From 09b959c1372a4d532deed9dec9f258ae9dbe96b0 Mon Sep 17 00:00:00 2001
From: Naxdy <naxdy@naxdy.org>
Date: Tue, 9 Apr 2024 15:36:09 +0200
Subject: [PATCH] add deploy action

---
 .forgejo/workflows/deploy-website.yml | 58 +++++++++++++++++++++++++++
 1 file changed, 58 insertions(+)
 create mode 100644 .forgejo/workflows/deploy-website.yml

diff --git a/.forgejo/workflows/deploy-website.yml b/.forgejo/workflows/deploy-website.yml
new file mode 100644
index 0000000..06e35ce
--- /dev/null
+++ b/.forgejo/workflows/deploy-website.yml
@@ -0,0 +1,58 @@
+name: Deploy Website
+
+on:
+  push:
+    branches: ["main"]
+
+concurrency:
+  group: main
+  cancel-in-progress: true
+
+jobs:
+  build:
+    runs-on: nix-flakes
+
+    steps:
+      - name: Set up packages
+        run: |
+          echo "extra-substituters = https://builder.naxdy.org/attic" >> /etc/nix/nix.conf
+          echo "extra-trusted-public-keys = attic:05LdE8Nav5Qd1E+KOJqSwdr+WE1z8AUmSb3oKL7s8dk=" >> /etc/nix/nix.conf
+          nix profile install nixpkgs#nodejs "github:zhaofengli/attic?ref=6eabc3f02fae3683bffab483e614bebfcd476b21"
+          echo "PATH=/nix/var/nix/profiles/per-user/root/profile/bin:$PATH" >> "$GITHUB_ENV"
+      - name: Set up attic binary cache
+        run: |
+          attic login "${{ vars.PUBLIC_BINARY_CACHE_NAME }}" "${{ vars.BINARY_CACHE_URL }}" "${{ secrets.PUBLIC_BINARY_CACHE_AUTH_KEY }}"
+          attic use "${{ vars.BINARY_CACHE_NAME }}"
+      - uses: actions/checkout@PUBLIC_v4
+      - name: Build Website
+        run: |
+          nix build .# --print-build-logs
+      - name: Push derivations to binary cache
+        run: |
+          cd /nix/store
+          attic push "${{ vars.PUBLIC_BINARY_CACHE_NAME }}" $(ls /nix/store --ignore='*.drv' --ignore='*fake_nixpkgs*')
+  deploy:
+    needs: [build]
+    runs-on: nix-flakes
+
+    steps:
+      - name: Set up packages
+        run: |
+          echo "extra-substituters = https://builder.naxdy.org/attic" >> /etc/nix/nix.conf
+          echo "extra-trusted-public-keys = attic:05LdE8Nav5Qd1E+KOJqSwdr+WE1z8AUmSb3oKL7s8dk=" >> /etc/nix/nix.conf
+          nix profile install nixpkgs#nodejs "github:zhaofengli/attic?ref=6eabc3f02fae3683bffab483e614bebfcd476b21"
+          echo "PATH=/nix/var/nix/profiles/per-user/root/profile/bin:$PATH" >> "$GITHUB_ENV"
+      - name: Prepare SSH key
+        run: |
+          mkdir -p ~/.ssh
+          ssh-keyscan git.naxdy.org >> ~/.ssh/known_hosts
+      - uses: actions/checkout@PUBLIC_v4
+        repository: "NaxdyOrg/Infrastructure"
+        ssh-key: "${{ secrets.DEPLOY_PRIVATE_KEY }}"
+        ssh-known-hosts: "git.naxdy.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKk7OpKgdzNrtA0Ni8eiBkY5kMPCfgXIINAsQ0qfxr7o"
+      - name: Deploy Website
+        run: |
+          nix flake lock --update-inputs naxgcc-doc
+          git add .
+          git commit -m "naxgcc-doc: update to ref ${{ env.GITHUB_SHA }}"
+          git push
\ No newline at end of file