Fix root records #9

Workflow file for this run

.github/workflows/deploy.yaml at 5a38feb

	# FIXME This action is equal to build.yaml expect for an extra step at the end, we can deduplicate
	name: "Deploy"
	on:
	push:
	branches:
	- main
	jobs:
	nix-flake-check:
	# TODO idea: instead of using QEMU (which is slow) use the host as remote builder
	strategy:
	matrix:
	system: ["aarch64-linux", "x86_64-linux"]
	runs-on: ubuntu-latest
	name: "Build checks for ${{ matrix.system }}"
	steps:
	- run: \|
	mkdir -p /home/runner/.ssh
	echo "${{ secrets.SSH_KEY }}" > /home/runner/.ssh/id_ed25519
	chmod 600 /home/runner/.ssh/id_ed25519
	- run: "[ '${{ matrix.system }}' == 'aarch64-linux' ] && sudo apt-get install -y qemu-user-static \|\| true"
	- uses: actions/checkout@v4
	- uses: cachix/install-nix-action@v25
	with:
	github_access_token: ${{ secrets.GITHUB_TOKEN }}
	extra_nix_config: \|
	system = ${{ matrix.system }}
	trusted-public-keys = nix-pizza.cachix.org-1:TQe66aP2buN2KXWrZqpdko7GAL0WtbPA40d+wlnEiyo= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
	substituters = https://nix-pizza.cachix.org https://cache.nixos.org/
	- id: retrieve-cachix-auth-token
	run: \|
	source "$(nix build .#inject-secrets --no-link --print-out-paths)"/bin/install-agenix-shell
	echo "CACHIX_AUTH_TOKEN=$CACHIX_AUTH_TOKEN" > $GITHUB_OUTPUT
	- uses: cachix/cachix-action@v14
	with:
	name: nix-pizza
	authToken: ${{ steps.retrieve-cachix-auth-token.outputs.CACHIX_AUTH_TOKEN }}
	- run: nix flake check -L
	- run: \|
	[ '${{ matrix.system }}' != 'aarch64-linux' ] && exit 0
	source "$(nix build .#inject-secrets --no-link --print-out-paths)"/bin/install-agenix-shell
	export TF_VAR_ssh_public_keys="$(nix build .#ssh-public-keys --no-link --print-out-paths)"
	nix run .#opentofu -- init
	nix run .#opentofu -- apply --auto-approve

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix root records #9

Workflow file

Fix root records #9

Jobs

Run details

Workflow file for this run