fix for CI

2023-06-15 22:06:44 +03:00 · 2023-06-15 22:06:44 +03:00 · 75b6aad7a9
commit 75b6aad7a9
parent 3528cd4006
6 changed files with 65 additions and 15 deletions
--- a/.github/workflows/cache.yml
+++ b/.github/workflows/cache.yml
@ -29,5 +29,5 @@ jobs:
        nix run github:AtaraxiaSjel/attic#attic -- login dev https://cache.ataraxiadev.com/ ${{ secrets.ATTIC_TOKEN }}
    - name: Build system and push to cache
      run: |
-        nix shell -f . nix-build-uncached -c nix-build-uncached ci.nix
-        nix run github:AtaraxiaSjel/attic#attic -- attic push ataraxiadev ./result*
+        nix develop .#ci -c nix-build-uncached ci.nix
+        nix develop .#ci -c attic push ataraxiadev ./result*
--- a/.github/workflows/iso.yml
+++ b/.github/workflows/iso.yml
@ -29,7 +29,7 @@ jobs:
    - name: Push ISO to artifacts
      uses: actions/upload-artifact@v3
      with:
-        name: nix-flakes.iso
+        name: nix-flakes.iso.zip
        path: result/iso/*.iso
        if-no-files-found: error
        retention-days: 30
--- a/ci.nix
+++ b/ci.nix
@ -1,6 +1,7 @@
 let
  outputs = builtins.getFlake (toString ./.);
-  pkgs = outputs.inputs.nixpkgs;
-  host-workstation = pkgs.lib.collect pkgs.lib.isDerivation outputs.packages.x86_64-linux.host-workstation;
-  host-hypervisor = pkgs.lib.collect pkgs.lib.isDerivation outputs.packages.x86_64-linux.host-hypervisor;
-in host-workstation ++ host-hypervisor
+  system = "x86_64-linux";
+  pkgs = import outputs.inputs.nixpkgs { inherit system; };
+  host-workstation = (pkgs.callPackage ./scripts/force_cached.nix {}) outputs.packages.x86_64-linux.host-workstation;
+  host-hypervisor = (pkgs.callPackage ./scripts/force_cached.nix {}) outputs.packages.x86_64-linux.host-hypervisor;
+in host-workstation // host-hypervisor
--- a/flake.nix
+++ b/flake.nix
@ -159,8 +159,7 @@
    };

    outputsBuilder = channels: let
-      pkgs = channels.unstable;
-      pkgs-zfs = channels.unstable-zfs;
+      pkgs = channels.unstable-zfs;
      # FIXME: nixos-rebuild with --flake flag doesn't work with doas
      rebuild = pkgs.writeShellScriptBin "rebuild" ''
        if [[ -z $1 ]]; then
@ -187,12 +186,21 @@
        nix flake lock --update-input hyprland
      '';
    in {
-      devShells.default = channels.unstable.mkShell {
-        name = "aliases";
-        packages = with pkgs; [
-          rebuild update-vscode upgrade upgrade-hyprland
-          nixfmt nixpkgs-fmt statix vulnix deadnix
-        ];
+      devShells = {
+        default = pkgs.mkShell {
+          name = "aliases";
+          packages = with pkgs; [
+            rebuild update-vscode upgrade upgrade-hyprland
+            nixfmt nixpkgs-fmt statix vulnix deadnix
+          ];
+        };
+        ci = pkgs.mkShell {
+          name = "ci";
+          packages = with pkgs; [
+            inputs.attic.packages.${pkgs.system}.attic
+            nix-build-uncached
+          ];
+        };
      };
      packages = {
        Flakes-ISO = nixos-generators.nixosGenerate {
--- a/profiles/nix/default.nix
+++ b/profiles/nix/default.nix
@ -29,6 +29,7 @@ with config.deviceSpecific; {
        "https://hyprland.cachix.org"
        "https://ataraxiadev-foss.cachix.org"
        "https://cache.ataraxiadev.com/ataraxiadev"
+        "https://numtide.cachix.org"
      ];
      trusted-public-keys = [
        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
@ -37,6 +38,7 @@ with config.deviceSpecific; {
        "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
        "ataraxiadev-foss.cachix.org-1:ws/jmPRUF5R8TkirnV1b525lP9F/uTBsz2KraV61058="
        "ataraxiadev:V/fCdvz1bMsQzYZcLltcAULST+MoChv53EfedmyJ8Uw="
+        "numtide.cachix.org-1:2ps1kLBUWjxIneOy1Ik6cQjb41X0iXVXeHigGmycPPE="
      ];
      trusted-users = [ "root" config.mainuser "@wheel" ];
      use-xdg-base-directories = true;
--- a/scripts/force_cached.nix
+++ b/scripts/force_cached.nix
@ -0,0 +1,39 @@
+{ coreutils }:
+
+attrs:
+with builtins;
+let
+  # Copied from <nixpkgs/lib>
+  isDerivation = x: isAttrs x && x ? type && x.type == "derivation";
+
+  # Return true if `nix-build` would traverse that attribute set to look for
+  # more derivations to build.
+  hasRecurseIntoAttrs = x: isAttrs x && (x.recurseForDerivations or false);
+
+  # Wraps derivations that disallow substitutes so that they can be cached.
+  toCachedDrv = drv:
+    if !(drv.allowSubstitutes or true) then
+      derivation
+        {
+          name = "${drv.name}-to-cached";
+          system = drv.system;
+          builder = "/bin/sh";
+          args = [ "-c" "${coreutils}/bin/ln -s ${drv} $out; exit 0" ];
+        }
+    else
+      drv;
+
+  op = _: val:
+    if isDerivation val then
+      toCachedDrv val
+    else if hasRecurseIntoAttrs val then
+      forceCached val
+    else
+      val
+  ;
+
+  # Traverses a tree of derivation and wrap all of those that disallow
+  # substitutes.
+  forceCached = attrs: mapAttrs op attrs;
+in
+forceCached attrs