-
-
Notifications
You must be signed in to change notification settings - Fork 2
128 lines (100 loc) · 3.7 KB
/
iso.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
name: Build & Publish ISO Images
on:
workflow_dispatch:
schedule:
- cron: "0 3 * * mon" # every monday at 3AM
concurrency: build
jobs:
build-images:
name: "Build ISO Images"
if: github.repository == 'sukhmancs/nixos-configs'
runs-on: ubuntu-latest
strategy:
matrix:
image:
#- erebus
- gaea
permissions:
contents: write
steps:
- name: Checkout
uses: actions/checkout@v4
with:
token: "${{ secrets.GITHUB_TOKEN }}"
- name: Install nix
uses: cachix/install-nix-action@master
with:
install_url: https://nixos.org/nix/install
extra_nix_config: |
experimental-features = nix-command flakes
allow-import-from-derivation = false
extra-substituters = https://nyx.cachix.org
extra-trusted-public-keys = nyx.cachix.org-1:xH6G0MO9PrpeGe7mHBtj1WbNzmnXr7jId2mCiq6hipE=
extra-substituters = https://nix-community.cachix.org
extra-trusted-public-keys = nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=
- name: Nix Magic Cache
uses: DeterminateSystems/magic-nix-cache-action@main
- name: Build ISO Images
shell: bash
run: nix build .#images.${{ matrix.image }} -o ${{ matrix.image }} --print-build-logs
- uses: actions/upload-artifact@v4
with:
name: ${{ matrix.image }}-iso-image
path: ${{ matrix.image }}/iso/*.iso
# publish built images
publish-images:
name: "Build ISO Images"
runs-on: ubuntu-latest
needs: build-images
permissions:
contents: write
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
steps:
- name: Download ISO Artifacts
uses: actions/download-artifact@v4
with:
merge-multiple: true
- name: Display structure of downloaded files
run: ls -R
- name: Calculate Checksums
run: |
calculate_checksum() {
sha256sum "$1" | awk '{print $1}'
}
iso_files=$(find . -maxdepth 1 -type f -name "*.iso")
# write checksums
for file in $iso_files; do
checksum=$(calculate_checksum "$file")
echo "$file $checksum" >> checksums.txt
done
- name: Get current date
id: get-date
# output format: 2023-12-30-234559
run: echo "date=$(date +'%Y-%m-%d-%H%M%S')" >> "${GITHUB_OUTPUT}"
- name: Create Release
id: create_release
uses: softprops/action-gh-release@v2
with:
name: "iso-${{ steps.get-date.outputs.date }}"
tag_name: "iso-${{ steps.get-date.outputs.date }}"
files: |
*.iso
checksums.txt
body: |
# Weekly Iso Releases
> ${{ steps.get-date.outputs.date }}
Weekly automated ISO image releases for my NixOS configurations. Their definitions are as follows
* **erebus**: Airgapped system for sensitive jobs.
* **gaea**: Modified installation media
Both ISO images can be installed simultaneously using the following oneliner
```console
REPO="notashelf/nyx"; curl -s "https://api.github.com/repos/$REPO/releases/latest" | jq \
-r '.assets[] | select(.content_type=="application/octet-stream") | .browser_download_url' | head \
-n 2 | xargs \
-n 1 wget
```
or you may pick a ISO and download from the section below.
## Warning
Do note that those configurations make assumptions about your setup, and may yield undesirable systems. Use
at your own risk.