RESULT/bin/ghciwatch" target/ghciwatch-aarch64-linux
- name: Build user manual
if: runner.os == 'Linux'
run: |
RESULT=$(nix build --no-link --print-out-paths --print-build-logs .#ghciwatch.user-manual-tar-xz)
cp "$RESULT" target/ghciwatch-user-manual.tar.xz
- name: Upload macOS executable
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: runner.os == 'macOS'
with:
name: macos
path: target/release/ghciwatch-macos
- name: Upload Linux executables
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: runner.os == 'Linux'
with:
name: linux
path: |
target/ghciwatch-x86_64-linux
target/ghciwatch-aarch64-linux
target/ghciwatch-user-manual.tar.xz
- name: Publish to crates.io
if: runner.os == 'Linux'
env:
CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
run: |
nix run .#cargo -- publish --no-verify
upload:
name: Upload assets to release
runs-on: ubuntu-latest
needs:
- if_merged
- build
- version
steps:
- name: Tag the release
uses: mathieudutour/github-tag-action@d745f2e74aaf1ee82e747b181f7a0967978abee0 # v6.0
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
commit_sha: ${{ github.event.pull_request.merge_commit_sha }}
custom_tag: ${{ needs.version.outputs.version }}
- name: Download artifacts
# This downloads the uploaded artifacts to the current directory; the
# path format for downloaded artifacts is `{name}/{basename}`, where
# `{basename}` is the basename of the upload `path`.
#
# For example, the following artifact:
#
# - uses: actions/upload-artifact@v4
# with:
# name: linux
# path: target/release/ghciwatch-aarch64-linux
#
# will be downloaded to `linux/ghciwatch-aarch64-linux`.
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
- name: Create release
id: create_release
uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
draft: false
prerelease: false
generate_release_notes: true
tag_name: v${{ needs.version.outputs.version }}
files: |
macos/ghciwatch-macos
linux/ghciwatch-x86_64-linux
linux/ghciwatch-aarch64-linux
linux/ghciwatch-user-manual.tar.xz
- name: Comment on PR with link to the release
uses: peter-evans/create-or-update-comment@67dcc547d311b736a8e6c5c236542148a47adc3d # v2.1.1
with:
issue-number: ${{ github.event.pull_request.number }}
body: |
[Release ${{ needs.version.outputs.version }}][release] was built and published successfully!
[release]: ${{ steps.create_release.outputs.url }}