feat: add secure_push action

.github/workflows/secure_push_testing.yml

@@ -0,0 +1,67 @@
+on:
+  push:
+    branches:
+    - testing
+
+jobs:
+  secure-push:
+    name: Secure Push
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: cachix/install-nix-action@v27
+
+      - name: Checkout repository
+        uses: actions/checkout@master
+        with:
+          ref: testing
+
+      - name: Check commit bugs
+        run: |
+          BUGED_COMMIT=$(
+            git log --name-status HEAD^..HEAD \
+              | grep "feat: Update/Upload" \
+              | grep "  package"
+          )
+          PKGS_CONTENT=$(
+            ls ./pkgs/
+          )
+          MODULES_CONTENT=$(
+            ls ./pkgs/
+          )
+          REPO_CONTENT=$(
+            ls ./
+          )
+
+          if [[
+            "${BUGED_COMMIT}x" != "x"
+            || "${PKGS_CONTENT}x" == "x"
+            || "${PKGS_CONTENT}x" == "package.nixx"
+            || "${PKGS_CONTENT}x" == "default.nixx"
+            || "${PKGS_CONTENT}x" == "flake.nixx"
+            || "${MODULES_CONTENT}x" == "x"
+            || "${MODULES_CONTENT}x" == "package.nixx"
+            || "${MODULES_CONTENT}x" == "default.nixx"
+            || "${MODULES_CONTENT}x" == "flake.nixx"
+            || "${REPO_CONTENT}x" == "x"
+            || "${REPO_CONTENT}x" == "package.nixx"
+            || "${REPO_CONTENT}x" == "default.nixx"
+            || "${REPO_CONTENT}x" == "flake.nixx"
+          ]]; then
+            git reset --hard HEAD^
+            git push origin -f
+
+            exit 1
+          fi
+          
+      - name: Build test
+        run: |
+          EDIT_FILE=$(
+            git diff --name-only HEAD^..HEAD | grep "pkgs/" | grep "package.nix" | uniq
+          )
+
+          if [ "${PACKAGE_COMMIT}x" == "x" ] && \
+            exit 0
+
+          for FILE in "${EDIT_FILE}"; do
+            nix-build -E 'with import <nixpkgs> {}; callPackage ./${FILE} {}'
+          done