GitHub Actions: add image-building jobs

Author: tomeon

.github/workflows/build.yml

@@ -11,10 +11,156 @@ jobs:
     steps:
     - uses: actions/checkout@v3
       with:
-          # Nix Flakes doesn't work on shallow clones
-          fetch-depth: 0
+        # Nix Flakes doesn't work on shallow clones
+        fetch-depth: 0
     - uses: cachix/install-nix-action@v17
     - name: List flake structure
       run: nix flake show
     - name: Run unit tests (flake)
       run: nix build -L
+  check:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+    - uses: cachix/install-nix-action@v17
+    - name: Run flake checks
+      run: nix flake check --no-build --keep-going
+  introspect:
+    runs-on: ubuntu-latest
+    outputs:
+      nixpkgs-rev: ${{ steps.nixpkgs-rev.outputs.nixpkgs-rev }}
+      nixos-rev: ${{ steps.nixpkgs-rev.outputs.nixos-rev }}
+      formats: ${{ steps.list-formats.outputs.formats }}
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+    - uses: cachix/install-nix-action@v17
+    - name: Get nixpkgs rev
+      id: nixpkgs-rev
+      run: |
+        getRev() {
+          nix eval --impure --raw --expr "((builtins.fromJSON (builtins.readFile ./flake.lock)).nodes.${1?}.locked.rev)"
+        }
+
+        nixpkgs_rev=$(getRev nixpkgs) || exit
+        nixos_rev=$(getRev nixos) || exit
+
+        echo "::set-output name=nixpkgs-rev::${nixpkgs_rev}"
+        echo "::set-output name=nixos-rev::${nixos_rev}"
+    - name: List available formats
+      id: list-formats
+      run: |
+        # Run in nix-shell in order to use jq
+        formats=$(nix develop --command bash -c './nixos-generate --list | jq -cnMR "[inputs]"') || exit
+        echo "::set-output name=formats::${formats}"
+  formats:
+    strategy:
+      matrix:
+        format: ${{ needs.introspect.outputs.formats && fromJSON(needs.introspect.outputs.formats) }}
+        nixpkgs-name:
+          - nixpkgs
+          - nixos
+        include:
+        - nixpkgs-name: nixpkgs
+          nixpkgs: 'https://github.com/nixos/nixpkgs/archive/${{ needs.introspect.outputs.nixpkgs-rev }}.tar.gz'
+        - nixpkgs-name: nixos
+          nixpkgs: 'https://github.com/nixos/nixpkgs/archive/${{ needs.introspect.outputs.nixos-rev }}.tar.gz'
+        - format: vm
+          upload: true
+        - format: vm-nogui
+          upload: true
+        - format: sd-aarch64-installer
+          system: aarch64-linux
+        - format: sd-aarch64
+          system: aarch64-linux
+    runs-on: ubuntu-latest
+    needs: [ 'check', 'introspect' ]
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+    # set up qemu if we are targeting a non-native system
+    - uses: docker/setup-qemu-action@v2
+      if: ${{ matrix.system }}
+    - uses: cachix/install-nix-action@v17
+      with:
+        # kvm required for a number of formats; big-parallel required for
+        # proxmox and possibly others.
+        extra_nix_config: |
+          system-features = big-parallel kvm
+          extra-platforms = ${{ matrix.system }}
+    - name: Output the current nixpkgs version
+      id: nixpkgs-version
+      if: ${{ matrix.upload }}
+      run: |
+        nixpkgs_version=$(nix eval -I nixpkgs=${{matrix.nixpkgs }} --raw nixpkgs#lib.version) || exit
+        echo "::set-output name=nixpkgs-version::${nixpkgs_version}"
+    - name: Build the "${{ matrix.format }}" format
+      id: generate
+      run: |
+        die() {
+          rc="$?"
+          echo "::error file=nixos-generate::$*"
+          exit "$rc"
+        }
+
+        generate() {
+          timeout 20m \
+            nix run . \
+            -- \
+            -I nixpkgs=${{ matrix.nixpkgs }} \
+            "$@"
+        }
+
+        getCheck() {
+          nix eval --json ".#checks.\"${1?}\"" --apply "(builtins.hasAttr \"${2?}\")"
+        }
+
+        hasCheck() {
+          has_check=$(getCheck "$@") || die "failed to confirm availablity of check output"
+          [ "$has_check" = true ]
+        }
+
+        buildCheck() {
+          nix build ".#checks.\"${1?}\".\"${2?}\""
+        }
+
+        checkOutputs() {
+          path_var="$1"
+          shift
+
+          path="$1"
+          shift
+
+          test_type="$1"
+          shift
+
+          test "$test_type" "$path" || die "path $path does not exist or is not the expected type"
+          real=$(readlink -f "$path") || die "unable to resolve path to $path"
+          store_paths=$(nix-store -q --outputs "$real") || die "unable to get store path of $real"
+          echo "::set-output name=${path_var}::$(echo "$store_paths" | head -n 1)"
+        }
+
+        format=${{ matrix.format }}
+        system=${{ matrix.system || 'x86_64-linux' }}
+        check=${format}-${{ matrix.nixpkgs-name }}
+        out_link="./result-${format}"
+
+        if hasCheck "$system" "$check"; then
+          out=$(generate -f "$format" --system "$system" -o "$out_link") || die "build exited with status $?"
+          buildCheck "$system" "$check" || die "flake build exited with status $?"
+          checkOutputs out "$out" -f
+          checkOutputs out_link "$out_link" -e
+        fi
+    - name: Upload artifact from "${{ matrix.format }}" build
+      if: ${{ matrix.upload || false }}
+      uses: actions/upload-artifact@v3
+      with:
+        name: nixpkgs-${{ steps.nixpkgs-version.outputs.nixpkgs-version }}.${{ matrix.format }}
+        path: |
+          ${{ steps.generate.outputs.out }}
+          ${{ steps.generate.outputs.out_link }}
+        if-no-files-found: error