Improvements to the Nix shell. (#282) #40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ship | |
| on: | |
| push: | |
| jobs: | |
| nix-build: | |
| name: nix build | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| target: | |
| - x86_64-linux | |
| - aarch64-linux | |
| steps: | |
| - name: Checkout ποΈ | |
| uses: actions/checkout@v4 | |
| - name: Install Nix β | |
| uses: cachix/install-nix-action@v25 | |
| with: | |
| github_access_token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up the Nix Cache π | |
| uses: cachix/cachix-action@v14 | |
| with: | |
| name: hasura-v3-dev | |
| authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
| - name: Build a binary with Nix | |
| run: nix build --print-build-logs '.#${{ matrix.target }}' | |
| - name: Build a Docker image with Nix | |
| run: nix build --print-build-logs '.#docker-${{ matrix.target }}' | |
| # scream into Slack if something goes wrong | |
| - name: Report Status | |
| if: always() && github.ref == 'refs/heads/main' | |
| uses: ravsamhq/notify-slack-action@v2 | |
| with: | |
| status: ${{ job.status }} | |
| notify_when: failure | |
| notification_title: "π§ Error on <{repo_url}|{repo}>" | |
| message_format: "π΄ *{workflow}* {status_message} for <{repo_url}|{repo}>" | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.BROKEN_BUILD_SLACK_WEBHOOK_URL }} | |
| deploy: | |
| needs: | |
| - nix-build | |
| runs-on: ubuntu-latest | |
| # Only run on the `main` branch or version tags. | |
| # Note we currently tag the image with 'latest', so will want to stop doing | |
| # so if we run this on PR branches, etc. | |
| if: (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v')) | |
| permissions: | |
| contents: read | |
| id-token: write | |
| packages: write | |
| steps: | |
| - name: Checkout ποΈ | |
| uses: actions/checkout@v4 | |
| - name: Install Nix β | |
| uses: cachix/install-nix-action@v25 | |
| with: | |
| github_access_token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up the Nix Cache π | |
| uses: cachix/cachix-action@v14 | |
| with: | |
| name: hasura-v3-dev | |
| authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
| - id: gcloud-auth | |
| name: Authenticate to Google Cloud π | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| token_format: access_token | |
| service_account: "[email protected]" | |
| workload_identity_provider: "projects/1025009031284/locations/global/workloadIdentityPools/hasura-ddn/providers/github" | |
| - name: Login to Google Container Registry π¦ | |
| uses: "docker/login-action@v3" | |
| with: | |
| registry: "us-docker.pkg.dev" | |
| username: "oauth2accesstoken" | |
| password: "${{ steps.gcloud-auth.outputs.access_token }}" | |
| - name: Login to GitHub Container Registry π¦ | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Push Docker images to Google Container Registry π’ | |
| run: nix run .#publish-docker-image '${{ github.ref }}' 'us-docker.pkg.dev/hasura-ddn/ddn/ndc-postgres' | |
| - name: Push Docker images to GitHub Packages π’ | |
| run: nix run .#publish-docker-image '${{ github.ref }}' 'ghcr.io/hasura/ndc-postgres' | |
| - name: Deploy to Staging π | |
| env: | |
| BUILDKITE_AUTH_TOKEN: ${{ secrets.BUILDKITE_AUTH_TOKEN }} | |
| run: | | |
| long_sha=$(git rev-parse HEAD) | |
| short_sha=$(git rev-parse --short=9 HEAD) | |
| req_data=$(cat <<EOF | |
| { | |
| "commit": "${long_sha}", | |
| "branch": "main", | |
| "message": "deploy ndc-postgres config server ${GITHUB_SHA} to staging :rocket:", | |
| "author": { | |
| "name": "Hasura Bot", | |
| "email": "[email protected]" | |
| }, | |
| "env": { | |
| "RELEASE_VERSION": "dev-main-${short_sha}" | |
| } | |
| } | |
| EOF) | |
| curl -X POST "https://api.buildkite.com/v2/organizations/hasura/pipelines/release-ndc-postgres-config-server/builds" \ | |
| -H "Content-Type: application/json" \ | |
| -H "Authorization: Bearer ${BUILDKITE_AUTH_TOKEN}" \ | |
| -d "$req_data" | |
| # scream into Slack if something goes wrong | |
| - name: Report Status | |
| if: always() | |
| uses: ravsamhq/notify-slack-action@v2 | |
| with: | |
| status: ${{ job.status }} | |
| notify_when: failure | |
| notification_title: "π§ Error on <{repo_url}|{repo}>" | |
| message_format: "π΄ *{workflow}* {status_message} for <{repo_url}|{repo}>" | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.BROKEN_BUILD_SLACK_WEBHOOK_URL }} | |
| e2e-testing: | |
| name: check against end-to-end tests | |
| needs: | |
| - deploy | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Create docker tag | |
| id: create-tag | |
| run: echo "docker_tag=$(git rev-parse --short=9 ${{ github.sha }})" >> $GITHUB_OUTPUT | |
| - name: Dispatch Postgres E2E tests | |
| uses: aurelien-baudet/workflow-dispatch@v2 | |
| with: | |
| inputs: '{ "connector": "${{ steps.create-tag.outputs.docker_tag }}" }' | |
| repo: hasura/v3-e2e-testing | |
| ref: main | |
| token: ${{ secrets.E2E_WORKFLOW_PAT }} | |
| workflow: "cargo test postgres" | |
| - name: Dispatch Postgres Config Server E2E tests | |
| uses: aurelien-baudet/workflow-dispatch@v2 | |
| with: | |
| inputs: '{ "connector": "${{ github.sha }}" }' | |
| repo: hasura/v3-e2e-testing | |
| ref: main | |
| token: ${{ secrets.E2E_WORKFLOW_PAT }} | |
| workflow: "cargo test postgres-config-server" | |
| - name: Report failures | |
| if: always() && github.ref == 'refs/heads/main' | |
| uses: ravsamhq/notify-slack-action@v2 | |
| with: | |
| status: ${{ job.status }} | |
| notify_when: failure | |
| notification_title: "${{ github.actor }}, *nap time is over*! The following commit to <{repo_url}|{repo}> broke the end-to-end tests:" | |
| message_format: "${{ github.event.head_commit.message }}" | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.BROKEN_E2E_SLACK_WEBHOOK_URL }} |