ci: use cachix action for nix cache #6
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-FileCopyrightText: Copyright (c) 2025-2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved. | |
| # SPDX-License-Identifier: Apache-2.0 | |
| name: Nix CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - "pull-request/[0-9]+" | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| build: | |
| name: Build ${{ matrix.package }} (${{ matrix.target.system }}) | |
| runs-on: ${{ matrix.target.runner }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: | |
| - system: x86_64-linux | |
| runner: linux-amd64-cpu8 | |
| - system: aarch64-linux | |
| runner: linux-arm64-cpu8 | |
| package: | |
| - openshell | |
| - openshell-gateway | |
| - openshell-sandbox | |
| - openshell-driver-kubernetes | |
| - openshell-driver-podman | |
| - openshell-driver-vm | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| - name: Install Nix | |
| uses: DeterminateSystems/nix-installer-action@main | |
| with: | |
| extra-conf: | | |
| accept-flake-config = true | |
| - name: Set up Cachix | |
| uses: cachix/cachix-action@5f2d7c5294214f71b873db4b969586b980625e71 # v17 | |
| with: | |
| name: openshell | |
| authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
| skipAddingSubstituter: true | |
| - name: Build package | |
| run: nix build ".#packages.${{ matrix.target.system }}.${{ matrix.package }}" --no-link --no-update-lock-file | |
| test: | |
| name: Test ${{ matrix.check }} (${{ matrix.target.system }}) | |
| needs: build | |
| runs-on: ${{ matrix.target.runner }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: | |
| - system: x86_64-linux | |
| runner: linux-amd64-cpu8 | |
| - system: aarch64-linux | |
| runner: linux-arm64-cpu8 | |
| check: | |
| - openshell-bootstrap-test | |
| - openshell-cli-test | |
| - openshell-core-test | |
| - openshell-driver-docker-test | |
| - openshell-driver-kubernetes-test | |
| - openshell-driver-podman-test | |
| - openshell-driver-vm-test | |
| - openshell-ocsf-test | |
| - openshell-policy-test | |
| - openshell-prover-test | |
| - openshell-providers-test | |
| - openshell-router-test | |
| - openshell-sandbox-test | |
| - openshell-server-macros-test | |
| - openshell-server-test | |
| - openshell-tui-test | |
| - openshell-vfio-test | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| - name: Install Nix | |
| uses: DeterminateSystems/nix-installer-action@main | |
| with: | |
| extra-conf: | | |
| accept-flake-config = true | |
| - name: Set up Cachix | |
| uses: cachix/cachix-action@5f2d7c5294214f71b873db4b969586b980625e71 # v17 | |
| with: | |
| name: openshell | |
| authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
| skipAddingSubstituter: true | |
| - name: Run test | |
| run: nix build ".#checks.${{ matrix.target.system }}.${{ matrix.check }}" --no-link --no-update-lock-file | |
| lint: | |
| name: Lint ${{ matrix.lint }} (${{ matrix.target.system }}) | |
| runs-on: ${{ matrix.target.runner }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: | |
| - system: x86_64-linux | |
| runner: linux-amd64-cpu8 | |
| - system: aarch64-linux | |
| runner: linux-arm64-cpu8 | |
| lint: | |
| - rustfmt | |
| - openshell-bootstrap-clippy | |
| - openshell-cli-clippy | |
| - openshell-core-clippy | |
| - openshell-driver-docker-clippy | |
| - openshell-driver-kubernetes-clippy | |
| - openshell-driver-podman-clippy | |
| - openshell-driver-vm-clippy | |
| - openshell-ocsf-clippy | |
| - openshell-policy-clippy | |
| - openshell-prover-clippy | |
| - openshell-providers-clippy | |
| - openshell-router-clippy | |
| - openshell-sandbox-clippy | |
| - openshell-server-macros-clippy | |
| - openshell-server-clippy | |
| - openshell-tui-clippy | |
| - openshell-vfio-clippy | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| - name: Install Nix | |
| uses: DeterminateSystems/nix-installer-action@main | |
| with: | |
| extra-conf: | | |
| accept-flake-config = true | |
| - name: Set up Cachix | |
| uses: cachix/cachix-action@5f2d7c5294214f71b873db4b969586b980625e71 # v17 | |
| with: | |
| name: openshell | |
| authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
| skipAddingSubstituter: true | |
| - name: Run lint | |
| run: nix build ".#checks.${{ matrix.target.system }}.${{ matrix.lint }}" --no-link --no-update-lock-file |