From 1e347929ab4b81a3807fdc15263b5f26fdae5608 Mon Sep 17 00:00:00 2001
From: Paul Brinkmeier <hallo@pbrinkmeier.de>
Date: Tue, 30 Sep 2025 17:24:58 +0200
Subject: [PATCH] Nix CI tryouts

---
 .gitea/workflows/build-image.yml | 33 ++++++++++++++++++--------------
 flake.nix                        |  4 ++--
 2 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/.gitea/workflows/build-image.yml b/.gitea/workflows/build-image.yml
index 763446d..da07ad6 100644
--- a/.gitea/workflows/build-image.yml
+++ b/.gitea/workflows/build-image.yml
@@ -7,26 +7,31 @@ jobs:
   build-image:
     container:
       image: catthehacker/ubuntu:act-latest
+      env:
+        USER: node
+        HOME: /home/node
+        NIX_CONFIG: experimental-features = nix-command flakes
+      volumes:
+        - /home/paul/nix-ci/nix-runner-nix:/nix
+        - /home/paul/nix-ci/nix-runner-etc-nix:/etc/nix
+        - /home/paul/nix-ci/nix-runner-home-node:/home/node
+      options: --user 1000:1000 --group-add 988
     steps:
+      - run: |
+          env
+          if [ ! -f ~/.nix-profile/etc/profile.d/nix.sh ]; then
+            curl -L https://nixos.org/nix/install | bash -s -- --no-daemon
+          fi
+      - name: Prep nix env
+        run: |
+          . ~/.nix-profile/etc/profile.d/nix.sh 
+          env >> "$GITHUB_ENV"
       - name: Checkout repo
         uses: actions/checkout@v4
-        # Required for installing nix
-      - name: Install sudo
-        run: apt-get update && apt-get install -y sudo
-      - name: Install Nix
-        uses: cachix/install-nix-action@v31
-        with:
-          enable_kvm: false
       - name: Get image meta
         run: nix build .#image-meta -o image-meta
       - name: Version check
         run: |
           VERSION=$(cat image-meta/version)
           [ "$GITHUB_REF_NAME" = v"$VERSION" ]
-      - name: Build image
-        run: nix build .#image -o image.tar.gz
-      - run: docker login -u paul -p "$PASSWORD" git.pbrinkmeier.de
-        env:
-          PASSWORD: "${{ secrets.REGISTRY_PASSWORD }}"
-      - run: docker load < image.tar.gz
-      - run: docker image push $(cat image-meta/name)
+      - run: nix build --log-format raw --print-build-logs .#image -o image.tar.gz
diff --git a/flake.nix b/flake.nix
index 90f37c0..bca0e46 100644
--- a/flake.nix
+++ b/flake.nix
@@ -20,11 +20,11 @@
         vendorHash = null;
 
         # For building the package, we use only the files not ignored by Git as inputs.
-        # Also, flake.nix and flake.lock are not included to avoid annoying rebuilds when
+        # Also, flake.nix, flake.lock and .gitea are not included to avoid annoying rebuilds when
         # working on them.
         src = pkgs.lib.cleanSourceWith {
           src = gitignore.lib.gitignoreSource ./.;
-          filter = path: type: builtins.baseNameOf path != "flake.nix" && builtins.baseNameOf path != "flake.lock";
+          filter = path: type: builtins.baseNameOf path != "flake.nix" && builtins.baseNameOf path != "flake.lock" && builtins.match "^\\.gitea.*" path != null;
         };
 
         # Avoid linking against libc