From f1f9ab65017d9d1b32498afb48b2708864aded77 Mon Sep 17 00:00:00 2001 From: "Nikita M." Date: Mon, 16 Mar 2026 10:04:36 +0000 Subject: [PATCH 1/5] [ci] setup ci for syntax check and build --- .github/workflows/ci.yml | 49 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 .github/workflows/ci.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..109d154 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,49 @@ +name: CI + +on: + push: + branches: [main] + pull_request: + branches: [main] + +jobs: + check: + name: Flake check + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - uses: cachix/install-nix-action@v30 + with: + nix_path: nixpkgs=channel:nixos-unstable + extra_nix_config: | + experimental-features = nix-command flakes + + - name: Check flake evaluation + run: nix flake check --no-build --all-systems + + build: + name: Build NixOS configuration + runs-on: ubuntu-latest + needs: check + steps: + - uses: actions/checkout@v4 + + - uses: cachix/install-nix-action@v30 + with: + nix_path: nixpkgs=channel:nixos-unstable + extra_nix_config: | + experimental-features = nix-command flakes + extra-platforms = aarch64-linux + + - name: Set up QEMU for aarch64 emulation + uses: docker/setup-qemu-action@v3 + with: + platforms: arm64 + + - name: Build finite system + run: | + nix build .#nixosConfigurations.finite.config.system.build.toplevel \ + --system aarch64-linux \ + --no-link \ + --print-build-logs From 29deccdb29e4c3c559d6937cc350be0e4cca2516 Mon Sep 17 00:00:00 2001 From: "Nikita M." Date: Mon, 16 Mar 2026 10:09:26 +0000 Subject: [PATCH 2/5] [ci] add version, add cve scan step --- .github/workflows/ci.yml | 5 ++++- settings.nix | 2 ++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 109d154..ecc8179 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -45,5 +45,8 @@ jobs: run: | nix build .#nixosConfigurations.finite.config.system.build.toplevel \ --system aarch64-linux \ - --no-link \ --print-build-logs + + - name: Scan for CVEs with vulnix + run: nix run nixpkgs#vulnix -- --system ./result + continue-on-error: true diff --git a/settings.nix b/settings.nix index e85357c..b7dc0e7 100644 --- a/settings.nix +++ b/settings.nix @@ -1,4 +1,6 @@ { + VERSION = "1.0.0"; + STATE_VERSION = "25.05"; SYSTEM = "aarch64-linux"; From c190948a07336dd596735135252592cacc49c450 Mon Sep 17 00:00:00 2001 From: "Nikita M." Date: Mon, 16 Mar 2026 10:13:36 +0000 Subject: [PATCH 3/5] [ci] add statix check --- .github/workflows/ci.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ecc8179..9c1b9c4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,6 +22,10 @@ jobs: - name: Check flake evaluation run: nix flake check --no-build --all-systems + - name: Lint with statix + run: nix run nixpkgs#statix -- check . + continue-on-error: true + build: name: Build NixOS configuration runs-on: ubuntu-latest From e46eef5f1a9a061d9efc15d6e01e6609f082e2ee Mon Sep 17 00:00:00 2001 From: "Nikita M." Date: Mon, 16 Mar 2026 10:17:11 +0000 Subject: [PATCH 4/5] [ci] add CI status to readme --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 6a0e4c8..4237788 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,12 @@ + + + + + +

Finite

From 079fbab5a2c4366316b1eb2ca74123110fc7347c Mon Sep 17 00:00:00 2001 From: "Nikita M." Date: Mon, 16 Mar 2026 10:23:52 +0000 Subject: [PATCH 5/5] [readme] update badges --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 4237788..9e0f692 100644 --- a/README.md +++ b/README.md @@ -14,11 +14,13 @@ +

+

- + - +