name: Build and Release ISO Images on: workflow_dispatch: schedule: - cron: "0 4 1,15 * *" # Run on the 1st and 15th of every month at 3:00 AM permissions: attestations: write contents: write jobs: build-isos: runs-on: ubuntu-latest steps: - name: Maximize Space uses: easimon/maximize-build-space@fc881a613ad2a34aca9c9624518214ebc21dfc0c # v10 with: overprovision-lvm: true remove-android: true remove-dotnet: true remove-codeql: true remove-haskell: true remove-docker-images: true - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Install Lix uses: samueldr/lix-gha-installer-action@7b7f14d320d6aacfb65bd1ef761566b3b69e474c # v2026-02-22 with: extra_nix_config: | substituters = https://nix-community.cachix.org https://catppuccin.cachix.org https://cache.nixos.org/ https://cache.tgirl.cloud/tgirlcloud/ trusted-public-keys = nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= catppuccin.cachix.org-1:noG/4HkbhJb+lUAdKrph6LaozJvAeEEZj4N732IysmU= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= tgirlcloud:EaOlHrpuOI6Zwmir3/MzqS9uA0Xn3gYr15/k/v0HIPo= # we shouldn't really be needing to do this, but sometimes lix isn't # build before we get here # https://git.lix.systems/lix-project/lix/issues/545 - name: Loosen apparmor restrictions run: | sudo sysctl -w kernel.apparmor_restrict_unprivileged_unconfined=0 sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 - name: Build Lilith Iso continue-on-error: false run: | nix build -L .#nixosConfigurations.lilith.config.system.build.isoImage cp result/iso/*.iso ./lilith.iso - name: Build config run: | nix build -L .#nixosConfigurations.amaterasu.config.home-manager.users.isabel.home-files tar -czvhf dotfiles.tar.gz result/ - name: Upload Release Artifacts run: | release=$(date +"%Y-%m-%d") gh release create "$release" gh release upload "$release" ./lilith.iso gh release upload "$release" ./dotfiles.tar.gz env: GH_TOKEN: ${{ github.token }}