Bump DeterminateSystems/nix-installer-action from 10 to 12 #42
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "NixOS" | |
on: | |
pull_request: | |
paths: | |
- .github/workflows/nixos.yml | |
- infra/nixos/* | |
push: | |
branches: | |
- 'main' | |
paths: | |
- .github/workflows/nixos.yml | |
- infra/nixos/* | |
workflow_dispatch: | |
branches: [main] | |
workflow_run: | |
workflows: [Terraform] | |
types: [completed] | |
branches: [main] | |
jobs: | |
tests: | |
name: CI Tests | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Install Nix | |
uses: DeterminateSystems/nix-installer-action@v12 | |
- name: Run the Magic Nix Cache | |
uses: DeterminateSystems/magic-nix-cache-action@v4 | |
- name: Check Nix format | |
run: | | |
nix develop --command nixpkgs-fmt --check infra/nixos/* | |
- name: Deploy Nixos Configuration | |
# Reference: https://blog.benoitblanchon.fr/github-action-run-ssh-commands/ | |
if: github.ref == 'refs/heads/main' | |
run: | | |
# Setup SSH | |
mkdir -p ~/.ssh/ | |
echo "$SSH_KEY" > ~/.ssh/automation.key | |
chmod 600 ~/.ssh/automation.key | |
cat >>~/.ssh/config <<END | |
Host prod | |
HostName $SSH_HOST | |
User $SSH_USER | |
IdentityFile ~/.ssh/automation.key | |
StrictHostKeyChecking no | |
END | |
ssh prod " | |
set -x | |
mkdir -p /tmp/nixos | |
" | |
scp ./infra/nixos/* prod:/tmp/nixos/ | |
ssh prod " | |
set -x | |
ls -la /tmp/nixos | |
ls -la /etc/nixos | |
mv -f /tmp/nixos/configuration.nix /etc/nixos/configuration.nix | |
mv -f /tmp/nixos/nginx-prod.nix /etc/nixos/nginx.nix | |
mv -f /tmp/nixos/users.nix /etc/nixos/users.nix | |
sudo nix-channel --update | |
sudo nixos-rebuild switch | |
sudo nix-env --upgrade --always | |
sudo rm -f /nix/var/nix/gcroots/auto/* | |
sudo nix-collect-garbage -d | |
" | |
env: | |
SSH_USER: ${{ secrets.AUTOMATION_USERNAME }} | |
SSH_USER_PASSWORD: ${{ secrets.AUTOMATION_USER_PASSWORD }} | |
SSH_KEY: ${{ secrets.AUTOMATION_SSH_KEY_PRIVATE }} | |
SSH_HOST: ${{ secrets.PROD_HOSTNAME }} | |