runner: reproducible nix-built job image + compose-based act_runner

This commit is contained in:
2026-05-18 10:13:17 +00:00
parent f8a041f5b7
commit 623fe57683
7 changed files with 226 additions and 42 deletions

View File

@@ -1,19 +0,0 @@
name: auto-merge
on:
pull_request:
types: [labeled]
jobs:
merge:
if: github.event.label.name == 'auto-merge'
runs-on: self-hosted
steps:
- name: merge
env:
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
run: |
tea pr merge \
--repo "${{ github.repository }}" \
--style squash \
"${{ github.event.pull_request.number }}"

View File

@@ -62,7 +62,9 @@ jobs:
done
done
# 4. Build smoke — every changed package must build.
# 4. Build smoke — every changed package must build. Cache push
# is intentionally absent for now (no shared binary cache);
# add a step here once cache infra is decided.
- name: build smoke
if: steps.changed.outputs.packages != ''
run: |
@@ -71,20 +73,9 @@ jobs:
.#${pkg} --no-link --print-out-paths
done
# 5. Cache push (only on the validated outputs, before merge).
- name: push to binary cache
if: steps.changed.outputs.packages != ''
env:
NIX_SECRET_KEY_FILE: ${{ secrets.NIX_CACHE_SECRET_KEY_FILE }}
CACHE_URL: ${{ vars.CARGOXX_CACHE_URL }}
run: |
for pkg in ${{ steps.changed.outputs.packages }}; do
nix copy --extra-experimental-features 'nix-command flakes' \
--to "${CACHE_URL}?secret-key=${NIX_SECRET_KEY_FILE}" \
.#${pkg}
done
# 6. Maintainer match.
# 5. Maintainer check — PR must come from someone listed in
# recipes/<pkg>/maintainers.txt (auto-pass for new packages,
# since the PR introduces the file in the same commit).
- name: maintainer check
if: steps.changed.outputs.packages != ''
run: |
@@ -92,18 +83,11 @@ jobs:
for pkg in ${{ steps.changed.outputs.packages }}; do
list="recipes/$pkg/maintainers.txt"
if [[ ! -f "$list" ]]; then
echo "new package $pkg — maintainers.txt will be added by this PR"
echo "new package $pkg — maintainers.txt added by this PR"
continue
fi
if ! grep -E -q "^\s*${author}\s*(\#.*)?$" "$list"; then
echo "PR author '$author' is not in $list"
gh pr edit ${{ github.event.pull_request.number }} \
--add-label needs-human-review
exit 1
fi
done
- name: label auto-merge
if: steps.changed.outputs.packages != ''
run: |
gh pr edit ${{ github.event.pull_request.number }} --add-label auto-merge