2025-10-07 00:13:00 +02:00
2 changed files with 37 additions and 16 deletions
--- a/.gitea/workflows/build-image.yml
+++ b/.gitea/workflows/build-image.yml
@ -6,27 +6,35 @@ on:
 jobs:
  build-image:
    container:
-      image: catthehacker/ubuntu:act-latest
+      image: node:24-bookworm
+      env:
+        USER: node
+        HOME: /home/node
+        NIX_CONFIG: experimental-features = nix-command flakes
+      volumes:
+        - /var/lib/pbri/docker/nix_runner_nix:/nix
+        - /var/lib/pbri/docker/nix_runner_etc:/etc/nix
+        - /var/lib/pbri/docker/nix_runner_home_node:/home/node
+      options: --user 1000:1000
    steps:
+      - name: Prep nix env
+        run: |
+          if [ ! -f ~/.nix-profile/etc/profile.d/nix.sh ]; then
+            curl -L https://nixos.org/nix/install | bash -s -- --no-daemon
+          fi
+          . ~/.nix-profile/etc/profile.d/nix.sh 
+          env >> "$GITHUB_ENV"
      - name: Checkout repo
        uses: actions/checkout@v4
-        # Required for installing nix
-      - name: Install sudo
-        run: apt-get update && apt-get install -y sudo
-      - name: Install Nix
-        uses: cachix/install-nix-action@v31
-        with:
-          enable_kvm: false
      - name: Get image meta
        run: nix build .#image-meta -o image-meta
      - name: Version check
        run: |
          VERSION=$(cat image-meta/version)
          [ "$GITHUB_REF_NAME" = v"$VERSION" ]
-      - name: Build image
-        run: nix build .#image -o image.tar.gz
-      - run: docker login -u paul -p "$PASSWORD" git.pbrinkmeier.de
+      - run: nix build --log-format raw --print-build-logs .#image -o image.tar.gz
+      - run: gunzip -c image.tar.gz > image.tar
+      - run: nix run .#crane -- auth login git.pbrinkmeier.de -u paul -p "$PASSWORD"
        env:
          PASSWORD: "${{ secrets.REGISTRY_PASSWORD }}"
-      - run: docker load < image.tar.gz
-      - run: docker image push $(cat image-meta/name)
+      - run: nix run .#crane -- push image.tar $(cat image-meta/name)
--- a/flake.nix
+++ b/flake.nix
@ -20,11 +20,18 @@
        vendorHash = null;

        # For building the package, we use only the files not ignored by Git as inputs.
-        # Also, flake.nix and flake.lock are not included to avoid annoying rebuilds when
+        # Also, flake.nix, flake.lock and .gitea are not included to avoid annoying rebuilds when
        # working on them.
        src = pkgs.lib.cleanSourceWith {
-          src = gitignore.lib.gitignoreSource ./.;
-          filter = path: type: builtins.baseNameOf path != "flake.nix" && builtins.baseNameOf path != "flake.lock";
+          src = ./.;
+          filter = gitignore.lib.gitignoreFilterWith {
+            basePath = ./.;
+            extraRules = ''
+              flake.nix
+              flake.lock
+              .gitea
+            '';
+          };
        };

        # Avoid linking against libc
@ -55,6 +62,12 @@
          config.Cmd = [ "${vrnp-static}/bin/vrnp" ];
        };
      };
+      apps = {
+        crane = {
+          type = "app";
+          program = "${pkgs.crane}/bin/crane";
+        };
+      };
    }
  );
 }