From d971b72ba48a9f83fa001959be630f14397ef089 Mon Sep 17 00:00:00 2001
From: Oleks <oleks.kuksenko@gmail.com>
Date: Wed, 29 Apr 2026 11:16:57 +0300
Subject: [PATCH] ci: stream build logs and add env context

setup.sh now traces each command (set -ex) so /etc/hosts, nix.conf,
and netrc setup are visible in pipeline logs.

build.py replaces capture() with a streaming build() helper for
nix builds: stderr is inherited (live --print-build-logs output)
while stdout is captured for the out path. Also dumps nix version,
uname, disk, and memory at the start so failures have context.
---
 ci/build.py | 26 ++++++++++++++++----------
 ci/setup.sh |  2 +-
 2 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/ci/build.py b/ci/build.py
index c9e70e2..ebfbe55 100644
--- a/ci/build.py
+++ b/ci/build.py
@@ -13,12 +13,14 @@ def run(cmd):
         sys.exit(r.returncode)
 
 
-def capture(cmd):
-    r = subprocess.run(cmd, shell=True, capture_output=True, text=True)
-    if r.returncode != 0:
-        print(r.stderr, file=sys.stderr)
-        sys.exit(r.returncode)
-    return r.stdout.strip()
+def build(cmd):
+    """Run a `nix build`, streaming stderr live; return stdout (the out path)."""
+    print(f"+ {cmd}", flush=True)
+    proc = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, text=True)
+    out, _ = proc.communicate()
+    if proc.returncode != 0:
+        sys.exit(proc.returncode)
+    return out.strip()
 
 
 ARCH = sys.argv[1]
@@ -28,11 +30,15 @@ ATTIC_TOKEN = os.environ["ATTIC_TOKEN"]
 
 print(f"=== Building flake-hub packages for {ARCH} ===")
 
+# Environment context for log readers
+run("nix --version")
+run("uname -a")
+run("df -h /nix 2>/dev/null || df -h /")
+run("free -h")
+
 # Setup attic
 attic = (
-    capture(
-        "nix build --inputs-from . nixpkgs#attic-client --print-out-paths --no-link"
-    )
+    build("nix build --inputs-from . nixpkgs#attic-client --print-build-logs --print-out-paths --no-link")
     + "/bin/attic"
 )
 run(f"'{attic}' login ci {ATTIC_SERVER} '{ATTIC_TOKEN}'")
@@ -47,7 +53,7 @@ if ARCH == "s390x-linux":
 print("Building packages...")
 for pkg in packages:
     print(f"--- {pkg} ---")
-    out = capture(
+    out = build(
         f"nix build '.#packages.{ARCH}.{pkg}' --print-build-logs --print-out-paths --no-link"
     )
     run(f"'{attic}' push {ATTIC_CACHE} {out}")
diff --git a/ci/setup.sh b/ci/setup.sh
index 448ea24..1187563 100755
--- a/ci/setup.sh
+++ b/ci/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # Bootstrap nix environment for CI (runs inside nixos/nix:latest)
-set -e
+set -ex
 
 # Direct to armer public IP — bypass Cloudflare upload size limits
 # Hairpin NAT on armer handles redirect for pods running on armer itself