From 4ab13b0e4903013fa42195c47452daffe73b1dac Mon Sep 17 00:00:00 2001
From: Casey Link <unnamedrambler@gmail.com>
Date: Wed, 30 Oct 2024 10:54:01 +0100
Subject: [PATCH] ci: publish container image

---
 .github/workflows/ci.yml | 22 +++++++++++++++++++---
 .yamllint.yml            | 22 ++++++++++++++++++++++
 flake.nix                |  7 +++++++
 3 files changed, 48 insertions(+), 3 deletions(-)
 create mode 100644 .yamllint.yml

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 2d6d916..b301384 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -24,6 +24,8 @@ jobs:
       - uses: DeterminateSystems/flake-checker-action@main
       - name: Build datomic-pro nix package
         run: nix build .#datomic-pro
+      - name: Build datomic-pro oci image
+        run: nix build .#datomic-pro-container -o container
       - name: Run NixOS module tests
         run: nix flake check
 
@@ -33,15 +35,29 @@ jobs:
     permissions:
       id-token: write
       contents: read
-    if: startsWith(github.ref, 'refs/tags/v')
+      packages: write
+    if: startsWith(github.ref, 'refs/tags/v') || inputs.tag != null
     steps:
+      - name: Verify tag format
+        if: github.event_name == 'workflow_dispatch'
+        run: |
+          if [[ ! "${{ inputs.tag }}" =~ ^v ]]; then
+            echo "Error: Tag must start with 'v' prefix"
+            exit 1
+          fi
       - uses: actions/checkout@v4
         with:
-          ref: "${{ (inputs.tag != null) && format('refs/tags/{0}', inputs.tag) || '' }}"
+          ref: "${{ github.event_name == 'workflow_dispatch' && format('refs/tags/{0}', inputs.tag) || github.ref }}"
       - uses: DeterminateSystems/nix-installer-action@main
       - uses: DeterminateSystems/magic-nix-cache-action@main
+      - name: Build datomic-pro oci image
+        run: nix build .#datomic-pro-container -o container
+      - name: Push container image on new releases
+        run: |
+          datomic_version=$(grep 'version = ' pkgs/datomic-pro.nix | cut -d'"' -f2)
+          nix develop --ignore-environment --command skopeo copy --dest-creds="${{ github.repository_owner }}:${{ github.token }}" docker-archive:./result docker://ghcr.io/${{github.repository_owner}}/datomic-pro:$datomic_version
       - uses: DeterminateSystems/flakehub-push@main
         with:
           visibility: public
           name: Ramblurr/datomic-pro
-          tag: "${{ inputs.tag }}"
+          tag: "${{ github.event_name == 'workflow_dispatch' && inputs.tag || github.ref_name }}"
diff --git a/.yamllint.yml b/.yamllint.yml
new file mode 100644
index 0000000..bdef356
--- /dev/null
+++ b/.yamllint.yml
@@ -0,0 +1,22 @@
+---
+ignore: |
+  .yamllint.yml
+extends: default
+rules:
+  truthy:
+    allowed-values: ["true", "false"]
+  line-length: disable
+  braces:
+    min-spaces-inside: 0
+    max-spaces-inside: 1
+    level: error
+  brackets:
+    min-spaces-inside: 0
+    max-spaces-inside: 0
+    level: error
+  indentation:
+    spaces: 2
+    indent-sequences: consistent
+  new-lines: disable
+  comments: disable
+  comments-indentation: disable
diff --git a/flake.nix b/flake.nix
index 7bd6614..87365ed 100644
--- a/flake.nix
+++ b/flake.nix
@@ -57,6 +57,13 @@
               ;
           };
         };
+        devShells.default = pkgs.mkShell {
+          buildInputs = [
+            pkgs.skopeo
+            pkgs.babashka
+            pkgs.gnumake
+          ];
+        };
       }
     );
 }