-
Notifications
You must be signed in to change notification settings - Fork 1
41 lines (41 loc) · 1.6 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
name: "CI"
on:
pull_request:
push:
create:
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
build_and_publish:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v20
with:
github_access_token: ${{ secrets.GITHUB_TOKEN }}
extra_nix_config: |
system-features = nixos-test benchmark big-parallel kvm
- uses: DeterminateSystems/magic-nix-cache-action@main
- run: nix build -L '.#packages.x86_64-linux."static-x86_64-unknown-linux-musl:github-action-scan:exe:github-action-scan"'
- run: nix flake check
- name: Extract tag name
shell: bash
run: echo "tag=$(echo ${GITHUB_REF##*/})" >> $GITHUB_OUTPUT
id: extract_tag
- run: nix build -L '.#packages.x86_64-linux.github-action-scan-image'
- run: docker load -i result
- name: Log in to the Container registry
if: github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v')
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- run: docker tag blackheaven/haskell-security-action ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.extract_tag.outputs.tag }}
if: github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v')
- run: docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.extract_tag.outputs.tag }}
if: github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v')