Use Nix tooling in Forgejo actions
Some checks failed
deploy-cloudflare / checks (push) Failing after 39s
ci-gates / checks (push) Failing after 41s
deploy-cloudflare / deploy (push) Has been skipped

This commit is contained in:
Conrad Kramer 2026-06-10 03:35:53 -07:00
parent 91dad67fc2
commit d7f76d6ab2
No known key found for this signature in database
3 changed files with 26 additions and 169 deletions

View file

@ -50,64 +50,28 @@ jobs:
tar -xzf .repo/src.tgz -C .repo --strip-components=1
rm -f .repo/src.tgz
- name: Bootstrap Rust + web build tools
- name: Check Nix toolchain
shell: bash
run: |
set -euo pipefail
cd .repo
install -d -m 755 "$HOME/.local/bin"
echo "PATH=$HOME/.local/bin:$PATH" >> "$GITHUB_ENV"
export PATH="$HOME/.local/bin:$PATH"
if ! command -v curl >/dev/null 2>&1; then
echo "error: curl is required"
exit 2
fi
if ! command -v cargo >/dev/null 2>&1; then
curl -fsSL https://sh.rustup.rs | sh -s -- -y --profile minimal
. "$HOME/.cargo/env"
elif [[ -f "$HOME/.cargo/env" ]]; then
. "$HOME/.cargo/env"
fi
rustup target add wasm32-unknown-unknown
if ! command -v trunk >/dev/null 2>&1; then
trunk_version="0.21.14"
arch="$(uname -m)"
case "${arch}" in
x86_64|amd64) trunk_target="x86_64-unknown-linux-gnu" ;;
aarch64|arm64) trunk_target="aarch64-unknown-linux-gnu" ;;
*)
echo "error: unsupported runner arch for trunk prebuilt binary: ${arch}"
exit 2
;;
esac
curl -fsSL "https://github.com/trunk-rs/trunk/releases/download/v${trunk_version}/trunk-${trunk_target}.tar.gz" \
| tar -xz -C "$HOME/.local/bin" trunk
fi
cargo --version
rustc --version
trunk --version
nix develop --accept-flake-config -c cargo --version
nix develop --accept-flake-config -c rustc --version
nix develop --accept-flake-config -c trunk --version
- name: ECP lint
shell: bash
run: |
set -euo pipefail
cd .repo
bash ./scripts/ecp-lint.sh
nix develop --accept-flake-config -c bash ./scripts/ecp-lint.sh
- name: Rust tests (core subset)
shell: bash
run: |
set -euo pipefail
cd .repo
if [[ -f "$HOME/.cargo/env" ]]; then
. "$HOME/.cargo/env"
fi
cargo test -p ec-core -p ec-crypto -p ec-moq -p ec-iroh -p ec-linux-iptv
nix develop --accept-flake-config -c cargo test -p ec-core -p ec-crypto -p ec-moq -p ec-iroh -p ec-linux-iptv
- name: Duplicate publisher proof gates
shell: bash
@ -143,8 +107,4 @@ jobs:
run: |
set -euo pipefail
cd .repo
if [[ -f "$HOME/.cargo/env" ]]; then
. "$HOME/.cargo/env"
fi
cd apps/web
env -u NO_COLOR trunk build --release --public-url /
nix develop --accept-flake-config -c bash -c 'cd apps/web && env -u NO_COLOR trunk build --release --public-url /'

View file

@ -54,70 +54,35 @@ jobs:
tar -xzf .repo/src.tgz -C .repo --strip-components=1
rm -f .repo/src.tgz
- name: Bootstrap Rust + web build tools
- name: Check Nix toolchain
shell: bash
run: |
set -euo pipefail
cd .repo
install -d -m 755 "$HOME/.local/bin"
echo "PATH=$HOME/.local/bin:$PATH" >> "$GITHUB_ENV"
export PATH="$HOME/.local/bin:$PATH"
if ! command -v curl >/dev/null 2>&1; then
echo "error: curl is required"
exit 2
fi
if ! command -v cargo >/dev/null 2>&1; then
curl -fsSL https://sh.rustup.rs | sh -s -- -y --profile minimal
. "$HOME/.cargo/env"
elif [[ -f "$HOME/.cargo/env" ]]; then
. "$HOME/.cargo/env"
fi
rustup target add wasm32-unknown-unknown
if ! command -v trunk >/dev/null 2>&1; then
trunk_version="0.21.14"
arch="$(uname -m)"
case "${arch}" in
x86_64|amd64) trunk_target="x86_64-unknown-linux-gnu" ;;
aarch64|arm64) trunk_target="aarch64-unknown-linux-gnu" ;;
*)
echo "error: unsupported runner arch for trunk prebuilt binary: ${arch}"
exit 2
;;
esac
curl -fsSL "https://github.com/trunk-rs/trunk/releases/download/v${trunk_version}/trunk-${trunk_target}.tar.gz" \
| tar -xz -C "$HOME/.local/bin" trunk
fi
nix develop --accept-flake-config -c cargo --version
nix develop --accept-flake-config -c rustc --version
nix develop --accept-flake-config -c trunk --version
- name: ECP lint
shell: bash
run: |
set -euo pipefail
cd .repo
bash ./scripts/ecp-lint.sh
nix develop --accept-flake-config -c bash ./scripts/ecp-lint.sh
- name: Rust tests (core subset)
shell: bash
run: |
set -euo pipefail
cd .repo
if [[ -f "$HOME/.cargo/env" ]]; then
. "$HOME/.cargo/env"
fi
cargo test -p ec-core -p ec-crypto -p ec-moq -p ec-iroh -p ec-linux-iptv
nix develop --accept-flake-config -c cargo test -p ec-core -p ec-crypto -p ec-moq -p ec-iroh -p ec-linux-iptv
- name: Build site (web)
shell: bash
run: |
set -euo pipefail
cd .repo
if [[ -f "$HOME/.cargo/env" ]]; then
. "$HOME/.cargo/env"
fi
cd apps/web
env -u NO_COLOR trunk build --release --public-url /
nix develop --accept-flake-config -c bash -c 'cd apps/web && env -u NO_COLOR trunk build --release --public-url /'
deploy:
if: ${{ github.server_url != 'https://codeberg.org' }}
@ -165,60 +130,15 @@ jobs:
tar -xzf .repo/src.tgz -C .repo --strip-components=1
rm -f .repo/src.tgz
- name: Bootstrap runner deps
- name: Check Nix deploy toolchain
shell: bash
run: |
set -euo pipefail
cd .repo
install -d -m 755 "$HOME/.local/bin"
echo "PATH=$HOME/.local/bin:$PATH" >> "$GITHUB_ENV"
export PATH="$HOME/.local/bin:$PATH"
if ! command -v curl >/dev/null 2>&1; then
echo "error: curl is required"
exit 2
fi
if ! command -v age >/dev/null 2>&1; then
age_version="1.2.1"
arch="$(uname -m)"
case "${arch}" in
x86_64|amd64) age_arch="amd64" ;;
aarch64|arm64) age_arch="arm64" ;;
*)
echo "error: unsupported runner arch for age prebuilt binary: ${arch}"
exit 2
;;
esac
curl -fsSL "https://github.com/FiloSottile/age/releases/download/v${age_version}/age-v${age_version}-linux-${age_arch}.tar.gz" \
| tar -xz -C "$HOME/.local/bin" --strip-components=1 age/age age/age-keygen
fi
required_node_major=20
node_major=0
if command -v node >/dev/null 2>&1; then
node_major="$(node -p 'parseInt(process.versions.node.split(\".\")[0], 10)' || echo 0)"
fi
if [[ "${node_major}" -lt "${required_node_major}" ]]; then
node_version="22.16.0"
arch="$(uname -m)"
case "${arch}" in
x86_64|amd64) node_arch="x64" ;;
aarch64|arm64) node_arch="arm64" ;;
*)
echo "error: unsupported runner arch for node prebuilt binary: ${arch}"
exit 2
;;
esac
node_dist="node-v${node_version}-linux-${node_arch}"
curl -fsSL "https://nodejs.org/dist/v${node_version}/${node_dist}.tar.gz" | tar -xz -C "$HOME/.local"
ln -sf "$HOME/.local/${node_dist}/bin/node" "$HOME/.local/bin/node"
ln -sf "$HOME/.local/${node_dist}/bin/npm" "$HOME/.local/bin/npm"
ln -sf "$HOME/.local/${node_dist}/bin/npx" "$HOME/.local/bin/npx"
ln -sf "$HOME/.local/${node_dist}/bin/corepack" "$HOME/.local/bin/corepack" || true
fi
node --version
npm --version
nix develop --accept-flake-config -c age --version
nix develop --accept-flake-config -c node --version
nix develop --accept-flake-config -c npm --version
nix develop --accept-flake-config -c wrangler --version
- name: CI Breadcrumb (bootstrap ok)
env:
@ -270,7 +190,7 @@ jobs:
echo "error: missing ${secret_file}"
exit 2
fi
CLOUDFLARE_API_TOKEN="$(age -d -i "$key_file" "$secret_file")"
CLOUDFLARE_API_TOKEN="$(nix develop --accept-flake-config -c age -d -i "$key_file" "$secret_file")"
if [[ -z "${CLOUDFLARE_API_TOKEN}" ]]; then
echo "error: decrypted CLOUDFLARE_API_TOKEN is empty"
exit 2
@ -290,32 +210,7 @@ jobs:
run: |
set -euo pipefail
cd .repo
install -d -m 755 "$HOME/.local/bin"
export PATH="$HOME/.local/bin:$PATH"
if ! command -v cargo >/dev/null 2>&1; then
curl -fsSL https://sh.rustup.rs | sh -s -- -y --profile minimal
. "$HOME/.cargo/env"
elif [[ -f "$HOME/.cargo/env" ]]; then
. "$HOME/.cargo/env"
fi
rustup target add wasm32-unknown-unknown
if ! command -v trunk >/dev/null 2>&1; then
trunk_version="0.21.14"
arch="$(uname -m)"
case "${arch}" in
x86_64|amd64) trunk_target="x86_64-unknown-linux-gnu" ;;
aarch64|arm64) trunk_target="aarch64-unknown-linux-gnu" ;;
*)
echo "error: unsupported runner arch for trunk prebuilt binary: ${arch}"
exit 2
;;
esac
curl -fsSL "https://github.com/trunk-rs/trunk/releases/download/v${trunk_version}/trunk-${trunk_target}.tar.gz" \
| tar -xz -C "$HOME/.local/bin" trunk
fi
cd apps/web
trunk build --release --public-url /
nix develop --accept-flake-config -c bash -c 'cd apps/web && env -u NO_COLOR trunk build --release --public-url /'
curl -fsSL -X POST -H "Authorization: token ${GITHUB_TOKEN}" \
-H "content-type: application/json" \
@ -329,9 +224,7 @@ jobs:
run: |
set -euo pipefail
cd .repo
cd deploy/cloudflare-worker
npm ci
npx wrangler deploy
nix develop --accept-flake-config -c bash -c 'cd deploy/cloudflare-worker && npm ci && wrangler deploy'
curl -fsSL -X POST -H "Authorization: token ${GITHUB_TOKEN}" \
-H "content-type: application/json" \