chores: use custom github runners

.github/workflows/nix-build.yml

@@ -10,23 +10,32 @@ on:
 
 permissions:
   id-token: write
-  # required by testinfra-ami-build dependent workflows
+  # required by dependent workflows
   contents: write
   packages: write
 
 jobs:
+  nix-matrix:
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: cachix/install-nix-action@v30
+      - id: set-matrix
+        name: Generate Nix Matrix
+        run: |
+          set -Eeu
+          matrix="$(nix eval --json '.#githubActions.matrix')"
+          echo "matrix=$matrix" >> "$GITHUB_OUTPUT"
+
   build-run-image:
+    name: ${{ matrix.name }} (${{ matrix.system }})
+    needs: nix-matrix
+    runs-on: ${{ matrix.os }}
     strategy:
       fail-fast: false
-      matrix:
-        include:
-          - runner: large-linux-x86
-            arch: amd64
-          - runner: large-linux-arm
-            arch: arm64
-          - runner: macos-latest-xlarge
-            arch: arm64
-    runs-on: ${{ matrix.runner }}
+      matrix: ${{fromJSON(needs.nix-matrix.outputs.matrix)}}
     timeout-minutes: 180
     steps:
       - name: Checkout Repo
@@ -104,23 +113,12 @@ jobs:
           sudo rm -rf /tmp/* 2>/dev/null || true
           echo "=== AFTER CLEANUP ==="
           df -h
-      - name: Build psql bundle
-        run: >
-          nix run "github:Mic92/nix-fast-build?rev=b1dae483ab7d4139a6297e02b6de9e5d30e43d48" 
-          -- --skip-cached --no-nom ${{ matrix.runner == 'macos-latest-xlarge' && '--max-jobs 1' || '' }}
-          --flake ".#checks.$(nix eval --raw --impure --expr 'builtins.currentSystem')"
+      - run: nix build -L '.#${{ matrix.attr }}'
         env:
           AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }}
           AWS_SESSION_TOKEN: ${{ env.AWS_SESSION_TOKEN }}
 
-  run-testinfra:
-    needs: build-run-image
-    if: ${{ success() }}
-    uses: ./.github/workflows/testinfra-ami-build.yml
-    secrets:
-      DEV_AWS_ROLE: ${{ secrets.DEV_AWS_ROLE }}
-
   run-tests:
     needs: build-run-image
     if: ${{ success() }}

flake.nix

@@ -14,6 +14,8 @@
     git-hooks.url = "github:cachix/git-hooks.nix";
     git-hooks.inputs.nixpkgs.follows = "nixpkgs";
     nixpkgs-go124.url = "github:Nixos/nixpkgs/d2ac4dfa61fba987a84a0a81555da57ae0b9a2b0";
+    nix-github-actions.url = "github:nix-community/nix-github-actions";
+    nix-github-actions.inputs.nixpkgs.follows = "nixpkgs";
   };
 
   outputs =
@@ -36,6 +38,7 @@
         nix/nixpkgs.nix
         nix/packages
         nix/overlays
+        nix/github-actions.nix
       ];
     });
 }

nix/github-actions.nix

@@ -0,0 +1,18 @@
+{ inputs, ... }:
+let
+  githubPlatforms = {
+    "x86_64-linux" = "large-linux-x86";
+    "aarch64-linux" = "large-linux-arm";
+    "aarch64-darwin" = "macos-latest-xlarge";
+  };
+in
+{
+  flake.githubActions = inputs.nix-github-actions.lib.mkGithubMatrix {
+    checks = inputs.nixpkgs.lib.getAttrs [
+      "x86_64-linux"
+      "aarch64-linux"
+      "aarch64-darwin"
+    ] inputs.self.checks;
+    platforms = githubPlatforms;
+  };
+}