name: Nix CI
on: ['pull_request']
concurrency:
group: nix-ci-${{ github.ref }}
cancel-in-progress: true
jobs:
flake_check:
name: Run flake checks
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- uses: cachix/install-nix-action@v27
- uses: cachix/cachix-action@v14
with:
name: naxdy-foss
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- name: Run `nix flake check`
run: |
nix flake check . --print-build-logs --max-jobs auto
nix_reproducible_check:
name: Ensure reproducibility (Nix)
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- uses: cachix/install-nix-action@v27
- uses: cachix/cachix-action@v14
with:
name: naxdy-foss
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- name: Build testbin twice
run: |
nix build .#staticrypt-testbin --print-build-logs -j auto
nix build .#staticrypt-testbin --print-build-logs -j auto --rebuild
reproducible_check:
name: Ensure reproducibility
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- uses: cachix/install-nix-action@v27
- uses: cachix/cachix-action@v14
with:
name: naxdy-foss
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- name: Enter devshell
uses: nicknovitski/nix-develop@v1
- name: Ensure reproducibility
run: |
cargo build --package staticrypt-testbin
sum1=$(sha256sum target/debug/staticrypt-testbin)
echo "Initial hash is $sum1"
rm -rf target
cargo build --package staticrypt-testbin
sum2=$(sha256sum target/debug/staticrypt-testbin)
echo "Second hash is $sum2"
[[ "$sum1" = "$sum2" ]] || exit 1