From 4f2b40afcf07a8033fa0002aa63e93318d54145a Mon Sep 17 00:00:00 2001 From: Michal Rus Date: Thu, 10 Apr 2025 16:23:17 +0200 Subject: [PATCH 1/6] fix: reject PRs without `@esbuild/linux-x64@npm` in `yarn-project.nix` --- .github/workflows/std.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/.github/workflows/std.yml b/.github/workflows/std.yml index b7560c5e995..258bd888ad2 100644 --- a/.github/workflows/std.yml +++ b/.github/workflows/std.yml @@ -69,7 +69,24 @@ concurrency: group: std-${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: + check-yarn-project-nix: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }} + - run: | + if ! grep -qF '"@esbuild/linux-x64@npm:' yarn-project.nix ; then + echo ' ' + echo "Please, make sure that the 'yarn-project.nix' on $(git rev-parse HEAD) still contains '@esbuild/linux-x64@npm' (see your diff)." + echo ' ' + echo "Its accidental removal can be caused by running 'yarn install' on macOS." + echo ' ' + exit 1 + fi + discover: + needs: check-yarn-project-nix # Don’t run on PRs from forks (no access to secrets): if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository outputs: From e08a88c8035d73c0c4411308b5757c9f4b3e8cab Mon Sep 17 00:00:00 2001 From: Michal Rus Date: Fri, 11 Apr 2025 12:34:55 +0200 Subject: [PATCH 2/6] ci: update `nixbuild` actions --- .github/workflows/std.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/std.yml b/.github/workflows/std.yml index 258bd888ad2..29c0afca83b 100644 --- a/.github/workflows/std.yml +++ b/.github/workflows/std.yml @@ -178,9 +178,9 @@ jobs: if: matrix.target != 'dummy-target' id: login-ecr uses: aws-actions/amazon-ecr-login@v1 - - uses: nixbuild/nix-quick-install-action@v25 + - uses: nixbuild/nix-quick-install-action@v30 if: matrix.target != 'dummy-target' - - uses: nixbuild/nixbuild-action@v17 + - uses: nixbuild/nixbuild-action@v20 if: matrix.target != 'dummy-target' with: nixbuild_ssh_key: ${{ secrets.SSH_PRIVATE_KEY }} @@ -209,8 +209,8 @@ jobs: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 - - uses: nixbuild/nix-quick-install-action@v25 - - uses: nixbuild/nixbuild-action@v17 + - uses: nixbuild/nix-quick-install-action@v30 + - uses: nixbuild/nixbuild-action@20 with: nixbuild_ssh_key: ${{ secrets.SSH_PRIVATE_KEY }} generate_summary_for: job @@ -314,8 +314,8 @@ jobs: url: ${{ matrix.url }} steps: - uses: actions/checkout@v4 - - uses: nixbuild/nix-quick-install-action@v25 - - uses: nixbuild/nixbuild-action@v17 + - uses: nixbuild/nix-quick-install-action@v30 + - uses: nixbuild/nixbuild-action@20 with: nixbuild_ssh_key: ${{ secrets.SSH_PRIVATE_KEY }} generate_summary_for: job From 399d872e26274e54c8542935d7a505b5620952bd Mon Sep 17 00:00:00 2001 From: bernokl Date: Wed, 16 Apr 2025 20:42:43 +0000 Subject: [PATCH 3/6] add nixbuild token --- .github/workflows/std.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/std.yml b/.github/workflows/std.yml index 29c0afca83b..17b41bdd7de 100644 --- a/.github/workflows/std.yml +++ b/.github/workflows/std.yml @@ -183,7 +183,7 @@ jobs: - uses: nixbuild/nixbuild-action@v20 if: matrix.target != 'dummy-target' with: - nixbuild_ssh_key: ${{ secrets.SSH_PRIVATE_KEY }} + nixbuild_token: ${{ secrets.NIXBUILD_TOKEN }} generate_summary_for: job - uses: divnix/std-action/setup-discovery-ssh@main if: matrix.target != 'dummy-target' @@ -212,7 +212,7 @@ jobs: - uses: nixbuild/nix-quick-install-action@v30 - uses: nixbuild/nixbuild-action@20 with: - nixbuild_ssh_key: ${{ secrets.SSH_PRIVATE_KEY }} + nixbuild_token: ${{ secrets.NIXBUILD_TOKEN }} generate_summary_for: job # Further steps assume AWS_PROFILE=lw, while the official action has no way to specify that profile: - name: Set up AWS credentials @@ -317,7 +317,7 @@ jobs: - uses: nixbuild/nix-quick-install-action@v30 - uses: nixbuild/nixbuild-action@20 with: - nixbuild_ssh_key: ${{ secrets.SSH_PRIVATE_KEY }} + nixbuild_token: ${{ secrets.NIXBUILD_TOKEN }} generate_summary_for: job # Further steps assume AWS_PROFILE=lw, while the official action has no way to specify that profile: - name: Set up AWS credentials From f4feb61659fe287bcc3c5e8df567a0bf284a2fff Mon Sep 17 00:00:00 2001 From: Michal Rus Date: Thu, 17 Apr 2025 12:36:57 +0200 Subject: [PATCH 4/6] chore: add `set -x` to `std-action` --- .github/workflows/std.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/std.yml b/.github/workflows/std.yml index 17b41bdd7de..d90bd029fd6 100644 --- a/.github/workflows/std.yml +++ b/.github/workflows/std.yml @@ -195,7 +195,7 @@ jobs: shell: bash run: | echo commit: ${{ github.sha }} - - uses: divnix/std-action/run@main + - uses: michalrus/std-action/run@debug2 if: matrix.target != 'dummy-target' with: { ffBuildInstructions: true, remoteStore: 'ssh-ng://eu.nixbuild.net' } From ef8f43b245635f83cda5d79c3ba9661a71fb46c6 Mon Sep 17 00:00:00 2001 From: Michal Rus Date: Thu, 17 Apr 2025 12:48:09 +0200 Subject: [PATCH 5/6] ci: try triggering a manual NixBuild.net build --- .github/workflows/std.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/std.yml b/.github/workflows/std.yml index d90bd029fd6..0496b7d6921 100644 --- a/.github/workflows/std.yml +++ b/.github/workflows/std.yml @@ -195,6 +195,12 @@ jobs: shell: bash run: | echo commit: ${{ github.sha }} + - name: Manual NixBuild.net + shell: bash + run: | + nix build --no-link --print-build-logs --log-format raw-with-logs \ + --eval-store auto --builders "''" --store ssh-ng://eu.nixbuild.net \ + github:input-output-hk/cardano-js-sdk/${{ github.sha }}#__std.actions.x86_64-linux.cardano-services.oci-images.cardano-services.publish - uses: michalrus/std-action/run@debug2 if: matrix.target != 'dummy-target' with: { ffBuildInstructions: true, remoteStore: 'ssh-ng://eu.nixbuild.net' } From f71a350d03abeb2efe2e93d8231b34e84a931763 Mon Sep 17 00:00:00 2001 From: Michal Rus Date: Thu, 17 Apr 2025 13:19:01 +0200 Subject: [PATCH 6/6] ci: switch back to the original `std-action`, and correct `nixbuild-action` ref. in `diff` --- .github/workflows/std.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/std.yml b/.github/workflows/std.yml index 0496b7d6921..8cee1d1db13 100644 --- a/.github/workflows/std.yml +++ b/.github/workflows/std.yml @@ -196,12 +196,14 @@ jobs: run: | echo commit: ${{ github.sha }} - name: Manual NixBuild.net + if: matrix.target != 'dummy-target' shell: bash run: | + # We trigger this manually, because some integration has broken between std-action and nixbuild.net: nix build --no-link --print-build-logs --log-format raw-with-logs \ --eval-store auto --builders "''" --store ssh-ng://eu.nixbuild.net \ github:input-output-hk/cardano-js-sdk/${{ github.sha }}#__std.actions.x86_64-linux.cardano-services.oci-images.cardano-services.publish - - uses: michalrus/std-action/run@debug2 + - uses: divnix/std-action/run@main if: matrix.target != 'dummy-target' with: { ffBuildInstructions: true, remoteStore: 'ssh-ng://eu.nixbuild.net' } @@ -216,7 +218,7 @@ jobs: steps: - uses: actions/checkout@v4 - uses: nixbuild/nix-quick-install-action@v30 - - uses: nixbuild/nixbuild-action@20 + - uses: nixbuild/nixbuild-action@v20 with: nixbuild_token: ${{ secrets.NIXBUILD_TOKEN }} generate_summary_for: job @@ -321,7 +323,7 @@ jobs: steps: - uses: actions/checkout@v4 - uses: nixbuild/nix-quick-install-action@v30 - - uses: nixbuild/nixbuild-action@20 + - uses: nixbuild/nixbuild-action@v20 with: nixbuild_token: ${{ secrets.NIXBUILD_TOKEN }} generate_summary_for: job