tracexec 0.17.0

Tracer for execve{,at} and pre-exec behavior, launcher for debuggers.
name: Continuous Integration (Nix)

permissions:
  contents: read

on:
  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:
  push:
    branches:
      - main
      - ci
  pull_request:
  merge_group:

# ensure that the workflow is only triggered once per PR,  subsequent pushes to the PR will cancel
# and restart the workflow. See https://docs.github.com/en/actions/using-jobs/using-concurrency
concurrency:
  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true

jobs:
  nix:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: |
          sudo apt-get update -y
          sudo apt-get install -y qemu-kvm
      - uses: nixbuild/nix-quick-install-action@v30
        with:
          nix_conf: |
            keep-env-derivations = true
            keep-outputs = true
            http2 = false
          
      - name: Setup Attic cache (Writable)
        uses: ryanccn/attic-action@v0.4.1
        if: github.event.pull_request.head.repo.fork != true
        with:
          endpoint: https://nix.kxxt.dev
          cache: tracexec
          token: ${{ secrets.NIX_CACHE_JWT }}
      
      - name: Setup Attic cache (ReadOnly)
        uses: ryanccn/attic-action@v0.4.1
        if: github.event.pull_request.head.repo.fork == true
        with:
          endpoint: https://nix.kxxt.dev
          cache: tracexec
          skip-push: true

      # Build and test tracexec
      # Also builds kernels
      - run: nix build
      # Run Userspace<->Kernel CI
      - run: nix run '.#ukci'
      - name: Add gc root for UKCI
        run: ln -s "$(nix eval --raw '.#ukci')" /nix/var/nix/gcroots/ukci