3b640bf81a
Some checks failed
CI / check (push) Successful in 3m59s
CI / build-and-cache (custom.app-launcher-server) (push) Failing after 2m18s
CI / build-and-cache (custom.claude-code) (push) Failing after 2m22s
CI / build-and-cache (custom.mcrcon-rbw) (push) Failing after 2m20s
CI / build-and-cache (custom.rclone-torbox-setup) (push) Failing after 2m20s
CI / build-and-cache (qt-pinned.jellyfin-media-player) (push) Has been cancelled
CI / build-and-cache (custom.tea-rbw) (push) Has been cancelled
Focus on packages that actually need caching: - custom.* packages from packages/ - qt-pinned.jellyfin-media-player (qt5webengine) Avoids unrelated build failures (steam) and is much faster.
68 lines
2.1 KiB
YAML
68 lines
2.1 KiB
YAML
name: CI
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
pull_request:
|
|
branches: [main]
|
|
|
|
jobs:
|
|
check:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
|
|
- uses: https://git.johnogle.info/johno/gitea-actions/nix-setup@v1
|
|
|
|
- name: Check flake
|
|
run: nix flake check
|
|
env:
|
|
NIX_CONFIG: "access-tokens = git.johnogle.info=${{ secrets.GITEA_ACCESS_TOKEN }}"
|
|
|
|
build-and-cache:
|
|
runs-on: ubuntu-latest
|
|
needs: check
|
|
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
package:
|
|
- custom.claude-code
|
|
- custom.app-launcher-server
|
|
- custom.mcrcon-rbw
|
|
- custom.tea-rbw
|
|
- custom.rclone-torbox-setup
|
|
- qt-pinned.jellyfin-media-player
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
|
|
- uses: https://git.johnogle.info/johno/gitea-actions/nix-setup@v1
|
|
|
|
- name: Build ${{ matrix.package }}
|
|
id: build
|
|
run: |
|
|
OUT_PATH=$(nix build .#${{ matrix.package }} --no-link --print-out-paths)
|
|
echo "out_path=$OUT_PATH" >> "$GITHUB_OUTPUT"
|
|
env:
|
|
NIX_CONFIG: "access-tokens = git.johnogle.info=${{ secrets.GITEA_ACCESS_TOKEN }}"
|
|
|
|
- name: Sign and push to cache
|
|
run: |
|
|
# Write signing key
|
|
echo "${{ secrets.NIX_SIGNING_KEY }}" > /tmp/signing-key
|
|
chmod 600 /tmp/signing-key
|
|
|
|
# Sign the closure
|
|
nix store sign --key-file /tmp/signing-key -r "${{ steps.build.outputs.out_path }}"
|
|
|
|
# Setup SSH key for cache push
|
|
mkdir -p ~/.ssh
|
|
echo "${{ secrets.CACHE_SSH_KEY }}" > ~/.ssh/cache_key
|
|
chmod 600 ~/.ssh/cache_key
|
|
ssh-keyscan -H ${{ secrets.CACHE_HOST }} >> ~/.ssh/known_hosts 2>/dev/null || true
|
|
|
|
# Push to cache
|
|
nix copy --to "ssh-ng://${{ secrets.CACHE_USER }}@${{ secrets.CACHE_HOST }}?ssh-key=$HOME/.ssh/cache_key" "${{ steps.build.outputs.out_path }}"
|
|
env:
|
|
NIX_CONFIG: "access-tokens = git.johnogle.info=${{ secrets.GITEA_ACCESS_TOKEN }}"
|