From 631db5f7ed03b33cf2dfd2c91a7e22c81618904b Mon Sep 17 00:00:00 2001
From: Maximilian Held <info@maxheld.de>
Date: Thu, 13 Mar 2025 15:49:19 +0100
Subject: [PATCH 01/10] pass through `fail-fast` option
---
.github/workflows/workflow.yml | 6 ++++++
README.md | 16 ++++++++++++++++
2 files changed, 22 insertions(+)
diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml
index 8f173c4..c0a2b7a 100644
--- a/.github/workflows/workflow.yml
+++ b/.github/workflows/workflow.yml
@@ -16,6 +16,11 @@ on:
required: false
default: "."
type: string
+ fail-fast:
+ required: false
+ default: true
+ type: boolean
+ description: "Whether to cancel all in-progress jobs if any matrix job fails"
runner-map:
required: false
type: string
@@ -93,6 +98,7 @@ jobs:
runs-on: ${{ matrix.systems.runner }}
needs: inventory
strategy:
+ fail-fast: ${{ inputs.fail-fast }}
matrix:
systems: ${{ fromJSON(needs.inventory.outputs.systems) }}
diff --git a/README.md b/README.md
index 7ad2c33..5317943 100644
--- a/README.md
+++ b/README.md
@@ -137,6 +137,22 @@ jobs:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
```
+#### Continue on failure
+
+By default, if any build in the matrix fails, the workflow will cancel all remaining in-progress jobs.
+You can change this behavior by setting `fail-fast` to `false`:
+
+```yaml
+jobs:
+ DeterminateCI:
+ uses: DeterminateSystems/ci/.github/workflows/workflow.yml@main
+ permissions:
+ id-token: write
+ contents: read
+ with:
+ fail-fast: false
+```
+
## Notes
This workflow uses a collection of GitHub Actions by Determinate Systems, all of which are covered by the Determinate Systems [privacy policy][privacy] and [terms of service][tos].
From 26d4ee0b353074dd0b7c457aff035a4f16f2db9b Mon Sep 17 00:00:00 2001
From: Maximilian Held <info@maxheld.de>
Date: Wed, 19 Mar 2025 20:43:45 +0100
Subject: [PATCH 02/10] remove arm linux default
---
.github/workflows/workflow.yml | 2 +-
README.md | 55 +++++++++++++++++++++++++++++-----
2 files changed, 48 insertions(+), 9 deletions(-)
diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml
index 8f173c4..dbb3523 100644
--- a/.github/workflows/workflow.yml
+++ b/.github/workflows/workflow.yml
@@ -25,7 +25,7 @@ on:
"x86_64-darwin": "macos-latest",
"x86_64-linux": "ubuntu-latest",
"i686-linux": "ubuntu-latest",
- "aarch64-linux": "ubuntu-24.04-arm"
+ "aarch64-linux": "ubuntu-latest"
}
outputs:
flake_name:
diff --git a/README.md b/README.md
index 7ad2c33..32b6cee 100644
--- a/README.md
+++ b/README.md
@@ -97,10 +97,27 @@ ERROR magic_nix_cache: FlakeHub cache initialization failed: FlakeHub cache erro
### Advanced usage
-#### Custom runner types
+#### GitHub Actions Runners
-The default runner map uses `ubuntu-latest` for x86 Linux and `macos-latest` for macOS.
-Take advantage of [larger GitHub runners][runners] by providing a custom runner map:
+##### Standard & larger runners
+
+By default, the CI maps the Nix systems to their equivalent GitHub-hosted runners:
+
+| | macOS (Apple Silicon) | ARM Linux | macOS (Intel) | x86 Linux |
+|---|---|---|---|---|
+| Flake `system:` (Nix build platform) | `aarch64-darwin` | `aarch64-linux` | `x86_64-darwin` | `x86_64-linux` |
+| [GitHub Actions Runner][runners] (workflow label) | `macos-latest` (using Apple Silicon) | `ubuntu-latest` (using x86) | `macos-latest` (using Apple Silicon) | `ubuntu-latest` (using x86) |
+
+> [!INFO]
+> There is also a [standard ARM Linux runner][runners-linux-arm] `ubuntu-24.04-arm`, currently in public preview and only supported on public repositories.
+> To use it, supply your own runner map as shown below.
+> To use ARM Linux runners on private repositories, you need a non-standard runners, as shown below.
+
+##### Non-Standard runners
+
+You can also use several types of non-standard runners by providing a custom runner map.
+
+For example, this runner-map enables the [larger GitHub runners for macOS][runners-large-macos]:
```yaml
jobs:
@@ -113,13 +130,31 @@ jobs:
runner-map: |
{
"aarch64-darwin": "macos-latest-xlarge",
- "aarch64-linux": "UbuntuLatest32Cores128GArm",
- "i686-linux": "UbuntuLatest32Cores128G",
- "x86_64-darwin": "macos-latest-xlarge",
- "x86_64-linux": "UbuntuLatest32Cores128G"
+ "x86_64-darwin": "macos-latest-large"
}
```
+> [!TIP]
+> Using `macos-latest-large` is currently the only way to run *current* macOS on Intel architecture.
+
+The other two types of runners are those provisioned on your own infrastructure, and [larger Ubuntu (not macOS) runners][runners-large] with bespoke specs (for example, 64 CPUs, 128GB RAM) hosted by GitHub.
+Confusingly, GitHub sometimes refers to both of these as "self-hosted" runners.
+
+> [!IMPORTANT]
+> Shared workflows such as the one used in this repo [can only access][workflow-access] non-standard runners if the workflow repo (this one) is owned by the same organisation (`DeterminateSystems`) or user.
+> To use this repo with non-standard runners if you are not `DeterminateSystems`, fork the repository and replace the upstream workflow with your fork.
+>
+> ```diff
+> jobs:
+> DeterminateCI:
+> - uses: DeterminateSystems/ci/.github/workflows/workflow.yml@main
+> + uses: $YOURORG/ci/.github/workflows/workflow.yml@main
+> ```
+>
+> Replace `$YOURORG` with your own organisation or user.
+>
+> This limitation does not apply to larger macOS runners hosted by GitHub.
+
#### Private SSH keys
Configure an SSH agent with a secret private key for private repository support.
@@ -150,7 +185,11 @@ This workflow uses a collection of GitHub Actions by Determinate Systems, all of
[privacy]: https://determinate.systems/policies/privacy
[private-flakes]: https://docs.determinate.systems/flakehub/private-flakes
[publishing]: https://docs.determinate.systems/flakehub/publishing
-[runners]: https://docs.github.com/en/actions/using-github-hosted-runners/about-larger-runners
+[runners]: https://docs.github.com/en/actions/using-github-hosted-runners
+[runners-large]: https://docs.github.com/en/actions/using-github-hosted-runners/using-larger-runners/about-larger-runners
+[runners-large-macos]: https://docs.github.com/en/actions/using-github-hosted-runners/using-larger-runners/about-larger-runners#about-macos-larger-runners
+[runners-linux-arm]: https://github.blog/changelog/2025-01-16-linux-arm64-hosted-runners-now-available-for-free-in-public-repositories-public-preview/
[signup]: https://flakehub.com/signup
[tos]: https://determinate.systems/policies/terms-of-service
[visibility]: https://docs.determinate.systems/flakehub/concepts/visibility
+[workflow-access]: https://docs.github.com/en/actions/sharing-automations/reusing-workflows#using-self-hosted-runners
From 3836622faaf820e7d1fed6f76076320adfcbff44 Mon Sep 17 00:00:00 2001
From: Maximilian Held <info@maxheld.de>
Date: Wed, 19 Mar 2025 21:24:50 +0100
Subject: [PATCH 03/10] fix prettier style issues
---
README.md | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/README.md b/README.md
index 32b6cee..540986c 100644
--- a/README.md
+++ b/README.md
@@ -103,9 +103,9 @@ ERROR magic_nix_cache: FlakeHub cache initialization failed: FlakeHub cache erro
By default, the CI maps the Nix systems to their equivalent GitHub-hosted runners:
-| | macOS (Apple Silicon) | ARM Linux | macOS (Intel) | x86 Linux |
-|---|---|---|---|---|
-| Flake `system:` (Nix build platform) | `aarch64-darwin` | `aarch64-linux` | `x86_64-darwin` | `x86_64-linux` |
+| | macOS (Apple Silicon) | ARM Linux | macOS (Intel) | x86 Linux |
+| ------------------------------------------------- | ------------------------------------ | --------------------------- | ------------------------------------ | --------------------------- |
+| Flake `system:` (Nix build platform) | `aarch64-darwin` | `aarch64-linux` | `x86_64-darwin` | `x86_64-linux` |
| [GitHub Actions Runner][runners] (workflow label) | `macos-latest` (using Apple Silicon) | `ubuntu-latest` (using x86) | `macos-latest` (using Apple Silicon) | `ubuntu-latest` (using x86) |
> [!INFO]
@@ -135,7 +135,7 @@ jobs:
```
> [!TIP]
-> Using `macos-latest-large` is currently the only way to run *current* macOS on Intel architecture.
+> Using `macos-latest-large` is currently the only way to run _current_ macOS on Intel architecture.
The other two types of runners are those provisioned on your own infrastructure, and [larger Ubuntu (not macOS) runners][runners-large] with bespoke specs (for example, 64 CPUs, 128GB RAM) hosted by GitHub.
Confusingly, GitHub sometimes refers to both of these as "self-hosted" runners.
From e5e0889646b846ecece444382a89858565e12b1f Mon Sep 17 00:00:00 2001
From: Max Held <info@maxheld.de>
Date: Thu, 20 Mar 2025 15:40:29 +0100
Subject: [PATCH 04/10] Update README.md
Co-authored-by: Cole Helbling <cole.e.helbling@outlook.com>
---
README.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/README.md b/README.md
index 540986c..f089e22 100644
--- a/README.md
+++ b/README.md
@@ -146,9 +146,9 @@ Confusingly, GitHub sometimes refers to both of these as "self-hosted" runners.
>
> ```diff
> jobs:
-> DeterminateCI:
-> - uses: DeterminateSystems/ci/.github/workflows/workflow.yml@main
-> + uses: $YOURORG/ci/.github/workflows/workflow.yml@main
+> DeterminateCI:
+> - uses: DeterminateSystems/ci/.github/workflows/workflow.yml@main
+> + uses: $YOURORG/ci/.github/workflows/workflow.yml@main
> ```
>
> Replace `$YOURORG` with your own organisation or user.
From 4bfd8911a3bf01c6cb39659b49a8462ba12a43bf Mon Sep 17 00:00:00 2001
From: Max Held <info@maxheld.de>
Date: Thu, 20 Mar 2025 15:41:51 +0100
Subject: [PATCH 05/10] Apply suggestions from code review
Co-authored-by: Luc Perkins <lucperkins@gmail.com>
---
README.md | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/README.md b/README.md
index f089e22..e135867 100644
--- a/README.md
+++ b/README.md
@@ -99,25 +99,25 @@ ERROR magic_nix_cache: FlakeHub cache initialization failed: FlakeHub cache erro
#### GitHub Actions Runners
-##### Standard & larger runners
+##### Standard and larger runners
By default, the CI maps the Nix systems to their equivalent GitHub-hosted runners:
| | macOS (Apple Silicon) | ARM Linux | macOS (Intel) | x86 Linux |
| ------------------------------------------------- | ------------------------------------ | --------------------------- | ------------------------------------ | --------------------------- |
-| Flake `system:` (Nix build platform) | `aarch64-darwin` | `aarch64-linux` | `x86_64-darwin` | `x86_64-linux` |
+| Flake `system` (Nix build platform) | `aarch64-darwin` | `aarch64-linux` | `x86_64-darwin` | `x86_64-linux`
| [GitHub Actions Runner][runners] (workflow label) | `macos-latest` (using Apple Silicon) | `ubuntu-latest` (using x86) | `macos-latest` (using Apple Silicon) | `ubuntu-latest` (using x86) |
-> [!INFO]
+> [!NOTE]
> There is also a [standard ARM Linux runner][runners-linux-arm] `ubuntu-24.04-arm`, currently in public preview and only supported on public repositories.
> To use it, supply your own runner map as shown below.
-> To use ARM Linux runners on private repositories, you need a non-standard runners, as shown below.
+> To use ARM Linux runners on private repositories, you need non-standard runners, as shown below.
-##### Non-Standard runners
+##### Non-standard runners
You can also use several types of non-standard runners by providing a custom runner map.
-For example, this runner-map enables the [larger GitHub runners for macOS][runners-large-macos]:
+For example, this runner map enables the [larger GitHub runners for macOS][runners-large-macos]:
```yaml
jobs:
From d1194616ac55cc419cfb0835a2dd11cd373065ac Mon Sep 17 00:00:00 2001
From: Maximilian Held <info@maxheld.de>
Date: Thu, 20 Mar 2025 15:46:12 +0100
Subject: [PATCH 06/10] remove empty line
---
README.md | 1 -
1 file changed, 1 deletion(-)
diff --git a/README.md b/README.md
index e135867..e38ae00 100644
--- a/README.md
+++ b/README.md
@@ -116,7 +116,6 @@ By default, the CI maps the Nix systems to their equivalent GitHub-hosted runner
##### Non-standard runners
You can also use several types of non-standard runners by providing a custom runner map.
-
For example, this runner map enables the [larger GitHub runners for macOS][runners-large-macos]:
```yaml
From c54b814f76222fc0631659e059297bf0467bbcd5 Mon Sep 17 00:00:00 2001
From: Maximilian Held <info@maxheld.de>
Date: Thu, 20 Mar 2025 15:47:40 +0100
Subject: [PATCH 07/10] improve syntax
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index e38ae00..9a8b37c 100644
--- a/README.md
+++ b/README.md
@@ -105,7 +105,7 @@ By default, the CI maps the Nix systems to their equivalent GitHub-hosted runner
| | macOS (Apple Silicon) | ARM Linux | macOS (Intel) | x86 Linux |
| ------------------------------------------------- | ------------------------------------ | --------------------------- | ------------------------------------ | --------------------------- |
-| Flake `system` (Nix build platform) | `aarch64-darwin` | `aarch64-linux` | `x86_64-darwin` | `x86_64-linux`
+| Flake `system:` (Nix build platform) | `aarch64-darwin` | `aarch64-linux` | `x86_64-darwin` | `x86_64-linux`
| [GitHub Actions Runner][runners] (workflow label) | `macos-latest` (using Apple Silicon) | `ubuntu-latest` (using x86) | `macos-latest` (using Apple Silicon) | `ubuntu-latest` (using x86) |
> [!NOTE]
From dfa9da886f58ea71ba6487393cd74a95bd96713e Mon Sep 17 00:00:00 2001
From: Maximilian Held <info@maxheld.de>
Date: Thu, 20 Mar 2025 15:50:49 +0100
Subject: [PATCH 08/10] add empty spaces in md table again
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 9a8b37c..4e47c51 100644
--- a/README.md
+++ b/README.md
@@ -105,7 +105,7 @@ By default, the CI maps the Nix systems to their equivalent GitHub-hosted runner
| | macOS (Apple Silicon) | ARM Linux | macOS (Intel) | x86 Linux |
| ------------------------------------------------- | ------------------------------------ | --------------------------- | ------------------------------------ | --------------------------- |
-| Flake `system:` (Nix build platform) | `aarch64-darwin` | `aarch64-linux` | `x86_64-darwin` | `x86_64-linux`
+| Flake `system:` (Nix build platform) | `aarch64-darwin` | `aarch64-linux` | `x86_64-darwin` | `x86_64-linux` |
| [GitHub Actions Runner][runners] (workflow label) | `macos-latest` (using Apple Silicon) | `ubuntu-latest` (using x86) | `macos-latest` (using Apple Silicon) | `ubuntu-latest` (using x86) |
> [!NOTE]
From 23a14bef36119a348adfbf78d5471ed3438a1d30 Mon Sep 17 00:00:00 2001
From: Maximilian Held <info@maxheld.de>
Date: Thu, 20 Mar 2025 16:28:32 +0100
Subject: [PATCH 09/10] fix extra colon
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 4e47c51..b8f3b40 100644
--- a/README.md
+++ b/README.md
@@ -105,7 +105,7 @@ By default, the CI maps the Nix systems to their equivalent GitHub-hosted runner
| | macOS (Apple Silicon) | ARM Linux | macOS (Intel) | x86 Linux |
| ------------------------------------------------- | ------------------------------------ | --------------------------- | ------------------------------------ | --------------------------- |
-| Flake `system:` (Nix build platform) | `aarch64-darwin` | `aarch64-linux` | `x86_64-darwin` | `x86_64-linux` |
+| Flake `system` (Nix build platform) | `aarch64-darwin` | `aarch64-linux` | `x86_64-darwin` | `x86_64-linux` |
| [GitHub Actions Runner][runners] (workflow label) | `macos-latest` (using Apple Silicon) | `ubuntu-latest` (using x86) | `macos-latest` (using Apple Silicon) | `ubuntu-latest` (using x86) |
> [!NOTE]
From 8402bbd555b2ea9c7ea670b044985c79cc5696b8 Mon Sep 17 00:00:00 2001
From: Maximilian Held <info@maxheld.de>
Date: Thu, 20 Mar 2025 16:30:47 +0100
Subject: [PATCH 10/10] fix whitespace
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index b8f3b40..4221ca5 100644
--- a/README.md
+++ b/README.md
@@ -105,7 +105,7 @@ By default, the CI maps the Nix systems to their equivalent GitHub-hosted runner
| | macOS (Apple Silicon) | ARM Linux | macOS (Intel) | x86 Linux |
| ------------------------------------------------- | ------------------------------------ | --------------------------- | ------------------------------------ | --------------------------- |
-| Flake `system` (Nix build platform) | `aarch64-darwin` | `aarch64-linux` | `x86_64-darwin` | `x86_64-linux` |
+| Flake `system` (Nix build platform) | `aarch64-darwin` | `aarch64-linux` | `x86_64-darwin` | `x86_64-linux` |
| [GitHub Actions Runner][runners] (workflow label) | `macos-latest` (using Apple Silicon) | `ubuntu-latest` (using x86) | `macos-latest` (using Apple Silicon) | `ubuntu-latest` (using x86) |
> [!NOTE]