build images #458
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build images | |
| on: | |
| schedule: | |
| - cron: "0 2 * * *" | |
| workflow_dispatch: {} | |
| push: {} | |
| jobs: | |
| generate_matrix: | |
| runs-on: ubuntu-20.04 | |
| outputs: | |
| packages: ${{ steps.gen_packages.outputs.packages }} | |
| checks: ${{ steps.gen_checks.outputs.checks }} | |
| steps: | |
| - name: Clone repository | |
| uses: actions/checkout@v4 | |
| with: | |
| token: "${{ secrets.GITHUB_TOKEN }}" | |
| - name: Install nix | |
| uses: cachix/install-nix-action@v25 | |
| with: | |
| extra_nix_config: | | |
| auto-optimise-store = true | |
| access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
| experimental-features = nix-command flakes | |
| substituters = https://cache.nixos.org https://bri.cachix.org https://devenv.cachix.org https://perchnet.cachix.org https://nix-community.cachix.org https://devenv.cachix.org | |
| trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= bri.cachix.org-1:/dk2nWYOEZl/BnC8h5CTKgao5HeWjCIgY1Tuj29Bq4s= devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw= perchnet.cachix.org-1:0mwmOwJFqL+r4HKl68GZ90ATTFsi3/L4ejSUIWaYYmc= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= | |
| trusted-users = root admin @sudo @wheel | |
| install_url: https://releases.nixos.org/nix/nix-2.19.0/install | |
| - uses: DeterminateSystems/magic-nix-cache-action@main | |
| - name: Generate flake.json | |
| run: | | |
| nix flake show --json > flake.json | |
| - id: gen_packages | |
| run: | | |
| packages=$(jq -c '.packages."x86_64-linux" | keys' < flake.json) | |
| printf "::set-output name=packages::%s" "$packages" | |
| - id: gen_checks | |
| run: | | |
| checks=$(jq -c '.checks."x86_64-linux" | keys' < flake.json) | |
| printf "::set-output name=checks::%s" "$checks" | |
| update_flake: | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Clone repository | |
| uses: actions/checkout@v4 | |
| with: | |
| token: "${{ secrets.GITHUB_TOKEN }}" | |
| - name: Install nix | |
| uses: cachix/install-nix-action@v25 | |
| with: | |
| extra_nix_config: | | |
| auto-optimise-store = true | |
| access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
| experimental-features = nix-command flakes | |
| substituters = https://cache.nixos.org https://bri.cachix.org https://devenv.cachix.org https://perchnet.cachix.org https://nix-community.cachix.org https://devenv.cachix.org | |
| trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= bri.cachix.org-1:/dk2nWYOEZl/BnC8h5CTKgao5HeWjCIgY1Tuj29Bq4s= devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw= perchnet.cachix.org-1:0mwmOwJFqL+r4HKl68GZ90ATTFsi3/L4ejSUIWaYYmc= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= | |
| trusted-users = root admin @sudo @wheel | |
| install_url: https://releases.nixos.org/nix/nix-2.19.0/install | |
| - uses: DeterminateSystems/magic-nix-cache-action@main | |
| - name: Set up git | |
| run: | | |
| git config user.email [email protected] | |
| git config user.name "Git Bot" | |
| - name: Update the flake | |
| run: nix flake update | |
| - name: Store flake.lock | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: flake_lock | |
| path: flake.lock | |
| build_flake: | |
| runs-on: ubuntu-20.04 | |
| needs: [generate_matrix, update_flake] | |
| strategy: | |
| fail-fast: false | |
| max-parallel: 5 | |
| matrix: | |
| package: ${{fromJson(needs.generate_matrix.outputs.packages)}} | |
| steps: | |
| # - name: Prepare store folder | |
| # run: sudo mkdir -p /nix | |
| - name: Free diskspace | |
| uses: easimon/maximize-build-space@master | |
| with: | |
| build-mount-path: /nix | |
| remove-dotnet: true | |
| remove-android: true | |
| remove-haskell: true | |
| - name: Clone repository | |
| uses: actions/checkout@v4 | |
| with: | |
| token: "${{ secrets.GITHUB_TOKEN }}" | |
| - name: Install nix | |
| uses: cachix/install-nix-action@v25 | |
| with: | |
| extra_nix_config: | | |
| auto-optimise-store = true | |
| access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
| experimental-features = nix-command flakes | |
| substituters = https://cache.nixos.org https://bri.cachix.org https://devenv.cachix.org https://perchnet.cachix.org https://nix-community.cachix.org https://devenv.cachix.org | |
| trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= bri.cachix.org-1:/dk2nWYOEZl/BnC8h5CTKgao5HeWjCIgY1Tuj29Bq4s= devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw= perchnet.cachix.org-1:0mwmOwJFqL+r4HKl68GZ90ATTFsi3/L4ejSUIWaYYmc= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= | |
| trusted-users = root admin @sudo @wheel | |
| install_url: https://releases.nixos.org/nix/nix-2.19.0/install | |
| - uses: DeterminateSystems/magic-nix-cache-action@main | |
| - name: Set up cachix | |
| uses: cachix/cachix-action@master # pathsToPush, please update once we have v11! | |
| with: | |
| name: bri | |
| signingKey: "${{ secrets.CACHIX_SIGNING_KEY }}" | |
| pathsToPush: result | |
| - name: Restore flake.lock | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: flake_lock | |
| - name: Build everything | |
| run: cachix watch-exec bri -- nix build .#${{ matrix.package }} | |
| build_darwin: | |
| runs-on: macos-14 | |
| needs: [update_flake] | |
| strategy: | |
| fail-fast: false | |
| max-parallel: 5 | |
| matrix: | |
| ARCH: | |
| - "x86_64" | |
| - "aarch64" | |
| steps: | |
| - name: Clone repository | |
| uses: actions/checkout@v4 | |
| with: | |
| token: "${{ secrets.GITHUB_TOKEN }}" | |
| - name: Install nix | |
| uses: cachix/install-nix-action@v25 | |
| with: | |
| extra_nix_config: | | |
| auto-optimise-store = true | |
| access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
| experimental-features = nix-command flakes | |
| substituters = https://cache.nixos.org https://bri.cachix.org https://devenv.cachix.org https://perchnet.cachix.org https://nix-community.cachix.org https://devenv.cachix.org | |
| trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= bri.cachix.org-1:/dk2nWYOEZl/BnC8h5CTKgao5HeWjCIgY1Tuj29Bq4s= devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw= perchnet.cachix.org-1:0mwmOwJFqL+r4HKl68GZ90ATTFsi3/L4ejSUIWaYYmc= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= | |
| trusted-users = root admin @sudo @wheel | |
| install_url: https://releases.nixos.org/nix/nix-2.19.0/install | |
| - uses: DeterminateSystems/magic-nix-cache-action@main | |
| - name: Set up cachix | |
| uses: cachix/cachix-action@master # pathsToPush, please update once we have v11! | |
| with: | |
| name: bri | |
| authToken: "${{ secrets.CACHIX_SIGNING_KEY }}" | |
| pathsToPush: result | |
| - name: Restore flake.lock | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: flake_lock | |
| - name: Build everything | |
| run: | | |
| set -x | |
| mkdir -p build | |
| cachix watch-exec bri -- nix build ".#darwinConfigurations.bri@${{ matrix.ARCH }}-darwin.system" --accept-flake-config | |
| build_images: | |
| runs-on: ubuntu-20.04 | |
| needs: [update_flake] | |
| # strategy: | |
| # fail-fast: false | |
| # max-parallel: 5 | |
| # matrix: | |
| # ARCH: [ "x86_64" ] | |
| # OS: [ "linux" ] | |
| # TARGET: | |
| # - "server" | |
| # - "bri" | |
| # FORMAT: | |
| # - "proxmox" | |
| # - "raw-efi" | |
| # - "iso" | |
| steps: | |
| # - name: Prepare store folder | |
| # run: sudo mkdir -p /nix | |
| - name: Free diskspace | |
| uses: easimon/maximize-build-space@master | |
| with: | |
| build-mount-path: /nix | |
| remove-dotnet: true | |
| remove-android: true | |
| remove-haskell: true | |
| - name: Clone repository | |
| uses: actions/checkout@v4 | |
| with: | |
| token: "${{ secrets.GITHUB_TOKEN }}" | |
| - name: Install nix | |
| uses: cachix/install-nix-action@v25 | |
| with: | |
| extra_nix_config: | | |
| auto-optimise-store = true | |
| access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
| experimental-features = nix-command flakes | |
| substituters = https://cache.nixos.org https://bri.cachix.org https://devenv.cachix.org https://perchnet.cachix.org https://nix-community.cachix.org https://devenv.cachix.org | |
| trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= bri.cachix.org-1:/dk2nWYOEZl/BnC8h5CTKgao5HeWjCIgY1Tuj29Bq4s= devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw= perchnet.cachix.org-1:0mwmOwJFqL+r4HKl68GZ90ATTFsi3/L4ejSUIWaYYmc= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= | |
| trusted-users = root admin @sudo @wheel | |
| install_url: https://releases.nixos.org/nix/nix-2.19.0/install | |
| - uses: DeterminateSystems/magic-nix-cache-action@main | |
| - name: Set up cachix | |
| uses: cachix/cachix-action@master # pathsToPush, please update once we have v11! | |
| with: | |
| name: bri | |
| authToken: "${{ secrets.CACHIX_SIGNING_KEY }}" | |
| pathsToPush: result | |
| - name: Restore flake.lock | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: flake_lock | |
| - run: sudo `which nix-collect-garbage` --delete-old | |
| - name: Build everything | |
| run: | | |
| set -x | |
| mkdir -p build | |
| cachix watch-exec bri -- nix build ".#nixosConfigurations.server@x86_64-linux.config.system.build.toplevel" --accept-flake-config | |
| # cp -LR "$(cachix watch-exec bri -- nix build ".#nixosConfigurations.${{matrix.TARGET}}@${{matrix.ARCH}}-${{matrix.OS}}.config.formats.${{matrix.FORMAT}}" --print-out-paths --show-trace --accept-flake-config)" build/ | |
| # - name: list outputs | |
| # run: | | |
| # find build | |
| # - name: rename build | |
| # run: | | |
| # case "${{matrix.FORMAT}}" in | |
| # "proxmox") | |
| # EXT="vma.zst" | |
| # ;; | |
| # "raw-efi") | |
| # EXT="img" | |
| # ;; | |
| # "iso") | |
| # EXT="iso" | |
| # ;; | |
| # esac | |
| # if [[ "${EXT}" == "vma.zst" ]] ; then | |
| # for i in build/*.${EXT} ; do | |
| # mv "$i" build/"vzdump-qemu-${{matrix.TARGET}}_$(basename ${i})" | |
| # done | |
| # else | |
| # for i in build/*.${EXT} ; do | |
| # mv "$i" build/"${{matrix.TARGET}}_$(basename ${i})" | |
| # done | |
| # fi | |
| # - run: | | |
| # case "${{matrix.FORMAT}}" in | |
| # "proxmox") | |
| # DESTDIR="dump" | |
| # ;; | |
| # "raw-efi") | |
| # DESTDIR="images" | |
| # ;; | |
| # "iso") | |
| # DESTDIR="template/iso" | |
| # ;; | |
| # esac | |
| # printenv UPLOAD_SSH_KEY > /tmp/ci-upload.key | |
| # chmod 600 /tmp/ci-upload.key | |
| # chmod -R 755 build | |
| # scp -C -i /tmp/ci-upload.key -oStrictHostKeyChecking=no -oport=222 -oidentitiesonly=true -oPasswordAuthentication=no build/* [email protected]:${DESTDIR} | |
| # # nix build .#${{ matrix.package }} | |
| # build_checks: | |
| # runs-on: ubuntu-20.04 | |
| # needs: [generate_matrix, update_flake] | |
| # strategy: | |
| # fail-fast: false | |
| # max-parallel: 5 | |
| # matrix: | |
| # check: ${{fromJson(needs.generate_matrix.outputs.checks)}} | |
| # steps: | |
| # - name: Clone repository | |
| # uses: actions/checkout@v4 | |
| # with: | |
| # token: "${{ secrets.GITHUB_TOKEN }}" | |
| # - name: Install nix | |
| # uses: cachix/install-nix-action@v25 | |
| # with: | |
| # extra_nix_config: | | |
| # auto-optimise-store = true | |
| # access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
| # experimental-features = nix-command flakes | |
| # substituters = https://cache.nixos.org https://bri.cachix.org https://devenv.cachix.org https://perchnet.cachix.org https://nix-community.cachix.org https://devenv.cachix.org | |
| # trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= bri.cachix.org-1:/dk2nWYOEZl/BnC8h5CTKgao5HeWjCIgY1Tuj29Bq4s= devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw= perchnet.cachix.org-1:0mwmOwJFqL+r4HKl68GZ90ATTFsi3/L4ejSUIWaYYmc= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= | |
| # trusted-users = root admin @sudo @wheel | |
| # install_url: https://releases.nixos.org/nix/nix-2.19.0/install | |
| # - uses: DeterminateSystems/magic-nix-cache-action@main | |
| # - name: Set up cachix | |
| # uses: cachix/cachix-action@master # pathsToPush, please update once we have v11! | |
| # with: | |
| # name: bri | |
| # signingKey: "${{ secrets.CACHIX_SIGNING_KEY }}" | |
| # skipPush: true | |
| # - name: Restore flake.lock | |
| # uses: actions/download-artifact@v4 | |
| # with: | |
| # name: flake_lock | |
| # - name: Build everything | |
| # run: nix flake check -j auto --system ${ARCH//arm/aarch}-${CIRRUS_OS} --impure --show-trace --accept-flake-config | |
| # #run: nix build .#checks.x86_64-linux.${{ matrix.check }} --no-link | |
| check_flake: | |
| runs-on: ubuntu-20.04 | |
| needs: [update_flake] | |
| continue-on-error: true | |
| steps: | |
| - name: Clone repository | |
| uses: actions/checkout@v4 | |
| with: | |
| token: "${{ secrets.GITHUB_TOKEN }}" | |
| - name: Install nix | |
| uses: cachix/install-nix-action@v25 | |
| with: | |
| extra_nix_config: | | |
| auto-optimise-store = true | |
| access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
| experimental-features = nix-command flakes | |
| substituters = https://cache.nixos.org https://bri.cachix.org https://devenv.cachix.org https://perchnet.cachix.org https://nix-community.cachix.org https://devenv.cachix.org | |
| trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= bri.cachix.org-1:/dk2nWYOEZl/BnC8h5CTKgao5HeWjCIgY1Tuj29Bq4s= devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw= perchnet.cachix.org-1:0mwmOwJFqL+r4HKl68GZ90ATTFsi3/L4ejSUIWaYYmc= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= | |
| trusted-users = root admin @sudo @wheel | |
| install_url: https://releases.nixos.org/nix/nix-2.19.0/install | |
| - uses: DeterminateSystems/magic-nix-cache-action@main | |
| - name: Restore flake.lock | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: flake_lock | |
| - name: Build everything | |
| run: | | |
| nix flake check --keep-going --impure | |
| push_update: | |
| runs-on: ubuntu-20.04 | |
| permissions: write-all | |
| needs: [update_flake, build_flake, check_flake, build_images, build_darwin] | |
| steps: | |
| - name: Clone repository | |
| uses: actions/checkout@v4 | |
| with: | |
| token: "${{ secrets.GITHUB_TOKEN }}" | |
| - name: Restore flake.lock | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: flake_lock | |
| - uses: fregante/setup-git-user@v2 | |
| - name: Create and merge PR | |
| run: | | |
| git switch -c updates-${{ github.run_id }} | |
| git commit -am "flake.lock: Update" || exit 0 | |
| git push -u origin updates-${{ github.run_id }} | |
| PR=$(gh pr create \ | |
| --assignee b- \ | |
| --base bri \ | |
| --body "Automatic flake update on $(date -I)" \ | |
| --fill \ | |
| --label automated \ | |
| --label dependencies \ | |
| --title "Auto update $(date -I)") | |
| gh pr merge $PR --merge --delete-branch |