Skip to content

Bump DeterminateSystems/nix-installer-action from 14 to 15 (#1326) #409

Bump DeterminateSystems/nix-installer-action from 14 to 15 (#1326)

Bump DeterminateSystems/nix-installer-action from 14 to 15 (#1326) #409

Workflow file for this run

name: "Nix and release"
on:
push:
branches:
- master
tags:
- "v*"
pull_request:
branches:
- master
jobs:
nixBuild:
name: Build ${{ matrix.name }} binary
timeout-minutes: ${{ matrix.timeout || 30 }}
runs-on: ${{ matrix.os }}
permissions:
contents: read
outputs:
version: ${{ steps.version.outputs.version }}
strategy:
matrix:
include:
- os: ubuntu-latest
name: Linux (x86_64)
tuple: x86_64-linux
timeout: 180
- os: macos-13
name: macOS (x86_64)
tuple: x86_64-macos
- os: macos-14
name: macOS (aarch64)
tuple: aarch64-macos
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@v15
- name: Configure Cachix
uses: cachix/cachix-action@v15
with:
name: trailofbits
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
- name: Configure Nix cache
uses: DeterminateSystems/magic-nix-cache-action@v8
with:
upstream-cache: https://trailofbits.cachix.org
- name: Obtain version number
id: version
run: |
if [[ "$GIT_REF" =~ ^refs/tags/v.* ]]; then
echo "version=$(echo "$GIT_REF" | sed 's#^refs/tags/v##')" >> "$GITHUB_OUTPUT"
else
echo "version=HEAD-$(echo "$GIT_SHA" | cut -c1-7)" >> "$GITHUB_OUTPUT"
fi
env:
GIT_REF: ${{ github.ref }}
GIT_SHA: ${{ github.sha }}
- name: Build dynamic echidna
run: |
nix build .#echidna
- name: Build redistributable echidna
run: |
nix build .#echidna-redistributable --out-link redistributable
tar -czf "echidna-${{ steps.version.outputs.version }}-${{ matrix.tuple }}.tar.gz" -C ./redistributable/bin/ echidna
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: echidna-redistributable-${{ matrix.tuple }}
path: echidna-${{ steps.version.outputs.version }}-${{ matrix.tuple }}.tar.gz
release:
name: Create release
timeout-minutes: 10
needs: [nixBuild]
if: startsWith(github.ref, 'refs/tags/')
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Download binaries
uses: actions/download-artifact@v4
with:
pattern: echidna-redistributable-*
merge-multiple: true
- name: Sign binaries
uses: sigstore/[email protected]
with:
inputs: ./echidna-*.tar.gz
- name: Create GitHub release and upload binaries
uses: softprops/[email protected]
with:
draft: true
name: "Echidna ${{ needs.nixBuild.outputs.version }}"
files: |
./echidna-*.tar.gz
./echidna-*.tar.gz.sigstore.json