ci: build packages and nixos configurations using GitHub Action

[yzx9]

TLDR: This pull request adds a new GitHub Actions workflow that builds packages and pushes artifacts to Cachix. It automates what devshells/nix-build-to-cachix.nix previously handled.

close #96

Design

Workflow

A new file, .github/workflows/cachix.yaml, defines a multi-job workflow that organizes builds to balance wall-clock time and runner utilization:

• Kernel builds: Build multiple Raspberry Pi kernel versions in parallel.
• Vendor package builds: Split vendor packages into two jobs to better respect dependency ordering and reduce resource contention.
  • This introduces some complexity. If you prefer a simpler setup, we can merge them into a single job; you’d then rerun the job once ffmpeg_7-headless is available in Cachix (expected to be rare).
• Cachix integration — Push build results to Cachix for reuse across runs and machines.

Required Secrets

Please add the following repository secrets
(Repo Settings → Security → Secrets and variables → Actions → New repository secret):

• CACHIX_CACHE_NAME: nixos-raspberrypi
• CACHIX_AUTH_TOKEN: a token generated in Cachix
  (Cachix → Cache Settings → Auth Tokens → Generate)

Links for convenience:

• GitHub secrets: https://github.com/nvmd/nixos-raspberrypi/settings/secrets/actions
• Cachix tokens: https://app.cachix.org/cache/nixos-raspberrypi/settings/authtokens

Testing

I successfully ran the jobs in my forked repository: https://github.com/yzx9/nixos-raspberrypi/actions/runs/18270405302/job/52011788319.

Because we don’t enable the on.pull_request trigger (it’s unsafe for untrusted forks), you’ll need to fork my repository and configure the required secrets to run the GitHub Action.

Since these packages are already present in nixos-raspberrypi.cachix.org, the builds will be skipped and the workflow will finish in about 3 minutes. To perform a full rebuild, you have two options:

1. Use a fresh cache, remove the --accept-flake-config option to prevent pulling from nixos-raspberrypi.cachix.org.
2. (not recommended) Clear the cache nixos-raspberrypi.cachix.org.

GitHub Action Usage

• Cost: GitHub Actions usage on standard GitHub-hosted runners is free for public repositories.
• Runtime limits:
  • Each job on GitHub-hosted runners: 6 hours max.
  • Entire workflow run: 35 days max (includes waits/approvals).
  • Storage & minutes: public repositories using standard GitHub-hosted runners are not charged and don’t consume a private-account quota.
  • Job queue time (self‑hosted): 24 hours.

[yzx9]

@nvmd Hey, thanks for your great work! I noticed that /nix/store/b4dvi07sdz7biqpr5vkda8vyjdancw59-linux_rpi-bcm2712-6.12.34-stable_20250702.drv is missing again from Cachix. Have you had a chance to consider this PR? If there’s anything that needs improvement or clarification, please let me know!

[doronbehar]

Any updates on this one @nvmd ?