Add tilde-secrets
#527
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| jobs: | |
| buildRemote: | |
| name: Build remote home configuration | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: "actions/checkout@v3" | |
| - name: Install Nix | |
| uses: "DeterminateSystems/nix-installer-action@main" | |
| with: | |
| extra-conf: system-features = aarch64-linux | |
| - name: Use Cachix store | |
| uses: "cachix/cachix-action@v12" | |
| with: | |
| authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" | |
| extraPullNames: "tilde,nix-community,nrdxp" | |
| name: tilde | |
| - name: Add SSH key to ssh-agent | |
| uses: "webfactory/[email protected]" | |
| with: | |
| ssh-private-key: "${{ secrets.PRAGMATAPRO_DEPLOY_KEY }}" | |
| - name: Unlock encrypted files | |
| run: |2 | |
| nix-env -i git-crypt -f '<nixpkgs>' | |
| echo "${{ secrets.GIT_CRYPT_KEY }}" | base64 -d > /tmp/git-crypt-key | |
| git-crypt unlock /tmp/git-crypt-key | |
| rm /tmp/git-crypt-key | |
| - run: |2 | |
| nix build -j4 --option system ${{ matrix.system }} --extra-platforms ${{ matrix.system }} .#homeConfigurationsPortable.${{ matrix.system }}.remote.activation-script --print-build-logs --show-trace --verbose | |
| strategy: | |
| matrix: | |
| system: | |
| - x86_64-linux | |
| buildSystem: | |
| name: Build system | |
| runs-on: "${{ matrix.os }}" | |
| steps: | |
| - name: Checkout code | |
| uses: "actions/checkout@v3" | |
| - name: Install Nix | |
| uses: "DeterminateSystems/nix-installer-action@main" | |
| with: | |
| extra-conf: system-features = aarch64-linux | |
| - name: Use Cachix store | |
| uses: "cachix/cachix-action@v12" | |
| with: | |
| authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" | |
| extraPullNames: "tilde,nix-community,nrdxp" | |
| name: tilde | |
| - name: Add SSH key to ssh-agent | |
| uses: "webfactory/[email protected]" | |
| with: | |
| ssh-private-key: "${{ secrets.PRAGMATAPRO_DEPLOY_KEY }}" | |
| - name: Unlock encrypted files | |
| run: |2 | |
| nix-env -i git-crypt -f '<nixpkgs>' | |
| echo "${{ secrets.GIT_CRYPT_KEY }}" | base64 -d > /tmp/git-crypt-key | |
| git-crypt unlock /tmp/git-crypt-key | |
| rm /tmp/git-crypt-key | |
| - run: |2 | |
| nix develop --impure --accept-flake-config -c "just" "build-system" "${{ matrix.host }}" | |
| strategy: | |
| matrix: | |
| host: | |
| - eMac | |
| - st-eturkeltaub2 | |
| os: | |
| - flyci-macos-large-latest-m1 | |
| check: | |
| name: Check flake | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: "actions/checkout@v3" | |
| - name: Install Nix | |
| uses: "DeterminateSystems/nix-installer-action@main" | |
| with: | |
| extra-conf: system-features = aarch64-linux | |
| - name: Use Cachix store | |
| uses: "cachix/cachix-action@v12" | |
| with: | |
| authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" | |
| extraPullNames: "tilde,nix-community,nrdxp" | |
| name: tilde | |
| - name: Add SSH key to ssh-agent | |
| uses: "webfactory/[email protected]" | |
| with: | |
| ssh-private-key: "${{ secrets.PRAGMATAPRO_DEPLOY_KEY }}" | |
| - name: Unlock encrypted files | |
| run: |2 | |
| nix-env -i git-crypt -f '<nixpkgs>' | |
| echo "${{ secrets.GIT_CRYPT_KEY }}" | base64 -d > /tmp/git-crypt-key | |
| git-crypt unlock /tmp/git-crypt-key | |
| rm /tmp/git-crypt-key | |
| - run: |2 | |
| nix flake -Lv check --impure --all-systems --show-trace | |
| name: CI | |
| on: | |
| push: {} |