airgapped signing with UR #205
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci/gh-actions/guix | |
on: | |
push: | |
env: | |
APT_SET_CONF: | | |
echo "Acquire::Retries \"3\";" | sudo tee -a /etc/apt/apt.conf.d/80-custom | |
echo "Acquire::http::Timeout \"120\";" | sudo tee -a /etc/apt/apt.conf.d/80-custom | |
echo "Acquire::ftp::Timeout \"120\";" | sudo tee -a /etc/apt/apt.conf.d/80-custom | |
jobs: | |
cache-sources: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: depends sources cache | |
id: cache | |
uses: actions/cache@v3 | |
with: | |
path: contrib/depends/sources | |
key: sources-${{ hashFiles('contrib/depends/packages/*') }} | |
- name: download depends sources | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: make -C contrib/depends download | |
cache-guix: | |
runs-on: ubuntu-latest | |
needs: [cache-sources] | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: guix cache | |
id: cache | |
uses: actions/cache@v3 | |
with: | |
path: | | |
gnu/store | |
guix_db.sqlite | |
key: guix-${{ hashFiles('contrib/guix/manifest.scm') }} | |
- name: move guix store | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: | | |
if [[ -e "guix_db.sqlite" ]]; then | |
sudo mkdir -p /var/guix/db | |
sudo mv gnu /gnu | |
sudo cp guix_db.sqlite /var/guix/db/db.sqlite | |
sudo chmod 1775 /gnu/store | |
sudo chown 0644 /var/guix/db/db.sqlite | |
sudo chown -R root:root /gnu/store /var/guix/db/db.sqlite | |
fi | |
- name: depends sources cache | |
if: steps.cache.outputs.cache-hit != 'true' | |
uses: actions/cache/restore@v3 | |
with: | |
path: contrib/depends/sources | |
key: sources-${{ hashFiles('contrib/depends/packages/*') }} | |
- name: set apt conf | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: ${{env.APT_SET_CONF}} | |
- name: install dependencies | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: sudo apt update; sudo apt -y install guix git ca-certificates | |
- name: dry run | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: DRY_RUN=1 SUBSTITUTE_URLS='http://ci.guix.gnu.org' JOBS=2 ./contrib/guix/guix-build | |
- name: prepare guix store for caching | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: | | |
sudo systemctl stop guix-daemon | |
sudo mv /gnu gnu | |
sudo mv /var/guix/db/db.sqlite guix_db.sqlite | |
build-guix: | |
runs-on: ubuntu-latest | |
needs: [cache-guix] | |
strategy: | |
fail-fast: false | |
matrix: | |
toolchain: | |
- name: "x86_64-linux-gnu" | |
host: "x86_64-linux-gnu" | |
- name: "x86_64-linux-gnu.no-tor-bundle" | |
host: "x86_64-linux-gnu.no-tor-bundle" | |
- name: "x86_64-linux-gnu.pack" | |
host: "x86_64-linux-gnu.pack" | |
- name: "aarch64-linux-gnu" | |
host: "aarch64-linux-gnu" | |
- name: "arm-linux-gnueabihf" | |
host: "arm-linux-gnueabihf" | |
- name: "riscv64-linux-gnu" | |
host: "riscv64-linux-gnu" | |
- name: "x86_64-w64-mingw32" | |
host: "x86_64-w64-mingw32" | |
- name: "x86_64-w64-mingw32.installer" | |
host: "x86_64-w64-mingw32.installer" | |
- name: "x86_64-apple-darwin" | |
host: "x86_64-apple-darwin" | |
- name: "arm64-apple-darwin" | |
host: "arm64-apple-darwin" | |
name: ${{ matrix.toolchain.name }} | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
submodules: recursive | |
- name: guix cache | |
uses: actions/cache/restore@v3 | |
with: | |
path: | | |
gnu/store | |
guix_db.sqlite | |
key: guix-${{ hashFiles('contrib/guix/manifest.scm') }} | |
- name: move guix store | |
run: | | |
if [[ -e "guix_db.sqlite" ]]; then | |
sudo mkdir -p /var/guix/db | |
sudo mv gnu /gnu | |
sudo cp guix_db.sqlite /var/guix/db/db.sqlite | |
sudo chmod 1775 /gnu/store | |
sudo chown 0644 /var/guix/db/db.sqlite | |
sudo chown -R root:root /gnu/store /var/guix/db/db.sqlite | |
fi | |
- name: depends cache | |
uses: actions/cache@v3 | |
with: | |
path: contrib/depends/built | |
key: depends-${{ matrix.toolchain.host }}-${{ hashFiles('contrib/depends/packages/*') }} | |
- name: depends sources cache | |
uses: actions/cache/restore@v3 | |
with: | |
path: contrib/depends/sources | |
key: sources-${{ hashFiles('contrib/depends/packages/*') }} | |
- name: set apt conf | |
run: ${{env.APT_SET_CONF}} | |
- name: install dependencies | |
run: sudo apt update; sudo apt -y install guix git ca-certificates | |
- name: build | |
run: SUBSTITUTE_URLS='http://ci.guix.gnu.org' HOSTS="${{ matrix.toolchain.host }}" JOBS=2 ./contrib/guix/guix-build | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: ${{ matrix.toolchain.name }} | |
path: | | |
guix/guix-build-*/output/${{ matrix.toolchain.host }}/* |