Skip to content

Commit

Permalink
Matrix (#96)
Browse files Browse the repository at this point in the history
* Update `detsys-ts` for: `Merge pull request #67 from DeterminateSystems/allow-obliterating-id-token-privs` (`4280bc94c9545f31ccf08001cc16f20ccb91b770`)

* Update the defaults / docs on the use-flakehub and use-gha-cache options

* Support the MNC trinary, to allow GHA cache to turn off if FHC is enabled

* let's go?

* arg, you can't parameterize the permissions

* don't fail fast

* Maybe if we bust the token sooner..?

* Clearer job names

* Debug...

* ?

* ...?

* ?

* fancy it up

* more seed

* Test against determinate too

* ...

* derp, obliterate

* Identify the failed-to-setup FHC as not being enabled

* Don't fail on github if the cache is throttled

* derp

* Add a success job for the ci workflow

---------

Co-authored-by: grahamc <76716+grahamc@users.noreply.github.com>
  • Loading branch information
grahamc and grahamc authored Nov 6, 2024
1 parent a76a830 commit 9ab3ce7
Show file tree
Hide file tree
Showing 8 changed files with 20,760 additions and 14,657 deletions.
95 changes: 74 additions & 21 deletions .github/workflows/cache-test.sh
Original file line number Diff line number Diff line change
Expand Up @@ -3,39 +3,80 @@
set -e
set -ux

seed=$(date)
seed="$(date)-$RANDOM"

log="${MAGIC_NIX_CACHE_DAEMONDIR}/daemon.log"

binary_cache=https://cache.flakehub.com
flakehub_binary_cache=https://cache.flakehub.com
gha_binary_cache=http://127.0.0.1:37515

is_gh_throttled() {
grep 'GitHub Actions Cache throttled Magic Nix Cache' "${log}"
}

# Check that the action initialized correctly.
grep 'FlakeHub cache is enabled' "${log}"
grep 'Using cache' "${log}"
grep 'GitHub Action cache is enabled' "${log}"
if [ "$EXPECT_FLAKEHUB" == "true" ]; then
grep 'FlakeHub cache is enabled' "${log}"
grep 'Using cache' "${log}"
else
grep 'FlakeHub cache is disabled' "${log}" \
|| grep 'FlakeHub cache initialization failed:' "${log}"
fi

if [ "$EXPECT_GITHUB_CACHE" == "true" ]; then
grep 'GitHub Action cache is enabled' "${log}"
else
grep 'Native GitHub Action cache is disabled' "${log}"
fi

# Build something.
outpath=$(nix-build .github/workflows/cache-tester.nix --argstr seed "$seed")

# Wait until it has been pushed succesfully.
found=
for ((i = 0; i < 60; i++)); do
sleep 1
if grep "$(basename "${outpath}")" "${log}"; then
found=1
break
fi
done
if [[ -z $found ]]; then
echo "FlakeHub push did not happen." >&2
exit 1
if [ "$EXPECT_FLAKEHUB" == "true" ]; then
found=
for ((i = 0; i < 60; i++)); do
sleep 1
if grep "$(basename "${outpath}")" "${log}"; then
found=1
break
fi
done
if [[ -z $found ]]; then
echo "FlakeHub push did not happen." >&2
exit 1
fi
fi

# Check the FlakeHub binary cache to see if the path is really there.
nix path-info --store "${binary_cache}" "${outpath}"
if [ "$EXPECT_GITHUB_CACHE" == "true" ]; then
found=
for ((i = 0; i < 60; i++)); do
sleep 1
if grep "Uploaded '${outpath}' to the GitHub Action Cache" "${log}"; then
found=1
break
fi
done
if [[ -z $found ]]; then
echo "GitHub Actions Cache push did not happen." >&2

if ! is_gh_throttled; then
exit 1
fi
fi
fi

# FIXME: remove this once the daemon also uploads to GHA automatically.
nix copy --to 'http://127.0.0.1:37515' "${outpath}"


if [ "$EXPECT_FLAKEHUB" == "true" ]; then
# Check the FlakeHub binary cache to see if the path is really there.
nix path-info --store "${flakehub_binary_cache}" "${outpath}"
fi

if [ "$EXPECT_GITHUB_CACHE" == "true" ] && ! is_gh_throttled; then
# Check the GitHub binary cache to see if the path is really there.
nix path-info --store "${gha_binary_cache}" "${outpath}"
fi

rm ./result
nix store delete "${outpath}"
Expand All @@ -50,4 +91,16 @@ echo "-------"
echo "Trying to substitute the build again..."
echo "if it fails, the cache is broken."

nix-store --realize -vvvvvvvv "$outpath"
if [ "$EXPECT_FLAKEHUB" == "true" ]; then
# Check the FlakeHub binary cache to see if the path is really there.
nix path-info --store "${flakehub_binary_cache}" "${outpath}"
fi

if [ "$EXPECT_GITHUB_CACHE" == "true" ] && ! is_gh_throttled; then
# Check the FlakeHub binary cache to see if the path is really there.
nix path-info --store "${gha_binary_cache}" "${outpath}"
fi

if ([ "$EXPECT_GITHUB_CACHE" == "true" ] && ! is_gh_throttled) || [ "$EXPECT_FLAKEHUB" == "true" ]; then
nix-store --realize -vvvvvvvv "$outpath"
fi
41 changes: 34 additions & 7 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -72,19 +72,25 @@ jobs:
_internal-strict-mode: true

run-systems:
if: github.event_name == 'merge_group'
needs: build
name: "Run ${{ matrix.systems.nix-system }}"
name: "Test: ${{ matrix.systems.nix-system }} gha:${{matrix.use-gha-cache}},fhc:${{matrix.use-flakehub}},id:${{matrix.id-token}},determinate:${{matrix.determinate}}"
runs-on: "${{ matrix.systems.runner }}"
permissions:
id-token: "write"
contents: "read"
env:
ACTIONS_STEP_DEBUG: true
strategy:
fail-fast: false
matrix:
determinate: [true, false]
use-gha-cache: ["disabled", "no-preference", "enabled"]
use-flakehub: ["disabled", "no-preference", "enabled"]
id-token: ["write", "none"]
systems:
- nix-system: "aarch64-darwin"
runner: "macos-latest-xlarge"
runner: "macos-latest"
- nix-system: "x86_64-darwin"
runner: "macos-13"
- nix-system: "aarch64-linux"
Expand All @@ -93,20 +99,41 @@ jobs:
runner: "ubuntu-22.04"
steps:
- uses: actions/checkout@v4
if: github.event_name == 'merge_group'
- name: Install Nix on ${{ matrix.systems.nix-system }} system
if: github.event_name == 'merge_group'
uses: DeterminateSystems/nix-installer-action@main
with:
flakehub: true
_internal-obliterate-actions-id-token-request-variables: ${{ matrix.id-token == 'none' }}
determinate: ${{ matrix.determinate }}
extra-conf: |
narinfo-cache-negative-ttl = 0
- name: Cache the store
if: github.event_name == 'merge_group'
uses: ./
with:
_internal-strict-mode: true
_internal-obliterate-actions-id-token-request-variables: ${{ matrix.id-token == 'none' }}
use-gha-cache: ${{ matrix.use-gha-cache }}
use-flakehub: ${{ matrix.use-flakehub }}
- name: Check the cache for liveness
if: github.event_name == 'merge_group'
env:
EXPECT_FLAKEHUB: ${{ toJson(matrix.use-flakehub != 'disabled' && matrix.id-token == 'write') }}
EXPECT_GITHUB_CACHE: ${{ toJson(
(matrix.use-gha-cache != 'disabled')
&& (
(!(matrix.use-flakehub != 'disabled' && matrix.id-token == 'write'))
|| (matrix.use-gha-cache == 'enabled')
)
) }}
run: |
.github/workflows/cache-test.sh
success:
runs-on: ubuntu-latest
needs: run-systems
steps:
- run: "true"
- run: |
echo "A dependent in the build matrix failed."
exit 1
if: |
contains(needs.*.result, 'failure') ||
contains(needs.*.result, 'cancelled')
16 changes: 12 additions & 4 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,12 @@ branding:
description: "Free, no-configuration Nix cache. Cut CI time by 50% or more by caching to GitHub Actions' cache."
inputs:
use-gha-cache:
description: "Whether to upload build results to the GitHub Actions cache."
default: true
description: |
Whether to upload build results to the Github Actions cache.
Set to "no-preference" or null to have the GitHub Actions cache turn on if it is available, and FlakeHub Cache is not available (default).
Set to "enabled" or true to explicitly request the GitHub Actions Cache.
Set to "disabled" or false to explicitly disable the GitHub Actions Cache.
default: null
required: false
listen:
description: The host and port to listen on.
Expand All @@ -18,8 +22,12 @@ inputs:
description: "Diagnostic endpoint url where diagnostics and performance data is sent. To disable set this to an empty string."
default: "-"
use-flakehub:
description: "Whether to upload build results to FlakeHub Cache."
default: true
description: |
Whether to upload build results to FlakeHub Cache.
Set to "no-preference" or null to have FlakeHub Cache turn on opportunistically (default).
Set to "enabled" or true to explicitly request FlakeHub Cache.
Set to "disabled" or false to explicitly disable FlakeHub Cache.
default: null
required: false
flakehub-cache-server:
description: "The FlakeHub binary cache server."
Expand Down
Loading

0 comments on commit 9ab3ce7

Please sign in to comment.