update build.sh #21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build images | |
on: | |
schedule: | |
- cron: "0 2 * * *" | |
workflow_dispatch: {} | |
push: {} | |
jobs: | |
generate_matrix: | |
runs-on: ubuntu-20.04 | |
outputs: | |
packages: ${{ steps.gen_packages.outputs.packages }} | |
checks: ${{ steps.gen_checks.outputs.checks }} | |
steps: | |
- name: Clone repository | |
uses: actions/checkout@v4 | |
with: | |
token: "${{ secrets.GITHUB_TOKEN }}" | |
- name: Install nix | |
uses: cachix/install-nix-action@v25 | |
with: | |
extra_nix_config: | | |
auto-optimise-store = true | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
experimental-features = nix-command flakes | |
substituters = https://cache.nixos.org https://bri.cachix.org https://devenv.cachix.org https://perchnet.cachix.org https://nix-community.cachix.org https://devenv.cachix.org | |
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= bri.cachix.org-1:/dk2nWYOEZl/BnC8h5CTKgao5HeWjCIgY1Tuj29Bq4s= devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw= perchnet.cachix.org-1:0mwmOwJFqL+r4HKl68GZ90ATTFsi3/L4ejSUIWaYYmc =nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= | |
trusted-users = root admin @sudo @wheel | |
keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= | |
install_url: https://releases.nixos.org/nix/nix-2.19.0/install | |
- name: Generate flake.json | |
run: | | |
nix flake show --json > flake.json | |
- id: gen_packages | |
run: | | |
packages=$(jq -c '.packages."x86_64-linux" | keys' < flake.json) | |
printf "::set-output name=packages::%s" "$packages" | |
- id: gen_checks | |
run: | | |
checks=$(jq -c '.checks."x86_64-linux" | keys' < flake.json) | |
printf "::set-output name=checks::%s" "$checks" | |
update_flake: | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Clone repository | |
uses: actions/checkout@v4 | |
with: | |
token: "${{ secrets.GITHUB_TOKEN }}" | |
- name: Install nix | |
uses: cachix/install-nix-action@v25 | |
with: | |
extra_nix_config: | | |
auto-optimise-store = true | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
experimental-features = nix-command flakes | |
substituters = https://cache.nixos.org https://bri.cachix.org https://devenv.cachix.org https://perchnet.cachix.org https://nix-community.cachix.org https://devenv.cachix.org | |
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= bri.cachix.org-1:/dk2nWYOEZl/BnC8h5CTKgao5HeWjCIgY1Tuj29Bq4s= devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw= perchnet.cachix.org-1:0mwmOwJFqL+r4HKl68GZ90ATTFsi3/L4ejSUIWaYYmc =nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= | |
trusted-users = root admin @sudo @wheel | |
keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= | |
install_url: https://releases.nixos.org/nix/nix-2.19.0/install | |
- name: Set up git | |
run: | | |
git config user.email [email protected] | |
git config user.name "Git Bot" | |
- name: Update the flake | |
run: nix flake update | |
- name: Store flake.lock | |
uses: actions/upload-artifact@v4 | |
with: | |
name: flake_lock | |
path: flake.lock | |
build_flake: | |
runs-on: ubuntu-20.04 | |
needs: [generate_matrix, update_flake] | |
strategy: | |
fail-fast: false | |
max-parallel: 5 | |
matrix: | |
package: ${{fromJson(needs.generate_matrix.outputs.packages)}} | |
steps: | |
# - name: Prepare store folder | |
# run: sudo mkdir -p /nix | |
- name: Free diskspace | |
uses: easimon/maximize-build-space@master | |
with: | |
build-mount-path: /nix | |
remove-dotnet: true | |
remove-android: true | |
remove-haskell: true | |
- name: Clone repository | |
uses: actions/checkout@v4 | |
with: | |
token: "${{ secrets.GITHUB_TOKEN }}" | |
- name: Install nix | |
uses: cachix/install-nix-action@v25 | |
with: | |
extra_nix_config: | | |
auto-optimise-store = true | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
experimental-features = nix-command flakes | |
substituters = https://cache.nixos.org https://bri.cachix.org https://devenv.cachix.org https://perchnet.cachix.org https://nix-community.cachix.org https://devenv.cachix.org | |
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= bri.cachix.org-1:/dk2nWYOEZl/BnC8h5CTKgao5HeWjCIgY1Tuj29Bq4s= devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw= perchnet.cachix.org-1:0mwmOwJFqL+r4HKl68GZ90ATTFsi3/L4ejSUIWaYYmc =nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= | |
trusted-users = root admin @sudo @wheel | |
keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= | |
install_url: https://releases.nixos.org/nix/nix-2.19.0/install | |
- name: Set up cachix | |
uses: cachix/cachix-action@master # pathsToPush, please update once we have v11! | |
with: | |
name: bri | |
signingKey: "${{ secrets.CACHIX_SIGNING_KEY }}" | |
pathsToPush: result | |
- name: Restore flake.lock | |
uses: actions/download-artifact@v4 | |
with: | |
name: flake_lock | |
- name: Build everything | |
run: cachix watch-exec bri -- nix build .#${{ matrix.package }} | |
build_images: | |
runs-on: ubuntu-20.04 | |
needs: [update_flake] | |
strategy: | |
fail-fast: false | |
max-parallel: 5 | |
matrix: | |
ARCH: [ "x86_64" ] | |
OS: [ "linux" ] | |
TARGET: | |
- "server" | |
- "bri" | |
FORMAT: | |
- "proxmox" | |
- "raw-efi" | |
- "iso" | |
steps: | |
# - name: Prepare store folder | |
# run: sudo mkdir -p /nix | |
- name: Free diskspace | |
uses: easimon/maximize-build-space@master | |
with: | |
build-mount-path: /nix | |
remove-dotnet: true | |
remove-android: true | |
remove-haskell: true | |
- name: Clone repository | |
uses: actions/checkout@v4 | |
with: | |
token: "${{ secrets.GITHUB_TOKEN }}" | |
- name: Install nix | |
uses: cachix/install-nix-action@v25 | |
with: | |
extra_nix_config: | | |
auto-optimise-store = true | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
experimental-features = nix-command flakes | |
substituters = https://cache.nixos.org https://bri.cachix.org https://devenv.cachix.org https://perchnet.cachix.org https://nix-community.cachix.org https://devenv.cachix.org | |
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= bri.cachix.org-1:/dk2nWYOEZl/BnC8h5CTKgao5HeWjCIgY1Tuj29Bq4s= devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw= perchnet.cachix.org-1:0mwmOwJFqL+r4HKl68GZ90ATTFsi3/L4ejSUIWaYYmc =nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= | |
trusted-users = root admin @sudo @wheel | |
keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= | |
install_url: https://releases.nixos.org/nix/nix-2.19.0/install | |
- name: Set up cachix | |
uses: cachix/cachix-action@master # pathsToPush, please update once we have v11! | |
with: | |
name: bri | |
signingKey: "${{ secrets.CACHIX_SIGNING_KEY }}" | |
pathsToPush: result | |
- name: Restore flake.lock | |
uses: actions/download-artifact@v4 | |
with: | |
name: flake_lock | |
- name: Build everything | |
run: | | |
set -x | |
mkdir -p build | |
cp -LR "$(cachix watch-exec bri -- nix build ".#nixosConfigurations.${{matrix.TARGET}}@${{matrix.ARCH}}-${{matrix.OS}}.config.formats.${{matrix.FORMAT}}" --print-out-paths --show-trace --accept-flake-config)" build/ | |
- name: list outputs | |
run: | | |
find build | |
- name: rename build | |
run: | | |
case "${{matrix.FORMAT}}" in | |
"proxmox") | |
EXT="vma.zst" | |
;; | |
"raw-efi") | |
EXT="img" | |
;; | |
"iso") | |
EXT="iso" | |
;; | |
esac | |
if [[ "${EXT}" == "vma.zst" ]] ; then | |
for i in build/*.${EXT} ; do | |
mv "$i" build/"vzdump-qemu-${{matrix.TARGET}}_$(basename ${i})" | |
done | |
else | |
for i in build/*.${EXT} ; do | |
mv "$i" build/"${{matrix.TARGET}}_$(basename ${i})" | |
done | |
fi | |
- run: | | |
case "${{matrix.FORMAT}}" in | |
"proxmox") | |
DESTDIR="dump" | |
;; | |
"raw-efi") | |
DESTDIR="images" | |
;; | |
"iso") | |
DESTDIR="template/iso" | |
;; | |
esac | |
printenv UPLOAD_SSH_KEY > /tmp/ci-upload.key | |
chmod 600 /tmp/ci-upload.key | |
chmod -R 755 build | |
scp -C -i /tmp/ci-upload.key -oStrictHostKeyChecking=no -oport=222 -oidentitiesonly=true -oPasswordAuthentication=no build/* [email protected]:${DESTDIR} | |
# nix build .#${{ matrix.package }} | |
# build_checks: | |
# runs-on: ubuntu-20.04 | |
# needs: [generate_matrix, update_flake] | |
# strategy: | |
# fail-fast: false | |
# max-parallel: 5 | |
# matrix: | |
# check: ${{fromJson(needs.generate_matrix.outputs.checks)}} | |
# steps: | |
# - name: Clone repository | |
# uses: actions/checkout@v4 | |
# with: | |
# token: "${{ secrets.GITHUB_TOKEN }}" | |
# - name: Install nix | |
# uses: cachix/install-nix-action@v25 | |
# with: | |
# extra_nix_config: | | |
# auto-optimise-store = true | |
# access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
# experimental-features = nix-command flakes | |
# substituters = https://cache.nixos.org https://bri.cachix.org https://devenv.cachix.org https://perchnet.cachix.org https://nix-community.cachix.org https://devenv.cachix.org | |
# trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= bri.cachix.org-1:/dk2nWYOEZl/BnC8h5CTKgao5HeWjCIgY1Tuj29Bq4s= devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw= perchnet.cachix.org-1:0mwmOwJFqL+r4HKl68GZ90ATTFsi3/L4ejSUIWaYYmc =nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= | |
# trusted-users = root admin @sudo @wheel | |
# keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= | |
# install_url: https://releases.nixos.org/nix/nix-2.19.0/install | |
# - name: Set up cachix | |
# uses: cachix/cachix-action@master # pathsToPush, please update once we have v11! | |
# with: | |
# name: bri | |
# signingKey: "${{ secrets.CACHIX_SIGNING_KEY }}" | |
# skipPush: true | |
# - name: Restore flake.lock | |
# uses: actions/download-artifact@v4 | |
# with: | |
# name: flake_lock | |
# - name: Build everything | |
# run: nix flake check -j auto --system ${ARCH//arm/aarch}-${CIRRUS_OS} --impure --show-trace --accept-flake-config | |
# #run: nix build .#checks.x86_64-linux.${{ matrix.check }} --no-link | |
check_flake: | |
runs-on: ubuntu-20.04 | |
needs: [update_flake] | |
continue-on-error: true | |
steps: | |
- name: Clone repository | |
uses: actions/checkout@v4 | |
with: | |
token: "${{ secrets.GITHUB_TOKEN }}" | |
- name: Install nix | |
uses: cachix/install-nix-action@v25 | |
with: | |
extra_nix_config: | | |
auto-optimise-store = true | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
experimental-features = nix-command flakes | |
substituters = https://cache.nixos.org https://bri.cachix.org https://devenv.cachix.org https://perchnet.cachix.org https://nix-community.cachix.org https://devenv.cachix.org | |
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= bri.cachix.org-1:/dk2nWYOEZl/BnC8h5CTKgao5HeWjCIgY1Tuj29Bq4s= devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw= perchnet.cachix.org-1:0mwmOwJFqL+r4HKl68GZ90ATTFsi3/L4ejSUIWaYYmc =nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= | |
trusted-users = root admin @sudo @wheel | |
keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= | |
install_url: https://releases.nixos.org/nix/nix-2.19.0/install | |
- name: Restore flake.lock | |
uses: actions/download-artifact@v4 | |
with: | |
name: flake_lock | |
- name: Build everything | |
run: | | |
nix flake check --keep-going | |
push_update: | |
runs-on: ubuntu-20.04 | |
permissions: write-all | |
needs: [update_flake, build_flake, check_flake] | |
steps: | |
- name: Clone repository | |
uses: actions/checkout@v4 | |
with: | |
token: "${{ secrets.GITHUB_TOKEN }}" | |
- name: Restore flake.lock | |
uses: actions/download-artifact@v4 | |
with: | |
name: flake_lock | |
- name: Set up git | |
run: | | |
git config user.email [email protected] | |
git config user.name "Git Bot" | |
- name: Create and merge PR | |
run: | | |
git switch -c updates-${{ github.run_id }} | |
git commit -am "flake.lock: Update" | |
git push -u origin updates-${{ github.run_id }} | |
PR=$(gh pr create \ | |
--assignee b- \ | |
--base main \ | |
--body "Automatic flake update on $(date -I)" \ | |
--fill \ | |
--label bot \ | |
--title "Auto update $(date -I)") | |
gh pr merge $PR --merge --delete-branch | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |