Documentation

menu
ModulesNodejsHaskellRustPostgreSQLUserHostingIntroductionBranch HostingPull-request DeploymentsSecretsPersistenceDebuggingMultiple ServersCustom DomainsExample: Typescript & GoExample: JitsiExample: RSS BridgeExample: Tiny Tiny RSSExample: SearxActionsInstalling Nixyaml configNix FlakesWhat Garnix CI doesIncremental BuildsUsing Private InputsCachingGitHub Actions IntegrationBadgesGarnopen source
ModulesNodejsHaskellRustPostgreSQLUserHostingIntroductionBranch HostingPull-request DeploymentsSecretsPersistenceDebuggingMultiple ServersCustom DomainsExample: Typescript & GoExample: JitsiExample: RSS BridgeExample: Tiny Tiny RSSExample: SearxActionsInstalling Nixyaml configNix FlakesWhat Garnix CI doesIncremental BuildsUsing Private InputsCachingGitHub Actions IntegrationBadgesGarnopen source

Actionsshare

Note: garnix actions are currently in closed beta. If you would like to try them out, reach out to us by email or on Discord/Matrix.

While Nix builds work well for a large variety of CI requirements, they aren't a good fit when you want your CI job to not just build your repo and run your tests, but also to do something to the external world — upload a docker image, trigger a deployment, send an email, etc. Moreover, sometimes a fully isolated Nix build is too much upfront work, and it's easier to use Nix to provide basic tools (such as cargo, npm, pip, etc.) that you then call as usual, without going through the "pure" versions.

For both of those use cases, garnix actions are a great fit. With actions, you can call an arbitrary executable built with Nix in response to certain events. The executable is called with access to the internet.

To use actions, first define an (x86_64-linux) app in your flake:

{
  ...
  outputs = inputs : {
    apps.x86_64.linux.myApp = ...;
  };
}

Then, in your garnix.yaml, add an actions section in the toplevel:

actions:
  - on: push
    run: myApp

This will run the app as soon as there is a push. Other triggers will be added in the future.

Secrets with actionsshare

Often when interacting with the external world, you'll need to identify yourself. Actions provide a way of doing that. As with hosting secrets, actions run with access to a private key. You can get access to the public key corresponding to it with:

curl https://garnix.io/api/keys/<repo_owner>/<repo_name>/<action_name>/key.public

You can then use that public key to encrypt your secrets, and have the action decrypt it as needed. The location of the key is made available to your action in the environment variable $GARNIX_ACTION_PRIVATE_KEY_FILE.