Skip to content

Experimental Landlock based sandboxing #2742

Experimental Landlock based sandboxing

Experimental Landlock based sandboxing #2742

Workflow file for this run

name: "Nix"
on:
pull_request:
push:
branches:
- main
jobs:
build:
strategy:
matrix:
include:
- os: ubuntu-latest
arch: x86_64-linux
- os: ubuntu-latest
arch: aarch64-linux
- os: macos-14
arch: x86_64-darwin
- os: macos-14
arch: aarch64-darwin
name: Build Nix - ${{ matrix.arch }}.${{ matrix.os }}
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- name: Setup git lfs
uses: ./.github/actions/setup-git-lfs
- uses: cachix/install-nix-action@v30
with:
install_url: https://releases.nixos.org/nix/nix-2.18.8/install
extra_nix_config: |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
- name: Setup emulation
if: ${{ matrix.arch == 'aarch64-linux' }}
run: |
sudo apt update
sudo apt install -q -y qemu-system-aarch64 qemu-efi binfmt-support qemu-user-static
mkdir -p ~/.config/nix
echo "system-features = aarch64-linux arm-linux" | sudo tee -a /etc/nix/nix.conf
- uses: cachix/cachix-action@v15
with:
name: unblob
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
extraPullNames: pyperscan
- run: |
nix build -L --option system ${{ matrix.arch }} --extra-platforms ${{ matrix.arch }} .#packages.${{ matrix.arch }}.devenv
- run: |
nix flake check -L --impure --option system ${{ matrix.arch }} --extra-platforms ${{ matrix.arch }}