From 57dd9d8999341e6d6bad7edb85c1a24c579841ad Mon Sep 17 00:00:00 2001 From: Pikatsuto Date: Mon, 24 Jun 2024 00:03:23 +0200 Subject: [PATCH] feat: add secure_push action --- .github/workflows/secure_push_testing.yml | 67 +++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 .github/workflows/secure_push_testing.yml diff --git a/.github/workflows/secure_push_testing.yml b/.github/workflows/secure_push_testing.yml new file mode 100644 index 0000000..afb7757 --- /dev/null +++ b/.github/workflows/secure_push_testing.yml @@ -0,0 +1,67 @@ +on: + push: + branches: + - testing + +jobs: + secure-push: + name: Secure Push + runs-on: ubuntu-22.04 + steps: + - uses: cachix/install-nix-action@v27 + + - name: Checkout repository + uses: actions/checkout@master + with: + ref: testing + + - name: Check commit bugs + run: | + BUGED_COMMIT=$( + git log --name-status HEAD^..HEAD \ + | grep "feat: Update/Upload" \ + | grep " package" + ) + PKGS_CONTENT=$( + ls ./pkgs/ + ) + MODULES_CONTENT=$( + ls ./pkgs/ + ) + REPO_CONTENT=$( + ls ./ + ) + + if [[ + "${BUGED_COMMIT}x" != "x" + || "${PKGS_CONTENT}x" == "x" + || "${PKGS_CONTENT}x" == "package.nixx" + || "${PKGS_CONTENT}x" == "default.nixx" + || "${PKGS_CONTENT}x" == "flake.nixx" + || "${MODULES_CONTENT}x" == "x" + || "${MODULES_CONTENT}x" == "package.nixx" + || "${MODULES_CONTENT}x" == "default.nixx" + || "${MODULES_CONTENT}x" == "flake.nixx" + || "${REPO_CONTENT}x" == "x" + || "${REPO_CONTENT}x" == "package.nixx" + || "${REPO_CONTENT}x" == "default.nixx" + || "${REPO_CONTENT}x" == "flake.nixx" + ]]; then + git reset --hard HEAD^ + git push origin -f + + exit 1 + fi + + - name: Build test + run: | + EDIT_FILE=$( + git diff --name-only HEAD^..HEAD | grep "pkgs/" | grep "package.nix" | uniq + ) + + if [ "${PACKAGE_COMMIT}x" == "x" ] && \ + exit 0 + + for FILE in "${EDIT_FILE}"; do + nix-build -E 'with import {}; callPackage ./${FILE} {}' + done