This repository has been archived by the owner on May 10, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
79 lines (66 loc) · 2.82 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
name: "Build and push neard-nix cache & Docker images"
on:
workflow_dispatch:
pull_request:
push:
branches:
- master
jobs:
build:
permissions:
packages: write
runs-on: ubuntu-latest
steps:
- name: "Checkout code repository"
uses: "actions/checkout@v4"
- name: "Install Nix"
uses: "DeterminateSystems/nix-installer-action@v9"
with:
extra-conf: |
accept-flake-config = true
- name: "Set up Nix caching"
uses: "DeterminateSystems/magic-nix-cache-action@v4"
- name: "Build neard"
run: |-
set -euo pipefail
nix build --no-link --print-build-logs .#neard
- name: "Build neard-rc"
run: |-
set -euo pipefail
nix build --no-link --print-build-logs .#neard-rc
- name: "Push cache"
if: "github.event_name == 'push' && github.ref == 'refs/heads/master'"
run: |-
set -euo pipefail
# This will re-run builds, but since neard derivations were built previously,
# it's essentially only pushing a cache
export CACHIX_AUTH_TOKEN="${{ secrets.CACHIX_AUTH_TOKEN }}"
if [ -n "${CACHIX_AUTH_TOKEN}" ]; then
nix develop .#ci --command "./ci/build_publish_cache.sh"
fi
- name: "Build & push Docker images"
if: "github.event_name == 'push' && github.ref == 'refs/heads/master'"
env:
COSIGN_KEY: "${{ secrets.COSIGN_KEY }}"
COSIGN_PASSWORD: "${{ secrets.COSIGN_PASSWORD }}"
Z_GITHUB_REF: "${{ github.sha }}"
Z_GITHUB_REPO: "${{ github.repository }}"
Z_GITHUB_WORKFLOW: "${{ github.workflow }}"
run: |-
set -euo pipefail
set -x
: "${TMPDIR:=$(mktemp -d)}"
export XDG_RUNTIME_DIR="${TMPDIR}/xdg"
mkdir -p "${XDG_RUNTIME_DIR}"
echo '${{ secrets.GHCR_PAT }}' | nix develop .#ci --command skopeo --tmpdir=$TMPDIR login ghcr.io --username='${{ github.actor }}' --password-stdin
echo '${{ secrets.GHCR_PAT }}' | nix develop .#ci --command cosign login ghcr.io --username='${{ github.actor }}' --password-stdin
echo '${{ secrets.DOCKER_HUB_PAT }}' | nix develop .#ci --command skopeo --tmpdir=$TMPDIR login docker.io --username='${{ secrets.DOCKER_HUB_USERNAME }}' --password-stdin
echo '${{ secrets.DOCKER_HUB_PAT }}' | nix develop .#ci --command cosign login docker.io --username='${{ secrets.DOCKER_HUB_USERNAME }}' --password-stdin
repositories=(
ghcr.io/zentriamc/neard-nix/neard
docker.io/zentria/neard-nix
)
for repository in "${repositories[@]}"; do
env DOCKER_REPOSITORY="${repository}" \
nix develop .#ci --command "./ci/build_publish_docker_images.sh"
done