-
Notifications
You must be signed in to change notification settings - Fork 0
46 lines (37 loc) · 1.41 KB
/
flake-check.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
# --- Run `nix flake check`
name: nix flake check
on:
workflow_dispatch: # allows manual triggering from the Actions UI
push:
branches:
- main
pull_request:
types: [opened, reopened, synchronize]
repository_dispatch:
types: [create-pull-request]
jobs:
flake-check:
runs-on: "ubuntu-latest"
steps:
- name: "Checking out repository..."
uses: actions/checkout@v4
- name: "Installing and configuring the nix package manager..."
uses: DeterminateSystems/nix-installer-action@main
with:
extra-conf: |
accept-flake-config = true
- name: "Setting up magic-nix-cache..."
uses: DeterminateSystems/magic-nix-cache-action@main
# NOTE Install any necessary packages here
- name: "Setting up packages..."
run: |
nix profile install nixpkgs#nix-fast-build # parallel nix builder
nix profile install nixpkgs#cargo-audit # Audit Cargo.lock files for crates with security vulnerabilities
- name: "Running `nix flake check`..."
run: nix-fast-build --skip-cached --no-nom
- name: "Running `nix build ...`..."
run: nix-fast-build --skip-cached --no-nom --flake ".#packages"
- name: "Running cargo-audit"
run: cargo-audit audit
- name: "Checking flake inputs for stale & insecure nixpkgs versions..."
uses: DeterminateSystems/flake-checker-action@main