-
Notifications
You must be signed in to change notification settings - Fork 0
/
gh-actions.nix
100 lines (100 loc) · 3.29 KB
/
gh-actions.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
{ lib, config, ... }:
let
workflows = config.gh-actions;
arrOfIf = predicate: value: if predicate then [ value ] else [];
arrOfIfAttr = value: arrOfIf (builtins.isAttrs value);
arrOfIfStr = value: arrOfIf (builtins.isString value);
yaml-file = name: cfg:
let
sshInfo = if(builtins.isString cfg.ssh-secret-name)
then {
key = ''${"$"}{{ secrets.${cfg.ssh-secret-name} }}'';
known_hosts = "unnecessary";
}
else cfg.ssh;
needs-ssh-key = arrOfIfAttr sshInfo {
name = "Install SSH Key";
uses = "shimataro/ssh-key-action@3c9b0fc6f2d223b8450b02a0445f526350fc73e0";
"with" = sshInfo;
};
cmd = step: "nix develop --command gh-actions-${step}";
env-vars = env-var: lib.mkIf (builtins.length (builtins.attrNames env-var) > 0) env-var;
pre-build = arrOfIfStr cfg.pre-build {
run = cmd "${name}-pre-build";
name = "Pre Build";
env = env-vars cfg.env.pre-build;
};
build = arrOfIfStr cfg.build {
run = cmd "${name}-build";
name = "Build";
env = env-vars cfg.env.build;
};
test = arrOfIfStr cfg.test {
run = cmd "${name}-test";
name = "Test";
env = env-vars cfg.env.test;
};
deploy = arrOfIfStr cfg.deploy {
run = cmd "${name}-deploy";
name = "Deploy";
env = env-vars cfg.env.deploy;
};
post-deploy = arrOfIfStr cfg.post-deploy {
run = cmd "${name}-post-deploy";
name = "Post Deploy";
env = env-vars cfg.env.post-deploy;
};
checkout = [{
uses = "actions/[email protected]";
"with".fetch-depth = 0;
}];
install-cachix = arrOfIf (cfg.cache != null) {
uses = "cachix/cachix-action@v10";
"with".name = cfg.cache.name;
"with".signingKey = lib.mkIf (cfg.cache.key-name != null)
"\${{ secrets.${cfg.cache.key-name} }}";
"with".authToken = lib.mkIf (cfg.cache.key-name == null)
"\${{ secrets.${cfg.cache.token-name} }}";
};
install-nix = [{
uses = "cachix/install-nix-action@v15";
"with".nix_path = "channel:nixos-22.05";
"with".extra_nix_config = "access-tokens = github.com=\${{ secrets.GITHUB_TOKEN }}";
}];
in
{
"/.github/workflows/${name}.yaml" = lib.mkIf cfg.enable {
on = cfg.on;
jobs.${name} = {
runs-on = "ubuntu-latest";
steps = needs-ssh-key
++ checkout
++ install-nix
++ install-cachix
++ pre-build
++ build
++ test
++ deploy
++ post-deploy
;
};
};
};
yamls = lib.mapAttrsToList yaml-file workflows;
alias = name: cfg:
let ifString = predicate: value: lib.mkIf (predicate && builtins.isString value) value;
in
{
"gh-actions-${name}-pre-build" = ifString cfg.enable cfg.pre-build;
"gh-actions-${name}-build" = ifString cfg.enable cfg.build;
"gh-actions-${name}-test" = ifString cfg.enable cfg.test;
"gh-actions-${name}-deploy" = ifString cfg.enable cfg.deploy;
"gh-actions-${name}-post-deploy" = ifString cfg.enable cfg.post-deploy;
};
aliasses = lib.mapAttrsToList alias workflows;
in
{
imports = [ ./gh-actions-options.nix ];
files.alias = lib.foldAttrs lib.mergeAttrs {} aliasses;
files.yaml = lib.foldAttrs lib.mergeAttrs {} yamls;
}