diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7108b63..598d448 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,13 +31,15 @@ jobs: extra_nix_config: | experimental-features = nix-command flakes - - name: Test existence of Cachix signing key - run: echo ${{ secrets.CACHIX_SIGNING_KEY }} | wc -c + - name: Test existence of secrets + run: | + echo -e 'CACHIX_AUTH_TOKEN length: ' + echo ${{ secrets.'CACHIX_AUTH_TOKEN }} | wc -c - uses: cachix/cachix-action@v15 with: name: charmonium - signingKey: ${{ secrets.CACHIX_SIGNING_KEY }} + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: Run Just on-push stuff in development shell run: nix develop --command just on-push diff --git a/Justfile b/Justfile index c998cad..c48e0e9 100644 --- a/Justfile +++ b/Justfile @@ -50,12 +50,20 @@ test-dev: compile check-flake: nix flake check --all-systems -user-facing-build: +user-facing-build: check-flake # `just compile` is great, but it's the _dev-facing_ build. # Users will build PROBE following the `README.md` # which says `nix profile install github:charmoniumQ/PROBE#probe-bundled` # Which should be equivalent to this: - nix build .#probe-bundled + nix build .#probe-bundled .#probe-py + +upload-cachix: user-facing-build + #!/usr/bin/env bash + if [ -z "$CACHIX_AUTH_TOKEN" ]; then + echo "CACHIX_AUTH_TOKEN not set" + exit 1 + fi + nix-store -qR --include-outputs $(nix-store -qd $(nix build --print-out-paths --no-link .#probe-bundled .#probe-py)) | grep -v '\.drv$' | cachix push charmonium pre-commit: fix-format-nix fix-ruff fix-format-rust fix-clippy compile check-mypy test-dev on-push: check-format-nix check-ruff check-format-rust check-clippy compile check-mypy test-ci check-flake user-facing-build diff --git a/flake.nix b/flake.nix index 92006ca..3808af3 100644 --- a/flake.nix +++ b/flake.nix @@ -71,6 +71,7 @@ }; in rec { packages = rec { + inherit (frontend.packages) cargoArtifacts; libprobe = pkgs.stdenv.mkDerivation rec { pname = "libprobe"; version = "0.1.0"; @@ -182,8 +183,9 @@ pkgs.alejandra pkgs.hyperfine pkgs.just - pkgs.black pkgs.ruff + pkgs.cachix + pkgs.jq # to make cachix work ] # gdb broken on i686 ++ pkgs.lib.lists.optional (system != "i686-linux") pkgs.nextflow diff --git a/probe_src/frontend/frontend.nix b/probe_src/frontend/frontend.nix index 8802913..54f17c5 100644 --- a/probe_src/frontend/frontend.nix +++ b/probe_src/frontend/frontend.nix @@ -38,12 +38,6 @@ CPATH = ../libprobe/include; }; - # Build *just* the cargo dependencies (of the entire workspace), - # so we can reuse all of that work (e.g. via cachix) when running in CI - # It is *highly* recommended to use something like cargo-hakari to avoid - # cache misses when building individual top-level-crates - cargoArtifacts = craneLib.buildDepsOnly commonArgs; - individualCrateArgs = commonArgs // { @@ -54,6 +48,12 @@ }; packages = rec { + # Build *just* the cargo dependencies (of the entire workspace), + # so we can reuse all of that work (e.g. via cachix) when running in CI + # It is *highly* recommended to use something like cargo-hakari to avoid + # cache misses when building individual top-level-crates + cargoArtifacts = craneLib.buildDepsOnly commonArgs; + # Build the top-level crates of the workspace as individual derivations. # This allows consumers to only depend on (and build) only what they need. # Though it is possible to build the entire workspace as a single derivation, @@ -116,13 +116,13 @@ checks = { probe-workspace-clippy = craneLib.cargoClippy (commonArgs // { - inherit cargoArtifacts; + inherit (packages) cargoArtifacts; cargoClippyExtraArgs = "--all-targets -- --deny warnings"; }); probe-workspace-doc = craneLib.cargoDoc (commonArgs // { - inherit cargoArtifacts; + inherit (packages) cargoArtifacts; }); # Check formatting @@ -145,7 +145,7 @@ # run the tests twice. probe-workspace-nextest = craneLib.cargoNextest (commonArgs // { - inherit cargoArtifacts; + inherit (packages) cargoArtifacts; partitions = 1; partitionType = "count"; });