name: docker on: push: branches: [main] env: REGISTRY: git.nexveridian.com IMAGE_NAME: ${{ github.repository }} NIX_CONFIG: "experimental-features = nix-command flakes" jobs: build: runs-on: docker permissions: contents: read packages: write id-token: write steps: - name: Setup Attic cache run: | nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client login nex https://nix.nexveridian.com ${{ secrets.ATTIC_TOKEN }} || true nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client use nexveridian-web || true - uses: actions/checkout@v4 - name: Install Podman run: | mkdir -p ~/.local/bin nix build -I nixpkgs=channel:nixos-unstable nixpkgs#podman -o ~/.local/podman ln -sf ~/.local/podman/bin/podman ~/.local/bin/podman echo "$HOME/.local/bin" >> $GITHUB_PATH - name: Build Nix package run: nix build .#my-docker - name: Prepare repository variables run: | echo "REPO=${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} STRIP_REPO_USERNAME=${GITHUB_REPOSITORY,,#nexveridian/} echo "STRIP_REPO_USERNAME=${STRIP_REPO_USERNAME}" >> ${GITHUB_ENV} - name: Load, tag and push image with Podman run: | echo "Loading Docker image into Podman..." podman load < result echo "Logging into registry..." echo "${{ secrets.GITHUB_TOKEN }}" | podman login ${{ env.REGISTRY }} -u ${{ github.actor }} --password-stdin echo "Tagging image..." podman tag ${{ env.STRIP_REPO_USERNAME }}:latest ${{ env.REGISTRY }}/${{ env.REPO }}:latest echo "Pushing image..." podman push ${{ env.REGISTRY }}/${{ env.REPO }}:latest - name: Push to attic if: always() run: | valid_paths="" for path in /nix/store/*/; do if nix path-info "$path" >/dev/null 2>&1; then valid_paths="$valid_paths $path" fi done if [ -n "$valid_paths" ]; then for i in {1..3}; do nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client push nexveridian-web $valid_paths && break || [ $i -eq 3 ] || sleep 5 done fi