make CI more efficient (github and gitlab)

squashed from https://gitlab.com/famedly/conduit/-/merge_requests/596 ported the relevant parts to GitHub Actions Co-authored-by: strawberry <strawberry@puppygock.gay> Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-03-05 21:42:17 -05:00 · 2024-03-05 21:42:17 -05:00 · a4ec0daafa
commit a4ec0daafa
parent 4ec2d3ecb5
5 changed files with 134 additions and 150 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -6,22 +6,36 @@ stages:
 variables:
  # Makes some things print in color
  TERM: ansi
-  NIX_CONFIG: |
-    experimental-features = nix-command flake
-    extra-substituters = https://nix.computer.surgery/conduit
-    extra-trusted-public-keys = conduit:ZGAf6P6LhNvnoJJ3Me3PRg7tlLSrPxcQ2RiE5LIppjo=
-    extra-substituters = https://crane.cachix.org
-    extra-trusted-public-keys = crane.cachix.org-1:8Scfpmn9w+hGdXH/Q9tTLiYAE/2dnJYRJP7kl80GuRk=
-    extra-substituters = https://nix-community.cachix.org
-    extra-trusted-public-keys = nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=
-    extra-substituters = https://attic.kennel.juneis.dog/conduit
-    extra-trusted-public-keys = conduit:Isq8FGyEC6FOXH6nD+BOeAA+bKp6X6UIbupSlGEPuOg=
-    extra-substituters = https://attic.kennel.juneis.dog/conduwuit
-    extra-trusted-public-keys = conduwuit:lYPVh7o1hLu1idH4Xt2QHaRa49WRGSAqzcfFd94aOTw=

 before_script:
+  # Enable nix-command and flakes
+  - if command -v nix > /dev/null; then echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf; fi
+
+  # Add conduwuit binary cache
+  - if command -v nix > /dev/null; then echo "extra-substituters = https://attic.kennel.juneis.dog/conduwuit" >> /etc/nix/nix.conf; fi
+  - if command -v nix > /dev/null; then echo "extra-trusted-public-keys = conduwuit:lYPVh7o1hLu1idH4Xt2QHaRa49WRGSAqzcfFd94aOTw=" >> /etc/nix/nix.conf; fi
+
+  - if command -v nix > /dev/null; then echo "extra-substituters = https://attic.kennel.juneis.dog/conduit" >> /etc/nix/nix.conf; fi
+  - if command -v nix > /dev/null; then echo "extra-trusted-public-keys = conduit:Isq8FGyEC6FOXH6nD+BOeAA+bKp6X6UIbupSlGEPuOg=" >> /etc/nix/nix.conf; fi
+
+  # Add upstream Conduit binary cache
+  - if command -v nix > /dev/null; then echo "extra-substituters = https://nix.computer.surgery/conduit" >> /etc/nix/nix.conf; fi
+  - if command -v nix > /dev/null; then echo "extra-trusted-public-keys = conduit:ZGAf6P6LhNvnoJJ3Me3PRg7tlLSrPxcQ2RiE5LIppjo=" >> /etc/nix/nix.conf; fi
+  
+  # Add alternate binary cache
+  - if command -v nix > /dev/null && [ -n "$ATTIC_ENDPOINT" ]; then echo "extra-substituters = $ATTIC_ENDPOINT" >> /etc/nix/nix.conf; fi
+  - if command -v nix > /dev/null && [ -n "$ATTIC_PUBLIC_KEY" ]; then echo "extra-trusted-public-keys = $ATTIC_PUBLIC_KEY" >> /etc/nix/nix.conf; fi
+
+  # Add crane binary cache
+  - if command -v nix > /dev/null; then echo "extra-substituters = https://crane.cachix.org" >> /etc/nix/nix.conf; fi
+  - if command -v nix > /dev/null; then echo "extra-trusted-public-keys = crane.cachix.org-1:8Scfpmn9w+hGdXH/Q9tTLiYAE/2dnJYRJP7kl80GuRk=" >> /etc/nix/nix.conf; fi
+
+  # Add nix-community binary cache
+  - if command -v nix > /dev/null; then echo "extra-substituters = https://nix-community.cachix.org" >> /etc/nix/nix.conf; fi
+  - if command -v nix > /dev/null; then echo "extra-trusted-public-keys = nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" >> /etc/nix/nix.conf; fi
+
  # Install direnv and nix-direnv
-  - if command -v nix > /dev/null; then nix-env -iA nixpkgs.direnv nixpkgs.nix-direnv nixpkgs.engage; fi
+  - if command -v nix > /dev/null; then nix-env -iA nixpkgs.direnv nixpkgs.nix-direnv; fi

  # Allow .envrc
  - if command -v nix > /dev/null; then direnv allow; fi
@ -33,6 +47,9 @@ ci:
  stage: ci
  image: nixos/nix:2.20.4
  script:
+    # Cache the inputs required for the devShell
+    - ./bin/nix-build-and-cache .#devShells.x86_64-linux.default.inputDerivation
+
    - direnv exec . engage
  cache:
    key: nix
@ -40,100 +57,50 @@ ci:
      - target
      - .gitlab-ci.d

-static:x86_64-unknown-linux-musl:
+artifacts:
  stage: artifacts
  image: nixos/nix:2.20.4
  script:
-    # Push artifacts and build requirements to binary cache
    - ./bin/nix-build-and-cache .#static-x86_64-unknown-linux-musl
+    - cp result/bin/conduit x86_64-unknown-linux-musl

-    # Make the output less difficult to find
-    - cp result/bin/conduit conduit
-  artifacts:
-    paths:
-      - conduit
+    - mkdir -p target/release
+    - cp result/bin/conduit target/release
+    - direnv exec . cargo deb --no-build
+    - mv target/debian/*.deb x86_64-unknown-linux-musl.deb

-static:aarch64-unknown-linux-musl:
-  stage: artifacts
-  image: nixos/nix:2.20.4
-  script:
-    # Push artifacts and build requirements to binary cache
-    - ./bin/nix-build-and-cache .#static-aarch64-unknown-linux-musl
-
-    # Make the output less difficult to find
-    - cp result/bin/conduit conduit
-  artifacts:
-    paths:
-      - conduit
-
-# Note that although we have an `oci-image-x86_64-unknown-linux-musl` output,
-# we don't build it because it would be largely redundant to this one since it's
-# all containerized anyway.
-oci-image:x86_64-unknown-linux-gnu:
-  stage: artifacts
-  image: nixos/nix:2.20.4
-  script:
-    # Push artifacts and build requirements to binary cache
-    #
    # Since the OCI image package is based on the binary package, this has the
    # fun side effect of uploading the normal binary too. Conduit users who are
    # deploying with Nix can leverage this fact by adding our binary cache to
    # their systems.
+    #
+    # Note that although we have an `oci-image-x86_64-unknown-linux-musl`
+    # output, we don't build it because it would be largely redundant to this
+    # one since it's all containerized anyway.
    - ./bin/nix-build-and-cache .#oci-image
-
-    # Make the output less difficult to find
    - cp result oci-image-amd64.tar.gz
-  artifacts:
-    paths:
-      - oci-image-amd64.tar.gz

-oci-image:aarch64-unknown-linux-musl:
-  stage: artifacts
-  needs:
-    # Wait for the static binary job to finish before starting so we don't have
-    # to build that twice for no reason
-    - static:aarch64-unknown-linux-musl
-  image: nixos/nix:2.20.4
-  script:
-    # Push artifacts and build requirements to binary cache
+    - ./bin/nix-build-and-cache .#static-aarch64-unknown-linux-musl
+    - cp result/bin/conduit aarch64-unknown-linux-musl
+
    - ./bin/nix-build-and-cache .#oci-image-aarch64-unknown-linux-musl
-
-    # Make the output less difficult to find
    - cp result oci-image-arm64v8.tar.gz
  artifacts:
    paths:
+      - x86_64-unknown-linux-musl
+      - aarch64-unknown-linux-musl
+      - x86_64-unknown-linux-musl.deb
+      - oci-image-amd64.tar.gz
      - oci-image-arm64v8.tar.gz

-debian:x86_64-unknown-linux-gnu:
-  stage: artifacts
-  # See also `rust-toolchain.toml`
-  image: rust:1.75.0
-  script:
-    - cargo install cargo-deb
-    - cargo deb
-
-    # Make the output less difficult to find
-    - mv target/debian/*.deb conduit.deb
-  artifacts:
-    paths:
-      - conduit.deb
-  cache:
-    key: debian
-    paths:
-      - target
-      - .gitlab-ci.d
-
-docker-publish:
+.push-oci-image:
  stage: publish
  image: docker:25.0.3
  services:
    - docker:25.0.3-dind
  variables:
-    IMAGE_NAME: $CI_REGISTRY_IMAGE/conduwuit
    IMAGE_SUFFIX_AMD64: amd64
    IMAGE_SUFFIX_ARM64V8: arm64v8
-  before_script:
-    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
  script:
    - docker load -i oci-image-amd64.tar.gz
    - IMAGE_ID_AMD64=$(docker images -q conduit:main)
@ -157,8 +124,14 @@ docker-publish:
        docker manifest push $IMAGE_NAME:latest
      fi
  dependencies:
-    - oci-image:x86_64-unknown-linux-gnu
-    - oci-image:aarch64-unknown-linux-musl
+    - artifacts
  only:
    - main
    - tags
+
+oci-image:push-gitlab:
+  extends: .push-oci-image
+  variables:
+    IMAGE_NAME: $CI_REGISTRY_IMAGE/conduwuit
+  before_script:
+    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY