CI integration - Gitlab CI

[adisbladis]

There should be a quick & easy way to get Gitlab CI to publish Nix builds to a log instance running elsewhere.

This integration will take care of:

• Integrating with the system Nix installation.
• Integration of the write token into github actions yaml syntax.
• Using Github Actions secrets for write token.

Considerations

• It's probably worth it to not install the push as a post-build-hook but as a post action step
  Instead of slowing down and doing a network round trip after every build we can do one big submission in one big chunk.
  Not only is this better for less round trips, but it also means that we can possibly publish fewer STHs (signed tree heads).

Hosting

Notably this action does not take care of hosting a Trustix instance.
That's still an exercise left up to the user.

Advanced setups

More advanced setups might want to use the NixOS Gitlab Runner module.
For these setups it's recommended that you use the post build hook on the host instead and ignore the Gitlab CI specific setup.

Example usage:

image: nixos/nix:2.3.12

build:
  variables:
    CACHIX_CACHE_NAME: mycache
  before_script:
    - nix-env --install --attr nixpkgs.cachix
    - cachix use "$CACHIX_CACHE_NAME"
  script:
    - cachix watch-exec $CACHIX_CACHE_NAME -- nix-build default.nix