Build & Publish ISO Images #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build & Publish ISO Images | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: "0 3 * * mon" # every monday at 3AM | |
| concurrency: build | |
| jobs: | |
| build-images: | |
| name: "Build ISO Images" | |
| if: github.repository == 'sukhmancs/nixos-configs' | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| image: | |
| #- erebus | |
| - gaea | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| token: "${{ secrets.GITHUB_TOKEN }}" | |
| - name: Install nix | |
| uses: cachix/install-nix-action@master | |
| with: | |
| install_url: https://nixos.org/nix/install | |
| extra_nix_config: | | |
| experimental-features = nix-command flakes | |
| allow-import-from-derivation = false | |
| extra-substituters = https://nyx.cachix.org | |
| extra-trusted-public-keys = nyx.cachix.org-1:xH6G0MO9PrpeGe7mHBtj1WbNzmnXr7jId2mCiq6hipE= | |
| extra-substituters = https://nix-community.cachix.org | |
| extra-trusted-public-keys = nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= | |
| - name: Nix Magic Cache | |
| uses: DeterminateSystems/magic-nix-cache-action@main | |
| - name: Build ISO Images | |
| shell: bash | |
| run: nix build .#images.${{ matrix.image }} -o ${{ matrix.image }} --print-build-logs | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ matrix.image }}-iso-image | |
| path: ${{ matrix.image }}/iso/*.iso | |
| # publish built images | |
| publish-images: | |
| name: "Build ISO Images" | |
| runs-on: ubuntu-latest | |
| needs: build-images | |
| permissions: | |
| contents: write | |
| env: | |
| GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | |
| steps: | |
| - name: Download ISO Artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| merge-multiple: true | |
| - name: Display structure of downloaded files | |
| run: ls -R | |
| - name: Calculate Checksums | |
| run: | | |
| calculate_checksum() { | |
| sha256sum "$1" | awk '{print $1}' | |
| } | |
| iso_files=$(find . -maxdepth 1 -type f -name "*.iso") | |
| # write checksums | |
| for file in $iso_files; do | |
| checksum=$(calculate_checksum "$file") | |
| echo "$file $checksum" >> checksums.txt | |
| done | |
| - name: Get current date | |
| id: get-date | |
| # output format: 2023-12-30-234559 | |
| run: echo "date=$(date +'%Y-%m-%d-%H%M%S')" >> "${GITHUB_OUTPUT}" | |
| - name: Create Release | |
| id: create_release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| name: "iso-${{ steps.get-date.outputs.date }}" | |
| tag_name: "iso-${{ steps.get-date.outputs.date }}" | |
| files: | | |
| *.iso | |
| checksums.txt | |
| body: | | |
| # Weekly Iso Releases | |
| > ${{ steps.get-date.outputs.date }} | |
| Weekly automated ISO image releases for my NixOS configurations. Their definitions are as follows | |
| * **erebus**: Airgapped system for sensitive jobs. | |
| * **gaea**: Modified installation media | |
| Both ISO images can be installed simultaneously using the following oneliner | |
| ```console | |
| REPO="notashelf/nyx"; curl -s "https://api.github.com/repos/$REPO/releases/latest" | jq \ | |
| -r '.assets[] | select(.content_type=="application/octet-stream") | .browser_download_url' | head \ | |
| -n 2 | xargs \ | |
| -n 1 wget | |
| ``` | |
| or you may pick a ISO and download from the section below. | |
| ## Warning | |
| Do note that those configurations make assumptions about your setup, and may yield undesirable systems. Use | |
| at your own risk. |