-
Notifications
You must be signed in to change notification settings - Fork 1
71 lines (54 loc) · 1.79 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
name: Main
permissions:
contents: read
packages: write
attestations: write
id-token: write
on:
push:
branches: [ "master" ]
env:
# Use docker.io for Docker Hub if empty
REGISTRY: ghcr.io
# github.repository as <account>/<repo>
IMAGE_NAME: ${{ github.repository }}
REGISTRY_IMAGE: "ghcr.io/cottand/selfhosted"
jobs:
check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: cachix/install-nix-action@v22
with:
github_access_token: ${{ secrets.GITHUB_TOKEN }}
- uses: DeterminateSystems/magic-nix-cache-action@main
- name: Flake check
run: |
nix check .
build-images:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: cachix/install-nix-action@v22
with:
github_access_token: ${{ secrets.GITHUB_TOKEN }}
- uses: DeterminateSystems/magic-nix-cache-action@main
- name: Build images
run: |
nix build -L .#scripts.all-images
- name: Install skopeo
run: |
nix profile install nixpkgs#skopeo
- name: Login to GHCR
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | skopeo login -u ${{ github.actor }} --password-stdin https://ghcr.io
- name: Push all images
shell: python
run: |
import os
import json
images = os.popen("jq < $(nix build .#scripts.all-images --print-out-paths)").read()
git_sha = os.popen('git rev-parse --short "$GITHUB_SHA"').read().strip()
for repo, path in json.loads(images).items():
dest_repo = f'docker://ghcr.io/cottand/selfhosted/{repo}:{git_sha}'
print(os.popen(f'skopeo --insecure-policy copy "docker-archive:{path}" "{dest_repo}"').read())