Actions/ci
1
0
Fork 0
mirror of https://github.com/DeterminateSystems/ci.git synced 2025-06-15 22:03:18 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request from DeterminateSystems/determinate-nix-action

Browse source 
ci: migrate to determinate-nix-action
This commit is contained in:
Graham Christensen 2025-05-15 13:38:38 -04:00 committed by GitHub
commit e257db1012
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 14 additions and 22 deletions
.github/workflows
validate.ymlworkflow.yml

10
.github/workflows/validate.yml vendored
View file

@ -1,6 +1,6 @@
on: on:
push: push:
branches: main branches: [main]
pull_request: pull_request:
workflow_dispatch: workflow_dispatch:
@ -13,9 +13,7 @@ jobs:
steps: steps:
- name: git checkout - name: git checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@main - uses: DeterminateSystems/determinate-nix-action@v3
with:
determinate: true
- uses: DeterminateSystems/flakehub-cache-action@main - uses: DeterminateSystems/flakehub-cache-action@main
- run: nix develop -c action-validator -v ./.github/workflows/workflow.yml - run: nix develop -c action-validator -v ./.github/workflows/workflow.yml
- run: nix develop -c prettier --check . - run: nix develop -c prettier --check .
@ -23,7 +21,7 @@ jobs:
DeterminateCI: DeterminateCI:
uses: ./.github/workflows/workflow.yml uses: ./.github/workflows/workflow.yml
permissions: permissions:
id-token: "write" id-token: write
contents: "read" contents: read
with: with:
directory: ./tests/smoke directory: ./tests/smoke

26
.github/workflows/workflow.yml vendored
View file

@ -88,16 +88,14 @@ jobs:
systems: ${{ steps.inventory.outputs.systems }} systems: ${{ steps.inventory.outputs.systems }}
permissions: permissions:
id-token: "write" id-token: write
contents: "read" contents: read
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
# disabled pending strategy discussion on exposing tunables # disabled pending strategy discussion on exposing tunables
# - uses: Determinatesystems/flake-checker-action@main # - uses: Determinatesystems/flake-checker-action@main
- uses: DeterminateSystems/nix-installer-action@main - uses: DeterminateSystems/determinate-nix-action@v3
with:
determinate: true
- uses: DeterminateSystems/flakehub-cache-action@main - uses: DeterminateSystems/flakehub-cache-action@main
- uses: webfactory/ssh-agent@v0.9.0 - uses: webfactory/ssh-agent@v0.9.0
if: ${{ inputs.enable-ssh-agent }} if: ${{ inputs.enable-ssh-agent }}
@ -120,14 +118,12 @@ jobs:
systems: ${{ fromJSON(needs.inventory.outputs.systems) }} systems: ${{ fromJSON(needs.inventory.outputs.systems) }}
permissions: permissions:
id-token: "write" id-token: write
contents: "read" contents: read
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@main - uses: DeterminateSystems/determinate-nix-action@v3
with:
determinate: true
- uses: DeterminateSystems/flakehub-cache-action@main - uses: DeterminateSystems/flakehub-cache-action@main
- uses: webfactory/ssh-agent@v0.9.0 - uses: webfactory/ssh-agent@v0.9.0
if: ${{ inputs.enable-ssh-agent }} if: ${{ inputs.enable-ssh-agent }}
@ -145,8 +141,8 @@ jobs:
needs: build needs: build
if: ${{ always() }} if: ${{ always() }}
permissions: permissions:
id-token: "write" id-token: write
contents: "read" contents: read
outputs: outputs:
flake_name: ${{ steps.publish.outputs.flake_name }} flake_name: ${{ steps.publish.outputs.flake_name }}
@ -163,13 +159,11 @@ jobs:
contains(needs.*.result, 'cancelled') contains(needs.*.result, 'cancelled')
- uses: actions/checkout@main - uses: actions/checkout@main
if: ${{ !github.repository.fork && inputs.visibility != '' && (github.ref == format('refs/heads/{0}', inputs.default-branch) || startsWith(github.ref, 'refs/tags/')) }} if: ${{ !github.repository.fork && inputs.visibility != '' && (github.ref == format('refs/heads/{0}', inputs.default-branch) || startsWith(github.ref, 'refs/tags/')) }}
- uses: DeterminateSystems/nix-installer-action@main - uses: DeterminateSystems/determinate-nix-action@v3
if: ${{ !github.repository.fork && inputs.visibility != '' && (github.ref == format('refs/heads/{0}', inputs.default-branch) || startsWith(github.ref, 'refs/tags/')) }} if: ${{ !github.repository.fork && inputs.visibility != '' && (github.ref == format('refs/heads/{0}', inputs.default-branch) || startsWith(github.ref, 'refs/tags/')) }}
with:
determinate: true
- uses: DeterminateSystems/flakehub-cache-action@main - uses: DeterminateSystems/flakehub-cache-action@main
if: ${{ !github.repository.fork && inputs.visibility != '' && (github.ref == format('refs/heads/{0}', inputs.default-branch) || startsWith(github.ref, 'refs/tags/')) }} if: ${{ !github.repository.fork && inputs.visibility != '' && (github.ref == format('refs/heads/{0}', inputs.default-branch) || startsWith(github.ref, 'refs/tags/')) }}
- uses: "DeterminateSystems/flakehub-push@main" - uses: DeterminateSystems/flakehub-push@main
if: ${{ !github.repository.fork && inputs.visibility != '' && (github.ref == format('refs/heads/{0}', inputs.default-branch) || startsWith(github.ref, 'refs/tags/')) }} if: ${{ !github.repository.fork && inputs.visibility != '' && (github.ref == format('refs/heads/{0}', inputs.default-branch) || startsWith(github.ref, 'refs/tags/')) }}
id: publish id: publish
with: with: