ci(github/actions): add container action

This is a manually dispatched job that will push the given nix package to docker.io. This assumes that the result of building the package is a docker image archive.
justinrubek · Oct 12, 2023 · d2faa6a · d2faa6a
1 parent 64459e0
commit d2faa6a
Showing 1 changed file with 47 additions and 0 deletions.
diff --git a/.github/workflows/containers.yaml b/.github/workflows/containers.yaml
@@ -0,0 +1,47 @@
+name: build and push container to registry
+on:
+  workflow_dispatch:
+    inputs:
+      image_name:
+        type: string
+        description: the package to use for `nix build`
+      repository_name:
+        type: string
+        description: the container registry name
+
+jobs:
+  publish-ghcr:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Install nix
+        uses: DeterminateSystems/nix-installer-action@v2
+        with:
+          logger: pretty
+          log-directives: nix_installer=trace
+          backtrace: full
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+          extra-conf: |
+            extra-substituters = https://cache.garnix.io
+            extra-trusted-public-keys = cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=
+            system-features = kvm
+
+      - name: build image
+        env:
+          PACKAGE_NAME: ${{ inputs.image_name }}
+        run: nix build .#${PACKAGE_NAME}
+
+      - name: login to registry
+        env:
+          USERNAME: ${{ secrets.DOCKER_HUB_USERNAME }}
+          PASSWORD: ${{ secrets.DOCKER_HUB_TOKEN }}
+        run: echo ${PASSWORD} | nix develop .#ci -c skopeo login docker.io -u ${USERNAME} --password-stdin
+
+      - name: push to registry
+        env:
+          REPO_OWNER: justinrubek
+          REPO_NAME: ${{ inputs.repository_name }}
+          VERSION: ${{ github.sha }}
+        run: nix develop .#ci -c skopeo copy docker-archive:result docker://${REPO_OWNER}/${REPO_NAME}:${VERSION} --insecure-policy