mirror of
https://github.com/dashpay/dash.git
synced 2024-12-25 20:12:57 +01:00
136 lines
4.9 KiB
YAML
136 lines
4.9 KiB
YAML
name: Guix Build
|
|
|
|
permissions:
|
|
packages: write
|
|
id-token: write
|
|
attestations: write
|
|
|
|
on:
|
|
pull_request_target:
|
|
push:
|
|
|
|
jobs:
|
|
build-image:
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
image-tag: ${{ steps.prepare.outputs.image-tag }}
|
|
repo-name: ${{ steps.prepare.outputs.repo-name }}
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
path: dash
|
|
fetch-depth: 0
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Commit variables
|
|
id: prepare
|
|
run: |
|
|
echo "hash=$(sha256sum ./dash/contrib/containers/guix/Dockerfile | cut -d ' ' -f1)" >> $GITHUB_OUTPUT
|
|
echo "host_user_id=$(id -u)" >> $GITHUB_OUTPUT
|
|
echo "host_group_id=$(id -g)" >> $GITHUB_OUTPUT
|
|
BRANCH_NAME=$(echo "${GITHUB_REF##*/}" | tr '[:upper:]' '[:lower:]')
|
|
REPO_NAME=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]')
|
|
echo "image-tag=${BRANCH_NAME}" >> $GITHUB_OUTPUT
|
|
echo "repo-name=${REPO_NAME}" >> $GITHUB_OUTPUT
|
|
|
|
- name: Login to GitHub Container Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Build Docker image
|
|
uses: docker/build-push-action@v6
|
|
with:
|
|
context: ${{ github.workspace }}/dash
|
|
build-args: |
|
|
USER_ID=${{ steps.prepare.outputs.host_user_id }}
|
|
GROUP_ID=${{ steps.prepare.outputs.host_group_id }}
|
|
build-contexts: |
|
|
docker_root=${{ github.workspace }}/dash/contrib/containers/guix
|
|
file: ./dash/contrib/containers/guix/Dockerfile
|
|
push: true
|
|
tags: |
|
|
ghcr.io/${{ steps.prepare.outputs.repo-name }}/dashcore-guix-builder:${{ steps.prepare.outputs.image-tag }}
|
|
ghcr.io/${{ steps.prepare.outputs.repo-name }}/dashcore-guix-builder:latest
|
|
cache-from: type=registry,ref=ghcr.io/${{ steps.prepare.outputs.repo-name }}/dashcore-guix-builder:latest
|
|
cache-to: type=inline,mode=max
|
|
|
|
build:
|
|
needs: build-image
|
|
# runs-on: [ "self-hosted", "linux", "x64", "ubuntu-core" ]
|
|
runs-on: ubuntu-latest
|
|
# if: ${{ contains(github.event.pull_request.labels.*.name, 'guix-build') }}
|
|
strategy:
|
|
matrix:
|
|
build_target: [x86_64-linux-gnu, arm-linux-gnueabihf, aarch64-linux-gnu, riscv64-linux-gnu, x86_64-w64-mingw32, x86_64-apple-darwin, arm64-apple-darwin]
|
|
|
|
timeout-minutes: 480
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
path: dash
|
|
fetch-depth: 0
|
|
|
|
- name: Cache Guix and depends
|
|
id: guix-cache-restore
|
|
uses: actions/cache@v3
|
|
with:
|
|
path: |
|
|
${{ github.workspace }}/.cache
|
|
${{ github.workspace }}/dash/depends/built
|
|
${{ github.workspace }}/dash/depends/sources
|
|
${{ github.workspace }}/dash/depends/work
|
|
/gnu/store
|
|
key: ${{ runner.os }}-guix-${{ matrix.build_target }}-${{ github.sha }}
|
|
restore-keys: |
|
|
${{ runner.os }}-guix-${{ matrix.build_target }}
|
|
${{ runner.os }}-guix-
|
|
|
|
- name: Create .cache folder if missing
|
|
if: steps.guix-cache-restore.outputs.cache-hit != 'true'
|
|
run: mkdir -p .cache
|
|
|
|
- name: Run Guix build
|
|
timeout-minutes: 480
|
|
run: |
|
|
docker run --privileged -d --rm -t \
|
|
--name guix-daemon \
|
|
-e ADDITIONAL_GUIX_COMMON_FLAGS="--max-jobs=$(nproc --all)" \
|
|
-v ${{ github.workspace }}/dash:/src/dash \
|
|
-v ${{ github.workspace }}/.cache:/home/ubuntu/.cache \
|
|
-w /src/dash \
|
|
ghcr.io/${{ needs.build-image.outputs.repo-name }}/dashcore-guix-builder:${{ needs.build-image.outputs.image-tag }} && \
|
|
docker exec guix-daemon bash -c 'HOSTS=${{ matrix.build_target }} /usr/local/bin/guix-start'
|
|
|
|
- name: Ensure build passes
|
|
run: |
|
|
if [[ $? != 0 ]]; then
|
|
echo "Guix build failed!"
|
|
exit 1
|
|
fi
|
|
|
|
- name: Compute SHA256 checksums
|
|
continue-on-error: true # It will complain on depending on only some hosts
|
|
run: |
|
|
HOSTS=${{ matrix.build_target }} ./dash/contrib/containers/guix/scripts/guix-check ${{ github.workspace }}/dash
|
|
|
|
- name: Upload build artifacts
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: guix-artifacts-${{ matrix.build_target }}
|
|
path: |
|
|
${{ github.workspace }}/dash/guix-build*/output/${{ matrix.build_target }}/
|
|
|
|
- name: Attest build provenance
|
|
uses: actions/attest-build-provenance@v1
|
|
with:
|
|
subject-path: ${{ github.workspace }}/dash/guix-build*/output/${{ matrix.build_target }}/*
|