Update NixOS #323
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Update NixOS | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: '10 0 * * *' | |
| concurrency: | |
| group: ${{ github.workflow }} | |
| cancel-in-progress: true | |
| jobs: | |
| update: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: write | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - uses: DeterminateSystems/determinate-nix-action@v3 | |
| - uses: DeterminateSystems/flakehub-cache-action@main | |
| - name: Update the flake | |
| run: | | |
| nix shell nixpkgs#nix-update -c .github/scripts/flake-update.sh | |
| - name: Free up some disk space | |
| uses: jlumbroso/free-disk-space@main | |
| with: | |
| tool-cache: true | |
| - name: Implement https://github.com/jlumbroso/free-disk-space/pull/24 | |
| run: | | |
| sudo apt-get purge --auto-remove -y snapd microsoft-edge-stable '^temurin-.*' '^.*jdk.*' '^.*jre.*' --fix-missing | |
| sudo rm -rf /usr/local /usr/share | |
| - name: Run Garbage Collector | |
| run: nix-collect-garbage -d | |
| - name: Build the ISO image | |
| # If there are dirty files, build the iso | |
| run: git diff-files --quiet || nix build --accept-flake-config .#nixosConfigurations.iso.config.system.build.isoImage | |
| - name: Generate tag name | |
| id: tag | |
| run: echo "name=$(ls result/iso/ | sed -E 's/.*\.([[:alnum:]]+)\.iso$/iso-\1/')" >> $GITHUB_OUTPUT | |
| - uses: oras-project/setup-oras@v1 | |
| - run: | | |
| git diff-files --quiet && exit 0 | |
| cd result/iso | |
| oras login ghcr.io -u github -p ${{ secrets.GITHUB_TOKEN }} | |
| oras push ghcr.io/${{ github.repository }}/nixos-iso:${{ steps.tag.outputs.name }},latest ./*.iso | |
| - name: Commit and push changes | |
| # If there are no dirty files, don't commit anything | |
| run: | | |
| git diff-files --quiet && exit 0 | |
| git config --global user.email "actions@github.com" | |
| git config --global user.name "GitHub Actions" | |
| git add flake.lock | |
| find . -name '*.nix' -print0 | xargs -0 git add | |
| git commit -m "Update flake.lock" | |
| git push | |
| # Let gh cache as the created files are not owned by us | |
| - run: sudo chmod -R 777 /nix |