test new workflow

.github/workflows/flake.yml

@@ -0,0 +1,44 @@
+name: "Update flake.lock"
+on:
+  schedule:
+    - cron: '0 6 * * 0'
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+      with:
+        ref: ${{ github.head_ref }}
+        token: ${{ secrets.PAT }}
+
+    - name: Import GPG key
+      uses: crazy-max/ghaction-import-gpg@v6
+      with:
+        gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+        passphrase: ${{ secrets.GPG_PASSPHRASE }}
+        trust_level: 5
+        git_user_signingkey: true
+        git_commit_gpgsign: true
+
+    - name: Install nix
+      uses: nixbuild/nix-quick-install-action@v26
+      with:
+        load_nixConfig: false
+
+    - name: Update flake
+      run: nix flake update
+
+    - name: Evaluate hosts configurations
+      run: nix develop .#ci --command ./ci.sh --flake .#nixosHostsCI
+
+    - name: Commit updated flake.lock
+      uses: stefanzweifel/git-auto-commit-action@v5
+      with:
+        commit_message: "[auto] Update flake.lock"
+        commit_options: '-S'
+        file_pattern: './flake.lock'

.github/workflows/hosts.yml

@@ -0,0 +1,51 @@
+name: "Build and cache hosts configurations"
+on:
+  push:
+    branches:
+      - master
+    paths:
+      - 'flake.lock'
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Maximize build space
+      uses: easimon/maximize-build-space@master
+      with:
+        remove-dotnet: 'true'
+        remove-android: 'true'
+        remove-haskell: 'true'
+        remove-codeql: 'true'
+        remove-docker-images: 'true'
+        build-mount-path: '/nix'
+        temp-reserve-mb: '512'
+
+    - name: Checkout
+      uses: actions/checkout@v4
+      with:
+        ref: ${{ github.head_ref }}
+
+    - name: Install nix
+      uses: nixbuild/nix-quick-install-action@v26
+      with:
+        load_nixConfig: false
+        nix_conf: |
+          access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+          substituters = https://cache.nixos.org https://nix-community.cachix.org https://hyprland.cachix.org https://ataraxiadev-foss.cachix.org https://cache.ataraxiadev.com/ataraxiadev
+          trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc= ataraxiadev-foss.cachix.org-1:ws/jmPRUF5R8TkirnV1b525lP9F/uTBsz2KraV61058= ataraxiadev:/V5bNjSzHVGx6r2XA2fjkgUYgqoz9VnrAHq45+2FJAs=
+          netrc-file = /home/runner/.config/nix/netrc
+
+    - name: Setup attic cache
+      run: |
+        mkdir -p /home/runner/.config/nix
+        echo "machine cache.ataraxiadev.com" > /home/runner/.config/nix/netrc
+        echo "password ${{ secrets.ATTIC_TOKEN }}" >> /home/runner/.config/nix/netrc
+        nix run github:AtaraxiaSjel/attic#attic -- login dev https://cache.ataraxiadev.com/ ${{ secrets.ATTIC_TOKEN }}
+
+    - name: Build NixOS configurations
+      run: nix run github:Mic92/nix-fast-build -- --max-jobs 2 --no-nom --retries 3 --skip-cached --eval-max-memory-size 2048 --eval-workers 4 --flake .#nixosHostsCI
+
+    - name: Push to attic
+      run: nix run github:AtaraxiaSjel/attic#attic -- push ataraxiadev result*

.github/workflows/iso.yml

@@ -14,18 +14,31 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - name: Checkout
-    - name: Install nix
+      uses: actions/checkout@v4
-      uses: cachix/install-nix-action@v21
       with:
-        nix_path: 'nixpkgs=channel:nixos-unstable'
+        ref: ${{ github.head_ref }}
-        extra_nix_config: |
+
+    - name: Install nix
+      uses: nixbuild/nix-quick-install-action@v26
+      with:
+        load_nixConfig: false
+        nix_conf: |
           access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
-          substituters = https://cache.nixos.org https://nix-community.cachix.org https://ataraxiadev-foss.cachix.org https://cache.ataraxiadev.com/ataraxiadev
+          substituters = https://cache.nixos.org https://nix-community.cachix.org https://hyprland.cachix.org https://ataraxiadev-foss.cachix.org https://cache.ataraxiadev.com/ataraxiadev
-          trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= ataraxiadev-foss.cachix.org-1:ws/jmPRUF5R8TkirnV1b525lP9F/uTBsz2KraV61058= ataraxiadev:/V5bNjSzHVGx6r2XA2fjkgUYgqoz9VnrAHq45+2FJAs=
+          trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc= ataraxiadev-foss.cachix.org-1:ws/jmPRUF5R8TkirnV1b525lP9F/uTBsz2KraV61058= ataraxiadev:/V5bNjSzHVGx6r2XA2fjkgUYgqoz9VnrAHq45+2FJAs=
-    - name: Build ISO
+          netrc-file = /home/runner/.config/nix/netrc
+
+    - name: Setup attic cache
       run: |
-        nix build .#Flakes-ISO
+        mkdir -p /home/runner/.config/nix
+        echo "machine cache.ataraxiadev.com" > /home/runner/.config/nix/netrc
+        echo "password ${{ secrets.ATTIC_TOKEN }}" >> /home/runner/.config/nix/netrc
+        nix run github:AtaraxiaSjel/attic#attic -- login dev https://cache.ataraxiadev.com/ ${{ secrets.ATTIC_TOKEN }}
+
+    - name: Build ISO
+      run: nix build .#Flakes-ISO
+
     - name: Push ISO to artifacts
       uses: actions/upload-artifact@v3
       with:

ci.sh

@@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+args=(
+  "$@"
+  --accept-flake-config
+  --gc-roots-dir gcroot
+  --max-memory-size "2048"
+  --option allow-import-from-derivation true
+  --show-trace
+  --workers 4
+)
+
+if [[ -n "${GITHUB_STEP_SUMMARY-}" ]]; then
+  log() {
+    echo "$*" >> "$GITHUB_STEP_SUMMARY"
+  }
+else
+  log() {
+    echo "$*"
+  }
+fi
+
+eval_error=0
+
+for job in $(nix-eval-jobs "${args[@]}" | jq -r '. | @base64'); do
+  job=$(echo "$job" | base64 -d)
+  attr=$(echo "$job" | jq -r .attr)
+  echo "### $attr"
+  error=$(echo "$job" | jq -r .error)
+  if [[ $error != null ]]; then
+    log "### ❌ $attr"
+    log
+    log "<details><summary>Eval error:</summary><pre>"
+    log "$error"
+    log "</pre></details>"
+    eval_error=1
+  else
+    log "### ✅ $attr"
+  fi
+done
+
+exit $eval_error

flake.nix

@@ -192,8 +192,7 @@
         ci = pkgs.mkShell {
           name = "ci";
           packages = with pkgs; [
-            inputs.attic.packages.${pkgs.system}.attic
+            nix-eval-jobs jq
-            nix-build-uncached
           ];
         };
       };