From 460c8f13b6fcd82ba65d9548eb0c645969c3b8c2 Mon Sep 17 00:00:00 2001
From: Moritz 'e1mo' Fromm <git@e1mo.de>
Date: Wed, 15 Feb 2023 13:46:36 +0100
Subject: [PATCH] Add initial nix building github actions

To reduce the amount of redudand rebuilds cachix is used to store
outputs. The cachix cache should be accessible in the cachix UI to
everyone in the @chaos-jetzt/infra team
---
 .github/workflows/build-systems.yaml | 55 ++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)
 create mode 100644 .github/workflows/build-systems.yaml

diff --git a/.github/workflows/build-systems.yaml b/.github/workflows/build-systems.yaml
new file mode 100644
index 0000000..3b26a1c
--- /dev/null
+++ b/.github/workflows/build-systems.yaml
@@ -0,0 +1,55 @@
+name: "Build system config"
+on:
+  pull_request:
+  push:
+jobs:
+  avoid_duplicates:
+    runs-on: ubuntu-latest
+    outputs:
+      should_skip: ${{ steps.skip_check.outputs.should_skip }}
+    steps:
+      - id: skip_check
+        uses: fkirc/skip-duplicate-actions@v5
+        with:
+          # All of these options are optional, so you can remove them if you are happy with the defaults
+          concurrent_skipping: 'same_content_newer'
+          skip_after_successful_duplicate: 'true'
+          do_not_skip: '["workflow_dispatch", "schedule"]'
+  build:
+    runs-on: ubuntu-latest
+    needs: avoid_duplicates
+    if: needs.avoid_duplicates.outputs.should_skip != 'true'
+    steps:
+    - uses: actions/checkout@v3
+    - uses: cachix/install-nix-action@v19
+      with:
+        github_access_token: ${{ secrets.GITHUB_TOKEN }}
+    - uses: cachix/cachix-action@v12
+      with:
+        name: chaos-jetzt-nixfiles
+        authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+    - name: nix flake check
+      run: |
+        nix flake check --no-build
+        echo "## \`nix flake check\` succeeded" >> $GITHUB_STEP_SUMMARY
+        echo "" >> $GITHUB_STEP_SUMMARY
+    - name: Discover nixosConfigurations
+      run: |
+        echo Discovered the following system configs
+        nix flake show . --json | jq ".nixosConfigurations|keys[]" -r
+    - name: Build systems
+      run: |
+        echo "## Builds succeeded" >> $GITHUB_STEP_SUMMARY
+        echo "" >> $GITHUB_STEP_SUMMARY
+        echo "| Host | Out path |" >> $GITHUB_STEP_SUMMARY
+        echo "| ---- | -------- |" >> $GITHUB_STEP_SUMMARY
+        for host in $(nix flake show . --json | jq ".nixosConfigurations|keys[]" -r); do
+          echo "::group::Building ${host}"
+          drv=".#nixosConfigurations.$host.config.system.build.toplevel"
+          build_cmd="nix build ${drv}"
+          cachix watch-exec chaos-jetzt-nixfiles -- $build_cmd
+          echo "::endgroup::"
+          out_path=$($build_cmd --print-out-paths)
+          echo -e "\x1b[32;1mSuccessfully built .#nixosConfigurations.${host}\x1b[0m"
+          echo "| ${host} | \`${out_path}\` |" >> $GITHUB_STEP_SUMMARY
+        done