Skip to content

Install "age" and "passage" for adding an option in encryption #1809

Install "age" and "passage" for adding an option in encryption

Install "age" and "passage" for adding an option in encryption #1809

Workflow file for this run

name: 🏠
on:
push:
branches: [main]
paths:
- '.github/workflows/ci-home.yml'
- 'home-manager/**.nix'
- '**.nix'
- 'flake.*'
- 'Makefile.toml'
pull_request:
paths:
- '.github/workflows/ci-home.yml'
- 'home-manager/**.nix'
- '**.nix'
- 'flake.*'
- 'Makefile.toml'
schedule:
# Every 10:42 JST
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule
- cron: '42 1 * * *'
workflow_dispatch:
jobs:
generate_matrix:
timeout-minutes: 5
runs-on: ubuntu-24.04
outputs:
matrix: ${{ steps.generator.outputs.matrix }}
steps:
- name: Install gh-action-escape
run: curl -fsSL https://raw.githubusercontent.com/kachick/gh-action-escape/main/scripts/install-in-github-action.sh | sh -s v0.2.0
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Get changed paths
run: |
git diff origin/main --name-only | gh-action-escape -name=CHANGED_PATHS | tee --append "$GITHUB_ENV"
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
cache-dependency-path: 'go.sum'
- name: Generate Matrix
id: generator
run: |
go run ./cmd/gen_matrix -event_name '${{ github.event_name }}' -paths "$CHANGED_PATHS" | gh-action-escape -name=matrix | tee -a "$GITHUB_OUTPUT"
home-manager:
needs: [generate_matrix]
if: (github.event_name != 'pull_request') || (!github.event.pull_request.draft)
timeout-minutes: 60
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.generate_matrix.outputs.matrix) }}
runs-on: ${{ matrix.os }}
steps:
# Do not use DeterminateSystems/magic-nix-cache-action for home workflow, it always faced to GitHub rate limit because of home depends on many packages
- uses: DeterminateSystems/nix-installer-action@v14
- uses: DeterminateSystems/magic-nix-cache-action@v8
- name: Print some dotfiles overviews
run: |
</etc/nix/nix.conf
ls -alh ~
- uses: actions/checkout@v4
# https://www.reddit.com/r/Nix/comments/1443k3o/comment/jr9ht5g/?utm_source=reddit&utm_medium=web2x&context=3
- run: mkdir -p ~/.local/state/nix/profiles
- run: nix develop --command echo 'This step should be done before any other "nix develop" steps because of measuring Nix build time'
- run: nix run .#home-manager -- switch -b backup --flake '.#github-actions@${{ matrix.os }}'
- name: 'Make sure no possibilities in nix store around #530 (around CVE-2024-3094)'
run: |
which xz
# Can be used when the xz is using /nix/store one
# nix-store --query --referrers "$(which xz)"
nix run .#check_no_dirty_xz_in_nix_store
- name: Print some paths and versions
run: |
which fish
which zsh
which bash
which ruby
which irb
which ssh
- name: Make sure the $PATH for bash is not overridden as like the `path_helper`. See https://github.com/kachick/dotfiles/issues/503
run: |
[[ "$(zsh -c 'which bash')" == "$HOME/.nix-profile/bin/bash" ]]
[[ "$(bash -c 'which bash')" == "$HOME/.nix-profile/bin/bash" ]]
[[ "$(fish -c 'which bash')" == "$HOME/.nix-profile/bin/bash" ]]
# Do not use interactive mode here.
# Solutions as https://github.com/actions/runner/issues/241#issuecomment-924327172 will not fit with several problems
- name: Run customized dependencies
run: |
fish --command 'starship --version'
zsh -c zsh -c 'which la; which p'
zsh -c 'ruby --version'
zsh -c 'irb --version'
zsh -c 'ssh -V'
zsh -c 'hx --health'
- name: Make sure macos dependencies
if: runner.os == 'macOS'
run: |
zsh -c 'command -v maccy'
- name: Run homemade commands
run: |
zsh -c 'la ~; lat ~/.config'
zsh -c "p neo-cowsay hello --command 'cowsay --rainbow \$(hello)'"
- name: Backup generated config
run: |
zsh -c 'archive-home-files home-manager-generation-home-files'
- name: Upload artifact
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: 'home-files-${{ github.sha }}-${{ matrix.os }}'
path: home-manager-generation-home-files.tar.gz
if-no-files-found: 'error'