Merge pull request #41 from Multipixelone/update_flake_lock_action #304
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| workflow_dispatch: | |
| jobs: | |
| # changes: | |
| # runs-on: ubuntu-latest | |
| # outputs: | |
| # nixos: ${{ steps.changes.outputs.nixos }} | |
| # home: ${{ steps.changes.outputs.home }} | |
| # steps: | |
| # - name: Checkout repository | |
| # uses: actions/checkout@v4 | |
| # - name: Filter paths | |
| # uses: dorny/paths-filter@v3 | |
| # id: changes | |
| # with: | |
| # filters: | | |
| # nixos: | |
| # - flake.nix | |
| # - flake.lock | |
| # - 'nixos/**' | |
| # home: | |
| # - flake.nix | |
| # - flake.lock | |
| # - 'home/**' | |
| format: | |
| name: format code | |
| if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: 'write' | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Get revision hash | |
| id: rev | |
| run: echo "rev=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" | |
| - name: Install Nix | |
| uses: cachix/install-nix-action@v27 | |
| with: | |
| extra_nix_config: | | |
| auto-optimise-store = true | |
| access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
| - name: Format code | |
| run: | | |
| nix run \ | |
| 'nixpkgs#alejandra' -- . | |
| - name: Commit changes | |
| uses: stefanzweifel/git-auto-commit-action@v5 | |
| with: | |
| commit_message: '⚙️ style: format ${{ steps.rev.outputs.rev }}' | |
| branch: main | |
| commit_options: '--no-verify --signoff' | |
| deadnix: | |
| name: check for unused code | |
| if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install Nix | |
| uses: cachix/install-nix-action@v27 | |
| with: | |
| extra_nix_config: | | |
| auto-optimise-store = true | |
| access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
| - name: Check for unused code | |
| run: | | |
| nix run \ | |
| 'nixpkgs#deadnix' -- -_ -f . | |
| check: | |
| name: evaluate flake | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: 'write' | |
| contents: 'read' | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install Nix | |
| uses: cachix/install-nix-action@v27 | |
| with: | |
| extra_nix_config: | | |
| auto-optimise-store = true | |
| access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
| - name: Install SSH Key | |
| uses: webfactory/ssh-agent@v0.9.0 | |
| with: | |
| ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} | |
| - uses: DeterminateSystems/magic-nix-cache-action@v7 | |
| - name: Run flake check | |
| run: nix flake check | |
| build: | |
| name: build machines | |
| runs-on: ubuntu-24.04 | |
| needs: [check] | |
| # if: ${{ needs.changes.outputs.nixos == 'true' }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| machine: | |
| - host: zelda | |
| platform: x86-64-linux | |
| - host: link | |
| platform: x86-64-linux | |
| steps: | |
| - run: | | |
| sudo mkdir /nix | |
| - name: Remove unused toolkits | |
| run: | | |
| sudo rm -rf $AGENT_TOOLSDIRECTORY | |
| sudo rm -rf /usr/local/.ghcup | |
| sudo rm -rf /usr/local/share/powershell | |
| sudo rm -rf /usr/local/share/chromium | |
| sudo rm -rf /usr/local/lib/node_modules | |
| sudo rm -rf /usr/local/lib/heroku | |
| sudo rm -rf /var/lib/docker/overlay2 | |
| sudo rm -rf /home/linuxbrew | |
| sudo rm -rf /home/runner/.rustup | |
| - name: Maximize disk space | |
| uses: easimon/maximize-build-space@v10 | |
| with: | |
| root-reserve-mb: 16384 | |
| swap-size-mb: 1024 | |
| build-mount-path: /nix | |
| remove-dotnet: "true" | |
| remove-android: "true" | |
| remove-haskell: "true" | |
| remove-codeql: "true" | |
| remove-docker-images: "true" | |
| - run: | | |
| sudo chown root:root /nix | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Create attic netrc | |
| run: | | |
| sudo mkdir -p /etc/nix | |
| echo "machine attic-cache.fly.dev password ${{ secrets.ATTIC_KEY }}" | sudo tee /etc/nix/netrc > /dev/null | |
| git config --global url."https://${{ secrets.GH_TOKEN_FOR_UPDATES }}@github.com".insteadOf https://github.com | |
| - name: Install nix | |
| uses: DeterminateSystems/nix-installer-action@v13 | |
| with: | |
| github-token: ${{ secrets.GH_TOKEN_FOR_UPDATES }} | |
| extra-conf: | | |
| fallback = true | |
| http-connections = 128 | |
| max-substitution-jobs = 128 | |
| connect-timeout = 15 | |
| stalled-download-timeout = 15 | |
| download-attempts = 100 | |
| substituters = https://nix-community.cachix.org/ https://chaotic-nyx.cachix.org/ https://attic-cache.fly.dev/system?priority=50 https://cache.nixos.org https://helix.cachix.org https://yazi.cachix.org https://anyrun.cachix.org https://hyprland.cachix.org https://nix-community.cachix.org https://nix-gaming.cachix.org https://cache.nixos.org/ | |
| trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8= system:XwpCBI5UHFzt9tEmiq3v8S062HvTqWPUwBR8PoHSfSk= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= helix.cachix.org-1:ejp9KQpR1FBI2onstMQ34yogDm4OgU2ru6lIwPvuCVs= yazi.cachix.org-1:Dcdz63NZKfvUCbDGngQDAZq6kOroIrFoyO064uvLh8k= anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s= hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4= | |
| - name: Install SSH key | |
| uses: webfactory/ssh-agent@v0.9.0 | |
| with: | |
| ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} | |
| - uses: DeterminateSystems/magic-nix-cache-action@v7 | |
| - name: Login to attic | |
| run: | | |
| nix run nixpkgs#attic-client login fly https://attic-cache.fly.dev ${{ secrets.ATTIC_KEY }} | |
| - name: Build system | |
| run: | | |
| # doesn't create a result folder if nothing built? maybe? I'm confused why this is failing | |
| # nix run github:Mic92/nix-fast-build -- --max-jobs 1 --no-nom --retries 3 --skip-cached --eval-max-memory-size 1024 --eval-workers 1 --flake .#nixosConfigurations.${{ matrix.machine.host }}.config.system.build.toplevel | |
| nix build .#nixosConfigurations.${{ matrix.machine.host }}.config.system.build.toplevel | |
| - name: Push system | |
| run: | | |
| nix run nixpkgs#attic-client push system result -j 3 |