From 84b57757ad488263b39e2fae80cbd48cf8d00130 Mon Sep 17 00:00:00 2001
From: zowoq <59103226+zowoq@users.noreply.github.com>
Date: Sun, 6 Dec 2020 10:53:21 +1000
Subject: .github/workflows: build NixOS/Nixpkgs manuals with PR ref,
 restrict-eval and sandbox

---
 .github/workflows/manual-nixos.yml   | 28 ++++++++++++++++++++++++++++
 .github/workflows/manual-nixpkgs.yml | 28 ++++++++++++++++++++++++++++
 2 files changed, 56 insertions(+)
 create mode 100644 .github/workflows/manual-nixos.yml
 create mode 100644 .github/workflows/manual-nixpkgs.yml

(limited to '.github')

diff --git a/.github/workflows/manual-nixos.yml b/.github/workflows/manual-nixos.yml
new file mode 100644
index 000000000000..341ff06db8a4
--- /dev/null
+++ b/.github/workflows/manual-nixos.yml
@@ -0,0 +1,28 @@
+name: "Build NixOS manual"
+
+on:
+  pull_request_target:
+    branches:
+      - master
+    paths:
+      - 'nixos/**'
+
+jobs:
+  nixos:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          # pull_request_target checks out the base branch by default
+          ref: refs/pull/${{ github.event.pull_request.number }}/merge
+      - uses: cachix/install-nix-action@v12
+        with:
+          # explicitly enable sandbox
+          extra_nix_config: sandbox = true
+      - uses: cachix/cachix-action@v8
+        with:
+          # This cache is for the nixos/nixpkgs manual builds and should not be trusted or used elsewhere.
+          name: nixpkgs-ci
+          signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
+      - name: Building NixOS manual
+        run: nix-build --option restrict-eval true nixos/release.nix -A manual.x86_64-linux
diff --git a/.github/workflows/manual-nixpkgs.yml b/.github/workflows/manual-nixpkgs.yml
new file mode 100644
index 000000000000..b07563c9fcfa
--- /dev/null
+++ b/.github/workflows/manual-nixpkgs.yml
@@ -0,0 +1,28 @@
+name: "Build Nixpkgs manual"
+
+on:
+  pull_request_target:
+    branches:
+      - master
+    paths:
+      - 'doc/**'
+
+jobs:
+  nixpkgs:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          # pull_request_target checks out the base branch by default
+          ref: refs/pull/${{ github.event.pull_request.number }}/merge
+      - uses: cachix/install-nix-action@v12
+        with:
+          # explicitly enable sandbox
+          extra_nix_config: sandbox = true
+      - uses: cachix/cachix-action@v8
+        with:
+          # This cache is for the nixos/nixpkgs manual builds and should not be trusted or used elsewhere.
+          name: nixpkgs-ci
+          signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
+      - name: Building Nixpkgs manual
+        run: nix-build --option restrict-eval true pkgs/top-level/release.nix -A manual
-- 
cgit v1.2.3