basil-tools-docker: tweaks to support use in Basil #650
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "build Nix packages" | |
on: | |
pull_request: | |
push: | |
branches: [main] | |
workflow_dispatch: | |
inputs: | |
push: { type: boolean, default: false } | |
patches-b64: { type: string, required: false } | |
workflow_call: | |
inputs: | |
push: { type: boolean, default: false, required: false } | |
patches-b64: { type: string, required: false } | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
update-check: | |
if: ${{ ! inputs.patches-b64 }} | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: cachix/install-nix-action@v25 | |
- run: nix build .#update | |
- run: nix run .#update -- check | |
build: | |
if: always() | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-latest, macos-latest] | |
# end-user packages to ci build for cache | |
pkg: | |
[aslp, bap-aslp, bap-primus, basil, | |
retdec-uq-pac, asl-translator, | |
gtirb-semantics, ddisasm, | |
retdec5, remill, alive2-aslp, alive2-regehr, | |
aslp_web, godbolt | |
] | |
runs-on: ${{ matrix.os }} | |
defaults: | |
run: { shell: "bash -ex -o pipefail {0}" } | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: cachix/install-nix-action@v25 | |
- uses: cachix/cachix-action@v14 | |
with: { name: pac-nix, authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}', skipPush: "${{ github.ref != 'refs/heads/main' }}" } | |
- name: Apply staged patch commits | |
if: ${{ inputs.patches-b64 }} | |
run: | | |
shopt -s nullglob | |
set -x | |
cat <<EOF | base64 -d > patches.tar.zst | |
${{ inputs.patches-b64 }} | |
EOF | |
mkdir prev-patches | |
tar xaf patches.tar.zst -C prev-patches | |
git config user.name 'github-actions[bot]' | |
git config user.email '41898282+github-actions[bot]@users.noreply.github.com' | |
for f in prev-patches/*; do git am "$f"; done | |
- name: Check for meta.broken | |
run: | | |
broken="$(nix eval --json .#${{ matrix.pkg }}.meta.broken)" | |
echo "bool=$broken" > "$GITHUB_OUTPUT" | |
echo NIXPKGS_ALLOW_BROKEN="$("$broken" && echo 1 || echo 0)" > "$GITHUB_ENV" | |
id: broken | |
- run: ./nix-cached.sh build --impure -L .#${{matrix.pkg}} | |
id: build | |
continue-on-error: ${{ fromJSON(steps.broken.outputs.bool) }} | |
- name: Run nix build .#${{matrix.pkg}}.tests | |
id: test | |
run: | | |
for test in $(nix eval --impure .#${{matrix.pkg}}.tests --json | jq -r keys[]); do | |
t=.#${{matrix.pkg}}.tests.$test | |
./nix-cached.sh build --impure -L "$t" --no-link | |
done | |
continue-on-error: ${{ fromJSON(steps.broken.outputs.bool) }} | |
if: steps.build.outcome == 'success' | |
- name: Report status of broken packages | |
run: | | |
echo '::warning title=${{ matrix.pkg }}::broken package has status build=${{steps.build.outcome}}, test=${{steps.test.outcome}}' | |
if: ${{ fromJSON(steps.broken.outputs.bool) }} | |
- run: ls -l | |
result: | |
if: ${{ always() }} | |
runs-on: ubuntu-latest | |
needs: [ build ] | |
steps: | |
- name: Aggregate matrix results | |
run: | | |
set -x | |
result="${{ needs.build.result }}" | |
[[ $result == success || $result == skipped ]] | |
push: | |
if: ${{ inputs.push }} | |
runs-on: ubuntu-latest | |
needs: [ result ] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Apply staged patch commits | |
if: ${{ inputs.patches-b64 }} | |
run: | | |
shopt -s nullglob | |
set -x | |
cat <<EOF | base64 -d > patches.tar.zst | |
${{ inputs.patches-b64 }} | |
EOF | |
mkdir prev-patches | |
tar xaf patches.tar.zst -C prev-patches | |
git config user.name 'github-actions[bot]' | |
git config user.email '41898282+github-actions[bot]@users.noreply.github.com' | |
for f in prev-patches/*; do git am "$f"; done | |
- run: git push |