-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaction.sh
executable file
·66 lines (55 loc) · 1.64 KB
/
action.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
#!/usr/bin/env bash
SYSTEM="x86_64-linux"
[ "$(nix eval --impure --raw --expr builtins.currentSystem)" == "$SYSTEM" ] || exit 1
echo "##[group]Build actions"
ACTIONS=$(nix eval --json "$PROJECT_URL#typhonProject.actions.$SYSTEM" | jq -r)
nix build "$PROJECT_URL#typhonProject.actions.$SYSTEM"
echo "##[endgroup]"
SECRETS=$(echo "$SECRETS" | jq -c)
JOBS=$(nix eval --json "$JOBSET_URL#typhonJobs.$SYSTEM" | \
jq -r 'to_entries | .[] | "[" + (.key | @sh) + "]=" + (.value | @sh)' \
)
declare -A JOBS="($JOBS)"
mk_input() {
INPUT=$(jo \
drv=$DRV \
evaluation="00000000-0000-0000-0000-000000000000" \
flake=true \
job=$JOB \
jobset=$JOBSET_NAME \
out=$OUT \
project=$PROJECT_NAME \
status=$STATUS \
system=$SYSTEM \
url=$JOBSET_URL \
)
jo input=$INPUT secrets=$SECRETS
}
sandbox() {
bwrap \
--proc /proc \
--dev /dev \
--ro-bind /nix/store /nix/store \
--ro-bind /nix/var/nix /nix/var/nix \
--ro-bind /etc/resolv.conf /etc/resolv.conf \
--clearenv \
--unshare-pid \
$1
}
for JOB in ${!JOBS[@]}
do
DRV=$(nix derivation show "$JOBSET_URL#typhonJobs.$SYSTEM.$JOB" | jq -r 'to_entries | .[] | .key')
OUT=${JOBS[$JOB]}
STATUS="pending"
echo ""
echo "Job \"$JOB\""
echo "##[group]Action \"begin\""
mk_input | sandbox "$ACTIONS/begin"
echo "##[endgroup]"
echo "##[group]Nix build"
STATUS=$(nix build "$DRV^*" && echo "success" || echo "failure")
echo "##[endgroup]"
echo "##[group]Action \"end\""
mk_input | sandbox "$ACTIONS/end"
echo "##[endgroup]"
done