Merge pull request #32 from tsandrini/update_flake_lock_action #39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # --- Run `nix flake check` | |
| name: nix flake check | |
| on: | |
| workflow_dispatch: # allows manual triggering from the Actions UI | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| types: [opened, reopened, synchronize] | |
| repository_dispatch: | |
| types: [create-pull-request] | |
| jobs: | |
| flake-check: | |
| runs-on: "ubuntu-latest" | |
| steps: | |
| - name: "Checking out repository..." | |
| uses: actions/checkout@v4 | |
| - name: "Installing and configuring the nix package manager..." | |
| uses: DeterminateSystems/nix-installer-action@main | |
| with: | |
| extra-conf: | | |
| accept-flake-config = true | |
| - name: "Setting up magic-nix-cache..." | |
| uses: DeterminateSystems/magic-nix-cache-action@main | |
| # NOTE Install any necessary packages here | |
| - name: "Setting up packages..." | |
| run: | | |
| nix profile install nixpkgs#nix-fast-build # parallel nix builder | |
| nix profile install nixpkgs#cargo-audit # Audit Cargo.lock files for crates with security vulnerabilities | |
| - name: "Running `nix flake check`..." | |
| run: nix-fast-build --skip-cached --no-nom | |
| - name: "Running `nix build ...`..." | |
| run: nix-fast-build --skip-cached --no-nom --flake ".#packages" | |
| - name: "Running cargo-audit" | |
| run: cargo-audit audit | |
| - name: "Checking flake inputs for stale & insecure nixpkgs versions..." | |
| uses: DeterminateSystems/flake-checker-action@main |