Merge pull request #11 from phanirithvij/main

add gha workflow for releases

Author: tfc

.github/dependabot.yml

@@ -0,0 +1,21 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+      timezone: "UTC"
+    open-pull-requests-limit: 5
+    commit-message:
+      prefix: "ci"
+      include: "scope"
+    rebase-strategy: "auto"
+    groups:
+      github-actions:
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"

.github/workflows/artifact.yaml

@@ -0,0 +1,101 @@
+name: Build and Release
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+  workflow_dispatch:
+    inputs:
+      version:
+        description: "Release version (e.g., v1.0.0) - leave empty to auto-increment"
+        required: false
+        type: string
+      increment:
+        description: "How to increment version if not specified"
+        required: false
+        default: "minor"
+        type: choice
+        options:
+          - patch
+          - minor
+          - major
+jobs:
+  build:
+    strategy:
+      matrix:
+        include:
+          - arch: "x86_64-linux"
+            os: ubuntu-latest
+          - arch: "aarch64-linux"
+            os: ubuntu-24.04-arm
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
+      - uses: cachix/install-nix-action@c202056c6d0293bbc1c45caaa531f8f918914e53 # v31
+      - name: Building tarball for ${{ matrix.arch }}
+        run: nix build
+      - name: Uploading artifacts
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
+        with:
+          name: nixos-system-${{ matrix.arch }}.tar.xz
+          path: result/tarball/nixos-system-${{ matrix.arch }}.tar.xz
+  release:
+    runs-on: ubuntu-latest
+    if: github.event_name == 'workflow_dispatch'
+    needs: build
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
+        with:
+          fetch-depth: 0
+      - name: Determine new version
+        id: version
+        run: |
+          LATEST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "v0.0.0")
+          CLEAN_VERSION=${LATEST_TAG#v}
+          if [[ -n "${{ github.event.inputs.version }}" ]]; then
+            VERSION="${{ github.event.inputs.version }}"
+            # Strip 'v' prefix if present, then add it back consistently
+            CLEAN_VERSION=${INPUT_VERSION#v}
+            VERSION="v$CLEAN_VERSION"
+            echo "Using provided version: $VERSION"
+          else
+            # Ensure we have a full semver (pad with .0 if needed)
+            case $(echo "$CLEAN_VERSION" | tr '.' '\n' | wc -l) in
+              1) CLEAN_VERSION="$CLEAN_VERSION.0.0" ;;
+              2) CLEAN_VERSION="$CLEAN_VERSION.0" ;;
+            esac
+            npm install -g semver
+            NEW_VERSION=$(semver -i ${{ github.event.inputs.increment || 'minor' }} $CLEAN_VERSION)
+            VERSION="v$NEW_VERSION"
+            echo "Auto-incremented from $LATEST_TAG to: $VERSION"
+          fi
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo "prev_version=${LATEST_TAG}" >> $GITHUB_OUTPUT
+      - name: Update README
+        run: |
+          sed -i 's/${{ steps.version.outputs.prev_version }}/${{ steps.version.outputs.version }}/g' README.md
+
+          git config --local user.name "github-actions[bot]"
+          git config --local user.email "github-actions[bot]@users.noreply.github.com"
+          git add README.md
+          git diff --staged --quiet || git commit -m "update README.md"
+          git push
+      - name: Create tag
+        run: |
+          git tag ${{ steps.version.outputs.version }}
+          git push origin ${{ steps.version.outputs.version }}
+      - name: Download artifacts
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
+        with:
+          path: artifacts/
+      - name: Create release
+        run: |
+          gh release create ${{ steps.version.outputs.version }} \
+            --title "Release ${{ steps.version.outputs.version }}" \
+            --notes "Release ${{ steps.version.outputs.version }}" \
+            --latest \
+            artifacts/*/nixos-system-*.tar.xz
+        env:
+          GH_TOKEN: ${{ secrets.GH_TOKEN }}

.github/workflows/main.yml

@@ -9,46 +9,48 @@ You don't need `nix` or NixOS to fetch and run the image:
 
 ```sh
 # x86_64-linux architecture
-machinectl pull-tar https://github.com/tfc/nspawn-nixos/releases/download/v1.0/nixos-system-x86_64-linux.tar.xz nixos --verify=no
+machinectl pull-tar https://github.com/tfc/nspawn-nixos/releases/download/v1.2/nixos-system-x86_64-linux.tar.xz nixos --verify=no
 
 # aarch64-linux architecture
-machinectl pull-tar https://github.com/tfc/nspawn-nixos/releases/download/v1.0/nixos-system-aarch64-linux.tar.xz nixos --verify=no
+machinectl pull-tar https://github.com/tfc/nspawn-nixos/releases/download/v1.2/nixos-system-aarch64-linux.tar.xz nixos --verify=no
 
 machinectl start nixos
 # Set root password
 machinectl shell nixos /usr/bin/env passwd
 machinectl login nixos
 ```
 
+There are also nightly build artifacts available in the
+[github actions](https://github.com/phanirithvij/nspawn-nixos/actions/workflows/main.yml).
+
 You can also change the configuration in this repository first, and then import
 a local build:
 
 ```sh
 machinectl import-tar $(nix build --print-out-paths)/tarball/* nixos
 ```
 
-If you want the container to use the host's network, create a configuration
-file like this:
+If you want the container to use the host's network, create a configuration file
+like this:
 
 ```sh
 printf "[Network]\nVirtualEthernet=no" > /etc/systemd/nspawn/nixos.nspawn
 ```
 
 The system configuration in `/etc/nixos/configuration.nix` can be adapted to
-your needs.
-`nixos-rebuild switch` activates a new configuration.
+your needs. `nixos-rebuild switch` activates a new configuration.
 
 If you would like to share mounts between host and container, create port
 mappings, etc. please refer to the
 [`systemd.nspawn` config file documentation](https://man7.org/linux/man-pages/man5/systemd.nspawn.5.html)
-and/or the [archlinux wiki about `systemd-nspawn`](https://wiki.archlinux.org/title/systemd-nspawn)
+and/or the
+[archlinux wiki about `systemd-nspawn`](https://wiki.archlinux.org/title/systemd-nspawn)
 
 ## Why not Docker images?
 
 Docker puts the file system of any Linux distro around a single process, but it
-essentially does not run a whole system.
-Running NixOS (or any other distro) in `systemd-nspawn` is similar to running a
-full VM, but with the same thin namespace isolation as in Docker, which leads to
-less overhead.
+essentially does not run a whole system. Running NixOS (or any other distro) in
+`systemd-nspawn` is similar to running a full VM, but with the same thin
+namespace isolation as in Docker, which leads to less overhead.
 
 Changes that you do to your nspawn container remain persistent by default.