name: build and cache machines and homes on: workflow_dispatch: push: pull_request: env: TERM: ansi AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }} AWS_DEFAULT_REGION: us-east-1 AWS_ENDPOINT_URL: https://s3.cy7.sh jobs: build-machines: strategy: fail-fast: false matrix: machine: - chunk - ytnix os: - ubuntu-latest runs-on: ${{ matrix.os }} steps: # - name: Maximize build disk space # uses: easimon/maximize-build-space@v10 # with: # overprovision-lvm: true # swap-size-mb: 1024 # remove-dotnet: 'true' # remove-android: 'true' # remove-haskell: 'true' # remove-codeql: 'true' # remove-docker-images: 'true' # build-mount-path: /nix - name: setup binary cache key run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - name: post-build-hook run: | sudo mkdir -p /etc/nix sudo cp ci/upload-to-cache.sh /etc/nix/ sudo chmod +x /etc/nix/upload-to-cache.sh - name: Install Nix uses: cachix/install-nix-action@v30 with: enable_kvm: true extra_nix_config: | show-trace = true experimental-features = nix-command flakes accept-flake-config = true system-features = nixos-test benchmark big-parallel kvm secret-key-files = ${{ runner.temp }}/cache-priv-key.pem extra-substituters = https://nixcache.cy7.sh extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= post-build-hook = /etc/nix/upload-to-cache.sh - name: debug run: echo "$(which nix)" - name: build run: | # package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" # nix build -L "$package" nix run nixpkgs#nixos-rebuild build -- -L --flake ".#${{ matrix.machine }}" - name: cache # https://stackoverflow.com/a/58859404 if: '!cancelled()' run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" nix run github:cything/nixcp -- \ push \ --bucket nixcache \ --signing-key ${{ runner.temp }}/cache-priv-key.pem \ -u https://nix-community.cachix.org \ $package build-homes: strategy: fail-fast: false matrix: home: - yt@ytnix - yt@chunk os: - ubuntu-latest # - macos-latest runs-on: ${{ matrix.os }} steps: - name: Maximize build disk space uses: easimon/maximize-build-space@v10 with: overprovision-lvm: true swap-size-mb: 1024 remove-dotnet: 'true' remove-android: 'true' remove-haskell: 'true' remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix - name: setup binary cache key run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem - name: Install Nix uses: cachix/install-nix-action@v30 with: enable_kvm: true extra_nix_config: | show-trace = true experimental-features = nix-command flakes accept-flake-config = true system-features = nixos-test benchmark big-parallel kvm secret-key-files = ${{ runner.temp }}/cache-priv-key.pem extra-substituters = https://nixcache.cy7.sh extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - name: build run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" nix build -L "$package" - name: cache # https://stackoverflow.com/a/58859404 if: '!cancelled()' run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" nix run github:cything/nixcp -- \ push \ --bucket nixcache \ --signing-key ${{ runner.temp }}/cache-priv-key.pem \ -u https://nix-community.cachix.org \ $package