.github/workflows/build-host.yml

@@ -1,30 +0,0 @@
-name: Build host
-on:
-  workflow_call:
-    inputs:
-      hosts:
-        required: true
-        type: string
-    secrets:
-      CACHIX_AUTH_TOKEN:
-        required: true
-jobs:
-  build-host:
-    name: ${{ matrix.host }}
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        host: ${{ fromJson(inputs.hosts) }}
-    steps:
-      - uses: actions/checkout@v5
-      - uses: cachix/install-nix-action@v31
-        with:
-          extra_nix_config: experimental-features = nix-command flakes pipe-operators
-      - uses: cachix/cachix-action@v15
-        with:
-          name: sebastian-stork
-          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
-          useDaemon: false
-      - name: Build host
-        run: nix build .#nixosConfigurations.${{ matrix.host }}.config.system.build.toplevel --print-build-logs

.github/workflows/ci.yml

@@ -8,36 +8,20 @@ jobs:
     runs-on: ubuntu-latest
     outputs:
       checks: ${{ steps.checks.outputs.checks }}
-      servers: ${{ steps.servers.outputs.servers }}
+      hosts: ${{ steps.hosts.outputs.hosts }}
-      workstations: ${{ steps.workstations.outputs.workstations }}
     steps:
       - uses: actions/checkout@v5
       - uses: cachix/install-nix-action@v31
         with:
           extra_nix_config: experimental-features = nix-command flakes pipe-operators
-      - name: Get checks
+      - id: checks
-        id: checks
         run: |
           checks=$(nix flake show --json | jq -c '.checks."x86_64-linux" | keys')
           printf "checks=%s" "$checks" >> "$GITHUB_OUTPUT"
-      - name: Get servers
+      - id: hosts
-        id: servers
         run: |
-          servers=$(nix eval .#nixosConfigurations --apply 'configs:
+          hosts=$(nix flake show --json | jq -c '.nixosConfigurations | keys')
-            configs
+          printf "hosts=%s" "$hosts" >> "$GITHUB_OUTPUT"
-            |> builtins.attrNames
-            |> builtins.filter (name: configs.${name}.config.custom.services.comin.enable)
-          ' --json)
-          printf "servers=%s" "$servers" >> "$GITHUB_OUTPUT"
-      - name: Get workstations
-        id: workstations
-        run: |
-          workstations=$(nix eval .#nixosConfigurations --apply 'configs:
-            configs
-            |> builtins.attrNames
-            |> builtins.filter (name: !configs.${name}.config.custom.services.comin.enable)
-          ' --json)
-          printf "workstations=%s" "$workstations" >> "$GITHUB_OUTPUT"
   build-check:
     needs: parse-flake
     runs-on: ubuntu-latest
@@ -55,28 +39,43 @@ jobs:
           name: sebastian-stork
           authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
           useDaemon: false
-      - name: Build check
+      - run: nix build .#checks.x86_64-linux.${{ matrix.check }} --print-build-logs
-        run: nix build .#checks.x86_64-linux.${{ matrix.check }} --print-build-logs
+  build-host:
-  build-server:
     needs: parse-flake
-    uses: ./.github/workflows/build-host.yml
+    runs-on: ubuntu-latest
-    with:
+    strategy:
-      hosts: ${{ needs.parse-flake.outputs.servers }}
+      fail-fast: false
-    secrets:
+      matrix:
-      CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
+        host: ${{ fromJson(needs.parse-flake.outputs.hosts) }}
-  build-workstation:
+    steps:
-    needs: parse-flake
+      - uses: actions/checkout@v5
-    uses: ./.github/workflows/build-host.yml
+      - uses: cachix/install-nix-action@v31
-    with:
+        with:
-      hosts: ${{ needs.parse-flake.outputs.workstations }}
+          extra_nix_config: experimental-features = nix-command flakes pipe-operators
-    secrets:
+      - uses: cachix/cachix-action@v15
-      CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
+        with:
+          name: sebastian-stork
+          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
+          useDaemon: false
+      - run: nix build .#nixosConfigurations.${{ matrix.host }}.config.system.build.toplevel --print-build-logs
+  flake-check:
+    needs: build-check
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+      - uses: cachix/install-nix-action@v31
+        with:
+          extra_nix_config: experimental-features = nix-command flakes pipe-operators
+      - uses: cachix/cachix-action@v15
+        with:
+          name: sebastian-stork
+          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
+      - run: nix flake check --keep-going --print-build-logs
   deploy:
-    needs: [build-check, build-server]
+    needs: [build-host, flake-check]
     runs-on: ubuntu-latest
     permissions:
       contents: write
     steps:
       - uses: actions/checkout@v5
-      - name: Push to deploy branch
+      - run: git push origin HEAD:deploy --force
-        run: git push origin HEAD:deploy --force

.github/workflows/update.yml

@@ -13,8 +13,7 @@ jobs:
       - uses: cachix/install-nix-action@v31
         with:
           extra_nix_config: experimental-features = nix-command flakes pipe-operators
-      - name: Update and push
+      - run: |
-        run: |
           git config user.name "github-actions[bot]"
           git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
           nix flake update --commit-lock-file