Skip to content
This repository has been archived by the owner on May 10, 2024. It is now read-only.

Merge branch 'renovate/lock-file-maintenance' #182

Merge branch 'renovate/lock-file-maintenance'

Merge branch 'renovate/lock-file-maintenance' #182

Workflow file for this run

name: "Build and push neard-nix cache & Docker images"
on:
workflow_dispatch:
pull_request:
push:
branches:
- master
jobs:
build:
permissions:
packages: write
runs-on: ubuntu-latest
steps:
- name: "Checkout code repository"
uses: "actions/checkout@v4"
- name: "Install Nix"
uses: "DeterminateSystems/nix-installer-action@v9"
with:
extra-conf: |
accept-flake-config = true
- name: "Set up Nix caching"
uses: "DeterminateSystems/magic-nix-cache-action@v2"
- name: "Build neard"
run: |-
set -euo pipefail
nix build --no-link --print-build-logs .#neard
- name: "Build neard-rc"
run: |-
set -euo pipefail
nix build --no-link --print-build-logs .#neard-rc
- name: "Push cache"
if: "github.event_name == 'push' && github.ref == 'refs/heads/master'"
run: |-
set -euo pipefail
# This will re-run builds, but since neard derivations were built previously,
# it's essentially only pushing a cache
export CACHIX_AUTH_TOKEN="${{ secrets.CACHIX_AUTH_TOKEN }}"
if [ -n "${CACHIX_AUTH_TOKEN}" ]; then
nix develop .#ci --command "./ci/build_publish_cache.sh"
fi
- name: "Build & push Docker images"
if: "github.event_name == 'push' && github.ref == 'refs/heads/master'"
env:
COSIGN_KEY: "${{ secrets.COSIGN_KEY }}"
COSIGN_PASSWORD: "${{ secrets.COSIGN_PASSWORD }}"
Z_GITHUB_REF: "${{ github.sha }}"
Z_GITHUB_REPO: "${{ github.repository }}"
Z_GITHUB_WORKFLOW: "${{ github.workflow }}"
run: |-
set -euo pipefail
set -x
: "${TMPDIR:=$(mktemp -d)}"
export XDG_RUNTIME_DIR="${TMPDIR}/xdg"
mkdir -p "${XDG_RUNTIME_DIR}"
echo '${{ secrets.GHCR_PAT }}' | nix develop .#ci --command skopeo --tmpdir=$TMPDIR login ghcr.io --username='${{ github.actor }}' --password-stdin
echo '${{ secrets.GHCR_PAT }}' | nix develop .#ci --command cosign login ghcr.io --username='${{ github.actor }}' --password-stdin
echo '${{ secrets.DOCKER_HUB_PAT }}' | nix develop .#ci --command skopeo --tmpdir=$TMPDIR login docker.io --username='${{ secrets.DOCKER_HUB_USERNAME }}' --password-stdin
echo '${{ secrets.DOCKER_HUB_PAT }}' | nix develop .#ci --command cosign login docker.io --username='${{ secrets.DOCKER_HUB_USERNAME }}' --password-stdin
repositories=(
ghcr.io/zentriamc/neard-nix/neard
docker.io/zentria/neard-nix
)
for repository in "${repositories[@]}"; do
env DOCKER_REPOSITORY="${repository}" \
nix develop .#ci --command "./ci/build_publish_docker_images.sh"
done