diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 141d71f..bdf81fb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,8 +26,6 @@ jobs: - uses: DeterminateSystems/determinate-nix-action@v3 - - uses: DeterminateSystems/flakehub-cache-action@main - - run: nix develop --command nixfmt --check . if: success() || failure() @@ -35,23 +33,17 @@ jobs: if: success() || failure() - uses: actions/upload-artifact@v4 - if: github.ref_type != 'tag' with: name: nixos-with-determinate-${{ matrix.runners.system }}.iso path: ./result/iso/* - retention-days: 90 - - - name: Release - uses: softprops/action-gh-release@v2 - if: github.ref_type == 'tag' - with: - prerelease: true - files: ./result/iso/* + retention-days: 7 release: runs-on: ubuntu-latest needs: build - environment: ${{ github.ref_type == 'tag' && 'production' || 'build' }} + environment: "production" # ${{ github.ref_type == 'tag' && 'production' || 'build' }} + permissions: + id-token: write steps: - run: "true" - name: Release @@ -59,3 +51,31 @@ jobs: if: github.ref_type == 'tag' with: prerelease: false + + - name: Download x86_64-linux iso + uses: actions/download-artifact@v4 + with: + name: nixos-with-determinate-x86_64-linux.iso + path: ./nixos-with-determinate-x86_64-linux + + - name: Download aarch64-linux iso + uses: actions/download-artifact@v4 + with: + name: nixos-with-determinate-aarch64-linux.iso + path: ./nixos-with-determinate-aarch64-linux + + - run: | + mkdir outputs + find ./nixos-with-determinate-aarch64-linux + find ./nixos-with-determinate-x86_64-linux + cp ./nixos-with-determinate-x86_64-linux/*.iso ./outputs/x86_64-linux + cp ./nixos-with-determinate-aarch64-linux/*.iso ./outputs/aarch64-linux + ls -la outputs outputs/* + + - uses: DeterminateSystems/push-artifact-ids@main + with: + s3_upload_role: ${{ secrets.AWS_S3_UPLOAD_ROLE }} + bucket: ${{ secrets.AWS_S3_UPLOAD_BUCKET }} + directory: ./outputs + ids_project_name: nixos-iso + ids_binary_prefix: nixos-with-determinate.iso