Skip to content
Build & Publish ISO Images

Build & Publish ISO Images #11

Sign in to view logs

Build & Publish ISO Images

Build & Publish ISO Images #11

Workflow file for this run

.github/workflows/iso.yml at d407b4d
name: Build & Publish ISO Images
on:
workflow_dispatch:
schedule:
- cron: "0 3 * * mon" # every monday at 3AM
concurrency: build
jobs:
build-images:
name: "Build ISO Images"
if: github.repository == 'notashelf/nyx'
runs-on: ubuntu-latest
strategy:
matrix:
image:
- erebus
- gaea
permissions:
contents: write
steps:
- name: "Checkout"
uses: actions/checkout@v4
with:
token: "${{ secrets.GITHUB_TOKEN }}"
- name: "Install Lix"
uses: DeterminateSystems/nix-installer-action@v13
with:
source-url: "https://install.lix.systems/lix/lix-installer-x86_64-linux"
diagnostic-endpoint: "" # so eelco can have more personalized self-merges? no thank you
backtrace: "true"
extra-conf: |
# Extra experimental features. fetch-tree is required internally
experimental-features = nix-command flakes fetch-tree
allow-import-from-derivation = false
extra-platforms = aarch64-linux
# extra substituters
# my own package set
extra-substituters = https://nyx.cachix.org
extra-trusted-public-keys = nyx.cachix.org-1:xH6G0MO9PrpeGe7mHBtj1WbNzmnXr7jId2mCiq6hipE=
# nix-community
extra-substituters = https://nix-community.cachix.org
extra-trusted-public-keys = nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=
- name: "Nix Magic Cache"
uses: DeterminateSystems/magic-nix-cache-action@main
- name: "Install nix-fast-build"
run: nix profile install nixpkgs#nix-fast-build
- name: "Build ISO Images"
shell: bash
run: |
nix-fast-build --skip-cached --no-nom \
--flake .#images.${{ matrix.image }} \
--out-link ${{ matrix.image }}
- uses: actions/upload-artifact@v4
with:
name: ${{ matrix.image }}-iso-image
path: ${{ matrix.image }}-/iso/*.iso # nix-fast-build appends - to the out-link name
publish-images:
name: "Build ISO Images"
runs-on: ubuntu-latest
needs: build-images
permissions:
contents: write
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
steps:
- name: "Download ISO Artifacts"
uses: actions/download-artifact@v4
with:
merge-multiple: true
- name: "Get current date"
id: get-date
# output format: 2023-12-30-234559
run: echo "date=$(date +'%Y-%m-%d-%H%M%S')" >> "${GITHUB_OUTPUT}"
- name: "Calculate Checksums"
run: |
calculate_checksum() {
sha256sum "$1" | awk '{print $1}'
}
iso_files=$(find . -maxdepth 1 -type f -name "*.iso")
# write checksums
touch checksums.txt
for file in $iso_files; do
checksum=$(calculate_checksum "$file")
echo "$file $checksum" >> checksums.txt
done
- name: "Create Release"
id: create_release
uses: softprops/action-gh-release@v2
with:
name: "iso-${{ steps.get-date.outputs.date }}"
tag_name: "iso-${{ steps.get-date.outputs.date }}"
files: |
*.iso
checksums.txt
body: |
# Weekly Iso Releases (${{ steps.get-date.outputs.date }})
Weekly automated ISO image releases for my NixOS configurations. Their definitions are as follows
* **erebus**: Airgapped system for sensitive jobs.
* **gaea**: Modified installation media
Both ISO images can be installed simultaneously using the following oneliner
```bash
REPO="notashelf/nyx"; curl -s "https://api.github.com/repos/$REPO/releases/latest" | jq \
-r '.assets[] | select(.content_type=="application/octet-stream") | .browser_download_url' | head \
-n 2 | xargs \
-n 1 wget
```
or, alternatively, you may pick a ISO and download from the section below.
## Warning
Do note that those configurations make assumptions about your setup, and may yield undesirable systems. Use
at your own risk.