Install "age" and "passage" for adding an option in encryption #1809
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: π | |
on: | |
push: | |
branches: [main] | |
paths: | |
- '.github/workflows/ci-home.yml' | |
- 'home-manager/**.nix' | |
- '**.nix' | |
- 'flake.*' | |
- 'Makefile.toml' | |
pull_request: | |
paths: | |
- '.github/workflows/ci-home.yml' | |
- 'home-manager/**.nix' | |
- '**.nix' | |
- 'flake.*' | |
- 'Makefile.toml' | |
schedule: | |
# Every 10:42 JST | |
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule | |
- cron: '42 1 * * *' | |
workflow_dispatch: | |
jobs: | |
generate_matrix: | |
timeout-minutes: 5 | |
runs-on: ubuntu-24.04 | |
outputs: | |
matrix: ${{ steps.generator.outputs.matrix }} | |
steps: | |
- name: Install gh-action-escape | |
run: curl -fsSL https://raw.githubusercontent.com/kachick/gh-action-escape/main/scripts/install-in-github-action.sh | sh -s v0.2.0 | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Get changed paths | |
run: | | |
git diff origin/main --name-only | gh-action-escape -name=CHANGED_PATHS | tee --append "$GITHUB_ENV" | |
- name: Set up Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: 'go.mod' | |
cache-dependency-path: 'go.sum' | |
- name: Generate Matrix | |
id: generator | |
run: | | |
go run ./cmd/gen_matrix -event_name '${{ github.event_name }}' -paths "$CHANGED_PATHS" | gh-action-escape -name=matrix | tee -a "$GITHUB_OUTPUT" | |
home-manager: | |
needs: [generate_matrix] | |
if: (github.event_name != 'pull_request') || (!github.event.pull_request.draft) | |
timeout-minutes: 60 | |
strategy: | |
fail-fast: false | |
matrix: ${{ fromJson(needs.generate_matrix.outputs.matrix) }} | |
runs-on: ${{ matrix.os }} | |
steps: | |
# Do not use DeterminateSystems/magic-nix-cache-action for home workflow, it always faced to GitHub rate limit because of home depends on many packages | |
- uses: DeterminateSystems/nix-installer-action@v14 | |
- uses: DeterminateSystems/magic-nix-cache-action@v8 | |
- name: Print some dotfiles overviews | |
run: | | |
</etc/nix/nix.conf | |
ls -alh ~ | |
- uses: actions/checkout@v4 | |
# https://www.reddit.com/r/Nix/comments/1443k3o/comment/jr9ht5g/?utm_source=reddit&utm_medium=web2x&context=3 | |
- run: mkdir -p ~/.local/state/nix/profiles | |
- run: nix develop --command echo 'This step should be done before any other "nix develop" steps because of measuring Nix build time' | |
- run: nix run .#home-manager -- switch -b backup --flake '.#github-actions@${{ matrix.os }}' | |
- name: 'Make sure no possibilities in nix store around #530 (around CVE-2024-3094)' | |
run: | | |
which xz | |
# Can be used when the xz is using /nix/store one | |
# nix-store --query --referrers "$(which xz)" | |
nix run .#check_no_dirty_xz_in_nix_store | |
- name: Print some paths and versions | |
run: | | |
which fish | |
which zsh | |
which bash | |
which ruby | |
which irb | |
which ssh | |
- name: Make sure the $PATH for bash is not overridden as like the `path_helper`. See https://github.com/kachick/dotfiles/issues/503 | |
run: | | |
[[ "$(zsh -c 'which bash')" == "$HOME/.nix-profile/bin/bash" ]] | |
[[ "$(bash -c 'which bash')" == "$HOME/.nix-profile/bin/bash" ]] | |
[[ "$(fish -c 'which bash')" == "$HOME/.nix-profile/bin/bash" ]] | |
# Do not use interactive mode here. | |
# Solutions as https://github.com/actions/runner/issues/241#issuecomment-924327172 will not fit with several problems | |
- name: Run customized dependencies | |
run: | | |
fish --command 'starship --version' | |
zsh -c zsh -c 'which la; which p' | |
zsh -c 'ruby --version' | |
zsh -c 'irb --version' | |
zsh -c 'ssh -V' | |
zsh -c 'hx --health' | |
- name: Make sure macos dependencies | |
if: runner.os == 'macOS' | |
run: | | |
zsh -c 'command -v maccy' | |
- name: Run homemade commands | |
run: | | |
zsh -c 'la ~; lat ~/.config' | |
zsh -c "p neo-cowsay hello --command 'cowsay --rainbow \$(hello)'" | |
- name: Backup generated config | |
run: | | |
zsh -c 'archive-home-files home-manager-generation-home-files' | |
- name: Upload artifact | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: 'home-files-${{ github.sha }}-${{ matrix.os }}' | |
path: home-manager-generation-home-files.tar.gz | |
if-no-files-found: 'error' |