name: Deploy Nix Site description: Deploy static site built with Nix flake to S3 and Nomad inputs: site-name: description: 'Site identifier (used as service name in Nomad)' required: true traefik-rule: description: 'Traefik routing rule (e.g., Host(`example.com`) or Host(`example.com`) || Host(`www.example.com`))' required: true flake-output: description: 'Nix flake output to build (e.g., .#packages.x86_64-linux.default or .#)' required: false default: '.#' s3-endpoint: description: 'S3 endpoint' required: false default: 'https://s3.toph.so' runs: using: composite steps: - name: Install tools shell: bash run: | # Install AWS CLI nix profile install nixpkgs#awscli2 # Install Nomad nix profile install nixpkgs#nomad # Make available in PATH export PATH="$HOME/.nix-profile/bin:$PATH" echo "$HOME/.nix-profile/bin" >> $GITHUB_PATH # Set Nomad address echo "NOMAD_ADDR=http://alvin:4646" >> $GITHUB_ENV - name: Build site with Nix shell: bash run: | nix build ${{ inputs.flake-output }} --print-build-logs # Get the store path STORE_PATH=$(readlink -f result) STORE_HASH=$(basename "$STORE_PATH") echo "STORE_PATH=$STORE_PATH" >> $GITHUB_ENV echo "STORE_HASH=$STORE_HASH" >> $GITHUB_ENV echo "📦 Built: $STORE_PATH" - name: Push to binary cache shell: bash run: | # Configure S3 binary cache export AWS_ACCESS_KEY_ID="${{ env.S3_ACCESS_KEY }}" export AWS_SECRET_ACCESS_KEY="${{ env.S3_SECRET_KEY }}" # Push to S3 binary cache nix copy \ --to "s3://nix-cache?endpoint=${{ inputs.s3-endpoint }}&scheme=https&secret-key=${{ env.NIX_SIGNING_KEY }}" \ "$STORE_PATH" echo "✅ Pushed to binary cache: $STORE_HASH" - name: Pull to host and deploy via Nomad shell: bash run: | # First, pull the store path to the host's /nix/store ssh alvin "nix copy --from 's3://nix-cache?endpoint=${{ inputs.s3-endpoint }}&scheme=https' '$STORE_PATH'" # Now deploy Nomad job that mounts this specific store path cat > /tmp/deploy-${{ inputs.site-name }}.nomad.json <