nixpkgs/.github/workflows/manual-nixos.yml
Victor Engmark 4177297b14 ci: pin third party actions
For reproducibility.

Command:

```shell
for file in .github/workflows/*.y*ml; do
    npx pin-github-action --comment=' {ref}' "$file"
done
```

Then had to manually replace all the versions with accurate specifiers
(for example, "v4" → "v4.1.1" in case of `actions/checkout`).
2023-11-29 09:51:22 +01:00

32 lines
1.1 KiB
YAML

name: "Build NixOS manual"
permissions: read-all
on:
pull_request_target:
branches:
- master
paths:
- 'nixos/**'
jobs:
nixos:
runs-on: ubuntu-latest
if: github.repository_owner == 'NixOS'
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge
- uses: cachix/install-nix-action@6a9a9e84a173d90b3ffb42c5ddaf9ea033fad011 # v24
with:
# explicitly enable sandbox
extra_nix_config: sandbox = true
- uses: cachix/cachix-action@6a9a34cdd93d0ae4b4b59fd678660efb08109f2f # v13
with:
# This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere.
name: nixpkgs-ci
signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
- name: Building NixOS manual
run: NIX_PATH=nixpkgs=$(pwd) nix-build --option restrict-eval true nixos/release.nix -A manual.x86_64-linux