logistic-bot/nix-doom-emacs-unstraightened
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nix-doom-emacs-unstraightened/.github/workflows/ci.yml
Marien Zwart 0e996d2ccb
Rework CI caching, adding tarball cache 
Using the lockfile hash as cache key did not make much sense, since
changes to Unstraightened itself change what we fetch.

And a static restore key means we never flush our cache: that might be
ok if cache size was reasonable, but it is not (over 3 GiB).

Switch to using the date as cache key, and only restore caches from the
current month.

Add tarballs as a second cache.

I considered caching all of ~/.cache/nix, but do not want to find out
the hard way any (new) caches are not portable if I add CI for other
platforms. The tarball-cache seems to be another git tree, so it should
be ok.
2024-05-26 23:01:30 +10:00

119 lines
5 KiB
YAML
Raw Blame History

# Copyright 2024 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This workflow does double duty: it runs checks against PRs/pushes, and it
# updates flake.lock (run from a schedule or manually).
#
# This approach seems simpler than having a separate lockfile-updating workflow
# that creates a PR that gets the normal check workflow ran against it before
# merging, especially since (according to
# https://github.com/DeterminateSystems/update-flake-lock) GitHub Actions does
# not run workflows against PRs created by a GitHub Action.
name: CI
on:
push:
pull_request:
workflow_dispatch:
inputs:
updateFlakeLock:
description: 'Update flake.lock'
default: false
type: boolean
schedule:
- cron: '23 8 * * *' # runs daily at a randomly selected time
jobs:
check:
runs-on: ubuntu-latest
permissions:
id-token: "write"
contents: "write"
steps:
- name: Check out repository
uses: actions/checkout@v4
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@main
- name: Enable Magic Nix Cache
uses: DeterminateSystems/magic-nix-cache-action@main
- name: Update flake.lock
if: github.event_name == 'schedule' || ( github.event_name == 'workflow_dispatch' && inputs.updateFlakeLock )
run: |
git config user.email "github-actions[bot]@users.noreply.github.com"
git config user.name "github-actions[bot]"
nix flake update --commit-lock-file
- name: Check flake.lock
uses: DeterminateSystems/flake-checker-action@main
# Update the caches daily, flush the cache monthly.
- name: Set cache keys
id: cache-keys
run: |
{
echo "key=$(date +'%Y-%m-%d')"
echo "restore=$(date +'%Y-%m-')"
} >> "$GITHUB_OUTPUT"
- name: Cache git checkouts
uses: actions/cache@v4
with:
path: ~/.cache/nix/gitv3
key: nix-gitv3-cache-${{ steps.cache-keys.outputs.key }}
restore-keys: nix-gitv3-cache-${{ steps.cache-keys.outputs.restore }}
- name: Cache tarballs
uses: actions/cache@v4
with:
path: ~/.cache/nix/tarball-cache
key: nix-tarball-cache-${{ steps.cache-keys.outputs.key }}
restore-keys: nix-tarball-cache-${{ steps.cache-keys.outputs.restore }}
- name: nix flake check
run: nix flake check -L --show-trace
- name: Build packages for Cachix
if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
run: nix build .#cachix-packages -L
# Intentionally install Cachix late: build artifacts are cached by Magic
# Nix Cache, only the runtime closure of cachix-packages goes to the
# public Cachix cache.
- name: Install Cachix
if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
uses: cachix/cachix-action@v14
with:
name: doom-emacs-unstraightened
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- name: Push to Cachix
if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
run: readlink result | cachix push doom-emacs-unstraightened
- name: Push changes
if: github.event_name == 'schedule' || ( github.event_name == 'workflow_dispatch' && inputs.updateFlakeLock )
run: git push
# `git push` only works because branch protection is not enabled.
#
# Currently branch protection is not effective anyway, since the only
# contributor (marienz) has admin permissions, and applying branch
# protection to administrators seems to be an "organization" feature.
#
# The supported path seems to be "create a PR and use the API to merge
# it", but that's more work to implement (see above): revisit later.
# TODO: try to improve caching.
#
# We spend a lot of time fetching sources. Caching all of ~/.cache/nix/gitv3 is
# not ideal: it is too large (3GiB) and we don't expire individual checkouts.
# https://github.com/DeterminateSystems/magic-nix-cache/issues/28 may help.
#
# The "magic" nix cache hits usage limits:
#
# 2024-05-18T06:45:19.165515Z ERROR magic_nix_cache::gha: Upload of path '/nix/store/fpq1vaw8vr88a67lc2jspskf2fa7zbvj-emacs-treepy-20230715.2154' failed: GitHub API error: API error (429 Too Many Requests): StructuredApiError { message: "Request was blocked due to exceeding usage of resource 'Count' in namespace ''." }
#
# This might get better as the cache populates, as long as I don't hit size
# limits.
Reference in a new issue View git blame Copy permalink