Migrate CI and dev environment to use a Nix flake #203
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
# Trigger the workflow on push or pull request, but only for the master branch | |
on: | |
pull_request: | |
push: | |
branches: [master] | |
tags: | |
- "v*" | |
workflow_dispatch: | |
# INFO: The following configuration block ensures that only one build runs per branch, | |
# which may be desirable for projects with a costly build process. | |
# Remove this block from the CI workflow to let each CI job run to completion. | |
concurrency: | |
group: build-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
lint: | |
name: General linting steps | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: cachix/install-nix-action@v27 | |
- name: nix flake check | |
run: nix flake check | |
- name: treefmt - check format | |
run: nix fmt -- --ci | |
build: | |
name: Haskell build (GHC 9.6 - default env) | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: cachix/install-nix-action@v27 | |
- name: Build | |
run: nix develop .\#devShells.x86_64-linux.default --command bash -c "cabal build all" | |
- name: Run tests | |
run: nix develop .\#devShells.x86_64-linux.default --command bash -c "cabal test all" | |
- name: Check cabal file | |
run: nix develop .\#devShells.x86_64-linux.default --command bash -c "cabal check" | |
build-ghc-matrix: | |
name: Haskell build with several GHC versions (some are expected to fail) | |
if: contains(github.event.pull_request.labels.*.name, 'ghc-matrix') | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: true | |
matrix: | |
ghc: ["ghc92", "ghc94", "ghc96", "ghc98", "ghc910"] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: cachix/install-nix-action@v27 | |
- name: Build | |
run: nix develop .\#devShells.x86_64-linux.$GHC_VERSION --command bash -c "cabal build all" | |
env: | |
GHC_VERSION: ${{ matrix.ghc }} | |
- name: Run tests | |
run: nix develop .\#devShells.x86_64-linux.$GHC_VERSION --command bash -c "cabal test all" | |
env: | |
GHC_VERSION: ${{ matrix.ghc }} | |
- name: Check cabal file | |
run: nix develop .\#devShells.x86_64-linux.$GHC_VERSION --command bash -c "cabal check" | |
env: | |
GHC_VERSION: ${{ matrix.ghc }} | |
publish: | |
name: Build and push docker image | |
# needs : build | |
runs-on: ubuntu-latest | |
if: startsWith(github.ref, 'refs/tags/v') | |
steps: | |
- uses: actions/checkout@v2 | |
- uses: cachix/install-nix-action@v27 | |
- name: Set tag output | |
id: vars | |
run: echo "tag=${GITHUB_REF#refs/*/v}" >> $GITHUB_OUTPUT | |
- name: Check tag | |
run: echo ${TAG} | |
env: | |
TAG: ${{ steps.vars.outputs.tag }} | |
- name: Build and import image | |
run: | | |
nix build .\#dockerImage -o image.tgz | |
docker load -i image.tgz | |
docker tag ldap-scim-bridge:build ldap-scim-bridge:$TAG | |
env: | |
TAG: ${{ steps.vars.outputs.tag }} | |
- name: Push To quay.io | |
id: push-to-quay | |
uses: redhat-actions/push-to-registry@v2 | |
with: | |
image: ldap-scim-bridge | |
tags: ${{ steps.vars.outputs.tag }} | |
registry: quay.io/wire | |
username: wire+ldapscimbridge | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
- name: Print image url | |
run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}" |