aylac.top / nixcfg-own-knot
forked from aylac.top/nixcfg
this repo has no description
fork atom
nixcfg-own-knot / modules / flake / actions.nix
at main 9.3 kB view raw
1{ 2 lib, 3 self, 4 ... 5}: { 6 flake.actions-nix = { 7 pre-commit.enable = false; # Set to true if you want pre-commit workflow generation 8 9 workflows = { 10 # build-nix.yml 11 ".github/workflows/build-nix.yml" = { 12 name = "build-nix"; 13 concurrency = { 14 group = "\${{ github.workflow }}-\${{ github.ref }}"; 15 cancel-in-progress = true; 16 }; 17 on = { 18 push = { 19 paths = [ 20 "flake.lock" 21 "flake.nix" 22 "flake/" 23 ]; 24 }; 25 workflow_dispatch = {}; 26 }; 27 jobs = let 28 devShells = lib.attrNames (self.devShells.x86_64-linux or {}); 29 packages = lib.attrNames (self.packages.x86_64-linux or {}); 30 devShellJobs = lib.listToAttrs (map 31 (name: { 32 name = "build-devShell-${name}"; 33 value = { 34 runs-on = "ubuntu-latest"; 35 steps = [ 36 { 37 uses = "actions/checkout@main"; 38 "with" = {fetch-depth = 1;}; 39 } 40 {uses = "DeterminateSystems/nix-installer-action@main";} 41 { 42 uses = "cachix/cachix-action@master"; 43 "with" = { 44 name = "ayla6"; 45 authToken = "\${{ secrets.CACHIX_AUTH_TOKEN }}"; 46 }; 47 } 48 { 49 name = "Build devShell ${name}"; 50 run = "nix build --accept-flake-config --print-out-paths .#devShells.x86_64-linux.${name}"; 51 } 52 ]; 53 }; 54 }) 55 devShells); 56 packageJobs = lib.listToAttrs (map 57 (name: { 58 name = "build-package-${name}"; 59 value = { 60 runs-on = "ubuntu-latest"; 61 steps = [ 62 { 63 uses = "actions/checkout@main"; 64 "with" = {fetch-depth = 1;}; 65 } 66 {uses = "DeterminateSystems/nix-installer-action@main";} 67 { 68 uses = "cachix/cachix-action@master"; 69 "with" = { 70 name = "ayla6"; 71 authToken = "\${{ secrets.CACHIX_AUTH_TOKEN }}"; 72 }; 73 } 74 { 75 name = "Build package ${name}"; 76 run = "nix build --accept-flake-config --print-out-paths .#packages.x86_64-linux.${name}"; 77 } 78 ]; 79 }; 80 }) 81 packages); 82 in 83 devShellJobs // packageJobs; 84 }; 85 86 # build-nixos.yml 87 ".github/workflows/build-nixos.yml" = { 88 name = "build-nixos"; 89 concurrency = { 90 cancel-in-progress = true; 91 group = "\${{ github.workflow }}-\${{ github.ref }}"; 92 }; 93 on = { 94 push = { 95 paths-ignore = [ 96 "**/*.md" 97 ".github/**" 98 "_img/**" 99 ]; 100 }; 101 workflow_dispatch = {}; 102 }; 103 jobs = 104 lib.mapAttrs' 105 (hostname: _: { 106 name = "build-${hostname}"; 107 value = { 108 runs-on = "ubuntu-latest"; 109 steps = [ 110 { 111 name = "Free Disk Space (Ubuntu)"; 112 uses = "jlumbroso/free-disk-space@main"; 113 } 114 { 115 name = "Checkout"; 116 uses = "actions/checkout@main"; 117 "with" = {fetch-depth = 1;}; 118 } 119 { 120 name = "Install Nix"; 121 uses = "DeterminateSystems/nix-installer-action@main"; 122 } 123 { 124 name = "Cachix"; 125 uses = "cachix/cachix-action@master"; 126 "with" = { 127 name = "ayla6"; 128 authToken = "\${{ secrets.CACHIX_AUTH_TOKEN }}"; 129 }; 130 } 131 { 132 name = "Build ${hostname}"; 133 run = "nix build --accept-flake-config --print-out-paths .#nixosConfigurations.${hostname}.config.system.build.toplevel"; 134 } 135 ]; 136 }; 137 }) 138 self.nixosConfigurations; 139 }; 140 141 # check-nix.yml 142 ".github/workflows/check-nix.yml" = { 143 name = "check-nix"; 144 concurrency = { 145 cancel-in-progress = true; 146 group = "\${{ github.workflow }}-\${{ github.ref }}"; 147 }; 148 on = { 149 push = { 150 paths-ignore = [ 151 "**/*.md" 152 ".github/**" 153 "_img/**" 154 ]; 155 }; 156 workflow_dispatch = {}; 157 }; 158 jobs = { 159 check-flake = { 160 runs-on = "ubuntu-latest"; 161 steps = [ 162 { 163 uses = "actions/checkout@main"; 164 "with" = {fetch-depth = 1;}; 165 } 166 {uses = "DeterminateSystems/nix-installer-action@main";} 167 { 168 name = "Check flake evaluation"; 169 run = "nix -Lv flake check --all-systems"; 170 } 171 ]; 172 }; 173 }; 174 }; 175 176 # deploy-tailscale-acls.yml 177 ".github/workflows/deploy-tailscale-acls.yml" = { 178 name = "deploy-tailscale-acls"; 179 on = { 180 push = { 181 branches = ["master"]; 182 paths = [ 183 ".github/workflows/deploy-tailscale-acls.yml" 184 "flake/tailscale.nix" 185 ]; 186 }; 187 pull_request = { 188 branches = ["master"]; 189 paths = [ 190 ".github/workflows/deploy-tailscale-acls.yml" 191 "flake/tailscale.nix" 192 ]; 193 }; 194 workflow_dispatch = { 195 inputs = { 196 action = { 197 description = "Which action to run"; 198 required = true; 199 type = "choice"; 200 default = "deploy"; 201 options = ["deploy" "test"]; 202 }; 203 }; 204 }; 205 }; 206 jobs = { 207 acls = { 208 runs-on = "ubuntu-latest"; 209 steps = [ 210 { 211 uses = "actions/checkout@main"; 212 "with" = {fetch-depth = 1;}; 213 } 214 {uses = "DeterminateSystems/nix-installer-action@main";} 215 { 216 name = "Convert .#tailscaleACLs to tailscale.json"; 217 run = "nix eval --json .#tailscaleACLs > tailscale.json"; 218 } 219 { 220 name = "Deploy ACL"; 221 "if" = '' 222 github.event_name == 'push' || 223 (github.event_name == 'workflow_dispatch' && 224 github.event.inputs.action == 'deploy') 225 ''; 226 uses = "tailscale/gitops-acl-action@v1"; 227 "with" = { 228 api-key = "\${{ secrets.TS_API_KEY }}"; 229 tailnet = "ayla6.github"; 230 policy-file = "tailscale.json"; 231 action = "apply"; 232 }; 233 } 234 { 235 name = "Test ACL"; 236 "if" = '' 237 github.event_name == 'pull_request' || 238 (github.event_name == 'workflow_dispatch' && 239 github.event.inputs.action == 'test') 240 ''; 241 uses = "tailscale/gitops-acl-action@v1"; 242 "with" = { 243 api-key = "\${{ secrets.TS_API_KEY }}"; 244 tailnet = "ayla6.github"; 245 policy-file = "tailscale.json"; 246 action = "test"; 247 }; 248 } 249 ]; 250 }; 251 }; 252 }; 253 254 # update-inputs.yml 255 ".github/workflows/update-inputs.yml" = { 256 name = "update-inputs"; 257 on = { 258 schedule = [ 259 {cron = "0 6 * * 2,5";} 260 ]; 261 workflow_dispatch = {}; 262 }; 263 jobs = { 264 update-flake-lock = { 265 runs-on = "ubuntu-latest"; 266 steps = [ 267 { 268 uses = "actions/checkout@main"; 269 "with" = { 270 ref = "\${{ github.head_ref }}"; 271 fetch-depth = 1; 272 }; 273 } 274 { 275 name = "Setup Git"; 276 run = '' 277 git config --local user.name "github-actions[bot]" 278 git config --local user.email "github-actions[bot]@users.noreply.github.com" 279 ''; 280 } 281 {uses = "DeterminateSystems/nix-installer-action@main";} 282 { 283 uses = "DeterminateSystems/update-flake-lock@main"; 284 "with" = { 285 token = "\${{ secrets.FLAKE_UPDATE_PAT }}"; 286 pr-title = "flake: update inputs"; 287 pr-assignees = "ayla6"; 288 pr-labels = '' 289 dependencies 290 automated 291 ''; 292 }; 293 } 294 ]; 295 }; 296 }; 297 }; 298 }; 299 }; 300}