add: github workflows from flake

nix-community · Aug 26, 2023 · fe76433 · fe76433
1 parent 22fa20c
commit fe76433
Show file tree

Hide file tree

Showing 3 changed files with 179 additions and 14 deletions.
diff --git a/.github/workflows/nix-build-flake.yml b/.github/workflows/nix-build-flake.yml
@@ -0,0 +1,113 @@
+name: Nix Build
+on:
+  push:
+    branches:
+    - master
+    # for testing at the moment
+    - flake
+  pull_request:
+  workflow_dispatch:
+  schedule:
+    # Run once per day
+    - cron: '0 0 * * *'
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        nix_system:
+          - "x86_64-linux"
+          - "aarch64-linux"
+        nix_channel:
+          - "nixos-unstable"
+          - "nixos-22.11"
+          - "nixos-23.05"
+        target_image:
+          - bash
+          # - busybox
+          # - cachix
+          # - cachix-flakes
+          # - caddy
+          # - curl
+          # - devcontainer
+          # - docker-compose
+          # - hugo
+          # - kubectl
+          # - kubernetes-helm
+          # - nginx
+          # - nix
+          # - nix-flakes
+          # - nix-unstable
+          # - nix-unstable-static
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - uses: cachix/install-nix-action@v22
+        with:
+          nix_path: nixpkgs=channel:${{matrix.nix_channel}}
+          extra_nix_config: |
+            filter-syscalls = false
+            experimental-features = nix-command flakes
+            extra-platforms = aarch64-linux
+      - uses: DeterminateSystems/magic-nix-cache-action@main
+      - name: Nix Build Base Images
+        run: |
+          nix build '.#docker-nixpkgs.${{matrix.nix_system}}."${{matrix.nix_channel}}".${{matrix.target_image}}'
+      - name: Login to Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Load to local registry and retag
+        run: |
+          export derivation_name=$(nix derivation show '.#docker-nixpkgs.${{matrix.nix_system}}."${{matrix.nix_channel}}".${{matrix.target_image}}' | jq '.[].outputs.out.path' -r)
+          export tag=$(cat $derivation_name | docker load | awk '{print $3}')
+          export image_prefix=ghcr.io/${{github.actor}}/${{secrets.CI_PROJECT_PATH}}/${{matrix.target_image}}
+          docker tag $tag $image_prefix:${{matrix.nix_channel}}--${{matrix.nix_system}}
+          docker push $image_prefix:${{matrix.nix_channel}}--${{matrix.nix_system}}
+  manifests-create:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        nix_channel:
+          - "nixos-unstable"
+          - "nixos-22.11"
+          - "nixos-23.05"
+        target_image:
+          - bash
+          # - busybox
+          # - cachix
+          # - cachix-flakes
+          # - caddy
+          # - curl
+          # - devcontainer
+          # - docker-compose
+          # - hugo
+          # - kubectl
+          # - kubernetes-helm
+          # - nginx
+          # - nix
+          # - nix-flakes
+          # - nix-unstable
+          # - nix-unstable-static
+    needs:
+      - build
+    steps:
+      - uses: actions/checkout@v3
+      - name: Login to Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Create manifests
+        run: |
+          export image_prefix=ghcr.io/${{github.actor}}/${{secrets.CI_PROJECT_PATH}}/${{matrix.target_image}}
+          docker manifest create $image_prefix:${{matrix.nix_channel}} \
+            --amend $image_prefix:${{matrix.nix_channel}}--x86_64-linux \
+            --amend $image_prefix:${{matrix.nix_channel}}--aarch64-linux
+          docker manifest push $image_prefix:${{matrix.nix_channel}}
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -1,6 +1,8 @@
 {
   inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    nixpkgs-23-05.url = "github:NixOS/nixpkgs/nixos-23.05";
+    nixpkgs-22-11.url = "github:NixOS/nixpkgs/nixos-22.11";
     flake-utils.url = "github:numtide/flake-utils";
     flake-compat = {
       url = "github:edolstra/flake-compat";
@@ -9,7 +11,7 @@
     devshell.url = "github:numtide/devshell";
   };
 
-  outputs = { self, nixpkgs, flake-utils, devshell, ... }:
+  outputs = { self, nixpkgs, nixpkgs-23-05, nixpkgs-22-11, flake-utils, devshell, ... }:
     flake-utils.lib.eachDefaultSystem (system: {
       formatter = nixpkgs.legacyPackages.${system}.nixpkgs-fmt;
       docker-nixpkgs =
@@ -20,8 +22,24 @@
               (import ./overlay.nix)
             ];
           };
+          pkgs-23-05 = import nixpkgs-23-05 {
+            inherit system;
+            overlays = [
+              (import ./overlay.nix)
+            ];
+          };
+          pkgs-22-11 = import nixpkgs-22-11 {
+            inherit system;
+            overlays = [
+              (import ./overlay.nix)
+            ];
+          };
         in
-        pkgs.docker-nixpkgs;
+        {
+            "nixos-unstable" = pkgs.docker-nixpkgs;
+            "nixos-23.05" = pkgs-23-05.docker-nixpkgs;
+            "nixos-22.11" = pkgs-22-11.docker-nixpkgs;
+        };
       devShell =
         let
           pkgs = import nixpkgs {