Compare with Garnix artifact #889
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Compare with Garnix artefact | |
| on: | |
| check_run: | |
| types: [completed] | |
| jobs: | |
| verifyReproducible: | |
| name: Compare with Garnix artefact | |
| if: >- | |
| github.event.check_run.app.name == 'Garnix CI' | |
| && contains(github.event.check_run.name, 'default package') | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: lewagon/[email protected] | |
| with: | |
| ref: ${{github.event.check_run.head_sha}} | |
| check-name: 'Build' | |
| repo-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Sleep | |
| run: sleep 15s | |
| shell: bash | |
| - name: Fetch Sources | |
| uses: actions/checkout@v4 | |
| - uses: dawidd6/action-download-artifact@v2 | |
| with: | |
| workflow: build.yml | |
| commit: ${{github.event.check_run.head_sha}} | |
| name: ".+[Ss]urveyor-\\d.+" | |
| name_is_regexp: true | |
| path: gha-artefact | |
| - uses: cachix/install-nix-action@v24 | |
| with: | |
| extra_nix_config: | | |
| extra-substituters = https://cache.garnix.io | |
| extra-trusted-public-keys = cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g= | |
| - run: | | |
| set -o errexit -o nounset -o pipefail -o xtrace | |
| if cat <<- 'EOF' | grep --perl-regexp --only-matching '\/nix\/store\/\K\S+(?=-gradleBuild)' | tail --lines=1 | curl "https://cache.garnix.io/$(cat).narinfo" | tee _narinfo; then | |
| ${{ github.event.check_run.output.text }} | |
| EOF | |
| curl --output _artefact.nar "https://cache.garnix.io/$(grep --perl-regexp --only-matching 'URL:\s*\K\S+' <_narinfo)" | |
| nix-store --restore ./artefact <_artefact.nar && rm _* | |
| if [[ -f ./artefact ]]; then | |
| # Received a .drv file instead of an out artefact directory | |
| grep --perl-regexp --only-matching '\/nix\/store\/\K\S+(?=-gradleBuild)' <./artefact | tail --lines=1 | curl "https://cache.garnix.io/$(cat).narinfo" | tee _narinfo | |
| curl --verbose --output _artefact.nar "https://cache.garnix.io/$(grep --perl-regexp --only-matching 'URL:\s*\K\S+' <_narinfo)" | |
| rm ./artefact | |
| nix-store --restore ./artefact <_artefact.nar && rm _* | |
| fi | |
| else | |
| # Failed to get a valid NAR URL, so trying the long way for getting an artifact | |
| nix build --max-jobs 0 --print-build-logs .#defaultPackage.x86_64-linux | |
| # upload-artifact doesn't accept links | |
| cp --dereference --recursive ./result ./artefact | |
| fi | |
| ls --almost-all --format=long --recursive . | |
| [[ -d ./artefact ]] | |
| - name: Compute sha256sum for the artifact from Garnix | |
| run: | | |
| echo 'sha256sum of the artifact built in Garnix:' | |
| sha256sum -b "$(find artefact/*)" | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: artefact-from-garnix | |
| path: ./artefact/* | |
| - name: Verify same (i.e. reproducible) | |
| run: | | |
| cmp -b gha-artefact/*/* artefact/* |