Build NixOS VM images #411
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build NixOS VM images | |
concurrency: | |
group: ${{ ( github.event_name == 'push' && 'test' ) || 'release' }} | |
cancel-in-progress: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'push' }} | |
on: | |
workflow_dispatch: | |
schedule: | |
- cron: "0 4 * * 0" | |
push: | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
jobs: | |
release: | |
name: Create Release | |
runs-on: ubuntu-latest | |
permissions: write-all | |
outputs: | |
timestamp: ${{ steps.get-timestamp.outputs.time }} | |
tag_name: ${{ steps.generate_env_vars.outputs.tag_name }} | |
configs: ${{ steps.get-configs.outputs.configs }} | |
arches: ${{ steps.get-arches.outputs.arches }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Get configuration files | |
id: get-configs | |
run: | | |
cd ./configurations | |
echo "configs=$(ls *.nix | sed -e 's/\.nix$//' | jq -R -s -c 'split("\n")[:-1]')" >> "$GITHUB_OUTPUT" | |
- name: Get architectures | |
id: get-arches | |
run: | | |
arches=`cat ./architectures.json` | |
delimiter="$(openssl rand -hex 8)" | |
echo "arches<<${delimiter}" >> "${GITHUB_OUTPUT}" | |
echo "${arches}" >> "${GITHUB_OUTPUT}" | |
echo "${delimiter}" >> "${GITHUB_OUTPUT}" | |
- name: Get build timestamp | |
id: get-timestamp | |
run: | | |
echo "time=$(/bin/date -u "+%Y-%m-%d")" >> $GITHUB_OUTPUT | |
- name: Generate environmental variables | |
id: generate_env_vars | |
run: | | |
echo "tag_name=nixos-image-${{ ( github.event_name == 'push' && 'test' ) || steps.get-timestamp.outputs.time }}" >> $GITHUB_OUTPUT | |
echo "release_name=${{ ( github.event_name == 'push' && format('Test Build {0}', steps.get-timestamp.outputs.time) ) || format('Build {0}', steps.get-timestamp.outputs.time) }}" >> $GITHUB_OUTPUT | |
- name: Check for existing tag | |
id: check-tag | |
run: | | |
if gh release view "${{ steps.generate_env_vars.outputs.tag_name }}" -R ${{ github.repository }}; then | |
echo "exists=true" >> $GITHUB_OUTPUT | |
else | |
echo "exists=false" >> $GITHUB_OUTPUT | |
fi | |
- name: Clear previous release | |
run: gh release delete ${{ steps.generate_env_vars.outputs.tag_name }} --yes --cleanup-tag -R ${{ github.repository }} | |
if: ${{ steps.check-tag.outputs.exists == 'true' }} | |
- name: Create new release | |
run: | | |
gh release create ${{ steps.generate_env_vars.outputs.tag_name }} --title "${{ steps.generate_env_vars.outputs.release_name }}" --generate-notes=false --draft=false --latest=false --prerelease=true | |
builds: | |
needs: release | |
strategy: | |
fail-fast: false | |
matrix: | |
configuration: ${{ fromJson(needs.release.outputs.configs) }} | |
architecture: ${{ fromJson(needs.release.outputs.arches) }} | |
type: | |
- name: EC2 | |
format: amazon | |
ext: vhd | |
- name: Azure | |
format: azure | |
ext: vhd | |
- name: Digital Ocean | |
format: do | |
ext: qcow2.gz | |
- name: Docker | |
format: docker | |
ext: tar.xz | |
- name: GCE | |
format: gce | |
ext: raw.tar.gz | |
- name: HyperV | |
format: hyperv | |
ext: vhdx | |
- name: ISO | |
format: iso | |
ext: iso | |
- name: KubeVirt | |
format: kubevirt | |
ext: qcow2 | |
- name: Linode | |
format: linode | |
ext: img.gz | |
- name: Oracle Cloud | |
format: oracle | |
ext: qcow2 | |
- name: Proxmox | |
format: proxmox | |
ext: vma.zst | |
- name: Proxmox LXC | |
format: proxmox-lxc | |
ext: tar.xz | |
- name: QEMU | |
format: qcow | |
ext: qcow2 | |
- name: Raw BIOS Bootable | |
format: raw | |
ext: img | |
- name: Raw EFI Bootable | |
format: raw-efi | |
ext: img | |
- name: Vagrant | |
format: vagrant-virtualbox | |
ext: box | |
- name: Virtualbox | |
format: virtualbox | |
ext: ova | |
- name: VMWare | |
format: vmware | |
ext: vmdk | |
name: ${{ matrix.type.name }} Image (${{ matrix.configuration }}, ${{ matrix.architecture }}) | |
runs-on: ubuntu-latest | |
permissions: write-all | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v4 | |
- name: Setup Binfmt | |
uses: docker/setup-qemu-action@v3 | |
- name: Install Nix | |
uses: DeterminateSystems/nix-installer-action@main | |
with: | |
extra-conf: | | |
extra-platforms = ${{ matrix.architecture }}-linux | |
- name: Set Swap Space | |
uses: pierotofy/set-swap-space@master | |
with: | |
swap-size-gb: 32 | |
- name: Build | |
run: | | |
cp -LR "$(nix build .#nixosConfigurations.nixos-${{ matrix.configuration }}-${{ matrix.architecture }}.config.formats.${{ matrix.type.format }} --print-out-paths)" '${{ runner.temp }}' | |
- name: Upload | |
run: | | |
filepath=$(find -L "${{ runner.temp }}" -type f -name '*.${{ matrix.type.ext }}' | head -n 1) | |
chmod 755 "$filepath" | |
newpath="nixos-${{ matrix.type.format }}${{ ( matrix.configuration != 'default' && format('-{0}', matrix.configuration) ) || '' }}${{ ( matrix.architecture != 'x86_64' && format('-{0}', matrix.architecture) ) || '' }}.7z" | |
7z a -t7z -m0=lzma2 -mx=9 -mfb=64 -md=256m -ms=on "$newpath" "$filepath" | |
chmod 755 "$newpath" | |
gh release upload ${{ needs.release.outputs.tag_name }} "$newpath" --repo ${{ github.repository }} | |
publish: | |
needs: [release, builds] | |
name: Publish | |
runs-on: ubuntu-latest | |
permissions: write-all | |
steps: | |
- name: Set as latest | |
if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} | |
run: | | |
gh release edit ${{ needs.release.outputs.tag_name }} --draft=false --prerelease=false --latest=true --repo ${{ github.repository }} |