Move the actual vm tests / flake regressions into the generic build phase

This lets these steps run in maximal parallelism.

This also uses a success job to "combine" all the component jobs into a single signal.

Author: grahamc

.github/workflows/build.yml

@@ -1,10 +1,29 @@
 on:
   workflow_call:
     inputs:
-      os:
+      system:
         required: true
         type: string
-      system:
+      runner:
+        default: |
+          ${{
+               (system == "x86_64-linux"   && "blacksmith-32vcpu-ubuntu-2204")
+            || (system == "aarch64-linux"  && "blacksmith-32vcpu-ubuntu-2204-arm")
+            || (system == "x86_64-darwin"  && "macos-latest-large")
+            || (system == "aarch64-darwin" && "macos-latest-xlarge")
+            || "unknown-system"
+          }}
+        required: true
+        type: string
+      runner_small:
+        default: |
+          ${{
+               (system == "x86_64-linux"   && "ubuntu-latest")
+            || (system == "aarch64-linux"  && "blacksmith-32vcpu-ubuntu-2204-arm")
+            || (system == "x86_64-darwin"  && "macos-latest-large")
+            || (system == "aarch64-darwin" && "macos-latest-xlarge")
+            || "unknown-system"
+          }}
         required: true
         type: string
       if:
@@ -15,13 +34,21 @@ on:
         required: false
         default: true
         type: boolean
+      run_vm_tests:
+        required: false
+        default: false
+        type: boolean
+      run_regression_tests:
+        required: false
+        default: false
+        type: boolean
 
 jobs:
   build:
     if: ${{ inputs.if }}
     strategy:
       fail-fast: false
-    runs-on: ${{ inputs.os }}
+    runs-on: ${{ inputs.runner }}
     timeout-minutes: 60
     steps:
       - uses: actions/checkout@v4
@@ -38,10 +65,156 @@ jobs:
     needs: build
     strategy:
       fail-fast: false
-    runs-on: ${{ inputs.os }}
+    runs-on: ${{ inputs.runner }}
     timeout-minutes: 60
     steps:
       - uses: actions/checkout@v4
       - uses: DeterminateSystems/determinate-nix-action@main
       - uses: DeterminateSystems/flakehub-cache-action@main
       - run: nix flake check -L --system ${{ inputs.system }}
+
+  vm_tests_smoke:
+    if: inputs.run_vm_tests && github.event_name != 'merge_group'
+    needs: build
+    runs-on: ${{ inputs.runner }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: DeterminateSystems/determinate-nix-action@main
+      - uses: DeterminateSystems/flakehub-cache-action@main
+      - run: |
+          nix build -L \
+            .#hydraJobs.tests.functional_user \
+            .#hydraJobs.tests.githubFlakes \
+            .#hydraJobs.tests.nix-docker \
+            .#hydraJobs.tests.tarballFlakes \
+            ;
+
+  vm_tests_all:
+    if: inputs.run_vm_tests && github.event_name == 'merge_group'
+    needs: build
+    runs-on: ${{ inputs.runner }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: DeterminateSystems/determinate-nix-action@main
+      - uses: DeterminateSystems/flakehub-cache-action@main
+      - run: |
+          nix build -L --keep-going \
+            $(nix flake show --json \
+              | jq -r '
+                .hydraJobs.tests
+                | with_entries(select(.value.type == "derivation"))
+                | keys[]
+                | ".#hydraJobs.tests." + .')
+
+  flake_regressions:
+    if: |
+      (inputs.run_regression_tests && github.event_name == 'merge_group')
+      || (
+        github.event.pull_request.head.repo.full_name == 'DeterminateSystems/nix-src'
+        && (
+          (github.event.action == 'labeled' && github.event.label.name == 'flake-regression-test')
+          || (github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'flake-regression-test'))
+        )
+      )
+    needs: build
+    runs-on: ${{ inputs.runner }}
+    steps:
+      - name: Checkout nix
+        uses: actions/checkout@v4
+      - name: Checkout flake-regressions
+        uses: actions/checkout@v4
+        with:
+          repository: DeterminateSystems/flake-regressions
+          path: flake-regressions
+      - name: Checkout flake-regressions-data
+        uses: actions/checkout@v4
+        with:
+          repository: DeterminateSystems/flake-regressions-data
+          path: flake-regressions/tests
+      - uses: DeterminateSystems/determinate-nix-action@main
+      - uses: DeterminateSystems/flakehub-cache-action@main
+      - run: nix build -L --out-link ./new-nix && PATH=$(pwd)/new-nix/bin:$PATH PARALLEL="-P 50%" flake-regressions/eval-all.sh
+
+  flake_regressions_lazy:
+    if: |
+      (inputs.run_regression_tests && github.event_name == 'merge_group')
+      || (
+        github.event.pull_request.head.repo.full_name == 'DeterminateSystems/nix-src'
+        && (
+          (github.event.action == 'labeled' && github.event.label.name == 'flake-regression-test')
+          || (github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'flake-regression-test'))
+        )
+      )
+    needs: build
+    runs-on: ${{ inputs.run_regression_tests }}
+    steps:
+      - name: Checkout nix
+        uses: actions/checkout@v4
+      - name: Checkout flake-regressions
+        uses: actions/checkout@v4
+        with:
+          repository: DeterminateSystems/flake-regressions
+          path: flake-regressions
+      - name: Checkout flake-regressions-data
+        uses: actions/checkout@v4
+        with:
+          repository: DeterminateSystems/flake-regressions-data
+          path: flake-regressions/tests
+      - uses: DeterminateSystems/determinate-nix-action@main
+      - uses: DeterminateSystems/flakehub-cache-action@main
+      - run: nix build -L --out-link ./new-nix && PATH=$(pwd)/new-nix/bin:$PATH PARALLEL="-P 50%" NIX_CONFIG="lazy-trees = true" flake-regressions/eval-all.sh
+
+  manual:
+    if: github.event_name != 'merge_group'
+    needs: build
+    runs-on: ${{ inputs.runner_small }}
+    permissions:
+      id-token: "write"
+      contents: "read"
+      pull-requests: "write"
+      statuses: "write"
+      deployments: "write"
+    steps:
+      - name: Checkout nix
+        uses: actions/checkout@v4
+      - uses: DeterminateSystems/determinate-nix-action@main
+      - uses: DeterminateSystems/flakehub-cache-action@main
+      - name: Build manual
+        run: nix build .#hydraJobs.manual
+      - uses: nwtgck/actions-netlify@v3.0
+        with:
+          publish-dir: "./result/share/doc/nix/manual"
+          production-branch: detsys-main
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          deploy-message: "Deploy from GitHub Actions"
+          # NOTE(cole-h): We have a perpetual PR displaying our changes against upstream open, but
+          # its conversation is locked, so this PR comment can never be posted.
+          # https://github.com/DeterminateSystems/nix-src/pull/4
+          enable-pull-request-comment: ${{ github.event.pull_request.number != 4 }}
+          enable-commit-comment: true
+          enable-commit-status: true
+          overwrites-pull-request-comment: true
+        env:
+          NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
+          NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }}
+  success:
+    needs:
+      - build
+      - test
+      - vm_tests_smoke
+      - vm_tests_all
+      - flake_regressions
+      - flake_regressions_lazy
+      - manual
+    if: ${{ always() }}
+      steps:
+      - run: "true"
+      - run: |
+          echo "A dependent in the build matrix failed:"
+          echo "$needs"
+          exit 1
+        env:
+          needs: ${{ toJSON(needs) }}
+        if: |
+          contains(needs.*.result, 'failure') ||
+          contains(needs.*.result, 'cancelled')

.github/workflows/ci.yml

@@ -26,150 +26,43 @@ jobs:
   build_x86_64-linux:
     uses: ./.github/workflows/build.yml
     with:
-      os: blacksmith-32vcpu-ubuntu-2204
       system: x86_64-linux
+      run_tests: true
+      run_vm_tests: true
+      run_regression_tests: true
 
   build_aarch64-linux:
     uses: ./.github/workflows/build.yml
     with:
       if: ${{ github.event_name == 'merge_group' }}
-      os: blacksmith-32vcpu-ubuntu-2204-arm
       system: aarch64-linux
 
   build_x86_64-darwin:
     uses: ./.github/workflows/build.yml
     with:
       if: ${{ github.event_name == 'merge_group' }}
-      os: macos-latest-large
       system: x86_64-darwin
 
   build_aarch64-darwin:
     uses: ./.github/workflows/build.yml
     with:
-      os: namespace-profile-mac-m2-12c28g
       system: aarch64-darwin
 
-  vm_tests_smoke:
-    if: github.event_name != 'merge_group'
-    needs: build_x86_64-linux
-    runs-on: blacksmith-32vcpu-ubuntu-2204
-    steps:
-      - uses: actions/checkout@v4
-      - uses: DeterminateSystems/determinate-nix-action@main
-      - uses: DeterminateSystems/flakehub-cache-action@main
-      - run: |
-          nix build -L \
-            .#hydraJobs.tests.functional_user \
-            .#hydraJobs.tests.githubFlakes \
-            .#hydraJobs.tests.nix-docker \
-            .#hydraJobs.tests.tarballFlakes \
-            ;
-
-  vm_tests_all:
-    if: github.event_name == 'merge_group'
-    needs: build_x86_64-linux
-    runs-on: blacksmith-32vcpu-ubuntu-2204
-    steps:
-      - uses: actions/checkout@v4
-      - uses: DeterminateSystems/determinate-nix-action@main
-      - uses: DeterminateSystems/flakehub-cache-action@main
+  success:
+    needs:
+      - build_x86_64-linux
+      - build_aarch64-linux
+      - build_x86_64-darwin
+      - build_aarch64-darwin
+    if: ${{ always() }}
+      steps:
+      - run: "true"
       - run: |
-          nix build -L --keep-going \
-            $(nix flake show --json \
-              | jq -r '
-                .hydraJobs.tests
-                | with_entries(select(.value.type == "derivation"))
-                | keys[]
-                | ".#hydraJobs.tests." + .')
-
-  flake_regressions:
-    if: |
-      github.event_name == 'merge_group'
-      || (
-        github.event.pull_request.head.repo.full_name == 'DeterminateSystems/nix-src'
-        && (
-          (github.event.action == 'labeled' && github.event.label.name == 'flake-regression-test')
-          || (github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'flake-regression-test'))
-        )
-      )
-    needs: build_x86_64-linux
-    runs-on: namespace-profile-x86-32cpu-64gb
-    steps:
-      - name: Checkout nix
-        uses: actions/checkout@v4
-      - name: Checkout flake-regressions
-        uses: actions/checkout@v4
-        with:
-          repository: DeterminateSystems/flake-regressions
-          path: flake-regressions
-      - name: Checkout flake-regressions-data
-        uses: actions/checkout@v4
-        with:
-          repository: DeterminateSystems/flake-regressions-data
-          path: flake-regressions/tests
-      - uses: DeterminateSystems/determinate-nix-action@main
-      - uses: DeterminateSystems/flakehub-cache-action@main
-      - run: nix build -L --out-link ./new-nix && PATH=$(pwd)/new-nix/bin:$PATH PARALLEL="-P 50%" flake-regressions/eval-all.sh
-
-  flake_regressions_lazy:
-    if: |
-      github.event_name == 'merge_group'
-      || (
-        github.event.pull_request.head.repo.full_name == 'DeterminateSystems/nix-src'
-        && (
-          (github.event.action == 'labeled' && github.event.label.name == 'flake-regression-test')
-          || (github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'flake-regression-test'))
-        )
-      )
-    needs: build_x86_64-linux
-    runs-on: namespace-profile-x86-32cpu-64gb
-    steps:
-      - name: Checkout nix
-        uses: actions/checkout@v4
-      - name: Checkout flake-regressions
-        uses: actions/checkout@v4
-        with:
-          repository: DeterminateSystems/flake-regressions
-          path: flake-regressions
-      - name: Checkout flake-regressions-data
-        uses: actions/checkout@v4
-        with:
-          repository: DeterminateSystems/flake-regressions-data
-          path: flake-regressions/tests
-      - uses: DeterminateSystems/determinate-nix-action@main
-      - uses: DeterminateSystems/flakehub-cache-action@main
-      - run: nix build -L --out-link ./new-nix && PATH=$(pwd)/new-nix/bin:$PATH PARALLEL="-P 50%" NIX_CONFIG="lazy-trees = true" flake-regressions/eval-all.sh
-
-  manual:
-    if: github.event_name != 'merge_group'
-    needs: build_x86_64-linux
-    runs-on: blacksmith
-    permissions:
-      id-token: "write"
-      contents: "read"
-      pull-requests: "write"
-      statuses: "write"
-      deployments: "write"
-    steps:
-      - name: Checkout nix
-        uses: actions/checkout@v4
-      - uses: DeterminateSystems/determinate-nix-action@main
-      - uses: DeterminateSystems/flakehub-cache-action@main
-      - name: Build manual
-        run: nix build .#hydraJobs.manual
-      - uses: nwtgck/actions-netlify@v3.0
-        with:
-          publish-dir: "./result/share/doc/nix/manual"
-          production-branch: detsys-main
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          deploy-message: "Deploy from GitHub Actions"
-          # NOTE(cole-h): We have a perpetual PR displaying our changes against upstream open, but
-          # its conversation is locked, so this PR comment can never be posted.
-          # https://github.com/DeterminateSystems/nix-src/pull/4
-          enable-pull-request-comment: ${{ github.event.pull_request.number != 4 }}
-          enable-commit-comment: true
-          enable-commit-status: true
-          overwrites-pull-request-comment: true
+          echo "A dependent in the build matrix failed:"
+          echo "$needs"
+          exit 1
         env:
-          NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
-          NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }}
+          needs: ${{ toJSON(needs) }}
+        if: |
+          contains(needs.*.result, 'failure') ||
+          contains(needs.*.result, 'cancelled')