From 29ebd8c93ee06b7a0213afbac3627d4d4e38066e Mon Sep 17 00:00:00 2001 From: Luc Perkins Date: Tue, 16 Dec 2025 12:28:57 -0300 Subject: [PATCH 1/7] Upload flake-iter to S3 --- .github/actions/download-persist.yaml | 28 +++++++++++ .github/workflows/build-and-upload.yml | 46 ++++++++++++++++++ .github/workflows/determinate-ci.yml | 29 ----------- .github/workflows/release-branch.yml | 54 +++++++++++++++++++++ .github/workflows/release-pr.yml | 66 ++++++++++++++++++++++++++ .github/workflows/release-tag.yml | 54 +++++++++++++++++++++ flake.lock | 38 +++++++-------- flake.nix | 8 ++-- 8 files changed, 271 insertions(+), 52 deletions(-) create mode 100644 .github/actions/download-persist.yaml create mode 100644 .github/workflows/build-and-upload.yml delete mode 100644 .github/workflows/determinate-ci.yml create mode 100644 .github/workflows/release-branch.yml create mode 100644 .github/workflows/release-pr.yml create mode 100644 .github/workflows/release-tag.yml diff --git a/.github/actions/download-persist.yaml b/.github/actions/download-persist.yaml new file mode 100644 index 0000000..9b563f3 --- /dev/null +++ b/.github/actions/download-persist.yaml @@ -0,0 +1,28 @@ +name: Download and persist artifact + +inputs: + name: + type: string + required: true + arch: + type: choice + options: + - X64 + - ARM64 + required: true + os: + type: choice + options: + - Linux + - macOS + required: true + +runs: + using: composite + steps: + - uses: actions/download-artifact@v6 + with: + name: ${{ inputs.name }}-${{ inputs.arch }}-${{ inputs.os }} + path: cache-binary-${{ inputs.arch }}-${{ inputs.os }} + - shell: bash + run: cp ./cache-binary-${{ inputs.arch }}-${{ inputs.os }}/${{ inputs.name }} ./artifacts/${{ inputs.arch }}-${{ inputs.os }} diff --git a/.github/workflows/build-and-upload.yml b/.github/workflows/build-and-upload.yml new file mode 100644 index 0000000..e15b47b --- /dev/null +++ b/.github/workflows/build-and-upload.yml @@ -0,0 +1,46 @@ +on: + workflow_call: + workflow_dispatch: + pull_request: + push: + branches: [main] + +jobs: + build-artifacts: + runs-on: ${{ matrix.systems.runner }} + permissions: + id-token: write + contents: read + strategy: + matrix: + systems: + - nix-system: aarch64-darwin + runner: macos-latest-xlarge + artifact: flake-iter-ARM64-macOS + - nix-system: aarch64-linux + runner: namespace-profile-default-arm64 + artifact: flake-iter-X64-Linux + - nix-system: x86_64-linux + runner: ubuntu-24.04 + artifact: flake-iter-ARM64-Linux + steps: + - name: git checkout + uses: actions/checkout@v6 + + - name: Install Determinate Nix + uses: DeterminateSystems/determinate-nix-action@main + + - name: Set up FlakeHub Cache + uses: DeterminateSystems/flakehub-cache-action@main + + - name: Build package for ${{ matrix.systems.nix-system }} + run: | + nix build -L ".#packages.${{ matrix.systems.nix-system }}.default" + + - name: Upload a Build Artifact + uses: actions/upload-artifact@v4 + with: + # Artifact name + name: ${{ matrix.systems.artifact }} + path: result/bin/flake-iter + retention-days: 1 diff --git a/.github/workflows/determinate-ci.yml b/.github/workflows/determinate-ci.yml deleted file mode 100644 index c5ac4c8..0000000 --- a/.github/workflows/determinate-ci.yml +++ /dev/null @@ -1,29 +0,0 @@ -on: - pull_request: - workflow_dispatch: - push: - branches: - - main - - master - tags: - - "v?[0-9]+.[0-9]+.[0-9]+*" - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -jobs: - DeterminateCI: - uses: DeterminateSystems/ci/.github/workflows/workflow.yml@main - permissions: - id-token: "write" - contents: "read" - with: - visibility: public - flake-iter-flakeref: ".#" - runner-map: | - { - "aarch64-darwin": "macos-latest", - "aarch64-linux": "ubuntu-24.04-arm", - "x86_64-linux": "ubuntu-latest" - } diff --git a/.github/workflows/release-branch.yml b/.github/workflows/release-branch.yml new file mode 100644 index 0000000..6f08242 --- /dev/null +++ b/.github/workflows/release-branch.yml @@ -0,0 +1,54 @@ +name: Release branch + +on: + push: + branches: + - main + +jobs: + build: + uses: ./.github/workflows/build-and-upload.yml + + release: + needs: build + environment: release + concurrency: release + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write # In order to request a JWT for AWS auth + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Create the artifacts directory + run: rm -rf ./artifacts && mkdir ./artifacts + + # aarch64-darwin + - uses: ./.github/actions/download-persist + with: + name: flake-iter + arch: ARM64 + os: macOS + + # x86_64-linux + - uses: ./.github/actions/download-persist + with: + name: flake-iter + arch: X64 + os: Linux + + # aarch64-linux + - uses: ./.github/actions/download-persist + with: + name: flake-iter + arch: ARM64 + os: Linux + + - uses: DeterminateSystems/push-artifact-ids@main + with: + s3_upload_role: ${{ secrets.AWS_S3_UPLOAD_ROLE }} + bucket: ${{ secrets.AWS_S3_UPLOAD_BUCKET }} + directory: ./artifacts + ids_project_name: flake-iter + ids_binary_prefix: flake-iter diff --git a/.github/workflows/release-pr.yml b/.github/workflows/release-pr.yml new file mode 100644 index 0000000..02046de --- /dev/null +++ b/.github/workflows/release-pr.yml @@ -0,0 +1,66 @@ +name: Release PR + +on: + pull_request: + types: + - opened + - reopened + - synchronize + - labeled + +jobs: + build: + # We want to build and upload artifacts only if the `upload to s3` label is applied + # Only intra-repo PRs are allowed to have PR artifacts uploaded + # We only want to trigger once the upload once in the case the upload label is added, not when any label is added + if: | + github.event.pull_request.head.repo.full_name == 'DeterminateSystems/flake-iter' + && ( + (github.event.action == 'labeled' && github.event.label.name == 'upload to s3') + || (github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'upload to s3')) + ) + uses: ./.github/workflows/build-and-upload.yml + + release: + needs: build + environment: release + concurrency: release + runs-on: ubuntu-latest + permissions: + id-token: write # In order to request a JWT for AWS auth + contents: read + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Create the artifacts directory + run: rm -rf ./artifacts && mkdir ./artifacts + + # aarch64-darwin + - uses: ./.github/actions/download-persist + with: + name: flake-iter + arch: ARM64 + os: macOS + + # x86_64-linux + - uses: ./.github/actions/download-persist + with: + name: flake-iter + arch: X64 + os: Linux + + # aarch64-linux + - uses: ./.github/actions/download-persist + with: + name: flake-iter + arch: ARM64 + os: Linux + + - uses: DeterminateSystems/push-artifact-ids@main + with: + s3_upload_role: ${{ secrets.AWS_S3_UPLOAD_ROLE }} + bucket: ${{ secrets.AWS_S3_UPLOAD_BUCKET }} + directory: ./artifacts + ids_project_name: flake-iter + ids_binary_prefix: flake-iter diff --git a/.github/workflows/release-tag.yml b/.github/workflows/release-tag.yml new file mode 100644 index 0000000..52e17dc --- /dev/null +++ b/.github/workflows/release-tag.yml @@ -0,0 +1,54 @@ +name: Release tag + +on: + push: + tags: + - v*.*.* + +jobs: + build: + uses: ./.github/workflows/build-and-upload.yml + + release: + needs: build + environment: release + concurrency: release + runs-on: ubuntu-latest + permissions: + contents: write # In order to upload artifacts to GitHub releases + id-token: write # In order to request a JWT for AWS auth + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Create the artifacts directory + run: rm -rf ./artifacts && mkdir ./artifacts + + # aarch64-darwin + - uses: ./.github/actions/download-persist + with: + name: flake-iter + arch: ARM64 + os: macOS + + # x86_64-linux + - uses: ./.github/actions/download-persist + with: + name: flake-iter + arch: X64 + os: Linux + + # aarch64-linux + - uses: ./.github/actions/download-persist + with: + name: flake-iter + arch: ARM64 + os: Linux + + - uses: DeterminateSystems/push-artifact-ids@main + with: + s3_upload_role: ${{ secrets.AWS_S3_UPLOAD_ROLE }} + bucket: ${{ secrets.AWS_S3_UPLOAD_BUCKET }} + directory: ./artifacts + ids_project_name: flake-iter + ids_binary_prefix: flake-iter diff --git a/flake.lock b/flake.lock index bc159ec..b9c0a4e 100644 --- a/flake.lock +++ b/flake.lock @@ -22,12 +22,12 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1761979010, - "narHash": "sha256-isqMvjTk3jdTHN6KA/BWQvOSVe7O35OQKAZNtLK76OY=", - "rev": "3107255abfe4f2d1c3eee7a3e2f5a5eb6f2200fe", - "revCount": 2439, + "lastModified": 1764571808, + "narHash": "sha256-+oo9W5rz03TjfpNqDSLEQwgKiuBbjrHdORyTHli2RuM=", + "rev": "df3c2e78ec13418f85c1f26e77a50f865ec57d38", + "revCount": 2471, "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/nix-community/fenix/0.1.2439%2Brev-3107255abfe4f2d1c3eee7a3e2f5a5eb6f2200fe/019a3e7f-523d-7e82-b791-0e92cf55a0a9/source.tar.gz" + "url": "https://api.flakehub.com/f/pinned/nix-community/fenix/0.1.2471%2Brev-df3c2e78ec13418f85c1f26e77a50f865ec57d38/019ad905-65fc-7ba6-8d92-a0b2cf1c6ea6/source.tar.gz" }, "original": { "type": "tarball", @@ -36,26 +36,26 @@ }, "flake-schemas": { "locked": { - "lastModified": 1761577921, - "narHash": "sha256-eK3/xbUOrxp9fFlei09XNjqcdiHXxndzrTXp7jFpOk8=", - "rev": "47849c7625e223d36766968cc6dc23ba0e135922", - "revCount": 107, + "lastModified": 1721999734, + "narHash": "sha256-G5CxYeJVm4lcEtaO87LKzOsVnWeTcHGKbKxNamNWgOw=", + "rev": "0a5c42297d870156d9c57d8f99e476b738dcd982", + "revCount": 75, "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/flake-schemas/0.2.0/019a4a84-544d-7c59-b26d-e334e320c932/source.tar.gz" + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/flake-schemas/0.1.5/0190ef2f-61e0-794b-ba14-e82f225e55e6/source.tar.gz" }, "original": { "type": "tarball", - "url": "https://flakehub.com/f/DeterminateSystems/flake-schemas/%2A" + "url": "https://flakehub.com/f/DeterminateSystems/flake-schemas/0.1" } }, "nixpkgs": { "locked": { - "lastModified": 1763948260, - "narHash": "sha256-dY9qLD0H0zOUgU3vWacPY6Qc421BeQAfm8kBuBtPVE0=", - "rev": "1c8ba8d3f7634acac4a2094eef7c32ad9106532c", - "revCount": 813095, + "lastModified": 1765762245, + "narHash": "sha256-3iXM/zTqEskWtmZs3gqNiVtRTsEjYAedIaLL0mSBsrk=", + "rev": "c8cfcd6ccd422e41cc631a0b73ed4d5a925c393d", + "revCount": 903561, "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2505.813095%2Brev-1c8ba8d3f7634acac4a2094eef7c32ad9106532c/019ab6d8-0005-7317-844d-5d868444249f/source.tar.gz" + "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2511.903561%2Brev-c8cfcd6ccd422e41cc631a0b73ed4d5a925c393d/019b231b-8461-7fef-af86-fa7662ea16ad/source.tar.gz" }, "original": { "type": "tarball", @@ -73,11 +73,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1761894503, - "narHash": "sha256-SreGV62DEv7kLJEcOBrw2V6Kup0siT4wS3Ye8PlFTdE=", + "lastModified": 1764525349, + "narHash": "sha256-vR3vU9AwzMsBvjNeeG2inA5W/2MwseFk5NIIrLFEMHk=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "2e2e3ebec91215078de9b754363fc9a7b0fdef13", + "rev": "d646b23f000d099d845f999c2c1e05b15d9cdc78", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index cae213f..b4f4fd5 100644 --- a/flake.nix +++ b/flake.nix @@ -11,11 +11,11 @@ crane = { url = "https://flakehub.com/f/ipetkov/crane/0.20"; }; - flake-schemas.url = "https://flakehub.com/f/DeterminateSystems/flake-schemas/*"; + flake-schemas.url = "https://flakehub.com/f/DeterminateSystems/flake-schemas/0.1"; }; outputs = - inputs: + { self, ... }@inputs: let supportedSystems = [ "x86_64-linux" @@ -29,7 +29,7 @@ f { pkgs = import inputs.nixpkgs { inherit system; - overlays = [ inputs.self.overlays.default ]; + overlays = [ self.overlays.default ]; }; } ); @@ -94,7 +94,7 @@ default = pkgs.craneLib.buildPackage { pname = meta.name; inherit (meta) version; - src = inputs.self; + src = self; doCheck = true; buildInputs = with pkgs; [ iconv ]; }; From 5d262cebdb7fe283a3c3191e02374a90ac1dd5d3 Mon Sep 17 00:00:00 2001 From: Luc Perkins Date: Tue, 16 Dec 2025 12:41:10 -0300 Subject: [PATCH 2/7] Fix workflow inputs --- .github/actions/download-persist.yaml | 12 +++--------- .github/workflows/build-and-upload.yml | 4 ++-- 2 files changed, 5 insertions(+), 11 deletions(-) diff --git a/.github/actions/download-persist.yaml b/.github/actions/download-persist.yaml index 9b563f3..52f0dd6 100644 --- a/.github/actions/download-persist.yaml +++ b/.github/actions/download-persist.yaml @@ -2,19 +2,13 @@ name: Download and persist artifact inputs: name: - type: string + description: Artifact name prefix required: true arch: - type: choice - options: - - X64 - - ARM64 + description: Architecture (X64 or ARM64) required: true os: - type: choice - options: - - Linux - - macOS + description: Operating system (Linux or macOS) required: true runs: diff --git a/.github/workflows/build-and-upload.yml b/.github/workflows/build-and-upload.yml index e15b47b..695f824 100644 --- a/.github/workflows/build-and-upload.yml +++ b/.github/workflows/build-and-upload.yml @@ -19,10 +19,10 @@ jobs: artifact: flake-iter-ARM64-macOS - nix-system: aarch64-linux runner: namespace-profile-default-arm64 - artifact: flake-iter-X64-Linux + artifact: flake-iter-ARM64-Linux - nix-system: x86_64-linux runner: ubuntu-24.04 - artifact: flake-iter-ARM64-Linux + artifact: flake-iter-X64-Linux steps: - name: git checkout uses: actions/checkout@v6 From 9d21c690e9aa41cecc45ac965cfb6e66a3519031 Mon Sep 17 00:00:00 2001 From: Luc Perkins Date: Tue, 16 Dec 2025 12:50:11 -0300 Subject: [PATCH 3/7] Add version flag --- src/cli.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/src/cli.rs b/src/cli.rs index 509d377..962d42c 100644 --- a/src/cli.rs +++ b/src/cli.rs @@ -14,6 +14,7 @@ enum FlakeIterCommand { /// A tool for working with flake outputs. #[derive(Parser)] +#[command(version)] pub struct Cli { /// Whether to display all Nix build output. #[arg( From c98810d884a6dd0f7e736a862ed0cb28dd8c0ef0 Mon Sep 17 00:00:00 2001 From: Luc Perkins Date: Tue, 16 Dec 2025 13:32:27 -0300 Subject: [PATCH 4/7] Consolidate into one build/release workflow --- .github/actions/download-persist.yaml | 22 ------- ...d-and-upload.yml => build-and-release.yml} | 36 ++++++++-- .github/workflows/nix.yml | 4 +- .github/workflows/release-branch.yml | 54 --------------- .github/workflows/release-pr.yml | 66 ------------------- .github/workflows/release-tag.yml | 54 --------------- flake.nix | 18 +++-- 7 files changed, 45 insertions(+), 209 deletions(-) delete mode 100644 .github/actions/download-persist.yaml rename .github/workflows/{build-and-upload.yml => build-and-release.yml} (52%) delete mode 100644 .github/workflows/release-branch.yml delete mode 100644 .github/workflows/release-pr.yml delete mode 100644 .github/workflows/release-tag.yml diff --git a/.github/actions/download-persist.yaml b/.github/actions/download-persist.yaml deleted file mode 100644 index 52f0dd6..0000000 --- a/.github/actions/download-persist.yaml +++ /dev/null @@ -1,22 +0,0 @@ -name: Download and persist artifact - -inputs: - name: - description: Artifact name prefix - required: true - arch: - description: Architecture (X64 or ARM64) - required: true - os: - description: Operating system (Linux or macOS) - required: true - -runs: - using: composite - steps: - - uses: actions/download-artifact@v6 - with: - name: ${{ inputs.name }}-${{ inputs.arch }}-${{ inputs.os }} - path: cache-binary-${{ inputs.arch }}-${{ inputs.os }} - - shell: bash - run: cp ./cache-binary-${{ inputs.arch }}-${{ inputs.os }}/${{ inputs.name }} ./artifacts/${{ inputs.arch }}-${{ inputs.os }} diff --git a/.github/workflows/build-and-upload.yml b/.github/workflows/build-and-release.yml similarity index 52% rename from .github/workflows/build-and-upload.yml rename to .github/workflows/build-and-release.yml index 695f824..679838e 100644 --- a/.github/workflows/build-and-upload.yml +++ b/.github/workflows/build-and-release.yml @@ -35,12 +35,38 @@ jobs: - name: Build package for ${{ matrix.systems.nix-system }} run: | - nix build -L ".#packages.${{ matrix.systems.nix-system }}.default" + nix build -L - - name: Upload a Build Artifact + - name: Prepare ${{ matrix.systems.nix-system }} artifact + run: | + mkdir -p artifacts + cp result/bin/flake-iter artifacts/${{ matrix.systems.artifact }} + + - name: Upload build artifact uses: actions/upload-artifact@v4 with: - # Artifact name - name: ${{ matrix.systems.artifact }} - path: result/bin/flake-iter + name: artifacts + path: artifacts/${{ matrix.systems.artifact }} retention-days: 1 + + upload-artifacts-to-s3: + needs: build-artifacts + runs-on: ubuntu-24.04 + permissions: + id-token: write + contents: read + steps: + - name: Download artifacts directory + uses: actions/download-artifact@v7 + with: + name: artifacts + path: ./artifacts + + - name: Upload to S3 + uses: DeterminateSystems/push-artifact-ids@main + with: + s3_upload_role: ${{ secrets.AWS_S3_UPLOAD_ROLE }} + bucket: ${{ secrets.AWS_S3_UPLOAD_BUCKET }} + directory: ./artifacts + ids_project_name: flake-iter + ids_binary_prefix: flake-iter diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index 3abba74..7010fcf 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -18,7 +18,7 @@ jobs: - uses: DeterminateSystems/flakehub-cache-action@main - name: Nix formatting - run: git ls-files '*.nix' | nix develop --command xargs nixpkgs-fmt --check + run: git ls-files '*.nix' | nix develop --command xargs nixfmt --check - - name: Nix Flake Check + - name: Nix flake check run: nix flake check --print-build-logs --all-systems diff --git a/.github/workflows/release-branch.yml b/.github/workflows/release-branch.yml deleted file mode 100644 index 6f08242..0000000 --- a/.github/workflows/release-branch.yml +++ /dev/null @@ -1,54 +0,0 @@ -name: Release branch - -on: - push: - branches: - - main - -jobs: - build: - uses: ./.github/workflows/build-and-upload.yml - - release: - needs: build - environment: release - concurrency: release - runs-on: ubuntu-latest - permissions: - contents: read - id-token: write # In order to request a JWT for AWS auth - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Create the artifacts directory - run: rm -rf ./artifacts && mkdir ./artifacts - - # aarch64-darwin - - uses: ./.github/actions/download-persist - with: - name: flake-iter - arch: ARM64 - os: macOS - - # x86_64-linux - - uses: ./.github/actions/download-persist - with: - name: flake-iter - arch: X64 - os: Linux - - # aarch64-linux - - uses: ./.github/actions/download-persist - with: - name: flake-iter - arch: ARM64 - os: Linux - - - uses: DeterminateSystems/push-artifact-ids@main - with: - s3_upload_role: ${{ secrets.AWS_S3_UPLOAD_ROLE }} - bucket: ${{ secrets.AWS_S3_UPLOAD_BUCKET }} - directory: ./artifacts - ids_project_name: flake-iter - ids_binary_prefix: flake-iter diff --git a/.github/workflows/release-pr.yml b/.github/workflows/release-pr.yml deleted file mode 100644 index 02046de..0000000 --- a/.github/workflows/release-pr.yml +++ /dev/null @@ -1,66 +0,0 @@ -name: Release PR - -on: - pull_request: - types: - - opened - - reopened - - synchronize - - labeled - -jobs: - build: - # We want to build and upload artifacts only if the `upload to s3` label is applied - # Only intra-repo PRs are allowed to have PR artifacts uploaded - # We only want to trigger once the upload once in the case the upload label is added, not when any label is added - if: | - github.event.pull_request.head.repo.full_name == 'DeterminateSystems/flake-iter' - && ( - (github.event.action == 'labeled' && github.event.label.name == 'upload to s3') - || (github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'upload to s3')) - ) - uses: ./.github/workflows/build-and-upload.yml - - release: - needs: build - environment: release - concurrency: release - runs-on: ubuntu-latest - permissions: - id-token: write # In order to request a JWT for AWS auth - contents: read - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Create the artifacts directory - run: rm -rf ./artifacts && mkdir ./artifacts - - # aarch64-darwin - - uses: ./.github/actions/download-persist - with: - name: flake-iter - arch: ARM64 - os: macOS - - # x86_64-linux - - uses: ./.github/actions/download-persist - with: - name: flake-iter - arch: X64 - os: Linux - - # aarch64-linux - - uses: ./.github/actions/download-persist - with: - name: flake-iter - arch: ARM64 - os: Linux - - - uses: DeterminateSystems/push-artifact-ids@main - with: - s3_upload_role: ${{ secrets.AWS_S3_UPLOAD_ROLE }} - bucket: ${{ secrets.AWS_S3_UPLOAD_BUCKET }} - directory: ./artifacts - ids_project_name: flake-iter - ids_binary_prefix: flake-iter diff --git a/.github/workflows/release-tag.yml b/.github/workflows/release-tag.yml deleted file mode 100644 index 52e17dc..0000000 --- a/.github/workflows/release-tag.yml +++ /dev/null @@ -1,54 +0,0 @@ -name: Release tag - -on: - push: - tags: - - v*.*.* - -jobs: - build: - uses: ./.github/workflows/build-and-upload.yml - - release: - needs: build - environment: release - concurrency: release - runs-on: ubuntu-latest - permissions: - contents: write # In order to upload artifacts to GitHub releases - id-token: write # In order to request a JWT for AWS auth - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Create the artifacts directory - run: rm -rf ./artifacts && mkdir ./artifacts - - # aarch64-darwin - - uses: ./.github/actions/download-persist - with: - name: flake-iter - arch: ARM64 - os: macOS - - # x86_64-linux - - uses: ./.github/actions/download-persist - with: - name: flake-iter - arch: X64 - os: Linux - - # aarch64-linux - - uses: ./.github/actions/download-persist - with: - name: flake-iter - arch: ARM64 - os: Linux - - - uses: DeterminateSystems/push-artifact-ids@main - with: - s3_upload_role: ${{ secrets.AWS_S3_UPLOAD_ROLE }} - bucket: ${{ secrets.AWS_S3_UPLOAD_BUCKET }} - directory: ./artifacts - ids_project_name: flake-iter - ids_binary_prefix: flake-iter diff --git a/flake.nix b/flake.nix index b4f4fd5..683f54f 100644 --- a/flake.nix +++ b/flake.nix @@ -17,16 +17,20 @@ outputs = { self, ... }@inputs: let + inherit (inputs.nixpkgs) lib; + supportedSystems = [ "x86_64-linux" "aarch64-darwin" "aarch64-linux" ]; + forEachSupportedSystem = f: - inputs.nixpkgs.lib.genAttrs supportedSystems ( + lib.genAttrs supportedSystems ( system: f { + inherit system; pkgs = import inputs.nixpkgs { inherit system; overlays = [ self.overlays.default ]; @@ -50,10 +54,10 @@ stable.rustfmt stable.rust-src ] - ++ inputs.nixpkgs.lib.optionals (system == "x86_64-linux") [ + ++ lib.optionals (system == "x86_64-linux") [ targets.x86_64-unknown-linux-musl.stable.rust-std ] - ++ inputs.nixpkgs.lib.optionals (system == "aarch64-linux") [ + ++ lib.optionals (system == "aarch64-linux") [ targets.aarch64-unknown-linux-musl.stable.rust-std ] ); @@ -61,7 +65,7 @@ }; devShells = forEachSupportedSystem ( - { pkgs }: + { pkgs, system }: rec { default = pkgs.mkShell { packages = with pkgs; [ @@ -70,9 +74,9 @@ cargo-watch bacon rust-analyzer - nixpkgs-fmt cargo-machete iconv + self.formatter.${system} ]; env = { @@ -87,9 +91,11 @@ } ); + formatter = forEachSupportedSystem ({ pkgs, ... }: pkgs.nixfmt); + # These outputs are solely for local testing packages = forEachSupportedSystem ( - { pkgs }: + { pkgs, ... }: rec { default = pkgs.craneLib.buildPackage { pname = meta.name; From 37af8acfcda4658558cb1ac5e509f7fbffdc5dfc Mon Sep 17 00:00:00 2001 From: Luc Perkins Date: Tue, 16 Dec 2025 13:38:39 -0300 Subject: [PATCH 5/7] Make workflow more robust --- .github/workflows/build-and-release.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml index 679838e..3172c81 100644 --- a/.github/workflows/build-and-release.yml +++ b/.github/workflows/build-and-release.yml @@ -45,8 +45,10 @@ jobs: - name: Upload build artifact uses: actions/upload-artifact@v4 with: - name: artifacts + name: artifact-${{ matrix.systems.nix-system }} path: artifacts/${{ matrix.systems.artifact }} + if-no-files-found: error + overwrite: true retention-days: 1 upload-artifacts-to-s3: From c5fa829198d4c17ed9607de61cf4b3c0eaee705c Mon Sep 17 00:00:00 2001 From: Luc Perkins Date: Tue, 16 Dec 2025 13:47:18 -0300 Subject: [PATCH 6/7] Use merge-multiple --- .github/workflows/build-and-release.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml index 3172c81..728560d 100644 --- a/.github/workflows/build-and-release.yml +++ b/.github/workflows/build-and-release.yml @@ -45,7 +45,7 @@ jobs: - name: Upload build artifact uses: actions/upload-artifact@v4 with: - name: artifact-${{ matrix.systems.nix-system }} + name: flake-iter-${{ matrix.systems.nix-system }} path: artifacts/${{ matrix.systems.artifact }} if-no-files-found: error overwrite: true @@ -61,8 +61,9 @@ jobs: - name: Download artifacts directory uses: actions/download-artifact@v7 with: - name: artifacts + pattern: flake-iter-* path: ./artifacts + merge-multiple: true - name: Upload to S3 uses: DeterminateSystems/push-artifact-ids@main From 1e12465dddc874c21da4ed9280b7602f6ab79416 Mon Sep 17 00:00:00 2001 From: Luc Perkins Date: Tue, 16 Dec 2025 13:55:39 -0300 Subject: [PATCH 7/7] Upload only on PR merge --- .github/workflows/build-and-release.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml index 728560d..0de0246 100644 --- a/.github/workflows/build-and-release.yml +++ b/.github/workflows/build-and-release.yml @@ -53,6 +53,8 @@ jobs: upload-artifacts-to-s3: needs: build-artifacts + # Upload only on PR merge + if: github.event_name == 'push' && github.ref == 'refs/heads/main' runs-on: ubuntu-24.04 permissions: id-token: write