Implement Nix CI workflow on GitHub instead of CircleCI

btlogy · btlogy · commit 4f429fd3d5ab · 2024-12-04T00:49:53.000+01:00
Signed-off-by: Benoit Donneaux &lt;benoit@leastauthority.com&gt;
diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml
@@ -0,0 +1,156 @@
+name: Nix
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - '.github/workflows/nix.yml'
+      - 'flake.*'
+      - 'setup.cfg'
+      - '*.nix'
+      - '*.py'
+      - '*.ini'
+  pull_request:
+    paths:
+      - '.github/workflows/nix.yml'
+      - 'flake.*'
+      - 'setup.cfg'
+      - '*.nix'
+      - '*.py'
+      - '*.ini'
+
+jobs:
+  check:
+    runs-on: ubuntu-22.04
+    outputs:
+      NIXPKGS: ${{ steps.prep.outputs.NIXPKGS }}
+      NIX_PATH: ${{ steps.prep.outputs.NIX_PATH }}
+    env:
+      nixpkgs: nixos-24_05
+    steps:
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@v4
+
+      - name: Install nix
+        id: install_nix
+        uses: nixbuild/nix-quick-install-action@v28
+
+      - name: Show the flake
+        id: show
+        run: |
+          nix flake show
+
+      - name: Check the flake
+        id: check
+        env:
+          # FIXME: Our python39 package depends on some broken zope
+          NIXPKGS_ALLOW_BROKEN: 1
+        run: |
+          nix flake check --impure
+
+      - name: Restore and cache Nix store for nixpkgs-${{ env.nixpkgs }}
+        uses: nix-community/cache-nix-action@v5
+        with:
+          # restore and save a cache using this key
+          primary-key: nixpkgs-${{ env.nixpkgs }}-${{ hashFiles('flake.*', '*.nix') }}
+          # if there's no cache hit, restore a cache by this prefix
+          restore-prefixes-first-match: nixpkgs-${{ env.nixpkgs }}-
+          # collect garbage until Nix store size (in bytes) is at most this number
+          # before trying to save a new cache
+          gc-max-store-size-linux: 1073741824
+          # do purge caches
+          purge: true
+          # purge all versions of the cache
+          purge-prefixes: nixpkgs-${{ env.nixpkgs }}-
+          # created more than 0 seconds ago relative to the start of the `Post Restore` phase
+          purge-created: 0
+          # except the version with the `primary-key`, if it exists
+          purge-primary-key: never
+
+      - name: Prepare environment
+        id: prep
+        run: |
+          # Get the reference to the nixpkgs pinned in the flake - dirty way
+          NIXPKGS=$(nix flake metadata | grep -E '[^\w]+nixpkgs-${{ matrix.nixpkgs }}[^\w]+:' | cut -d' ' -f2 | cut -d'?' -f1)
+          NIX_PATH=nixpkgs=https://github.com/NixOS/nixpkgs/archive/${NIXPKGS##*/}.tar.gz
+          # Pass those variables to the next steps and jobs
+          echo NIXPKGS=$NIXPKGS | tee -a $GITHUB_ENV >> $GITHUB_OUTPUT
+          echo NIX_PATH=$NIX_PATH | tee -a $GITHUB_ENV >> $GITHUB_OUTPUT
+
+      - name: Generate version
+        # The Nix package doesn't know how to do this part, unfortunately.
+        run: |
+          nix-shell \
+            -p 'python3.withPackages (ps: [ ps.setuptools ])' \
+            --run 'python setup.py update_version'
+
+  packaging:
+    runs-on: ubuntu-22.04
+    needs: check
+    env:
+      NIXPKGS: ${{ needs.check.outputs.NIXPKGS }}
+      NIX_PATH: ${{ needs.check.outputs.NIX_PATH }}
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version:
+          - 310
+          - 311
+        nixpkgs:
+          - nixos-24_05
+    steps:
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@v4
+
+      - name: Install nix
+        id: install_nix
+        uses: nixbuild/nix-quick-install-action@v28
+
+      - name: Restore and cache Nix store for nixpkgs-${{ matrix.nixpkgs }}
+        uses: nix-community/cache-nix-action@v5
+        with:
+          # restore and save a cache using this key
+          primary-key: python${{ matrix.python-version }}-nixpkgs-${{ matrix.nixpkgs }}-${{ hashFiles('flake.*', '*.nix') }}
+          # if there's no cache hit, restore a cache by this prefix
+          restore-prefixes-first-match: nixpkgs-${{ matrix.nixpkgs }}-
+          # collect garbage until Nix store size (in bytes) is at most this number
+          # before trying to save a new cache
+          gc-max-store-size-linux: 1073741824
+          # do purge caches
+          purge: true
+          # purge all versions of the cache
+          purge-prefixes: python${{ matrix.python-version }}-nixpkgs-${{ matrix.nixpkgs }}-
+          # created more than 0 seconds ago relative to the start of the `Post Restore` phase
+          purge-created: 0
+          # except the version with the `primary-key`, if it exists
+          purge-primary-key: never
+
+      - name: Build package
+        env:
+          # CircleCI build environment looks like it has a zillion and a half cores.
+          # Don't let Nix autodetect this high core count because it blows up memory
+          # usage and fails the test run.  Pick a number of cores that suits the build
+          # environment we're paying for (the free one!).
+          DEPENDENCY_CORES: 3
+        run: |
+          nix build \
+            --verbose \
+            --print-build-logs \
+            --cores "$DEPENDENCY_CORES" \
+            --override-input nixpkgs "$NIXPKGS" \
+            .#python${{ matrix.python-version }}-tahoe-lafs
+
+      - name: Unit test
+        env:
+          # Once dependencies are built, we can allow some more concurrency for our own
+          # test suite.
+          UNITTEST_CORES: 8
+        run: |
+          nix run \
+            --override-input nixpkgs "$NIXPKGS" \
+            .#python${{ matrix.python-version }}-unittest -- \
+            --jobs $UNITTEST_CORES \
+            allmydata
