vrnp/.gitea/workflows/build-image.yml

name: Build image
on:
  push:
    tags:
      - 'v*'
jobs:
  build-image:
    container:
      image: node:24-bookworm
      env:
        USER: node
        HOME: /home/node
        NIX_CONFIG: experimental-features = nix-command flakes
      volumes:
        - /var/lib/pbri/docker/nix_runner_nix:/nix
        - /var/lib/pbri/docker/nix_runner_etc:/etc/nix
        - /var/lib/pbri/docker/nix_runner_home_node:/home/node
      options: --user 1000:1000
    steps:
      - name: Prep nix env
        run: |
          if [ ! -f ~/.nix-profile/etc/profile.d/nix.sh ]; then
            curl -L https://nixos.org/nix/install | bash -s -- --no-daemon
          fi
          . ~/.nix-profile/etc/profile.d/nix.sh 
          env >> "$GITHUB_ENV"
      - name: Checkout repo
        uses: actions/checkout@v4
      - name: Get image meta
        run: nix build .#image-meta -o image-meta
      - name: Version check
        run: |
          VERSION=$(cat image-meta/version)
          [ "$GITHUB_REF_NAME" = v"$VERSION" ]
      - run: nix build --log-format raw --print-build-logs .#image -o image.tar.gz
      - run: gunzip -c image.tar.gz > image.tar
      - run: nix run .#crane -- auth login git.pbrinkmeier.de -u paul -p "$PASSWORD"
        env:
          PASSWORD: "${{ secrets.REGISTRY_PASSWORD }}"
      - run: nix run .#crane -- push image.tar $(cat image-meta/name)