name: Build Docker Image on: push: branches: - trunk jobs: nix-flake-check: runs-on: debian-latest steps: - name: Install prerequisites run: apt update && apt install -y sudo zstd - name: "Cache Nix store" uses: actions/cache@v3.0.8 id: nix-cache with: path: /tmp/nixcache key: "dref-cache-v1" - name: Install Nix uses: https://github.com/cachix/install-nix-action@v22 with: extra_nix_config: "experimental-features = nix-command flakes" nix_path: nixpkgs=channel:nixos-23.05 - name: Remove access_tokens run: sed -i '/^access-tokens/d' /etc/nix/nix.conf - name: "Import Nix store cache" if: "steps.nix-cache.outputs.cache-hit == 'true'" run: "nix-store --import < /tmp/nixcache" - name: Check out repository uses: actions/checkout@v3.5.3 with: ref: trunk - name: Check codebase run: nix flake check -L - name: "Export Nix store cache" if: "steps.nix-cache.outputs.cache-hit != 'true'" run: "nix-store --export $(find /nix/store -maxdepth 1 -name '*-*') > /tmp/nixcache" docker-build: needs: nix-flake-check runs-on: debian-latest steps: - name: Install prerequisites run: apt update && apt install -y sudo zstd - name: "Cache Nix store" uses: actions/cache@v3.0.8 id: nix-cache with: path: /tmp/nixcache key: "dref-cache-v1" - name: Install Nix uses: https://github.com/cachix/install-nix-action@v22 with: extra_nix_config: "experimental-features = nix-command flakes" nix_path: nixpkgs=channel:nixos-23.05 - name: Remove access_tokens run: sed -i '/^access-tokens/d' /etc/nix/nix.conf - name: "Import Nix store cache" if: "steps.nix-cache.outputs.cache-hit == 'true'" run: "nix-store --import < /tmp/nixcache" - name: Check out repository uses: actions/checkout@v3.5.3 with: ref: trunk - name: Build image run: nix build .#docker - name: Push image with Skopeo run: | nix-env -i skopeo -f '' wget https://raw.githubusercontent.com/containers/skopeo/main/default-policy.json && mkdir /etc/containers && mv default-policy.json /etc/containers/policy.json skopeo copy docker-archive:result docker://icr.gmem.ca/dref:latest - name: "Export Nix store cache" if: "steps.nix-cache.outputs.cache-hit != 'true'" run: "nix-store --export $(find /nix/store -maxdepth 1 -name '*-*') > /tmp/nixcache" arm-docker-build: needs: nix-flake-check runs-on: debian-latest-arm steps: - name: Install prerequisites run: apt update && apt install -y sudo zstd - name: "Cache Nix store" uses: actions/cache@v3.0.8 id: nix-cache with: path: /tmp/nixcache key: "dref-cache-arm-v1" - name: Install Nix uses: https://github.com/cachix/install-nix-action@v22 with: extra_nix_config: "experimental-features = nix-command flakes" nix_path: nixpkgs=channel:nixos-23.05 - name: Remove access_tokens run: sed -i '/^access-tokens/d' /etc/nix/nix.conf - name: "Import Nix store cache" if: "steps.nix-cache.outputs.cache-hit == 'true'" run: "nix-store --import < /tmp/nixcache" - name: Check out repository uses: actions/checkout@v3.5.3 with: ref: trunk - name: Build image run: nix build .#docker - name: Push image with Skopeo run: | nix-env -i skopeo -f '' wget https://raw.githubusercontent.com/containers/skopeo/main/default-policy.json && mkdir /etc/containers && mv default-policy.json /etc/containers/policy.json skopeo copy docker-archive:result docker://icr.gmem.ca/dref:arm - name: "Export Nix store cache" if: "steps.nix-cache.outputs.cache-hit != 'true'" run: "nix-store --export $(find /nix/store -maxdepth 1 -name '*-*') > /tmp/nixcache"