Update machines #124
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # See https://lgug2z.com/articles/building-and-privately-caching-x86-and-aarch64-nixos-systems-on-github-actions/ | |
| name: "Update" | |
| on: | |
| workflow_dispatch: # allows manual triggering | |
| schedule: | |
| - cron: '30 04 * * MON' # runs weekly on Monday at 04:30 | |
| jobs: | |
| update: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Free Disk Space (Ubuntu) | |
| uses: jlumbroso/free-disk-space@main | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Create netrc file for private cache authentication | |
| run: | | |
| sudo mkdir -p /etc/nix | |
| echo "machine attic.jakobkukla.xyz password ${{ secrets.ATTIC_TOKEN }}" | sudo tee /etc/nix/netrc > /dev/null | |
| - name: Install Nix | |
| uses: DeterminateSystems/nix-installer-action@main | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| extra-conf: | | |
| fallback = true | |
| http-connections = 128 | |
| max-substitution-jobs = 128 | |
| substituters = https://attic.jakobkukla.xyz/system?priority=43 https://nix-community.cachix.org?priority=41 https://numtide.cachix.org?priority=42 https://cache.nixos.org/ | |
| trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= system:7gMaV5t8G5VkXhIOs8yV/divVtfZ90aXu4Wo0bYpIG8= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= numtide.cachix.org-1:2ps1kLBUWjxIneOy1Ik6cQjb41X0iXVXeHigGmycPPE= | |
| - uses: DeterminateSystems/magic-nix-cache-action@main | |
| - name: Update flake.lock and build | |
| id: build | |
| run: | | |
| nix flake update | |
| # FIXME: nix-fast-build hangs indefinitely while copying some sources | |
| # nix run github:Mic92/nix-fast-build -- --skip-cached --no-nom --flake ".#nixosConfigurations.matebook.config.system.build.toplevel" | |
| nix build ".#nixosConfigurations.matebook.config.system.build.toplevel" | |
| - name: Commit flake.lock on success | |
| if: steps.build.outcome == 'success' | |
| uses: stefanzweifel/git-auto-commit-action@v5 | |
| with: | |
| commit_message: 'base: update packages' | |
| file_pattern: 'flake.lock' | |
| - name: Push system to private cache on success | |
| if: steps.build.outcome == 'success' | |
| run: | | |
| nix run nixpkgs#attic-client login mediaserver https://attic.jakobkukla.xyz ${{ secrets.ATTIC_TOKEN }} | |
| nix run nixpkgs#attic-client push system result -j 2 |