upload-ami.yml

name: Upload Amazon Image
permissions:
  contents: read
  id-token: write
on:
  workflow_dispatch:
  push:
    branches: [main]
jobs:
  upload-legacy-image:
    name: Upload Legacy Amazon Image
    runs-on: ubuntu-latest
    environment: images
    strategy:
      matrix:
        system:
          - x86_64-linux
          - aarch64-linux
    steps:
      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
      - uses: DeterminateSystems/nix-installer-action@cd46bde16ab981b0a7b2dce0574509104543276e # v9
      - uses: DeterminateSystems/magic-nix-cache-action@8a218f9e264e9c3803c9a1ee1c30d8e4ab55be63 # v2
      - name: Download AMI from Hydra
        run: |
          out=$(curl --location --silent --header 'Accept: application/json' https://hydra.nixos.org/job/nixos/release-23.11/nixos.amazonImage.${{ matrix.system }}/latest-finished  | jq --raw-output '.buildoutputs.out.path')
          nix-store --realise $out --add-root ./result
      - uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
        with:
          role-to-assume: arn:aws:iam::686862074153:role/upload-ami
          aws-region: eu-central-1
      - name: Upload AMIs
        run: nix run .#upload-ami -- --image-info ./result/nix-support/image-info.json --s3-bucket images20231124161256194400000001 --run-id ${{ github.run_id}}