From 19494faab6a7ba0dc989a5cb8c8b0f60b9f8c13b Mon Sep 17 00:00:00 2001 From: Troy Benson Date: Mon, 9 Mar 2026 13:59:18 +0200 Subject: [PATCH 1/5] use shared ci --- .github/actions/ci-setup/action.yaml | 77 ----------- .github/actions/setup-sccache/action.yaml | 29 ----- .github/scripts/nix-post-build-hook.sh | 5 - .github/scripts/nix-upload-cache.sh | 23 ---- .github/workflows/ci.yml | 148 +++++++++------------- .github/workflows/release-pr.yml | 31 +++-- .github/workflows/release-publish.yml | 29 ++--- 7 files changed, 94 insertions(+), 248 deletions(-) delete mode 100644 .github/actions/ci-setup/action.yaml delete mode 100644 .github/actions/setup-sccache/action.yaml delete mode 100755 .github/scripts/nix-post-build-hook.sh delete mode 100755 .github/scripts/nix-upload-cache.sh diff --git a/.github/actions/ci-setup/action.yaml b/.github/actions/ci-setup/action.yaml deleted file mode 100644 index a5e04f2..0000000 --- a/.github/actions/ci-setup/action.yaml +++ /dev/null @@ -1,77 +0,0 @@ -name: Setup Environment -description: Setup environment -inputs: - nix_cache_private_key: - required: false - description: Private key for Nix cache - - s3_access_key: - required: false - description: Access key for S3 bucket - - s3_secret_key: - required: false - description: Secret key for S3 bucket - - sccache_enabled: - required: true - description: Whether to enable sccache - - shell: - required: true - description: "Shell to use" -runs: - using: "composite" - steps: - - name: Setup nix build paths file - shell: bash - env: - NIX_CACHE_URL: s3://${{ env.S3_BUCKET }}/cache/nix?endpoint=${{ env.S3_ENDPOINT }}&scheme=https&compression=zstd¶llel-compression=true - run: | - echo "NIX_CACHE_URL=${NIX_CACHE_URL}" >> $GITHUB_ENV - - - name: Setup s3 credentials - shell: bash - env: - AWS_ACCESS_KEY_ID: ${{ inputs.s3_access_key || env.PUBLIC_S3_ACCESS_KEY }} - AWS_SECRET_ACCESS_KEY: ${{ inputs.s3_secret_key || env.PUBLIC_S3_SECRET_KEY }} - run: | - echo "AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}" >> $GITHUB_ENV - echo "AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}" >> $GITHUB_ENV - - - name: Setup nix cache private key - if: inputs.nix_cache_private_key != '' - shell: bash - env: - NIX_CACHE_PRIVATE_KEY: ${{ inputs.nix_cache_private_key }} - run: | - printenv NIX_CACHE_PRIVATE_KEY >> /tmp/nix-cache-key.pem - - - name: Nix cache upload - uses: gacts/run-and-post-run@v1 - if: inputs.nix_cache_private_key != '' && inputs.s3_access_key != '' && inputs.s3_secret_key != '' - with: - post: exec ${{ github.workspace }}/.github/scripts/nix-upload-cache.sh - - - name: Install Nix - uses: cachix/install-nix-action@v25 - with: - extra_nix_config: | - experimental-features = nix-command flakes - max-jobs = auto - http-connections = 128 - connect-timeout = 5 - substituters = https://cache.nixos.org https://ci-cache.troymoder.dev/cache/nix - trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= troy-crates-nix-cache:Gzil33SGyR5pzjFPe1l4ACZy2lfXi3Y5R5cO6BmOwkE=⏎ - post-build-hook = ${{ github.workspace }}/.github/scripts/nix-post-build-hook.sh - - - name: Setup sccache - if: inputs.sccache_enabled == 'true' - uses: ./.github/actions/setup-sccache - with: - shell: ${{ inputs.shell }} - - - name: Setup shell - shell: ${{ inputs.shell }} - run: | - echo "activated shell" diff --git a/.github/actions/setup-sccache/action.yaml b/.github/actions/setup-sccache/action.yaml deleted file mode 100644 index 0ff489a..0000000 --- a/.github/actions/setup-sccache/action.yaml +++ /dev/null @@ -1,29 +0,0 @@ -name: Setup SCCache -description: Starts sccache server in the background (requires Nix and nix develop) -inputs: - shell: - required: true - description: "Shell to use" -runs: - using: "composite" - steps: - - name: Write GCS key for SCCache - shell: ${{ inputs.shell }} - run: | - echo "SCCACHE_GHA_ENABLED=false" >> $GITHUB_ENV - echo "SCCACHE_BUCKET=${{ env.S3_BUCKET }}" >> $GITHUB_ENV - echo "SCCACHE_ENDPOINT=https://${{ env.S3_ENDPOINT }}" >> $GITHUB_ENV - echo "SCCACHE_S3_KEY_PREFIX=cache/sccache" >> $GITHUB_ENV - echo "SCCACHE_REGION=auto" >> $GITHUB_ENV - - - name: Start SCCache server - shell: ${{ inputs.shell }} - run: | - set -xeo pipefail - sccache --start-server - sccache -z - - - name: Show sccache stats - uses: gacts/run-and-post-run@v1 - with: - post: nix develop . --command sccache -s diff --git a/.github/scripts/nix-post-build-hook.sh b/.github/scripts/nix-post-build-hook.sh deleted file mode 100755 index 5c84777..0000000 --- a/.github/scripts/nix-post-build-hook.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/env bash -set -f # disable globbing -export IFS=' ' - -echo "${OUT_PATHS}" >>/tmp/nix-built-paths.txt diff --git a/.github/scripts/nix-upload-cache.sh b/.github/scripts/nix-upload-cache.sh deleted file mode 100755 index c416f0e..0000000 --- a/.github/scripts/nix-upload-cache.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -if [[ ! -f /tmp/nix-cache-key.pem ]]; then - echo "Error: /tmp/nix-cache-key.pem not found" - exit 1 -fi - -if [[ -z "${NIX_CACHE_URL:-}" ]]; then - echo "Error: NIX_CACHE_URL not set" - exit 1 -fi - -if [[ -s /tmp/nix-built-paths.txt ]]; then - echo "Uploading $(wc -l /tmp/release-body.txt + run: release-plz update > ${{ runner.temp }}/release-body.txt - name: Sync README run: just sync-readme @@ -59,11 +64,11 @@ jobs: fi - name: Create PR - if: steps.changes.outputs.has_changes == 'true' + if: ${{ steps.changes.outputs.has_changes == 'true' }} uses: peter-evans/create-pull-request@v8 with: title: "chore: release" commit-message: "chore: release" - body-path: /tmp/release-body.txt + body-path: ${{ runner.temp }}/release-body.txt branch: release-pr labels: release diff --git a/.github/workflows/release-publish.yml b/.github/workflows/release-publish.yml index 56c8a48..8f9fb35 100644 --- a/.github/workflows/release-publish.yml +++ b/.github/workflows/release-publish.yml @@ -8,10 +8,6 @@ on: env: CARGO_TERM_COLOR: always - S3_ENDPOINT: "6ca7d4e3d5c9496083876496fc36b8b0.r2.cloudflarestorage.com" - S3_BUCKET: "troy-crates-ci" - PUBLIC_S3_ACCESS_KEY: "b93e0986c42bc88d2d85dc087f2a94ba" - PUBLIC_S3_SECRET_KEY: "60bc5cfd8b121d0acb35d829755b587d29fd8da212c5a81fc4df3be0f433282e" concurrency: group: release-publish-${{ github.ref }} @@ -27,22 +23,25 @@ jobs: contents: write defaults: run: - shell: &shell bash -c ". $GITHUB_WORKSPACE/.github/scripts/nix-shell.sh {0}" + shell: ${{ github.workspace }}/.github/scripts/nix-shell.sh {0} steps: - name: Checkout repository uses: actions/checkout@v5 - name: Setup environment - uses: ./.github/actions/ci-setup + uses: troymoder/shared-actions/setup-nix@0445b4839de516226e314213dcb15fe4461109c3 with: - shell: *shell nix_cache_private_key: ${{ secrets.NIX_CACHE_PRIVATE_KEY }} - s3_access_key: ${{ secrets.S3_ACCESS_KEY }} - s3_secret_key: ${{ secrets.S3_SECRET_KEY }} - sccache_enabled: "false" + nix_cache_public_key: ${{ vars.NIX_CACHE_PUBLIC_KEY }} + s3_bucket: ${{ vars.S3_CACHE_BUCKET }} + s3_endpoint: ${{ vars.S3_CACHE_ENDPOINT }} + s3_public_url: ${{ vars.S3_CACHE_PUBLIC_URL }} + s3_access_key: ${{ secrets.S3_CACHE_BUCKET_ACCESS_KEY || vars.S3_CACHE_BUCKET_PUBLIC_ACCESS_KEY }} + s3_secret_key: ${{ secrets.S3_CACHE_BUCKET_ACCESS_SECRET_KEY || vars.S3_CACHE_BUCKET_PUBLIC_ACCESS_SECRET_KEY }} - - name: Release crates - env: - GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} - CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }} - run: release-plz release + - name: Setup sccache + uses: troymoder/shared-actions/setup-sccache@0445b4839de516226e314213dcb15fe4461109c3 + with: + s3_bucket: ${{ vars.S3_CACHE_BUCKET }} + s3_endpoint: ${{ vars.S3_CACHE_ENDPOINT }} + sccache_command: ${{ github.workspace }}/.github/scripts/nix-shell.sh sccache From cafdf72e3acf23e780ff3cfb5e2ed9b6b82b9c28 Mon Sep 17 00:00:00 2001 From: Troy Benson Date: Mon, 9 Mar 2026 14:07:37 +0200 Subject: [PATCH 2/5] try again --- .github/scripts/nix-shell.sh | 2 +- .github/workflows/ci.yml | 8 ++++---- .github/workflows/release-pr.yml | 8 ++++---- .github/workflows/release-publish.yml | 8 ++++---- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/scripts/nix-shell.sh b/.github/scripts/nix-shell.sh index 3f79798..226b600 100755 --- a/.github/scripts/nix-shell.sh +++ b/.github/scripts/nix-shell.sh @@ -1,4 +1,4 @@ #!/usr/bin/env bash shell="${NIX_SHELL:-default}" -nix develop "${GITHUB_WORKSPACE:-.}#${shell}" --impure --command bash -e "$@" +nix develop "${GITHUB_WORKSPACE:-.}#${shell}" --impure --command $@ diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7df55d6..0adc8dd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -23,14 +23,14 @@ jobs: contents: read defaults: &defaults run: - shell: ${{ github.workspace }}/.github/scripts/nix-shell.sh {0} + shell: ${{ github.workspace }}/.github/scripts/nix-shell.sh bash -e {0} steps: - name: Checkout repository uses: actions/checkout@v5 - &setup-nix name: Setup environment - uses: troymoder/shared-actions/setup-nix@0445b4839de516226e314213dcb15fe4461109c3 + uses: troymoder/shared-actions/setup-nix@3f0cff7eef25ca0fb3b1e7b624b0745a99c9234a with: nix_cache_private_key: ${{ secrets.NIX_CACHE_PRIVATE_KEY }} nix_cache_public_key: ${{ vars.NIX_CACHE_PUBLIC_KEY }} @@ -38,11 +38,11 @@ jobs: s3_endpoint: ${{ vars.S3_CACHE_ENDPOINT }} s3_public_url: ${{ vars.S3_CACHE_PUBLIC_URL }} s3_access_key: ${{ secrets.S3_CACHE_BUCKET_ACCESS_KEY || vars.S3_CACHE_BUCKET_PUBLIC_ACCESS_KEY }} - s3_secret_key: ${{ secrets.S3_CACHE_BUCKET_ACCESS_SECRET_KEY || vars.S3_CACHE_BUCKET_PUBLIC_ACCESS_SECRET_KEY }} + s3_secret_access_key: ${{ secrets.S3_CACHE_BUCKET_SECRET_ACCESS_KEY || vars.S3_CACHE_BUCKET_PUBLIC_SECRET_ACCESS_KEY }} - &setup-sccache name: Setup sccache - uses: troymoder/shared-actions/setup-sccache@0445b4839de516226e314213dcb15fe4461109c3 + uses: troymoder/shared-actions/setup-sccache@3f0cff7eef25ca0fb3b1e7b624b0745a99c9234a with: s3_bucket: ${{ vars.S3_CACHE_BUCKET }} s3_endpoint: ${{ vars.S3_CACHE_ENDPOINT }} diff --git a/.github/workflows/release-pr.yml b/.github/workflows/release-pr.yml index 45ba81e..7018d00 100644 --- a/.github/workflows/release-pr.yml +++ b/.github/workflows/release-pr.yml @@ -22,13 +22,13 @@ jobs: pull-requests: write defaults: run: - shell: ${{ github.workspace }}/.github/scripts/nix-shell.sh {0} + shell: ${{ github.workspace }}/.github/scripts/nix-shell.sh bash -e {0} steps: - name: Checkout repository uses: actions/checkout@v5 - name: Setup environment - uses: troymoder/shared-actions/setup-nix@0445b4839de516226e314213dcb15fe4461109c3 + uses: troymoder/shared-actions/setup-nix@3f0cff7eef25ca0fb3b1e7b624b0745a99c9234a with: nix_cache_private_key: ${{ secrets.NIX_CACHE_PRIVATE_KEY }} nix_cache_public_key: ${{ vars.NIX_CACHE_PUBLIC_KEY }} @@ -36,10 +36,10 @@ jobs: s3_endpoint: ${{ vars.S3_CACHE_ENDPOINT }} s3_public_url: ${{ vars.S3_CACHE_PUBLIC_URL }} s3_access_key: ${{ secrets.S3_CACHE_BUCKET_ACCESS_KEY || vars.S3_CACHE_BUCKET_PUBLIC_ACCESS_KEY }} - s3_secret_key: ${{ secrets.S3_CACHE_BUCKET_ACCESS_SECRET_KEY || vars.S3_CACHE_BUCKET_PUBLIC_ACCESS_SECRET_KEY }} + s3_secret_access_key: ${{ secrets.S3_CACHE_BUCKET_SECRET_ACCESS_KEY || vars.S3_CACHE_BUCKET_PUBLIC_SECRET_ACCESS_KEY }} - name: Setup sccache - uses: troymoder/shared-actions/setup-sccache@0445b4839de516226e314213dcb15fe4461109c3 + uses: troymoder/shared-actions/setup-sccache@3f0cff7eef25ca0fb3b1e7b624b0745a99c9234a with: s3_bucket: ${{ vars.S3_CACHE_BUCKET }} s3_endpoint: ${{ vars.S3_CACHE_ENDPOINT }} diff --git a/.github/workflows/release-publish.yml b/.github/workflows/release-publish.yml index 8f9fb35..e5b35c6 100644 --- a/.github/workflows/release-publish.yml +++ b/.github/workflows/release-publish.yml @@ -23,13 +23,13 @@ jobs: contents: write defaults: run: - shell: ${{ github.workspace }}/.github/scripts/nix-shell.sh {0} + shell: ${{ github.workspace }}/.github/scripts/nix-shell.sh bash -e {0} steps: - name: Checkout repository uses: actions/checkout@v5 - name: Setup environment - uses: troymoder/shared-actions/setup-nix@0445b4839de516226e314213dcb15fe4461109c3 + uses: troymoder/shared-actions/setup-nix@3f0cff7eef25ca0fb3b1e7b624b0745a99c9234a with: nix_cache_private_key: ${{ secrets.NIX_CACHE_PRIVATE_KEY }} nix_cache_public_key: ${{ vars.NIX_CACHE_PUBLIC_KEY }} @@ -37,10 +37,10 @@ jobs: s3_endpoint: ${{ vars.S3_CACHE_ENDPOINT }} s3_public_url: ${{ vars.S3_CACHE_PUBLIC_URL }} s3_access_key: ${{ secrets.S3_CACHE_BUCKET_ACCESS_KEY || vars.S3_CACHE_BUCKET_PUBLIC_ACCESS_KEY }} - s3_secret_key: ${{ secrets.S3_CACHE_BUCKET_ACCESS_SECRET_KEY || vars.S3_CACHE_BUCKET_PUBLIC_ACCESS_SECRET_KEY }} + s3_secret_access_key: ${{ secrets.S3_CACHE_BUCKET_SECRET_ACCESS_KEY || vars.S3_CACHE_BUCKET_PUBLIC_SECRET_ACCESS_KEY }} - name: Setup sccache - uses: troymoder/shared-actions/setup-sccache@0445b4839de516226e314213dcb15fe4461109c3 + uses: troymoder/shared-actions/setup-sccache@3f0cff7eef25ca0fb3b1e7b624b0745a99c9234a with: s3_bucket: ${{ vars.S3_CACHE_BUCKET }} s3_endpoint: ${{ vars.S3_CACHE_ENDPOINT }} From 20db7d7cb0b089b61889733536f369775f5c445c Mon Sep 17 00:00:00 2001 From: Troy Benson Date: Mon, 9 Mar 2026 14:20:28 +0200 Subject: [PATCH 3/5] try again --- .github/workflows/ci.yml | 4 ++-- .github/workflows/release-pr.yml | 4 ++-- .github/workflows/release-publish.yml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0adc8dd..737d63d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -30,7 +30,7 @@ jobs: - &setup-nix name: Setup environment - uses: troymoder/shared-actions/setup-nix@3f0cff7eef25ca0fb3b1e7b624b0745a99c9234a + uses: troymoder/shared-actions/setup-nix@b114355b5a126b78c9e19920afa01075a32ee39e with: nix_cache_private_key: ${{ secrets.NIX_CACHE_PRIVATE_KEY }} nix_cache_public_key: ${{ vars.NIX_CACHE_PUBLIC_KEY }} @@ -42,7 +42,7 @@ jobs: - &setup-sccache name: Setup sccache - uses: troymoder/shared-actions/setup-sccache@3f0cff7eef25ca0fb3b1e7b624b0745a99c9234a + uses: troymoder/shared-actions/setup-sccache@b114355b5a126b78c9e19920afa01075a32ee39e with: s3_bucket: ${{ vars.S3_CACHE_BUCKET }} s3_endpoint: ${{ vars.S3_CACHE_ENDPOINT }} diff --git a/.github/workflows/release-pr.yml b/.github/workflows/release-pr.yml index 7018d00..a316829 100644 --- a/.github/workflows/release-pr.yml +++ b/.github/workflows/release-pr.yml @@ -28,7 +28,7 @@ jobs: uses: actions/checkout@v5 - name: Setup environment - uses: troymoder/shared-actions/setup-nix@3f0cff7eef25ca0fb3b1e7b624b0745a99c9234a + uses: troymoder/shared-actions/setup-nix@b114355b5a126b78c9e19920afa01075a32ee39e with: nix_cache_private_key: ${{ secrets.NIX_CACHE_PRIVATE_KEY }} nix_cache_public_key: ${{ vars.NIX_CACHE_PUBLIC_KEY }} @@ -39,7 +39,7 @@ jobs: s3_secret_access_key: ${{ secrets.S3_CACHE_BUCKET_SECRET_ACCESS_KEY || vars.S3_CACHE_BUCKET_PUBLIC_SECRET_ACCESS_KEY }} - name: Setup sccache - uses: troymoder/shared-actions/setup-sccache@3f0cff7eef25ca0fb3b1e7b624b0745a99c9234a + uses: troymoder/shared-actions/setup-sccache@b114355b5a126b78c9e19920afa01075a32ee39e with: s3_bucket: ${{ vars.S3_CACHE_BUCKET }} s3_endpoint: ${{ vars.S3_CACHE_ENDPOINT }} diff --git a/.github/workflows/release-publish.yml b/.github/workflows/release-publish.yml index e5b35c6..bfa5969 100644 --- a/.github/workflows/release-publish.yml +++ b/.github/workflows/release-publish.yml @@ -29,7 +29,7 @@ jobs: uses: actions/checkout@v5 - name: Setup environment - uses: troymoder/shared-actions/setup-nix@3f0cff7eef25ca0fb3b1e7b624b0745a99c9234a + uses: troymoder/shared-actions/setup-nix@b114355b5a126b78c9e19920afa01075a32ee39e with: nix_cache_private_key: ${{ secrets.NIX_CACHE_PRIVATE_KEY }} nix_cache_public_key: ${{ vars.NIX_CACHE_PUBLIC_KEY }} @@ -40,7 +40,7 @@ jobs: s3_secret_access_key: ${{ secrets.S3_CACHE_BUCKET_SECRET_ACCESS_KEY || vars.S3_CACHE_BUCKET_PUBLIC_SECRET_ACCESS_KEY }} - name: Setup sccache - uses: troymoder/shared-actions/setup-sccache@3f0cff7eef25ca0fb3b1e7b624b0745a99c9234a + uses: troymoder/shared-actions/setup-sccache@b114355b5a126b78c9e19920afa01075a32ee39e with: s3_bucket: ${{ vars.S3_CACHE_BUCKET }} s3_endpoint: ${{ vars.S3_CACHE_ENDPOINT }} From 12afa87fd7cdb0e7f910396fb5b14d211ed40c05 Mon Sep 17 00:00:00 2001 From: Troy Benson Date: Mon, 9 Mar 2026 14:28:29 +0200 Subject: [PATCH 4/5] fix formatting --- .github/workflows/release-pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-pr.yml b/.github/workflows/release-pr.yml index a316829..76dbef4 100644 --- a/.github/workflows/release-pr.yml +++ b/.github/workflows/release-pr.yml @@ -44,7 +44,7 @@ jobs: s3_bucket: ${{ vars.S3_CACHE_BUCKET }} s3_endpoint: ${{ vars.S3_CACHE_ENDPOINT }} sccache_command: ${{ github.workspace }}/.github/scripts/nix-shell.sh sccache - + - name: Update crates run: release-plz update > ${{ runner.temp }}/release-body.txt From f2b33316cb2fd49188a2ea6654a681ce34134535 Mon Sep 17 00:00:00 2001 From: Troy Benson Date: Mon, 9 Mar 2026 15:11:31 +0200 Subject: [PATCH 5/5] fix script --- .github/scripts/nix-shell.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/nix-shell.sh b/.github/scripts/nix-shell.sh index 226b600..e0f4f88 100755 --- a/.github/scripts/nix-shell.sh +++ b/.github/scripts/nix-shell.sh @@ -1,4 +1,4 @@ #!/usr/bin/env bash shell="${NIX_SHELL:-default}" -nix develop "${GITHUB_WORKSPACE:-.}#${shell}" --impure --command $@ +nix develop "${GITHUB_WORKSPACE:-.}#${shell}" --impure --command "$@"