guix-installer/.github/workflows/build.yaml at master · SystemCrafters/guix-installer · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
name: Build Guix Installer

on:
  push:
    branches:
      - master

  schedule:
    # build every week
    - cron: "0 0 */7 * *"

  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Git checkout
        uses: actions/checkout@v4

      - name: Free up disk space
        run: |
          # Remove pre-installed software to make room for the ISO build
          sudo rm -rf /usr/share/dotnet
          sudo rm -rf /usr/local/lib/android
          sudo rm -rf /opt/ghc
          sudo rm -rf /opt/hostedtoolcache
          sudo rm -rf /usr/local/share/chromium
          sudo rm -rf /usr/local/lib/node_modules
          sudo rm -rf /usr/share/swift
          df -h /

      - name: Guix cache
        uses: actions/cache/restore@v4
        with:
          path: ~/.cache/guix
          # use a key that (almost) never matches
          key: guix-cache-${{ github.sha }}
          restore-keys: |
            guix-cache-

      - name: Install Guix
        uses: PromyLOPh/guix-install-action@v1.6
        with:
          channels: |
            (cons* (channel
                     (name 'nonguix)
                     (url "https://gitlab.com/nonguix/nonguix")
                     (introduction
                       (make-channel-introduction
                         "897c1a470da759236cc11798f4e0a5f7d4d59fbc"
                         (openpgp-fingerprint
                           "2A39 3FFF 68F4 EF7A 3D29  12AF 6F51 20A0 22FB B2D5"))))
                    %default-channels)

      - name: Work around runner permission issue
        run: |
          # On Ubuntu 24.04 runners, the per-user profile directory may not
          # exist for the 'runner' user, causing guix shell/build to fail.
          # See: https://github.com/PromyLOPh/guix-install-action/issues/30
          sudo mkdir -p /var/guix/profiles/per-user/runner
          sudo chown -R runner:users /var/guix/profiles/per-user/runner

      - name: Set up Nonguix Substitutes
        run: |
          # Authorize the nonguix substitute server signing key
          cat > nonguix-signing-key.pub <<'PUBKEY'
          (public-key (ecc (curve Ed25519) (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))
          PUBKEY
          sudo /var/guix/profiles/per-user/root/current-guix/bin/guix archive --authorize < nonguix-signing-key.pub

      - name: Set daemon level Substitutes
        run: |
          SUBSTITUTE_URLS="https://ci.guix.gnu.org https://bordeaux.guix.gnu.org https://nonguix-proxy.ditigal.xyz"

          # The v1.6 service file doesn't include --substitute-urls, so we
          # append it to the ExecStart line rather than replacing an existing value.
          sudo sed -i "s|--discover=yes|--discover=yes --substitute-urls='$SUBSTITUTE_URLS'|g" /etc/systemd/system/guix-daemon.service

          sudo systemctl daemon-reload
          sudo systemctl restart guix-daemon.service

      - name: Build ISO
        run: |
          # Write out the channels file so it can be included
          guix time-machine -C ./guix/base-channels.scm -- describe -f channels > ./guix/channels.scm

          # Build the image
          image=$(guix time-machine -C ./guix/channels.scm -- system image -t iso9660 ./guix/installer.scm)

          # Copy the image to the local folder with a better name
          export RELEASE_TAG=$(date +"%Y%m%d%H%M")
          echo "RELEASE_TAG=$RELEASE_TAG" >> $GITHUB_ENV
          cp $image ./guix-installer-$RELEASE_TAG.iso

      - name: Compress ISO
        run: zstd -19 guix-installer-$RELEASE_TAG.iso

      - name: Check ISO size
        run: ls -lh guix-installer-*.iso.zst && stat --printf="%s" guix-installer-*.iso.zst

      - uses: actions/cache/save@v4
        if: always()
        with:
          path: ~/.cache/guix
          key: guix-cache-${{ github.sha }}

      - name: Prepare Release Notes
        run: |
          cat > release-notes.md <<'NOTES'
          This installer image is compressed with zstd. Decompress it before writing to USB:

          ```
          zstd -d guix-installer-*.iso.zst
          ```

          This installer image was prepared with the following channel configuration:

          NOTES
          echo $'```\r\n' >> release-notes.md
          cat ./guix/channels.scm >> release-notes.md
          echo $'\r\n```' >> release-notes.md

      - name: Create Release
        uses: softprops/action-gh-release@v2
        with:
          name: Guix Installer - ${{ env.RELEASE_TAG }}
          tag_name: v${{ env.RELEASE_TAG }}
          body_path: release-notes.md
          fail_on_unmatched_files: true
          files: guix-installer-${{ env.RELEASE_TAG }}.iso.zst
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GITHUB_REPOSITORY: SystemCrafters/guix-installer