Skip to content

chore: Use Nix in CI where possible #5126

chore: Use Nix in CI where possible

chore: Use Nix in CI where possible #5126

Workflow file for this run

# Workflow for testing Spoon.
#
# Note that actions are specified by commit hash. This is to avoid the security
# risk of someone injecting malicious code into a release and then simply
# changing a tag.
name: tests
on:
pull_request:
branches:
- master
push:
branches:
- master
- chore/flakey-flakey-rise-and-shine
schedule:
- cron: "0 0 * * *"
env:
MAVEN_OPTS: >-
-Dmaven.resolver.transport=native
-Daether.connector.connectTimeout=300000
-Daether.connector.requestTimeout=300000
jobs:
build:
runs-on: ${{ matrix.os }}
strategy:
matrix:
java: [11, 17, 20]
os: [ubuntu-latest]
name: Tests with Java ${{ matrix.java }} on ${{ matrix.os }}
steps:
- name: git checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
fetch-depth: 0
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@v4
- uses: DeterminateSystems/magic-nix-cache-action@v2
- name: Check Nixpkgs inputs
uses: DeterminateSystems/flake-checker-action@v5
with:
fail-mode: true
- name: Use Maven dependency cache
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: ~/.m2/repository
key: ${{ runner.os }}
- name: Time nix setup
run: nix develop .#jdk${{ matrix.java }} --command true
- name: Test
run: nix develop .#jdk${{ matrix.java }} --command test
coverage:
runs-on: ubuntu-latest
name: Test with coverage
steps:
- name: git checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
fetch-depth: 0
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@v4
- uses: DeterminateSystems/magic-nix-cache-action@v2
- name: Check Nixpkgs inputs
uses: DeterminateSystems/flake-checker-action@v5
with:
fail-mode: true
- name: Use Maven dependency cache
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: ~/.m2/repository
key: ${{ runner.os }}
- name: Time nix setup
run: nix develop --command true
- name: Run tests with coverage
run: nix develop --command coverage
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR_NUMBER: ${{ github.event.number }}
extra:
runs-on: ubuntu-latest
name: Extra checks
steps:
- name: git checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
fetch-depth: 0
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@v4
- uses: DeterminateSystems/magic-nix-cache-action@v2
- name: Check Nixpkgs inputs
uses: DeterminateSystems/flake-checker-action@v5
with:
fail-mode: true
- name: Use Maven dependency cache
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: ~/.m2/repository
key: ${{ runner.os }}
- name: Time nix setup
run: nix develop .#extraChecks --command true
- name: Run extra checks
run: nix develop .#extraChecks --command extra
- name: Trigger extra remote tasks
if: github.repository == 'INRIA/spoon' && github.event_name == 'pull_request'
run: nix develop .#extraChecks --command extra-remote
- name: Run Javadoc quality check
run: nix develop .#extraChecks --command javadoc-quality
reproducible-builds:
runs-on: ubuntu-latest
name: reproducible-builds
steps:
- name: git checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
fetch-depth: 0
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@v4
- uses: DeterminateSystems/magic-nix-cache-action@v2
- name: Check Nixpkgs inputs
uses: DeterminateSystems/flake-checker-action@v5
with:
fail-mode: true
- name: Use Maven dependency cache
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: ~/.m2/repository
key: ${{ runner.os }}
- name: Time nix setup
run: nix develop --command true
- name: Check status
run: nix develop --command reproducible-builds
maven-central-requirements:
runs-on: ubuntu-latest
steps:
- name: git checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
fetch-depth: 0
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@v4
- uses: DeterminateSystems/magic-nix-cache-action@v2
- name: Check Nixpkgs inputs
uses: DeterminateSystems/flake-checker-action@v5
with:
fail-mode: true
- name: Use Maven dependency cache
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: ~/.m2/repository
key: ${{ runner.os }}
- name: Time nix setup
run: nix develop --command true
- name: Check maven pom quality
run: nix develop --command maven-pom-quality