name: "Build" on: pull_request: push: branches: ["main"] paths: [".forgejo/workflows/build.yaml"] jobs: nix-build: if: github.event.pull_request.draft == false strategy: fail-fast: false matrix: include: - system: varda os: native-aarch64 - system: telchar os: native-x86_64 runs-on: ${{ matrix.os }} env: PATH: ${{ format('{0}:{1}', '/run/current-system/sw/bin', env.PATH) }} steps: - name: Checkout repository uses: https://github.com/actions/checkout@v4 with: fetch-depth: 0 - name: Write ssh key id: sshkey uses: https://github.com/timheuer/base64-to-file@v1 with: encodedString: "${{ secrets.SSH_USER }}" fileName: id_ed25519 fileDir: ~/.ssh - uses: https://github.com/cachix/cachix-action@v15 if: ${{ !github.event.pull_request.head.repo.fork }} with: name: hsndev # If you chose API tokens for write access OR if you have a private cache authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' # env: # USER: 'root' - name: Garbage collect build dependencies run: nix-collect-garbage - name: Build new ${{ matrix.system }} system shell: bash run: | set -o pipefail nix build \ ".#top.${{ matrix.system }}" \ --profile ./profile \ --fallback \ -v \ --log-format raw \ > >(tee stdout.log) 2> >(tee /tmp/nix-build-err.log >&2) - name: Push to Cachix if: success() env: CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} run: nix build ".#top.${{ matrix.system }}" --json | jq -r .[].drvPath | cachix push hsndev