mirror of
https://github.com/Jokiller230/puzzlevision.git
synced 2025-10-31 13:50:04 +00:00
Compare commits
5 commits
914537921b
...
459a0427c3
| Author | SHA1 | Date | |
|---|---|---|---|
| 459a0427c3 | |||
| faf643f506 | |||
| 86a6674214 | |||
| 02bf31fa25 | |||
| 2743a9d143 |
4 changed files with 50 additions and 41 deletions
34
.github/workflows/build.yml
vendored
34
.github/workflows/build.yml
vendored
|
|
@ -1,34 +0,0 @@
|
|||
name: "Nix: build and cache outputs"
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
push:
|
||||
paths:
|
||||
- "**.nix"
|
||||
- "**.lock"
|
||||
- ".github/workflows/build.yml"
|
||||
|
||||
jobs:
|
||||
build-flake:
|
||||
name: Build (x86_64-linux)
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
ref: ${{ github.ref_name }}
|
||||
persist-credentials: false
|
||||
|
||||
- name: Install Lix
|
||||
uses: ./.github/actions/install-lix
|
||||
|
||||
- name: Setup Attic cache
|
||||
uses: ryanccn/attic-action@v0.3.2
|
||||
with:
|
||||
endpoint: https://cache.thevoid.cafe
|
||||
cache: puzzlevision
|
||||
token: ${{ secrets.ATTIC_TOKEN }}
|
||||
|
||||
- name: Build flake
|
||||
run: nix build .#nixosConfigurations.puzzlevision.config.system.build.toplevel --accept-flake-config
|
||||
38
.github/workflows/check-leaks.yml
vendored
Normal file
38
.github/workflows/check-leaks.yml
vendored
Normal file
|
|
@ -0,0 +1,38 @@
|
|||
name: "Trufflehog: check for exposed secrets"
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
push:
|
||||
paths:
|
||||
- "**.nix"
|
||||
- ".github/workflows/check-leaks.yml"
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
id-token: write
|
||||
issues: write
|
||||
pull-requests: write
|
||||
|
||||
jobs:
|
||||
deadnix:
|
||||
name: Run trufflehog
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
ref: ${{ github.ref_name }}
|
||||
fetch-depth: 0
|
||||
|
||||
- id: trufflehog
|
||||
name: TruffleHog scan
|
||||
uses: trufflesecurity/trufflehog@main
|
||||
continue-on-error: true
|
||||
with:
|
||||
path: ./
|
||||
base: "${{ github.event.repository.default_branch }}"
|
||||
extra_args: --debug --only-verified
|
||||
|
||||
- name: Scan Results Status
|
||||
if: steps.trufflehog.outcome == 'failure'
|
||||
run: exit 1
|
||||
12
.github/workflows/deadnix.yml
vendored
12
.github/workflows/deadnix.yml
vendored
|
|
@ -12,9 +12,17 @@ jobs:
|
|||
name: Run deadnix
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: cachix/install-nix-action@v25
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
ref: ${{ github.ref_name }}
|
||||
persist-credentials: false
|
||||
|
||||
- name: Install lix
|
||||
uses: ./.github/actions/install-lix
|
||||
|
||||
- uses: cachix/cachix-action@v14
|
||||
with:
|
||||
name: deadnix
|
||||
|
||||
- uses: phucleeuwu/deadnix-action@v1
|
||||
|
|
|
|||
7
.github/workflows/validate.yml
vendored
7
.github/workflows/validate.yml
vendored
|
|
@ -6,7 +6,7 @@ on:
|
|||
paths:
|
||||
- "**.nix"
|
||||
- "**.lock"
|
||||
- ".github/workflows/**.yml"
|
||||
- ".github/workflows/validate.yml"
|
||||
|
||||
jobs:
|
||||
check-flake:
|
||||
|
|
@ -21,10 +21,7 @@ jobs:
|
|||
persist-credentials: false
|
||||
|
||||
- name: Install Nix
|
||||
uses: DeterminateSystems/nix-installer-action@main
|
||||
with:
|
||||
extra-conf: |
|
||||
experimental-features = flakes nix-command recursive-nix pipe-operator
|
||||
uses: ./.github/actions/install-lix
|
||||
|
||||
- name: Validate Flake
|
||||
run: nix flake check
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue