This repository was archived by the owner on Apr 8, 2026. It is now read-only.
lon: update nixpkgs #118
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and deploy | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - src/**.cs | |
| - src/Ktisis.csproj | |
| - src/package.nix | |
| - src/deps.json | |
| - default.nix | |
| - lon.nix | |
| - lon.lock | |
| - Dockerfile | |
| - .github/workflows/build.yml | |
| workflow_dispatch: | |
| jobs: | |
| Build: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Install Lix | |
| uses: samueldr/[email protected] | |
| - name: Install Cachix | |
| uses: cachix/cachix-action@v16 | |
| with: | |
| name: drakon64 | |
| authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" | |
| - name: Build | |
| run: cachix watch-exec drakon64 -- nix-build -A docker | |
| - name: Create Cachix pins | |
| run: | | |
| cachix pin drakon64 ktisis "$(nix eval --expr 'import ./. {}' --raw --impure)" --keep-revisions 1 | |
| cachix pin drakon64 ktisis-docker "$(nix eval --file ./default.nix docker --raw)" --keep-revisions 1 | |
| - run: docker load < result | |
| - uses: docker/metadata-action@v5 | |
| id: meta | |
| with: | |
| images: ghcr.io/${{ github.repository }} | |
| tags: latest | |
| - name: Login to GitHub Packages | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Upload to GitHub Packages | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| env: | |
| SOURCE_DATE_EPOCH: 0 | |
| Deploy: | |
| needs: | |
| - Build | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Install Lix | |
| uses: samueldr/[email protected] | |
| - name: Install Cachix | |
| uses: cachix/cachix-action@v16 | |
| with: | |
| name: drakon64 | |
| authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" | |
| - name: Build Nix shell | |
| run: nix-shell -A opentofu --run "exit" | |
| - uses: google-github-actions/auth@v3 | |
| with: | |
| project_id: ${{ secrets.GCP_PROJECT }} | |
| workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} | |
| - name: Deploy to Cloud Run | |
| run: | | |
| echo "$TERRAFORM_TFVARS" | base64 -d > terraform.tfvars | |
| nix-shell -A opentofu ../shell.nix --run "tofu init" | |
| nix-shell -A opentofu ../shell.nix --run "tofu apply -auto-approve -target module.ktisis.google_cloud_run_v2_service.processor -target module.ktisis.google_cloud_run_v2_service.receiver" | |
| working-directory: tofu | |
| env: | |
| TERRAFORM_TFVARS: ${{ secrets.TERRAFORM_TFVARS }} |