Skip to content

Bump picomatch from 2.3.1 to 2.3.2 in /assets #187

Bump picomatch from 2.3.1 to 2.3.2 in /assets

Bump picomatch from 2.3.1 to 2.3.2 in /assets #187

name: Nix Flake actions
on:
pull_request:
push:
branches:
- main
tags:
- 'v*'
permissions:
contents: read
jobs:
nix-matrix-server:
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v24
- id: set-matrix
name: Generate Nix Matrix
run: |
set -Eeu
matrix="$(nix eval --json '.#githubActions-server.matrix')"
echo "matrix=$matrix" >> "$GITHUB_OUTPUT"
nix-matrix-docker:
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v24
- id: set-matrix
name: Generate Nix Matrix
run: |
set -Eeu
matrix="$(nix eval --json '.#githubActions-docker.matrix')"
echo "matrix=$matrix" >> "$GITHUB_OUTPUT"
build-server-binary:
needs: nix-matrix-server
runs-on: ${{ matrix.os }}
strategy:
matrix: ${{fromJSON(needs.nix-matrix-server.outputs.matrix)}}
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@main
- uses: DeterminateSystems/magic-nix-cache-action@main
- uses: cachix/cachix-action@v14
with:
name: superkenvery
# If you chose API tokens for write access OR if you have a private cache
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
useDaemon: false
- run: |
attr="${{ matrix.attr }}"
attr="${attr/githubActions/githubActions-server}"
nix build -L ".#${attr}"
build-docker-image:
needs: [nix-matrix-docker, build-server-binary] # Let's use the cache from building server
runs-on: ${{ matrix.os }}
strategy:
matrix: ${{fromJSON(needs.nix-matrix-docker.outputs.matrix)}}
permissions:
packages: write
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@main
- uses: DeterminateSystems/magic-nix-cache-action@main
- uses: cachix/cachix-action@v14
with:
name: superkenvery
# If you chose API tokens for write access OR if you have a private cache
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
useDaemon: false
- run: |
attr="${{ matrix.attr }}"
attr="${attr/githubActions/githubActions-docker}"
nix build -L ".#${attr}"
- name: Push arch-specific image to GHCR
run: |
IMAGE_PATH=$(readlink -f result)
OS="${{ matrix.system }}"
OWNER_LOWER_CASE=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')
# Determine TAG_NAME
if [[ "${{ github.ref_type }}" == "tag" ]]; then
TAG_NAME="${{ github.ref_name }}"
else
TAG_NAME="latest"
fi
case "$OS" in
x86_64-linux)
ARCH_SUFFIX="amd64"
;;
aarch64-linux)
ARCH_SUFFIX="arm64"
;;
*)
echo "Unsupported system: $OS" >&2
exit 1
;;
esac
FULL_IMAGE_NAME="ghcr.io/${OWNER_LOWER_CASE}/nju-schedule-ics:${TAG_NAME}-${ARCH_SUFFIX}"
echo "Pushing to $FULL_IMAGE_NAME"
nix run nixpkgs#skopeo -- copy \
--dest-creds="${{ github.actor }}:${{ github.token }}" \
docker-archive:$IMAGE_PATH \
docker://$FULL_IMAGE_NAME
publish-multiarch-manifest:
needs: build-docker-image
runs-on: ubuntu-latest
permissions:
packages: write
steps:
- uses: DeterminateSystems/nix-installer-action@main
- name: Publish multi-arch manifest to GHCR
env:
DOCKER_USERNAME: ${{ github.actor }}
DOCKER_PASSWORD: ${{ github.token }}
run: |
OWNER_LOWER_CASE=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')
# Determine TAG_NAME
if [[ "${{ github.ref_type }}" == "tag" ]]; then
TAG_NAME="${{ github.ref_name }}"
else
TAG_NAME="latest"
fi
IMAGE_BASE="ghcr.io/${OWNER_LOWER_CASE}/nju-schedule-ics"
nix run nixpkgs#manifest-tool -- \
--username "$DOCKER_USERNAME" \
--password "$DOCKER_PASSWORD" \
push from-args \
--platforms linux/amd64,linux/arm64 \
--template "${IMAGE_BASE}:${TAG_NAME}-ARCH" \
--target "${IMAGE_BASE}:${TAG_NAME}"