centra/photoncloud-monorepo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ci: optimize workflow with paths-filter and workspace-aware gates

Browse source
This commit is contained in:
centra 2025-12-24 18:22:22 +09:00
parent d3d74995e8
commit 1b9ed0cd22
Signed by: centra
GPG key ID: 0C09689D20B25ACA
2 changed files with 91 additions and 52 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

140
.github/workflows/nix.yml vendored
View file

@ -2,69 +2,105 @@ name: Nix CI
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
flake-check:
# Detect which workspaces have changed to save CI minutes
filter:
runs-on: ubuntu-latest
outputs:
workspaces: ${{ steps.filter.outputs.changes }}
any_changed: ${{ steps.filter.outputs.workspaces_any_changed }}
global_changed: ${{ steps.filter.outputs.global }}
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@v11
- uses: DeterminateSystems/magic-nix-cache-action@v8
- name: Nix flake check
run: nix flake check --accept-flake-config
build-servers:
runs-on: ubuntu-latest
needs: flake-check
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@v11
- uses: DeterminateSystems/magic-nix-cache-action@v8
- name: Build server packages
run: |
nix build --accept-flake-config .#chainfire-server .#flaredb-server .#iam-server .#plasmavmc-server .#prismnet-server .#flashdns-server .#fiberlb-server .#lightningstor-server .#creditservice-server
integration-matrix:
runs-on: ubuntu-latest
needs: build-servers
env:
PLASMA_E2E: "1"
# SKIP_PLASMA defaults to 0; set repo/runner var to 1 only when qemu-img/KVM is unavailable.
SKIP_PLASMA: ${{ vars.SKIP_PLASMA || '0' }}
LOG_DIR: .cccc/work/integration-matrix/${{ github.run_id }}
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@v11
- uses: DeterminateSystems/magic-nix-cache-action@v8
- name: Run integration matrix (Noop hypervisor gate)
run: |
nix develop -c ./scripts/integration-matrix.sh
- name: Upload integration-matrix logs
if: always()
uses: actions/upload-artifact@v4
- uses: dorny/paths-filter@v3
id: filter
with:
name: integration-matrix-logs
path: .cccc/work/integration-matrix/
filters: |
global:
- 'flake.nix'
- 'flake.lock'
- 'nix/**'
- '.github/workflows/nix.yml'
- 'Cargo.toml'
- 'Cargo.lock'
chainfire: 'chainfire/**'
flaredb: 'flaredb/**'
iam: 'iam/**'
plasmavmc: 'plasmavmc/**'
prismnet: 'prismnet/**'
flashdns: 'flashdns/**'
fiberlb: 'fiberlb/**'
lightningstor: 'lightningstor/**'
nightlight: 'nightlight/**'
creditservice: 'creditservice/**'
k8shost: 'k8shost/**'
apigateway: 'apigateway/**'
deployer: 'deployer/**'
integration-matrix-kvm:
if: ${{ vars.NESTED_KVM == '1' }}
# Run CI gates for changed workspaces
# Uses the provider-agnostic 'photoncloud-gate' defined in nix/ci/flake.nix
gate:
needs: filter
if: ${{ needs.filter.outputs.any_changed == 'true' || needs.filter.outputs.global_changed == 'true' }}
runs-on: ubuntu-latest
needs: integration-matrix
env:
PLASMA_E2E: "1"
SKIP_PLASMA: "0"
LOG_DIR: .cccc/work/integration-matrix-kvm/${{ github.run_id }}
strategy:
fail-fast: false
matrix:
# If global files changed, run all. Otherwise run only changed ones.
workspace: ${{ fromJSON(needs.filter.outputs.global_changed == 'true' && '["chainfire", "flaredb", "iam", "plasmavmc", "prismnet", "flashdns", "fiberlb", "lightningstor", "nightlight", "creditservice", "k8shost", "apigateway", "deployer"]' || needs.filter.outputs.workspaces) }}
name: gate (${{ matrix.workspace }})
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@v11
- uses: DeterminateSystems/magic-nix-cache-action@v8
- name: Run integration matrix (KVM lane)
- name: Run PhotonCloud Gate
run: |
nix develop -c ./scripts/integration-matrix.sh
- name: Upload integration-matrix-kvm logs
if: always()
uses: actions/upload-artifact@v4
with:
name: integration-matrix-kvm-logs
path: .cccc/work/integration-matrix-kvm/
nix run .#gate-ci -- --workspace ${{ matrix.workspace }} --tier 0 --no-logs
# Build server packages (tier 1+)
build:
needs: [filter, gate]
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }}
runs-on: ubuntu-latest
strategy:
matrix:
workspace: ${{ fromJSON(needs.filter.outputs.global_changed == 'true' && '["chainfire", "flaredb", "iam", "plasmavmc", "prismnet", "flashdns", "fiberlb", "lightningstor", "nightlight", "creditservice", "k8shost", "apigateway", "deployer"]' || needs.filter.outputs.workspaces) }}
name: build (${{ matrix.workspace }})
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@v11
- uses: DeterminateSystems/magic-nix-cache-action@v8
- name: Build server
run: |
# Only build if the workspace has a corresponding package in flake.nix
# We check if it exists before building to avoid failure on non-package workspaces
if nix flake show --json | jq -e ".packages.\"x86_64-linux\".\"${{ matrix.workspace }}-server\"" > /dev/null; then
nix build .#${{ matrix.workspace }}-server --accept-flake-config
else
echo "No server package found for ${{ matrix.workspace }}, skipping build."
fi
# Summary job for PR status checks
ci-status:
needs: [filter, gate]
if: always()
runs-on: ubuntu-latest
steps:
- name: Check CI Status
run: |
if [[ "${{ needs.gate.result }}" == "failure" ]]; then
exit 1
fi
if [[ "${{ needs.filter.outputs.any_changed }}" == "true" || "${{ needs.filter.outputs.global_changed }}" == "true" ]]; then
if [[ "${{ needs.gate.result }}" == "skipped" ]]; then
echo "Gate was skipped despite changes. This is unexpected."
exit 1
fi
fi
echo "CI passed or was correctly skipped."

3
nix/ci/flake.nix
View file

@ -220,6 +220,9 @@
drv = gate;
};
# CI-optimized gate (alias)
packages.gate-ci = gate;
# Checks are minimal and mirror tier0 (provider-agnostic).
checks.gate-tier0 = pkgs.runCommand "photoncloud-gate-tier0" { } ''
mkdir -p $out