Skip to content

feature: use cabal-audit directly #47

feature: use cabal-audit directly

feature: use cabal-audit directly #47

Workflow file for this run

name: "CI"
on:
pull_request:
push:
create:
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
build_and_publish:
runs-on: self-hosted
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v20
with:
github_access_token: ${{ secrets.GITHUB_TOKEN }}
extra_nix_config: |
system-features = nixos-test benchmark big-parallel kvm
- uses: DeterminateSystems/magic-nix-cache-action@main
- name: Extract tag name
shell: bash
run: echo "tag=$(echo ${GITHUB_REF##*/})" >> $GITHUB_OUTPUT
id: extract_tag
- run: nix build -L
- run: docker load -i result
- name: Log in to the Container registry
if: github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v')
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- run: docker tag blackheaven/haskell-security-action ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.extract_tag.outputs.tag }}
if: github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v')
- run: docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.extract_tag.outputs.tag }}
if: github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v')