manually download zig · altagos.dev/website@bdbcbf3

··· 6 6 engine: nixery 7 7 8 8 dependencies: 9 - # nixpkgs 10 9 nixpkgs: 11 - - curl 10 + - jq 11 + - minisign 12 + - dart-sass 13 + 14 + environment: 15 + ZIG_VERSION: "0.15.1" 12 16 13 17 steps: 14 - - name: Setup 18 + - name: Download Zig compiler 19 + command: | 20 + chmod +x zig/download.sh; 21 + ./zig/download.sh; 22 + ./zig/zig --version 23 + - name: Download statichost cli 15 24 command: | 16 25 curl -o shcli https://www.statichost.eu/shcli; chmod +x shcli 17 - - name: Build 26 + - name: Build website 18 27 command: | 19 - TAR_OPTIONS="--no-same-owner" nix run .#build 28 + ./zig/zig build 20 29 - name: Upload 21 30 command: | 22 31 ./shcli altagos-dev ./zig-out/website

+1 -20

flake.nix

··· 13 13 }: let 14 14 flake-utils = zig2nix.inputs.flake-utils; 15 15 in (flake-utils.lib.eachDefaultSystem (system: let 16 - # Fix zig to handle tar extraction in Docker containers 17 - zigFixed = zig2nix.outputs.packages.${system}.zig-latest.overrideAttrs (oldAttrs: { 18 - # Override the unpack phase to use --no-same-owner 19 - unpackPhase = '' 20 - runHook preUnpack 21 - 22 - # Extract with --no-same-owner to avoid permission issues in Docker 23 - tar xf $src --no-same-owner 24 - 25 - # Set sourceRoot to the extracted directory 26 - sourceRoot=$(ls -d */ | head -n 1) 27 - sourceRoot=''${sourceRoot%/} 28 - 29 - runHook postUnpack 30 - ''; 31 - }); 32 16 # Zig flake helper 33 17 # Check the flake.nix in zig2nix project for more options: 34 18 # <https://github.com/Cloudef/zig2nix/blob/master/flake.nix> 35 - # env = zig2nix.outputs.zig-env.${system} {zig = zig2nix.outputs.packages.${system}.zig-latest;}; 36 - env = zig2nix.outputs.zig-env.${system} { 37 - zig = zigFixed; # Use the fixed zig instead of zig-latest 38 - }; 19 + env = zig2nix.outputs.zig-env.${system} {zig = zig2nix.outputs.packages.${system}.zig-latest;}; 39 20 pkgs = nixpkgs.legacyPackages.${system}; 40 21 in 41 22 with builtins;

zig/.gitignore

··· 1 + * 2 + !download.sh 3 + !.gitignore

+44

zig/download.sh

··· 1 + #!/usr/bin/env bash 2 + set -e 3 + 4 + [ -z "$ZIG_VERSION" ] && ZIG_VERSION="master" 5 + 6 + ZIG_SIGNATUR_PUBKEY="RWSGOq2NVecA2UPNdBUZykf1CCb147pkmdtYxgb3Ti+JO/wCYvhbAb/U" 7 + 8 + command -v jq >/dev/null || { echo "Error: jq is required to parse Zig's download manifest"; exit 1; } 9 + command -v minisign >/dev/null || { echo "Error: minisign is required to verify Zig's signature"; exit 1; } 10 + mkdir -p zig 11 + 12 + case "$(uname -s)" in 13 + Linux) 14 + case "$(uname -m)" in 15 + x86_64) p="x86_64-linux" ;; 16 + aarch64) p="aarch64-linux" ;; 17 + armv7l) p="arm-linux" ;; 18 + i686) p="x86-linux" ;; 19 + *) echo "Error: Unsupported architecture $(uname -m)"; exit 1 ;; 20 + esac 21 + ;; 22 + Darwin) 23 + case "$(uname -m)" in 24 + x86_64) p="x86_64-macos" ;; 25 + arm64) p="aarch64-macos" ;; 26 + *) echo "Error: Unsupported architecture $(uname -m)"; exit 1 ;; 27 + esac 28 + ;; 29 + *) echo "Error: Unsupported OS $(uname -s)"; exit 1 ;; 30 + esac 31 + 32 + u=$(curl -s https://ziglang.org/download/index.json | jq -r ".\"$ZIG_VERSION\".\"$p\".tarball") 33 + [ -z "$u" ] && { echo "Error: Could not find download URL for version $ZIG_VERSION on $p"; exit 1; } 34 + 35 + f=$(basename "$u") 36 + curl -L "$u" -o "zig/$f" || { echo "Error: Failed to download Zig compiler"; exit 1; } 37 + curl -L "$u.minisig" -o "zig/$f.minisig" || { echo "Error: Failed to download minisig signature"; exit 1; } 38 + 39 + minisign -Vm "zig/$f" -P $ZIG_SIGNATUR_PUBKEY || { echo "Error: Signature verification failed - this is critical for security"; exit 1; } 40 + 41 + [[ "$f" == *.zip ]] && unzip -q "zig/$f" -d zig && d=$(unzip -l "zig/$f" | awk 'NR==4 {print $4}' | cut -d '/' -f 1) || { tar -xJf "zig/$f" -C zig; d=$(tar -tf "zig/$f" | head -1 | cut -d '/' -f 1); } 42 + 43 + ln -sf "$(pwd)/zig/$d/zig" $(pwd)/zig/zig 44 + rm -f "zig/$f" "zig/$f.minisig"