Update prebuild.yml #400
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build NixOS VM images | |
concurrency: | |
group: ${{ ( github.event_name == 'push' && 'test' ) || 'release' }} | |
cancel-in-progress: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'push' }} | |
on: | |
workflow_dispatch: | |
schedule: | |
- cron: "0 4 * * *" | |
push: | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
jobs: | |
release: | |
name: Create Release | |
runs-on: ubuntu-latest | |
permissions: write-all | |
outputs: | |
timestamp: ${{ steps.get-timestamp.outputs.time }} | |
tag_name: ${{ steps.generate_env_vars.outputs.tag_name }} | |
configs: ${{ steps.get-configs.outputs.configs }} | |
arches: ${{ steps.get-arches.outputs.arches }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Get configuration files | |
id: get-configs | |
run: | | |
cd ./configurations | |
echo "configs=$(ls *.nix | sed -e 's/\.nix$//' | jq -R -s -c 'split("\n")[:-1]')" >> "$GITHUB_OUTPUT" | |
- name: Get architectures | |
id: get-arches | |
run: | | |
arches=`cat ./architectures.json` | |
delimiter="$(openssl rand -hex 8)" | |
echo "arches<<${delimiter}" >> "${GITHUB_OUTPUT}" | |
echo "${arches}" >> "${GITHUB_OUTPUT}" | |
echo "${delimiter}" >> "${GITHUB_OUTPUT}" | |
- name: Get build timestamp | |
id: get-timestamp | |
run: | | |
echo "time=$(/bin/date -u "+%Y-%m-%d")" >> $GITHUB_OUTPUT | |
- name: Generate environmental variables | |
id: generate_env_vars | |
run: | | |
echo "tag_name=nixos-image-${{ ( github.event_name == 'push' && 'test' ) || steps.get-timestamp.outputs.time }}" >> $GITHUB_OUTPUT | |
echo "release_name=${{ ( github.event_name == 'push' && format('Test Build {0}', steps.get-timestamp.outputs.time) ) || format('Build {0}', steps.get-timestamp.outputs.time) }}" >> $GITHUB_OUTPUT | |
- name: Check for existing tag | |
id: check-tag | |
run: | | |
if gh release view "${{ steps.generate_env_vars.outputs.tag_name }}" -R ${{ github.repository }}; then | |
echo "exists=true" >> $GITHUB_OUTPUT | |
else | |
echo "exists=false" >> $GITHUB_OUTPUT | |
fi | |
- name: Clear previous release | |
run: gh release delete ${{ steps.generate_env_vars.outputs.tag_name }} --yes --cleanup-tag -R ${{ github.repository }} | |
if: ${{ steps.check-tag.outputs.exists == 'true' }} | |
- name: Create new release | |
run: | | |
gh release create ${{ steps.generate_env_vars.outputs.tag_name }} --title "${{ steps.generate_env_vars.outputs.release_name }}" --generate-notes=false --draft=false --latest=false --prerelease=true | |
stage1-prebuild: | |
needs: release | |
uses: ./.github/workflows/prebuild.yml | |
with: | |
stage: stage1 | |
architectures: ${{ needs.release.outputs.arches }} | |
stage2-prebuild: | |
needs: [release, stage1-prebuild] | |
uses: ./.github/workflows/prebuild.yml | |
with: | |
stage: stage2 | |
architectures: ${{ needs.release.outputs.arches }} | |
stage3-prebuild: | |
needs: [release, stage2-prebuild] | |
uses: ./.github/workflows/prebuild.yml | |
with: | |
stage: stage3 | |
architectures: ${{ needs.release.outputs.arches }} | |
stage4-prebuild: | |
needs: [release, stage3-prebuild] | |
uses: ./.github/workflows/prebuild.yml | |
with: | |
stage: stage4 | |
architectures: ${{ needs.release.outputs.arches }} | |
final-prebuild: | |
needs: [release, stage4-prebuild] | |
uses: ./.github/workflows/prebuild.yml | |
with: | |
stage: final | |
architectures: ${{ needs.release.outputs.arches }} | |
stdenv-prebuild: | |
needs: [release, final-prebuild] | |
uses: ./.github/workflows/prebuild.yml | |
with: | |
stage: stdenv | |
architectures: ${{ needs.release.outputs.arches }} | |
builds: | |
needs: [release, stdenv-prebuild] | |
strategy: | |
fail-fast: false | |
matrix: | |
configuration: ${{ fromJson(needs.release.outputs.configs) }} | |
architecture: ${{ fromJson(needs.release.outputs.arches) }} | |
type: | |
- name: EC2 | |
format: amazon | |
ext: vhd | |
- name: Azure | |
format: azure | |
ext: vhd | |
- name: Digital Ocean | |
format: do | |
ext: qcow2.gz | |
- name: Docker | |
format: docker | |
ext: tar.xz | |
- name: GCE | |
format: gce | |
ext: raw.tar.gz | |
- name: HyperV | |
format: hyperv | |
ext: vhdx | |
- name: ISO | |
format: iso | |
ext: iso | |
- name: KubeVirt | |
format: kubevirt | |
ext: qcow2 | |
- name: Linode | |
format: linode | |
ext: img.gz | |
- name: Oracle Cloud | |
format: oracle | |
ext: qcow2 | |
- name: Proxmox | |
format: proxmox | |
ext: vma.zst | |
- name: Proxmox LXC | |
format: proxmox-lxc | |
ext: tar.xz | |
- name: QEMU | |
format: qcow | |
ext: qcow2 | |
- name: Raw BIOS Bootable | |
format: raw | |
ext: img | |
- name: Raw EFI Bootable | |
format: raw-efi | |
ext: img | |
- name: Vagrant | |
format: vagrant-virtualbox | |
ext: box | |
- name: Virtualbox | |
format: virtualbox | |
ext: ova | |
- name: VMWare | |
format: vmware | |
ext: vmdk | |
name: ${{ matrix.type.name }} Image (${{ matrix.configuration }}, ${{ matrix.architecture }}) | |
runs-on: ubuntu-latest | |
permissions: write-all | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v4 | |
- name: Setup Binfmt | |
uses: docker/setup-qemu-action@v3 | |
- name: Install Nix | |
uses: DeterminateSystems/nix-installer-action@main | |
with: | |
extra-conf: | | |
extra-platforms = ${{ matrix.architecture }}-linux | |
- name: Set Swap Space | |
uses: pierotofy/set-swap-space@master | |
with: | |
swap-size-gb: 32 | |
- uses: DeterminateSystems/magic-nix-cache-action@main | |
- name: Download Prebuilt stdenv | |
uses: actions/download-artifact@v4 | |
with: | |
name: ${{ matrix.architecture }}-prebuild-cache | |
path: ${{ runner.temp }}/${{ matrix.architecture }}-prebuild-cache | |
- name: Build | |
run: | | |
urlencode() { printf %s "$1" |jq -sRr '@uri'; } | |
NIX_SUBSTITUTERS_ARGS=" \ | |
--option require-sigs false \ | |
--option trusted-substituters file://$(urlencode '${{ runner.temp }}/${{ matrix.architecture }}-prebuild-cache')?priority=100 \ | |
--option substituters file://$(urlencode '${{ runner.temp }}/${{ matrix.architecture }}-prebuild-cache')?priority=100 \ | |
" | |
cp -LR "$(nix build $NIX_SUBSTITUTERS_ARGS .#nixosConfigurations.nixos-${{ matrix.configuration }}-${{ matrix.architecture }}.config.formats.${{ matrix.type.format }} --print-out-paths)" '${{ runner.temp }}' | |
- name: Upload | |
run: | | |
filepath=$(find -L "${{ runner.temp }}" -type f -name '*.${{ matrix.type.ext }}' | head -n 1) | |
chmod 755 "$filepath" | |
newpath="nixos-${{ matrix.type.format }}${{ ( matrix.configuration != 'default' && format('-{0}', matrix.configuration) ) || '' }}${{ ( matrix.architecture != 'x86_64' && format('-{0}', matrix.architecture) ) || '' }}.7z" | |
7z a -t7z -m0=lzma2 -mx=9 -mfb=64 -md=256m -ms=on "$newpath" "$filepath" | |
chmod 755 "$newpath" | |
gh release upload ${{ needs.release.outputs.tag_name }} "$newpath" --repo ${{ github.repository }} | |
publish: | |
needs: [release, builds] | |
name: Publish | |
runs-on: ubuntu-latest | |
permissions: write-all | |
steps: | |
- name: Set as latest | |
if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} | |
run: | | |
gh release edit ${{ needs.release.outputs.tag_name }} --draft=false --prerelease=false --latest=true --repo ${{ github.repository }} |