feat: use download-artifact instead of manually downloading it

This should hopefully work on private repos too!
2025-05-14 22:55:28 +02:00
5 changed files with 58 additions and 131 deletions
--- a/.forgejo/workflows/check.yml
+++ b/.forgejo/workflows/check.yml
@ -33,6 +33,8 @@ jobs:
          do-comparison: 'true'
          # This job's name (so we can find the artifacts)
          job-name: report-size
+          # A token is required to download a previous run's artifact
+          github-token: ${{ secrets.FULL_PERM_TEST }}
  report-download-check:
    runs-on: nixos
    needs: report-size
@ -41,6 +43,8 @@ jobs:
        uses: https://git.salame.cl/actions/download-artifact@d8d0a99033603453ad2255e58720b460a0555e1e # v4
        with:
          name: report.json
+          github-token: ${{ secrets.ARTIFACT_TOKEN }}
+          run-id: 15
      - name: Verify report exists
        run: |
          cat report.json
--- a/action.yml
+++ b/action.yml
@ -39,6 +39,8 @@ inputs:
  artifact-name:
    description: The name of the generated artifact.
    default: report.json
+  github-token:
+    description: A github token with read permissions for this repository, required if do-comparison is 'true'
  # Comparison Report (comment only)
  do-comparison:
    description: |
@ -110,6 +112,46 @@ runs:
        issue-number: ${{ steps.pr-number.outputs.pr-number }}
        direction: first
        body-includes: "<!-- AUTOGENERATED by nix-flake-outputs-size action -->"
+    - name: Find previous run on base-branch
+      # Only run when doing comparisons
+      if: inputs.do-comparison == 'true'
+      id: previous-report
+      continue-on-error: true
+      env:
+        BASE_BRANCH: ${{ inputs.base-branch }}
+        JOB_NAME: ${{ inputs.job-name }}
+        ARTIFACT_NAME: ${{ inputs.artifact-name }}
+      run: |
+        . "${GITHUB_ACTION_PATH}/utils.sh"
+
+        # Determine the default branch of this repo
+        default_branch() {
+          curl -X GET \
+            -H "Authorization: token $GITHUB_TOKEN" \
+            -H 'Accept: application/json' \
+            "$GITHUB_API_URL/repos/$GITHUB_REPOSITORY" |
+            jq --raw-output '.default_branch'
+        }
+
+        run_id=$(curl -X 'GET' \
+          "$GITHUB_API_URL/repos/$GITHUB_REPOSITORY/actions/tasks" \
+          -H "Authorization: token $GITHUB_TOKEN" \
+          -H 'Accept: application/json' |
+          jq --raw-output \
+            --arg name "$JOB_NAME" \
+            --arg head_branch "${BASE_BRANCH:-$(default_branch)}" \
+            '[.workflow_runs[] | select(.name == $name and .head_branch == $head_branch)] | first | .run_number')
+
+        echo "run-id=$run_id" >> "$GITHUB_OUTPUT"
+        log Would try to download "$ARTIFACT_NAME" from "$run_id"
+    - name: Download previous report
+      uses: https://git.salame.cl/actions/download-artifact@d8d0a99033603453ad2255e58720b460a0555e1e # v4
+      # Ensure the previous step succeeded
+      if: steps.previous-report.outcome == 'success'
+      with:
+        name: ${{ inputs.artifact-name }}
+        # github-token: ${{ inputs.github-token }}
+        # run-id: ${{ steps.previous-report.outputs.run-id }}
    - name: Create report
      if: inputs.comment-on-pr == 'true' || inputs.generate-artifact == 'true'
      env:
@ -129,6 +171,9 @@ runs:
          exit 1
        fi

+        # move old report so it doesn't clash with the new report
+        [ -f report.json ] && mv report.json old-report.json
+
        # Create Size Report
        "$GITHUB_ACTION_PATH/create-report.sh" > report.json

@ -137,7 +182,7 @@ runs:

        # Try to do a comparison report
        if [ "$DO_COMPARISON" = 'true' ]; then
-          if "$GITHUB_ACTION_PATH/retrieve-old-report.sh" && [ -f old-report.json ]; then
+          if [ -f old-report.json ]; then
            log "Reporting on sizes and comparing to sizes in $HEAD_BRANCH"

            "$GITHUB_ACTION_PATH/comment_on_pr.sh" report.json old-report.json
--- a/comment_on_pr.sh
+++ b/comment_on_pr.sh
@ -64,7 +64,7 @@ markdown_from_report() {

 <details><summary><b>Tips on reading this data</b></summary>

- For NixOS/Home-Manager configurations you generally care only about the `Size` (closure size/size on disk).
+- For NixOS configurations you generally care only about the `Size` (closure size/size on disk).
  - Reduce the `Size` by disabling unneeded services/default packages.
 - For Packages you care about both the `Size` and the `NAR Size`.
  - Reduce the `NAR Size` by reducing the size of the build outputs, e.g. don't copy unnecessary data to the $out dir, optimize binaries for size, etc.
@ -87,16 +87,6 @@ markdown_from_report() {
      echo "$compare" | json_to_md_rows_and_change "nixosConfigurations"
      echo
    fi
-    if echo "$compare" | has_elements 'homeConfigurations'; then
-      cat <<-"EOF"
-				## Home Manager Configurations
-
-				| Name | Size | Size Change | NAR Size | NAR Size Change |
-				|------|-----:|------------:|---------:|----------------:|
-			EOF
-      echo "$compare" | json_to_md_rows_and_change "homeConfigurations"
-      echo
-    fi
    if echo "$compare" | has_elements 'packages'; then
      cat <<-"EOF"
 				## Packages
@ -118,16 +108,6 @@ markdown_from_report() {
      json_to_md_rows "nixosConfigurations" "$1"
      echo
    fi
-    if has_elements 'homeConfigurations' "$1"; then
-      cat <<-"EOF"
-				## Home Manger Configurations
-
-				| Name | Size | NAR Size |
-				|------|-----:|---------:|
-			EOF
-      json_to_md_rows "homeConfigurations" "$1"
-      echo
-    fi
    if has_elements 'packages' "$1"; then
      cat <<-"EOF"
 				## Packages
--- a/create-report.sh
+++ b/create-report.sh
@ -20,22 +20,13 @@ packages=$(
 log "$packages"
 endgroup

-group 'Show Home Manager Configurations'
-hmConfigs=$(
-  jq --raw-output '.homeConfigurations | select(. != null) | keys[]' <<-EOF
-		$flake_info
-	EOF
-)
-log "$hmConfigs"
-endgroup
-
 group 'Show NixOS Configurations'
-nixosConfigs=$(
+configurations=$(
  jq --raw-output '.nixosConfigurations | select(. != null) | keys[]' <<-EOF
 		$flake_info
 	EOF
 )
-log "$nixosConfigs"
+log "$configurations"
 endgroup

 pkgs_json() {
@ -51,22 +42,10 @@ pkgs_json() {
  endgroup
 }

-hm_configs_json() {
-  group 'Building Home Manager configurations'
-  trap endgroup RETURN
-  for config in $hmConfigs; do
-    log "Building $config"
-    path=$(nix build --print-out-paths ".#homeConfigurations.$config.activationPackages")
-    log "Calculating size of $config"
-    nix path-info --closure-size --json "$path" |
-      jq --compact-output --arg pkg "$config" '.[] | {"name": $pkg, "size": .closureSize, "narSize": .narSize}'
-  done
-}
-
-nixos_configs_json() {
+configs_json() {
  group 'Building NixOS configurations'
  trap endgroup RETURN
-  for config in $nixosConfigs; do
+  for config in $configurations; do
    log "Building $config"
    path=$(nix build --print-out-paths ".#nixosConfigurations.$config.config.system.build.toplevel")
    log "Calculating size of $config"
@ -76,11 +55,9 @@ nixos_configs_json() {
 }

 pkgs=$(pkgs_json | jq --slurp '.')
-hmConfigs=$(hm_configs_json | jq --slurp '.')
-nixosConfigs=$(nixos_configs_json | jq --slurp '.')
+configs=$(configs_json | jq --slurp '.')

 echo "{}" | jq \
  --argjson pkgs "$pkgs" \
-  --argjson nixosConfigs "$nixosConfigs" \
-  --argjson hmConfigs "$hmConfigs" \
-  '{"packages": $pkgs, "nixosConfigurations": $nixosConfigs, "homeConfigurations": $hmConfigs}'
+  --argjson configs "$configs" \
+  '{"packages": $pkgs, "nixosConfigurations": $configs}'
--- a/retrieve-old-report.sh
+++ b/retrieve-old-report.sh
@ -1,79 +0,0 @@
-#!/bin/sh
-
-. "${GITHUB_ACTION_PATH}/utils.sh"
-
-repo_info() {
-  curl -X GET \
-    -H "Authorization: token $GITHUB_TOKEN" \
-    -H 'Accept: application/json' \
-    "$GITHUB_API_URL/repos/$GITHUB_REPOSITORY"
-}
-
-in_private_repo() {
-  test "$(repo_info | jq --raw-output '.private')" = 'true'
-}
-
-default_branch() {
-  repo_info | jq --raw-output '.default_branch'
-}
-
-# USAGE: base_report_url <BASE_BRANCH>
-base_report_url() {
-  curl -X 'GET' \
-    "$GITHUB_API_URL/repos/$GITHUB_REPOSITORY/actions/tasks" \
-    -H "Authorization: token $GITHUB_TOKEN" \
-    -H 'Accept: application/json' |
-    jq --raw-output \
-      --arg name "$JOB_NAME" \
-      --arg head_branch "$1" \
-      '[.workflow_runs[] | select(.name == $name and .head_branch == $head_branch)] | first | .url'
-}
-
-# USAGE: has_report <REPORT_URL>
-has_report() {
-  http_code=$(curl -X 'GET' -o /dev/null --silent -Iw '%{http_code}' \
-    "$1" -H "Authorization: token $GITHUB_TOKEN")
-  log "Got code $http_code for $1"
-  test "$http_code" = '200'
-}
-
-# If a base branch is not provided, use the default branch
-base_branch=${BASE_BRANCH:-$(default_branch)}
-
-if [ "$(in_private_repo)" != 'true' ] && [ "$JOB_NAME" ]; then
-  url=$(base_report_url "$base_branch")
-
-  log "Found previous run at: $url"
-  report_url="$url/artifacts/$ARTIFACT_NAME"
-
-  if has_report "$report_url"; then
-    log 'Found previous report, downloading...'
-    curl -X 'GET' \
-      "$report_url" \
-      -H "Authorization: token $GITHUB_TOKEN" |
-      gunzip >old-report.json
-    log "Reporting on sizes and comparing to sizes in $base_branch"
-    exit 0
-  fi
-  error "Failed to find previous report, expected at: $report_url"
-fi
-
-warn "Couldn't retrieve old report:"
-warn '    This usuially happens when running on private repos'
-warn '    or when job-name is not set.'
-warn
-warn '    See the README for more details'
-
-error "Falling back to slow method (checkout $base_branch and generate the report)"
-
-old=$(mktemp -d)
-group "Download files from $base_branch"
-curl -X 'GET' \
-  "$GITHUB_API_URL/repos/$GITHUB_REPOSITORY/archive/$base_branch.tar.gz" \
-  -H "Authorization: token $GITHUB_TOKEN" |
-  tar -zvx --strip-components=1 -C "$old"
-endgroup
-
-(cd "$old" && "$GITHUB_ACTION_PATH/create-report.sh") >old-report.json
-
-exit 0