add ci

.forgejo/workflows/release.yml

@@ -0,0 +1,39 @@
+name: Push Container
+
+on:
+  push:
+    branches: ["main"]
+
+concurrency:
+  group: main
+  cancel-in-progress: true
+
+jobs:
+  deploy:
+    runs-on: nix-flakes
+
+    steps:
+      - name: Set up packages
+        run: |
+          echo "extra-substituters = https://builder.naxdy.org/attic" >> /etc/nix/nix.conf
+          echo "extra-trusted-public-keys = attic:05LdE8Nav5Qd1E+KOJqSwdr+WE1z8AUmSb3oKL7s8dk=" >> /etc/nix/nix.conf
+          nix profile install nixpkgs#nodejs nixpkgs#jq nixpkgs#docker "github:zhaofengli/attic?ref=6eabc3f02fae3683bffab483e614bebfcd476b21"
+          echo "PATH=/nix/var/nix/profiles/per-user/root/profile/bin:$PATH" >> "$GITHUB_ENV"
+      - name: Set up attic binary cache
+        run: |
+          attic login "${{ vars.BINARY_CACHE_NAME }}" "${{ vars.BINARY_CACHE_URL }}" "${{ secrets.BINARY_CACHE_AUTH_KEY }}"
+          attic use "${{ vars.BINARY_CACHE_NAME }}"
+      - uses: actions/checkout@v4
+      - name: Build docker image
+        run: |
+          nix build .# -j 4
+      - name: Push derivations to binary cache
+        run: |
+          cd /nix/store
+          attic push "${{ vars.BINARY_CACHE_NAME }}" $(ls /nix/store --ignore='*.drv' --ignore='*fake_nixpkgs*')
+      - name: Push docker image to registry
+        run: |
+          docker login -u "${{ vars.UPSTREAM_USER }}" -p "${{ secrets.UPSTREAM_PASS }}" "${{ vars.UPSTREAM_REPO }}"
+          docker load -i ./result
+          docker tag docker-attic-nix:latest "${{ vars.UPSTREAM_REPO }}/${{ vars.UPSTREAM_ORG }}/docker-attic-nix:latest"
+          docker push "${{ vars.UPSTREAM_REPO }}/${{ vars.UPSTREAM_ORG }}/docker-attic-nix:latest"