diff --git a/.github/actions/download-persist.yaml b/.github/actions/download-persist.yaml new file mode 100644 index 0000000..4a924c7 --- /dev/null +++ b/.github/actions/download-persist.yaml @@ -0,0 +1,25 @@ +name: Download and persist artifact + +inputs: + arch: + type: choice + options: + - X64 + - ARM64 + required: true + os: + type: choice + options: + - Linux + - macOS + required: true + +runs: + using: composite + steps: + - uses: actions/download-artifact@v6 + with: + name: magic-nix-cache-${{ inputs.arch }}-${{ inputs.os }} + path: cache-binary-${{ inputs.arch }}-${{ inputs.os }} + - shell: bash + run: cp ./cache-binary-${{ inputs.arch }}-${{ inputs.os }}/magic-nix-cache.closure.xz ./artifacts/${{ inputs.arch }}-${{ inputs.os }} diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 0f40db0..32eea9e 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -18,18 +18,15 @@ jobs: systems: - nix-system: x86_64-linux system: X64-Linux - runner: ubuntu-22.04 + runner: ubuntu-24.04 - nix-system: aarch64-linux system: ARM64-Linux runner: namespace-profile-default-arm64 - - nix-system: x86_64-darwin - system: X64-macOS - runner: macos-14-large - nix-system: aarch64-darwin system: ARM64-macOS runner: macos-latest-xlarge steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Install Nix on ${{ matrix.systems.system }} uses: DeterminateSystems/determinate-nix-action@v3 - name: Set up FlakeHub Cache diff --git a/.github/workflows/check-and-test.yaml b/.github/workflows/check-and-test.yaml index 6488751..6cd11bb 100644 --- a/.github/workflows/check-and-test.yaml +++ b/.github/workflows/check-and-test.yaml @@ -13,7 +13,7 @@ jobs: contents: read id-token: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Check health of flake.lock uses: DeterminateSystems/flake-checker-action@main @@ -51,18 +51,16 @@ jobs: runner: ubuntu-22.04 - system: ARM64-Linux runner: namespace-profile-default-arm64 - - system: X64-macOS - runner: macos-14-large - system: ARM64-macOS runner: macos-latest-xlarge permissions: contents: read id-token: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Download closure for ${{ matrix.systems.system }} - uses: actions/download-artifact@v4.1.8 + uses: actions/download-artifact@v6 with: name: ${{ env.ARTIFACT_KEY }} path: ${{ env.ARTIFACT_KEY }} diff --git a/.github/workflows/flakehub.yaml b/.github/workflows/flakehub.yaml index 94f7808..ebda78a 100644 --- a/.github/workflows/flakehub.yaml +++ b/.github/workflows/flakehub.yaml @@ -1,21 +1,21 @@ -name: "Publish every Git push to main to FlakeHub" +name: Publish every Git push to main to FlakeHub on: push: branches: - - "main" + - main jobs: flakehub-publish: - runs-on: "ubuntu-latest" + runs-on: ubuntu-latest permissions: - id-token: "write" - contents: "read" + id-token: write + contents: read steps: - - uses: "actions/checkout@v4" - - uses: "DeterminateSystems/determinate-nix-action@v3" - - uses: "DeterminateSystems/flakehub-push@main" + - uses: actions/checkout@v5 + - uses: DeterminateSystems/determinate-nix-action@v3 + - uses: DeterminateSystems/flakehub-push@main with: - name: "DeterminateSystems/magic-nix-cache" + name: DeterminateSystems/magic-nix-cache rolling: true - visibility: "public" + visibility: public diff --git a/.github/workflows/release-branches.yml b/.github/workflows/release-branches.yml index 66018a9..5bfa023 100644 --- a/.github/workflows/release-branches.yml +++ b/.github/workflows/release-branches.yml @@ -14,7 +14,6 @@ jobs: release: needs: build - concurrency: release runs-on: ubuntu-latest permissions: @@ -22,7 +21,7 @@ jobs: id-token: write # In order to request a JWT for AWS auth steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v2 with: @@ -32,33 +31,23 @@ jobs: - name: Create the artifacts directory run: rm -rf ./artifacts && mkdir ./artifacts - - uses: actions/download-artifact@v4.1.8 - with: - name: magic-nix-cache-ARM64-macOS - path: cache-binary-ARM64-macOS - - name: Persist the cache binary - run: cp ./cache-binary-ARM64-macOS/magic-nix-cache.closure.xz ./artifacts/ARM64-macOS - - - uses: actions/download-artifact@v4.1.8 + # aarch64-darwin + - uses: ./.github/actions/download-persist with: - name: magic-nix-cache-X64-macOS - path: cache-binary-X64-macOS - - name: Persist the cache binary - run: cp ./cache-binary-X64-macOS/magic-nix-cache.closure.xz ./artifacts/X64-macOS + arch: ARM64 + os: macOS - - uses: actions/download-artifact@v4.1.8 + # x86_64-linux + - uses: ./.github/actions/download-persist with: - name: magic-nix-cache-X64-Linux - path: cache-binary-X64-Linux - - name: Persist the cache binary - run: cp ./cache-binary-X64-Linux/magic-nix-cache.closure.xz ./artifacts/X64-Linux + arch: X64 + os: Linux - - uses: actions/download-artifact@v4.1.8 + # aarch64-linux + - uses: ./.github/actions/download-persist with: - name: magic-nix-cache-ARM64-Linux - path: cache-binary-ARM64-Linux - - name: Persist the cache binary - run: cp ./cache-binary-ARM64-Linux/magic-nix-cache.closure.xz ./artifacts/ARM64-Linux + arch: ARM64 + os: Linux - uses: DeterminateSystems/push-artifact-ids@main with: diff --git a/.github/workflows/release-prs.yml b/.github/workflows/release-prs.yml index 71b6cd9..272bc2d 100644 --- a/.github/workflows/release-prs.yml +++ b/.github/workflows/release-prs.yml @@ -31,38 +31,28 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Create the artifacts directory run: rm -rf ./artifacts && mkdir ./artifacts - - uses: actions/download-artifact@v4.1.8 + # aarch64-darwin + - uses: ./.github/actions/download-persist with: - name: magic-nix-cache-ARM64-macOS - path: cache-binary-ARM64-macOS - - name: Persist the cache binary - run: cp ./cache-binary-ARM64-macOS/magic-nix-cache.closure.xz ./artifacts/ARM64-macOS + arch: ARM64 + os: macOS - - uses: actions/download-artifact@v4.1.8 + # x86_64-linux + - uses: ./.github/actions/download-persist with: - name: magic-nix-cache-X64-macOS - path: cache-binary-X64-macOS - - name: Persist the cache binary - run: cp ./cache-binary-X64-macOS/magic-nix-cache.closure.xz ./artifacts/X64-macOS + arch: X64 + os: Linux - - uses: actions/download-artifact@v4.1.8 + # aarch64-linux + - uses: ./.github/actions/download-persist with: - name: magic-nix-cache-X64-Linux - path: cache-binary-X64-Linux - - name: Persist the cache binary - run: cp ./cache-binary-X64-Linux/magic-nix-cache.closure.xz ./artifacts/X64-Linux - - - uses: actions/download-artifact@v4.1.8 - with: - name: magic-nix-cache-ARM64-Linux - path: cache-binary-ARM64-Linux - - name: Persist the cache binary - run: cp ./cache-binary-ARM64-Linux/magic-nix-cache.closure.xz ./artifacts/ARM64-Linux + arch: ARM64 + os: Linux - uses: DeterminateSystems/push-artifact-ids@main with: diff --git a/.github/workflows/release-tags.yml b/.github/workflows/release-tags.yml index 4c5d280..7222ebf 100644 --- a/.github/workflows/release-tags.yml +++ b/.github/workflows/release-tags.yml @@ -19,38 +19,28 @@ jobs: id-token: write # In order to request a JWT for AWS auth steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Create the artifacts directory run: rm -rf ./artifacts && mkdir ./artifacts - - uses: actions/download-artifact@v4.1.8 + # aarch64-darwin + - uses: ./.github/actions/download-persist with: - name: magic-nix-cache-ARM64-macOS - path: cache-binary-ARM64-macOS - - name: Persist the cache binary - run: cp ./cache-binary-ARM64-macOS/magic-nix-cache.closure.xz ./artifacts/ARM64-macOS + arch: ARM64 + os: macOS - - uses: actions/download-artifact@v4.1.8 + # x86_64-linux + - uses: ./.github/actions/download-persist with: - name: magic-nix-cache-X64-macOS - path: cache-binary-X64-macOS - - name: Persist the cache binary - run: cp ./cache-binary-X64-macOS/magic-nix-cache.closure.xz ./artifacts/X64-macOS + arch: X64 + os: Linux - - uses: actions/download-artifact@v4.1.8 + # aarch64-linux + - uses: ./.github/actions/download-persist with: - name: magic-nix-cache-X64-Linux - path: cache-binary-X64-Linux - - name: Persist the cache binary - run: cp ./cache-binary-X64-Linux/magic-nix-cache.closure.xz ./artifacts/X64-Linux - - - uses: actions/download-artifact@v4.1.8 - with: - name: magic-nix-cache-ARM64-Linux - path: cache-binary-ARM64-Linux - - name: Persist the cache binary - run: cp ./cache-binary-ARM64-Linux/magic-nix-cache.closure.xz ./artifacts/ARM64-Linux + arch: ARM64 + os: Linux - uses: DeterminateSystems/push-artifact-ids@main with: @@ -63,7 +53,6 @@ jobs: - name: Rename binaries for GH release run: | mv ./artifacts/{,magic-nix-cache-closure-}ARM64-macOS - mv ./artifacts/{,magic-nix-cache-closure-}X64-macOS mv ./artifacts/{,magic-nix-cache-closure-}X64-Linux mv ./artifacts/{,magic-nix-cache-closure-}ARM64-Linux diff --git a/.github/workflows/update-flake-lock.yaml b/.github/workflows/update-flake-lock.yaml index c1cbecd..b1cab7c 100644 --- a/.github/workflows/update-flake-lock.yaml +++ b/.github/workflows/update-flake-lock.yaml @@ -8,8 +8,11 @@ on: jobs: lockfile: runs-on: ubuntu-latest + permissions: + contents: write + id-token: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: DeterminateSystems/determinate-nix-action@v3 - uses: DeterminateSystems/flakehub-cache-action@main - uses: DeterminateSystems/update-flake-lock@main diff --git a/README.md b/README.md index 810e3f7..f0a231e 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ permissions: contents: read id-token: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: DeterminateSystems/nix-installer-action@main - uses: DeterminateSystems/magic-nix-cache-action@main - run: nix flake check @@ -52,7 +52,7 @@ jobs: contents: read id-token: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: DeterminateSystems/nix-installer-action@main - uses: DeterminateSystems/magic-nix-cache-action@main - run: nix flake check diff --git a/flake.lock b/flake.lock index 35ade44..fcf6dfd 100644 --- a/flake.lock +++ b/flake.lock @@ -154,16 +154,16 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1761114652, - "narHash": "sha256-f/QCJM/YhrV/lavyCVz8iU3rlZun6d+dAiC3H+CDle4=", - "rev": "01f116e4df6a15f4ccdffb1bcd41096869fb385c", - "revCount": 882227, + "lastModified": 1762978202, + "narHash": "sha256-JR3Cd7qH2pnTi76UZ/QzB1xinhixZIjxkx2HdAEtI6o=", + "rev": "691eba1805c5c1bfae8151a583780facdf726b9b", + "revCount": 266, "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.882227%2Brev-01f116e4df6a15f4ccdffb1bcd41096869fb385c/019a0e83-909b-7673-9c81-a0407e5b4e5e/source.tar.gz" + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/secure/0.888552.266/019a79d1-4378-7098-86c6-65eafc8d3dc6/source.tar.gz" }, "original": { "type": "tarball", - "url": "https://flakehub.com/f/NixOS/nixpkgs/0.1" + "url": "https://flakehub.com/f/DeterminateSystems/secure/0" } }, "root": { diff --git a/flake.nix b/flake.nix index 46c6321..6e7afb5 100644 --- a/flake.nix +++ b/flake.nix @@ -2,10 +2,8 @@ description = "GitHub Actions-powered Nix binary cache"; inputs = { - nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/0.1"; - + nixpkgs.url = "https://flakehub.com/f/DeterminateSystems/secure/0"; crane.url = "https://flakehub.com/f/ipetkov/crane/*"; - nix.url = "https://flakehub.com/f/NixOS/nix/=2.27.*"; }; @@ -15,7 +13,6 @@ "aarch64-linux" "x86_64-linux" "aarch64-darwin" - "x86_64-darwin" ]; forEachSupportedSystem = f: inputs.nixpkgs.lib.genAttrs supportedSystems (system: f rec {