name: CI on: push: branches: [main] pull_request: branches: [main] jobs: check: runs-on: ubuntu-latest steps: - uses: actions/checkout@v6 - uses: https://git.johnogle.info/johno/gitea-actions/nix-setup@v1 - name: Check flake run: nix flake check env: NIX_CONFIG: "access-tokens = git.johnogle.info=${{ secrets.GITEA_ACCESS_TOKEN }}" build-and-cache: runs-on: ubuntu-latest needs: check if: github.event_name == 'push' && github.ref == 'refs/heads/main' strategy: fail-fast: false matrix: machine: - nix-book - boxy - zix790prors - nix-deck - john-endesktop - live-usb steps: - uses: actions/checkout@v6 - uses: https://git.johnogle.info/johno/gitea-actions/nix-setup@v1 - name: Build ${{ matrix.machine }} id: build run: | OUT_PATH=$(nix build .#nixosConfigurations.${{ matrix.machine }}.config.system.build.toplevel --no-link --print-out-paths) echo "out_path=$OUT_PATH" >> "$GITHUB_OUTPUT" env: NIX_CONFIG: "access-tokens = git.johnogle.info=${{ secrets.GITEA_ACCESS_TOKEN }}" - name: Sign and push to cache run: | # Write signing key echo "${{ secrets.NIX_SIGNING_KEY }}" > /tmp/signing-key chmod 600 /tmp/signing-key # Sign the closure nix store sign --key-file /tmp/signing-key -r "${{ steps.build.outputs.out_path }}" # Setup SSH key for cache push mkdir -p ~/.ssh echo "${{ secrets.CACHE_SSH_KEY }}" > ~/.ssh/cache_key chmod 600 ~/.ssh/cache_key ssh-keyscan -H ${{ secrets.CACHE_HOST }} >> ~/.ssh/known_hosts 2>/dev/null || true # Push to cache nix copy --to "ssh-ng://${{ secrets.CACHE_USER }}@${{ secrets.CACHE_HOST }}?ssh-key=$HOME/.ssh/cache_key" "${{ steps.build.outputs.out_path }}" env: NIX_CONFIG: "access-tokens = git.johnogle.info=${{ secrets.GITEA_ACCESS_TOKEN }}"