π¨ Clarify to disable XDG Base Directories in classic Nix functions for now #86
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Container | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| branches: | |
| - main | |
| paths-ignore: | |
| - '**.md' | |
| - '.vscode/**' | |
| - '.git**' | |
| - '!.github/workflows/container.yml' | |
| pull_request: | |
| paths-ignore: | |
| - '**.md' | |
| - '.vscode/**' | |
| - '.git**' | |
| - '!.github/workflows/container.yml' | |
| workflow_dispatch: | |
| jobs: | |
| # podman can handle lowercase. So normalize the outputs | |
| get-meta: | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 5 | |
| outputs: | |
| started_at: ${{ steps.timestamp.outputs.started_at }} | |
| steps: | |
| - name: Get started timestamp | |
| id: timestamp | |
| run: | | |
| # Do not use ":" delimiter as iso-8601/rfc-3339, it cannot be used in container tag | |
| echo "started_at=$(date --utc '+%Y%m%d-%H%M%S-%Z')" | ruby -pe '$_.downcase!' | tee -a "$GITHUB_OUTPUT" | |
| build_and_push: | |
| needs: [get-meta] | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 60 | |
| steps: | |
| - name: Logging initial dependency versions | |
| run: | | |
| podman version | |
| crun --version | |
| - name: Base setup | |
| run: | | |
| # Update crun: https://noobient.com/2023/11/15/fixing-ubuntu-containers-failing-to-start-with-systemd/ | |
| # TODO: Integrate selfup here | |
| CRUN_VER='1.14.4' | |
| mkdir -p "${HOME}/.local/bin" | |
| curl -L "https://github.com/containers/crun/releases/download/${CRUN_VER}/crun-${CRUN_VER}-linux-amd64" -o "${HOME}/.local/bin/crun" | |
| chmod +x "${HOME}/.local/bin/crun" | |
| # We can remove this since ubuntu-24.04, but keeping maybe better | |
| - name: Update crun in podman | |
| run: | | |
| mkdir -p "${HOME}/.config/containers" | |
| cat << EOF > "${HOME}/.config/containers/containers.conf" | |
| [engine.runtimes] | |
| crun = [ | |
| "${HOME}/.local/bin/crun", | |
| "/usr/bin/crun" | |
| ] | |
| EOF | |
| - name: Logging dependency versions | |
| run: | | |
| podman version | |
| crun --version | |
| - uses: actions/checkout@v4 | |
| - name: Build Image | |
| uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 #v2.13 | |
| with: | |
| image: systemd-prepared | |
| containerfiles: | | |
| containers/Containerfile | |
| oci: true | |
| - name: Run and commit Nix operations by the user while running the systemd | |
| run: | | |
| set -euxo pipefail | |
| container_id="$(podman run --detach --rm systemd-prepared)" | |
| podman exec --user=user -it "$container_id" /provisioner/needs_systemd.bash | |
| podman exec --user=root -it "$container_id" rm -rf /provisioner/cleanup.bash | |
| podman commit "$container_id" home | |
| podman kill "$container_id" | |
| podman tag home home:latest | |
| podman tag home home:${{ github.sha }} | |
| podman tag home home:${{ needs.get-meta.outputs.started_at }} | |
| - name: Test output image | |
| run: | | |
| set -euxo pipefail | |
| container_id="$(podman run --detach --rm home:${{ needs.get-meta.outputs.started_at }})" | |
| podman exec --user=user "$container_id" cat /etc/nix/nix.conf | |
| podman exec --user=user --workdir='/home/user' -it "$container_id" '/home/user/.nix-profile/bin/zsh' -c 'la; la --tree ~/.config' | |
| podman kill "$container_id" | |
| - name: Push To ghcr.io | |
| id: push-to-ghcr | |
| if: ${{ github.event_name != 'pull_request' }} | |
| uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c #v2.8 | |
| with: | |
| image: home | |
| tags: latest ${{ github.sha }} ${{ needs.get-meta.outputs.started_at }} | |
| registry: ghcr.io/${{ github.repository_owner }} | |
| username: ${{ github.repository_owner }} | |
| password: ${{ github.token }} | |
| - name: Log pushed outputs | |
| if: ${{ github.event_name != 'pull_request' }} | |
| run: echo "${{ toJSON(steps.push-to-ghcr.outputs) }}" |