name: nix on: pull_request: branches: [ "main" ] push: branches: [ "main" ] concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: check: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27 with: extra_nix_config: | access-tokens = github.com=${{ github.token }} - run: nix flake check -L --show-trace --keep-going fmt: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27 with: extra_nix_config: | access-tokens = github.com=${{ github.token }} - run: nix fmt build: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27 with: extra_nix_config: | access-tokens = github.com=${{ github.token }} - uses: cachix/cachix-action@v15 continue-on-error: true with: name: vault-auth-tee authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' extraPullNames: nixsgx - name: nix build run: nix run github:nixos/nixpkgs/nixos-23.11#nixci - name: nix docker image run: | nix build .#container-vault-auth-tee docker load -i result - name: Log in to Docker Hub if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }} uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USER }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build and Push Container uses: docker/build-push-action@v6 with: tags: matterlabsrobot/vault-auth-tee:latest push: ${{ github.event_name == 'push' || github.event_name == 'schedule' }}