67a8283653
We have this set in the other actions, it prevents the action from running in PRs made against forks.
32 lines
958 B
YAML
32 lines
958 B
YAML
name: "Build NixOS manual"
|
|
|
|
permissions: read-all
|
|
|
|
on:
|
|
pull_request_target:
|
|
branches:
|
|
- master
|
|
paths:
|
|
- 'nixos/**'
|
|
|
|
jobs:
|
|
nixos:
|
|
runs-on: ubuntu-latest
|
|
if: github.repository_owner == 'NixOS'
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
with:
|
|
# pull_request_target checks out the base branch by default
|
|
ref: refs/pull/${{ github.event.pull_request.number }}/merge
|
|
- uses: cachix/install-nix-action@v13
|
|
with:
|
|
# explicitly enable sandbox
|
|
extra_nix_config: sandbox = true
|
|
- uses: cachix/cachix-action@v9
|
|
with:
|
|
# This cache is for the nixos/nixpkgs manual builds and should not be trusted or used elsewhere.
|
|
name: nixpkgs-ci
|
|
signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
|
|
- name: Building NixOS manual
|
|
run: NIX_PATH=nixpkgs=$(pwd) nix-build --option restrict-eval true nixos/release.nix -A manual.x86_64-linux
|