name: Nix permissions: contents: write on: pull_request: null push: branches: - main concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: i686-linux---default: name: Build i686-linux.default runs-on: - ubuntu-latest needs: - i686-linux---rosenpass steps: - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v30 with: nix_path: nixpkgs=channel:nixos-unstable - uses: cachix/cachix-action@v15 with: name: rosenpass authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: Build run: nix build .#packages.i686-linux.default --print-build-logs i686-linux---rosenpass: name: Build i686-linux.rosenpass runs-on: - ubuntu-latest needs: [] steps: - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v30 with: nix_path: nixpkgs=channel:nixos-unstable - uses: cachix/cachix-action@v15 with: name: rosenpass authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: Build run: nix build .#packages.i686-linux.rosenpass --print-build-logs i686-linux---rosenpass-oci-image: name: Build i686-linux.rosenpass-oci-image runs-on: - ubuntu-latest needs: - i686-linux---rosenpass steps: - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v30 with: nix_path: nixpkgs=channel:nixos-unstable - uses: cachix/cachix-action@v15 with: name: rosenpass authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: Build run: nix build .#packages.i686-linux.rosenpass-oci-image --print-build-logs i686-linux---check: name: Run Nix checks on i686-linux runs-on: - ubuntu-latest steps: - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v30 with: nix_path: nixpkgs=channel:nixos-unstable - uses: cachix/cachix-action@v15 with: name: rosenpass authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: Check run: nix flake check . --print-build-logs x86_64-darwin---default: name: Build x86_64-darwin.default runs-on: - macos-13 needs: - x86_64-darwin---rosenpass steps: - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v30 with: nix_path: nixpkgs=channel:nixos-unstable - uses: cachix/cachix-action@v15 with: name: rosenpass authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: Build run: nix build .#packages.x86_64-darwin.default --print-build-logs x86_64-darwin---release-package: name: Build x86_64-darwin.release-package runs-on: - macos-13 needs: - x86_64-darwin---rosenpass - x86_64-darwin---rp - x86_64-darwin---rosenpass-oci-image steps: - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v30 with: nix_path: nixpkgs=channel:nixos-unstable - uses: cachix/cachix-action@v15 with: name: rosenpass authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: Build run: nix build .#packages.x86_64-darwin.release-package --print-build-logs x86_64-darwin---rosenpass: name: Build x86_64-darwin.rosenpass runs-on: - macos-13 needs: [] steps: - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v30 with: nix_path: nixpkgs=channel:nixos-unstable - uses: cachix/cachix-action@v15 with: name: rosenpass authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: Build run: nix build .#packages.x86_64-darwin.rosenpass --print-build-logs x86_64-darwin---rp: name: Build x86_64-darwin.rp runs-on: - macos-13 needs: [] steps: - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v30 with: nix_path: nixpkgs=channel:nixos-unstable - uses: cachix/cachix-action@v15 with: name: rosenpass authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: Build run: nix build .#packages.x86_64-darwin.rp --print-build-logs x86_64-darwin---rosenpass-oci-image: name: Build x86_64-darwin.rosenpass-oci-image runs-on: - macos-13 needs: - x86_64-darwin---rosenpass steps: - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v30 with: nix_path: nixpkgs=channel:nixos-unstable - uses: cachix/cachix-action@v15 with: name: rosenpass authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: Build run: nix build .#packages.x86_64-darwin.rosenpass-oci-image --print-build-logs x86_64-darwin---check: name: Run Nix checks on x86_64-darwin runs-on: - macos-13 steps: - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v30 with: nix_path: nixpkgs=channel:nixos-unstable - uses: cachix/cachix-action@v15 with: name: rosenpass authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: Check run: nix flake check . --print-build-logs x86_64-linux---default: name: Build x86_64-linux.default runs-on: - ubuntu-latest needs: - x86_64-linux---rosenpass steps: - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v30 with: nix_path: nixpkgs=channel:nixos-unstable - uses: cachix/cachix-action@v15 with: name: rosenpass authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: Build run: nix build .#packages.x86_64-linux.default --print-build-logs x86_64-linux---proof-proverif: name: Build x86_64-linux.proof-proverif runs-on: - ubuntu-latest needs: - x86_64-linux---proverif-patched steps: - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v30 with: nix_path: nixpkgs=channel:nixos-unstable - uses: cachix/cachix-action@v15 with: name: rosenpass authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: Build run: nix build .#packages.x86_64-linux.proof-proverif --print-build-logs x86_64-linux---proverif-patched: name: Build x86_64-linux.proverif-patched runs-on: - ubuntu-latest needs: [] steps: - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v30 with: nix_path: nixpkgs=channel:nixos-unstable - uses: cachix/cachix-action@v15 with: name: rosenpass authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: Build run: nix build .#packages.x86_64-linux.proverif-patched --print-build-logs x86_64-linux---release-package: name: Build x86_64-linux.release-package runs-on: - ubuntu-latest needs: - x86_64-linux---rosenpass-static - x86_64-linux---rosenpass-static-oci-image - x86_64-linux---rp-static steps: - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v30 with: nix_path: nixpkgs=channel:nixos-unstable - uses: cachix/cachix-action@v15 with: name: rosenpass authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: Build run: nix build .#packages.x86_64-linux.release-package --print-build-logs # aarch64-linux---release-package: # name: Build aarch64-linux.release-package # runs-on: # - ubuntu-latest # needs: # - aarch64-linux---rosenpass-oci-image # - aarch64-linux---rosenpass # - aarch64-linux---rp # steps: # - run: | # DEBIAN_FRONTEND=noninteractive # sudo apt-get update -q -y && sudo apt-get install -q -y qemu-system-aarch64 qemu-efi binfmt-support qemu-user-static # - uses: actions/checkout@v4 # - uses: cachix/install-nix-action@v30 # with: # nix_path: nixpkgs=channel:nixos-unstable # extra_nix_config: | # system = aarch64-linux # - uses: cachix/cachix-action@v15 # with: # name: rosenpass # authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} # - name: Build # run: nix build .#packages.aarch64-linux.release-package --print-build-logs x86_64-linux---rosenpass: name: Build x86_64-linux.rosenpass runs-on: - ubuntu-latest needs: [] steps: - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v30 with: nix_path: nixpkgs=channel:nixos-unstable - uses: cachix/cachix-action@v15 with: name: rosenpass authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: Build run: nix build .#packages.x86_64-linux.rosenpass --print-build-logs aarch64-linux---rosenpass: name: Build aarch64-linux.rosenpass runs-on: - ubuntu-latest needs: [] steps: - run: | DEBIAN_FRONTEND=noninteractive sudo apt-get update -q -y && sudo apt-get install -q -y qemu-system-aarch64 qemu-efi binfmt-support qemu-user-static - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v30 with: nix_path: nixpkgs=channel:nixos-unstable extra_nix_config: | system = aarch64-linux - uses: cachix/cachix-action@v15 with: name: rosenpass authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: Build run: nix build .#packages.aarch64-linux.rosenpass --print-build-logs aarch64-linux---rp: name: Build aarch64-linux.rp runs-on: - ubuntu-latest needs: [] steps: - run: | DEBIAN_FRONTEND=noninteractive sudo apt-get update -q -y && sudo apt-get install -q -y qemu-system-aarch64 qemu-efi binfmt-support qemu-user-static - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v30 with: nix_path: nixpkgs=channel:nixos-unstable extra_nix_config: | system = aarch64-linux - uses: cachix/cachix-action@v15 with: name: rosenpass authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: Build run: nix build .#packages.aarch64-linux.rp --print-build-logs x86_64-linux---rosenpass-oci-image: name: Build x86_64-linux.rosenpass-oci-image runs-on: - ubuntu-latest needs: - x86_64-linux---rosenpass steps: - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v30 with: nix_path: nixpkgs=channel:nixos-unstable - uses: cachix/cachix-action@v15 with: name: rosenpass authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: Build run: nix build .#packages.x86_64-linux.rosenpass-oci-image --print-build-logs aarch64-linux---rosenpass-oci-image: name: Build aarch64-linux.rosenpass-oci-image runs-on: - ubuntu-latest needs: - aarch64-linux---rosenpass steps: - run: | DEBIAN_FRONTEND=noninteractive sudo apt-get update -q -y && sudo apt-get install -q -y qemu-system-aarch64 qemu-efi binfmt-support qemu-user-static - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v30 with: nix_path: nixpkgs=channel:nixos-unstable extra_nix_config: | system = aarch64-linux - uses: cachix/cachix-action@v15 with: name: rosenpass authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: Build run: nix build .#packages.aarch64-linux.rosenpass-oci-image --print-build-logs x86_64-linux---rosenpass-static: name: Build x86_64-linux.rosenpass-static runs-on: - ubuntu-latest needs: [] steps: - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v30 with: nix_path: nixpkgs=channel:nixos-unstable - uses: cachix/cachix-action@v15 with: name: rosenpass authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: Build run: nix build .#packages.x86_64-linux.rosenpass-static --print-build-logs x86_64-linux---rp-static: name: Build x86_64-linux.rp-static runs-on: - ubuntu-latest needs: [] steps: - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v30 with: nix_path: nixpkgs=channel:nixos-unstable - uses: cachix/cachix-action@v15 with: name: rosenpass authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: Build run: nix build .#packages.x86_64-linux.rp-static --print-build-logs x86_64-linux---rosenpass-static-oci-image: name: Build x86_64-linux.rosenpass-static-oci-image runs-on: - ubuntu-latest needs: - x86_64-linux---rosenpass-static steps: - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v30 with: nix_path: nixpkgs=channel:nixos-unstable - uses: cachix/cachix-action@v15 with: name: rosenpass authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: Build run: nix build .#packages.x86_64-linux.rosenpass-static-oci-image --print-build-logs x86_64-linux---whitepaper: name: Build x86_64-linux.whitepaper runs-on: - ubuntu-latest needs: [] steps: - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v30 with: nix_path: nixpkgs=channel:nixos-unstable - uses: cachix/cachix-action@v15 with: name: rosenpass authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: Build run: nix build .#packages.x86_64-linux.whitepaper --print-build-logs x86_64-linux---check: name: Run Nix checks on x86_64-linux runs-on: - ubuntu-latest steps: - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v30 with: nix_path: nixpkgs=channel:nixos-unstable - uses: cachix/cachix-action@v15 with: name: rosenpass authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: Check run: nix flake check . --print-build-logs x86_64-linux---whitepaper-upload: name: Upload whitepaper x86_64-linux runs-on: ubuntu-latest if: ${{ github.ref == 'refs/heads/main' }} steps: - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v30 with: nix_path: nixpkgs=channel:nixos-unstable - uses: cachix/cachix-action@v15 with: name: rosenpass authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: Git add git sha and commit run: cd papers && ./tex/gitinfo2.sh && git add gitHeadInfo.gin - name: Build run: nix build .#packages.x86_64-linux.whitepaper --print-build-logs - name: Deploy PDF artifacts uses: peaceiris/actions-gh-pages@v4 with: github_token: ${{ secrets.GITHUB_TOKEN }} publish_dir: result/ publish_branch: papers-pdf force_orphan: true