mcp: document register_resource usage + overlay + self-contained HTML #3020
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Check | |
| on: | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - "*" | |
| pull_request: | |
| branches: | |
| - main | |
| # Required status for the merge queue: GitHub fires `merge_group` against a | |
| # temporary `gh-readonly-queue/main/...` ref, and the `main` ruleset demands a | |
| # `flake-check` status on it. Without this trigger the check never runs in the | |
| # queue, so every enqueued PR stalls in AWAITING_CHECKS until it times out. | |
| merge_group: | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: check-${{ github.ref }} | |
| cancel-in-progress: ${{ github.event_name == 'pull_request' }} | |
| env: | |
| # The self-hosted runner's Nix daemon owns substituters (the indexable-inc | |
| # Cachix plus the host's local cache), so the job only sets client-side eval | |
| # knobs here rather than installing Nix or managing a GitHub Actions store | |
| # cache. | |
| # | |
| # `accept-flake-config`: consume the flake's nixConfig (the indexable-inc | |
| # Cachix substituter) without an interactive prompt. | |
| # | |
| # `extra-system-features = gccarch-znver5`: every image pins | |
| # `nixpkgs.hostPlatform.gcc.arch = "znver5"`, marking each derivation in the | |
| # closure as needing the `gccarch-znver5` system feature. The runner host | |
| # must advertise it (daemon `system-features`); otherwise the build aborts | |
| # with `missing system features ... Required features: {gccarch-znver5}`. | |
| # | |
| # `max-jobs = auto` builds one derivation per core; `cores = 1` keeps each | |
| # build single-threaded. The closure is wide, so parallelism comes from | |
| # building many derivations at once, not threads inside one build. | |
| # https://nix.dev/manual/nix/2.28/advanced-topics/cores-vs-jobs | |
| # `ca-derivations`: the rust workspace units default to | |
| # `contentAddressed = true` (lib/rust/cargo-unit.nix), so evaluating the | |
| # check / package sets resolves floating content-addressed derivations. | |
| # Without the feature the evaluator aborts with "experimental Nix feature | |
| # 'ca-derivations' is disabled". The flake's nixConfig also declares it (via | |
| # accept-flake-config), but pinning it in the job env covers any sub-eval that | |
| # does not inherit the flake config. | |
| NIX_CONFIG: |- | |
| experimental-features = nix-command flakes ca-derivations | |
| accept-flake-config = true | |
| extra-system-features = gccarch-znver5 | |
| max-jobs = auto | |
| cores = 1 | |
| jobs: | |
| # One job on one runner, on purpose. Every check shares a single | |
| # znver5-tuned nixpkgs base, so fanning the checks across several runners | |
| # would rebuild that shared base on each cold runner (a thundering herd). We | |
| # keep one runner and get parallelism *inside* it from nix-fast-build plus | |
| # `max-jobs = auto`. Branch protection requires a status named `flake-check`; | |
| # this job is it, and it fails iff a check fails to build or the flake stops | |
| # evaluating. | |
| flake-check: | |
| # Dispatched to the org-wide ix-ci-dispatcher (vin-compute-1), the same | |
| # self-hosted runner the ix repo uses. The `ix-ci-run-*` label is claimed | |
| # by that dispatcher, which mints an ephemeral runner per job on a host | |
| # with a warm, persistent /nix/store. See the ix repo's ci.yml for the | |
| # label scheme. | |
| runs-on: ["${{ format('ix-ci-run-{0}-{1}-flake-check', github.run_id, github.run_attempt) }}"] | |
| timeout-minutes: 60 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 | |
| # Run the full gate through the repo-owned `check` app (lib/per-system.nix), | |
| # so CI and a local `nix run .#check` execute the same two commands from one | |
| # definition: nix-fast-build over `.#ciChecks.x86_64-linux`, then nix-eval-jobs | |
| # over `.#packages.x86_64-linux` with the JSON error-line gate. The | |
| # command-specific rationale (tool choice, the worker/memory tuning, why the | |
| # eval cache is off, the error-line gate) and the pinned tool revisions live | |
| # next to that wrapper. The job inherits NIX_CONFIG (above), so the inner | |
| # builds still see `gccarch-znver5` and the eval knobs. Branch protection | |
| # requires a status named `flake-check`; this job is it, and it fails iff a | |
| # check fails to build or the flake stops evaluating. | |
| - name: Build all flake checks | |
| run: nix run .#check | |
| # The `check` app writes nix-fast-build per-attr durations to | |
| # check-results.json in the workspace (see lib/per-system.nix). Upload it | |
| # so the blast-radius workflow can fetch the most recent successful base | |
| # run and annotate the rebuilt-checks list with wall-clock seconds. The | |
| # artifact is data-only, and the upload runs even on a failing build so a | |
| # partial-timings snapshot still beats no timings at all. | |
| - name: Upload check-results.json | |
| if: always() | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: check-timings-${{ github.run_id }} | |
| path: check-results.json | |
| if-no-files-found: warn | |
| retention-days: 30 |