diff options
| author | zowoq <59103226+zowoq@users.noreply.github.com> | 2020-12-06 10:53:21 +1000 |
|---|---|---|
| committer | zowoq <59103226+zowoq@users.noreply.github.com> | 2021-01-03 09:41:42 +1000 |
| commit | 84b57757ad488263b39e2fae80cbd48cf8d00130 (patch) | |
| tree | 3636615c09ceabba79979d870335ac320f1d4745 /.github | |
| parent | 8a9d1aad72e68328d76c22cb926c1dd7f0412ec0 (diff) | |
.github/workflows: build NixOS/Nixpkgs manuals with PR ref, restrict-eval and sandbox
Diffstat (limited to '.github')
| -rw-r--r-- | .github/workflows/manual-nixos.yml | 28 | ||||
| -rw-r--r-- | .github/workflows/manual-nixpkgs.yml | 28 |
2 files changed, 56 insertions, 0 deletions
diff --git a/.github/workflows/manual-nixos.yml b/.github/workflows/manual-nixos.yml new file mode 100644 index 000000000000..341ff06db8a4 --- /dev/null +++ b/.github/workflows/manual-nixos.yml @@ -0,0 +1,28 @@ +name: "Build NixOS manual" + +on: + pull_request_target: + branches: + - master + paths: + - 'nixos/**' + +jobs: + nixos: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + with: + # pull_request_target checks out the base branch by default + ref: refs/pull/${{ github.event.pull_request.number }}/merge + - uses: cachix/install-nix-action@v12 + with: + # explicitly enable sandbox + extra_nix_config: sandbox = true + - uses: cachix/cachix-action@v8 + with: + # This cache is for the nixos/nixpkgs manual builds and should not be trusted or used elsewhere. + name: nixpkgs-ci + signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' + - name: Building NixOS manual + run: nix-build --option restrict-eval true nixos/release.nix -A manual.x86_64-linux diff --git a/.github/workflows/manual-nixpkgs.yml b/.github/workflows/manual-nixpkgs.yml new file mode 100644 index 000000000000..b07563c9fcfa --- /dev/null +++ b/.github/workflows/manual-nixpkgs.yml @@ -0,0 +1,28 @@ +name: "Build Nixpkgs manual" + +on: + pull_request_target: + branches: + - master + paths: + - 'doc/**' + +jobs: + nixpkgs: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + with: + # pull_request_target checks out the base branch by default + ref: refs/pull/${{ github.event.pull_request.number }}/merge + - uses: cachix/install-nix-action@v12 + with: + # explicitly enable sandbox + extra_nix_config: sandbox = true + - uses: cachix/cachix-action@v8 + with: + # This cache is for the nixos/nixpkgs manual builds and should not be trusted or used elsewhere. + name: nixpkgs-ci + signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' + - name: Building Nixpkgs manual + run: nix-build --option restrict-eval true pkgs/top-level/release.nix -A manual |