chore(deps): update actions/checkout digest to eef6144 #1
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Source : https://github.com/tlvince/nixos-config/blob/master/.github/workflows/build.yml | |
| name: Build | |
| on: | |
| pull_request: | |
| workflow_dispatch: | |
| defaults: | |
| run: | |
| shell: bash -euo pipefail {0} | |
| jobs: | |
| build: | |
| env: | |
| PR_JOB_SUMMARY: pr-job-summary | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| pull-requests: write | |
| strategy: | |
| matrix: | |
| host: | |
| # - homelab | |
| # - stronghold | |
| # FIXME: handle private repos and secrets in CI | |
| # - framework | |
| - t14s | |
| fail-fast: false | |
| steps: | |
| - name: Free up disk space | |
| uses: AdityaGarg8/remove-unwanted-software@8831c82abf29b34eb2caac48d5f999ecfc0d8eef | |
| with: | |
| remove-android: true | |
| remove-cached-tools: true | |
| remove-codeql: true | |
| remove-docker-images: true | |
| remove-dotnet: true | |
| remove-haskell: true | |
| remove-large-packages: true | |
| remove-swapfile: true | |
| - name: Checkout repository | |
| uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4 | |
| - name: Install Nix | |
| uses: DeterminateSystems/nix-installer-action@da36cb69b1c3247ad7a1f931ebfd954a1105ef14 # v14 | |
| - name: Set up GitHub actions cache | |
| uses: DeterminateSystems/magic-nix-cache-action@87b14cf437d03d37989d87f0fa5ce4f5dc1a330b # v8 | |
| - name: Set up public cache | |
| uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # v15 | |
| with: | |
| name: cterence-nixfiles | |
| authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
| # FIXME: broken when using more than one system | |
| # - name: Run flake check | |
| # run: | | |
| # CHECK_OUTPUT="${RUNNER_TEMP}/flake-check-output" | |
| # nix flake check --no-build | tee "$CHECK_OUTPUT" | |
| # [[ -s $CHECK_OUTPUT ]] || echo "No issues found by 'nix flake check'." > "$CHECK_OUTPUT" | |
| # echo -e "## Flake check\n\`\`\`\n$(<$CHECK_OUTPUT)\n\`\`\`" | tee -a "$GITHUB_STEP_SUMMARY" "${RUNNER_TEMP}/${PR_JOB_SUMMARY}" >/dev/null | |
| - name: Setup age key | |
| run: | | |
| mkdir -p $HOME/.config/sops/age | |
| echo "${{ secrets.SOPS_CI_AGE_KEY }}" > $HOME/.config/sops/age/keys.txt | |
| - name: Build | |
| run: | | |
| OUT_PATH="$(nix build .#nixosConfigurations.${{ matrix.host }}.config.system.build.toplevel --print-out-paths)" | |
| echo -e "\x1b[32;1mSuccessfully built .#nixosConfigurations.${{ matrix.host }}\x1b[0m" | |
| echo -e "## Build ${{ matrix.host }}\n\`$OUT_PATH\`" | tee -a "$GITHUB_STEP_SUMMARY" "${RUNNER_TEMP}/${PR_JOB_SUMMARY}" >/dev/null | |
| - name: Diff closures | |
| if: github.event_name == 'pull_request' | |
| run: | | |
| HOST_DRV="nixosConfigurations.${{ matrix.host }}.config.system.build.toplevel" | |
| PREV_FLAKE="github:${GITHUB_REPOSITORY}" | |
| NEXT_FLAKE="." | |
| DIFF_OUTPUT="${RUNNER_TEMP}/nix-store-diff-closures-output" | |
| nix store diff-closures "${PREV_FLAKE}#${HOST_DRV}" "${NEXT_FLAKE}#${HOST_DRV}" | tee "$DIFF_OUTPUT" | |
| [[ -s "$DIFF_OUTPUT" ]] && sed -i 's/\x1b\[[0-9;]*m//g' "$DIFF_OUTPUT" || echo "No changes found" | tee "$DIFF_OUTPUT" | |
| echo -e "## Closures difference\n\`\`\`\n$(<$DIFF_OUTPUT)\n\`\`\`" | tee -a "$GITHUB_STEP_SUMMARY" "${RUNNER_TEMP}/${PR_JOB_SUMMARY}" >/dev/null | |
| - name: Add job summary to PR | |
| uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
| if: github.event_name == 'pull_request' | |
| with: | |
| script: | | |
| const { readFile } = require('node:fs/promises') | |
| const comment = require('.github/scripts/comment') | |
| const header = '# ${{ matrix.host }}' | |
| const body = await readFile('${{ runner.temp }}/${{ env.PR_JOB_SUMMARY }}', { encoding: 'utf8' }) | |
| await comment({ github, context, header, body }) |