.github/workflows/build-isos.yml at main · isabelroses.com/dotfiles

isabelroses.com / dotfiles

fork atom

my over complex system configurations dotfiles.isabelroses.com/

nixos nix flake dotfiles linux

fork atom

dotfiles / .github / workflows / build-isos.yml

at main 65 lines 2.4 kB view raw

wrap content

isabelroses.com ci(isos): fix tarballs 18d ago

05dc6ee4

 1name: Build and Release ISO Images
 2
 3on:
 4  workflow_dispatch:
 5  schedule:
 6    - cron: "0 4 1,15 * *" # Run on the 1st and 15th of every month at 3:00 AM
 7
 8permissions:
 9  attestations: write
10  contents: write
11
12jobs:
13  build-isos:
14    runs-on: ubuntu-latest
15
16    steps:
17      - name: Maximize Space
18        uses: easimon/maximize-build-space@fc881a613ad2a34aca9c9624518214ebc21dfc0c # v10
19        with:
20          overprovision-lvm: true
21          remove-android: true
22          remove-dotnet: true
23          remove-codeql: true
24          remove-haskell: true
25          remove-docker-images: true
26
27      - name: Checkout
28        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
29        with:
30          persist-credentials: false
31
32      - name: Install Lix
33        uses: samueldr/lix-gha-installer-action@7b7f14d320d6aacfb65bd1ef761566b3b69e474c # v2026-02-22
34        with:
35          extra_nix_config: |
36            substituters = https://nix-community.cachix.org https://catppuccin.cachix.org https://cache.nixos.org/ https://cache.tgirl.cloud/tgirlcloud/
37            trusted-public-keys = nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= catppuccin.cachix.org-1:noG/4HkbhJb+lUAdKrph6LaozJvAeEEZj4N732IysmU= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= tgirlcloud:EaOlHrpuOI6Zwmir3/MzqS9uA0Xn3gYr15/k/v0HIPo=
38
39      # we shouldn't really be needing to do this, but sometimes lix isn't
40      # build before we get here
41      # https://git.lix.systems/lix-project/lix/issues/545
42      - name: Loosen apparmor restrictions
43        run: |
44          sudo sysctl -w kernel.apparmor_restrict_unprivileged_unconfined=0
45          sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
46
47      - name: Build Lilith Iso
48        continue-on-error: false
49        run: |
50          nix build -L .#nixosConfigurations.lilith.config.system.build.isoImage
51          cp result/iso/*.iso ./lilith.iso
52
53      - name: Build config
54        run: |
55          nix build -L .#nixosConfigurations.amaterasu.config.home-manager.users.isabel.home-files
56          tar -czvhf dotfiles.tar.gz result/
57
58      - name: Upload Release Artifacts
59        run: |
60          release=$(date +"%Y-%m-%d")
61          gh release create "$release"
62          gh release upload "$release" ./lilith.iso
63          gh release upload "$release" ./dotfiles.tar.gz
64        env:
65          GH_TOKEN: ${{ github.token }}