From b9b9db406759527d70b39a737ffa1f6037a3da3d Mon Sep 17 00:00:00 2001 From: arcnmx Date: Wed, 19 May 2021 11:03:12 -0700 Subject: [PATCH 1/4] ci: ignore sources.json changes it's unnecessary and can loop due to the niv update commit --- .github/workflows/niv-update.yml | 6 ++---- ci/niv-cron.nix | 3 +-- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/.github/workflows/niv-update.yml b/.github/workflows/niv-update.yml index 8237b5a9..80de758f 100644 --- a/.github/workflows/niv-update.yml +++ b/.github/workflows/niv-update.yml @@ -91,15 +91,13 @@ name: niv-update 'on': pull_request: paths: - - nix/* - default.nix - - ./ci/niv-cron.nix + - ci/niv-cron.nix - .github/workflows/niv-update.yml push: paths: - - nix/* - default.nix - - ./ci/niv-cron.nix + - ci/niv-cron.nix - .github/workflows/niv-update.yml schedule: - cron: 0 */6 * * * diff --git a/ci/niv-cron.nix b/ci/niv-cron.nix index 4491fce3..a1ea3b59 100644 --- a/ci/niv-cron.nix +++ b/ci/niv-cron.nix @@ -10,9 +10,8 @@ with lib; { gh-actions = { on = let paths = [ - "nix/*" # niv and sources.json "default.nix" # sourceCache - config.ci.configPath config.ci.gh-actions.path + "ci/niv-cron.nix" config.ci.gh-actions.path ]; in { push = { From 841f25343472339839c504bbb808b5aced29a263 Mon Sep 17 00:00:00 2001 From: arcnmx Date: Wed, 19 May 2021 11:25:46 -0700 Subject: [PATCH 2/4] ci: don't pollute git with remote branches --- ci/niv-cron.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ci/niv-cron.nix b/ci/niv-cron.nix index a1ea3b59..e44be78e 100644 --- a/ci/niv-cron.nix +++ b/ci/niv-cron.nix @@ -49,10 +49,11 @@ with lib; { chmod 0600 ~/.ssh/id_rsa fi + git init -q sources ${concatStringsSep "\n" (mapAttrsToList (source: spec: let update = "niv update ${source}"; - fetch = "timeout 30 git fetch -q --depth 1 ${spec.repo} ${spec.branch}:source-${source}"; - revision = "$(git show-ref -s source-${source})"; + fetch = "timeout 30 git -C sources fetch -q --depth 1 ${spec.repo} ${spec.branch}:source-${source}"; + revision = "$(git -C sources show-ref -s source-${source})"; isGit = hasPrefix "https://" spec.repo or ""; git = '' if ${fetch}; then From 8fe1a913a501c2ce317fb9c9062614202ff73297 Mon Sep 17 00:00:00 2001 From: arcnmx Date: Wed, 19 May 2021 11:31:08 -0700 Subject: [PATCH 3/4] ci: commit niv updates to main branch --- ci/niv-cron.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/ci/niv-cron.nix b/ci/niv-cron.nix index e44be78e..8c0e8569 100644 --- a/ci/niv-cron.nix +++ b/ci/niv-cron.nix @@ -82,10 +82,11 @@ with lib; { git add nix/sources.json export GIT_{COMMITTER,AUTHOR}_EMAIL=kat@kittywit.ch export GIT_{COMMITTER,AUTHOR}_NAME=kat witch - git commit --message="ci-trusted: niv update" - git remote add gitea ssh://gitea@git.kittywit.ch:62954/kat/nixfiles.git - GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" \ - git push gitea master + git commit --message="ci: niv update" + if [[ $GITHUB_REF = refs/heads/main ]]; then + GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" \ + git push ssh://gitea@git.kittywit.ch:62954/kat/nixfiles.git main + fi fi wait ''${CACHIX_PUSH-} From 8dfc5cb67692c808fd94802828b8d761e3e6eb3f Mon Sep 17 00:00:00 2001 From: arcnmx Date: Wed, 19 May 2021 11:33:18 -0700 Subject: [PATCH 4/4] ci: push result symlinks to cachix --- ci/niv-cron.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/niv-cron.nix b/ci/niv-cron.nix index 8c0e8569..6042b807 100644 --- a/ci/niv-cron.nix +++ b/ci/niv-cron.nix @@ -75,7 +75,7 @@ with lib; { nix build --no-link -Lf . sourceCache.all cachix push kittywitch $(nix eval -f . sourceCache.allStr) - cachix push kittywitch result*/ & + cachix push kittywitch result* & CACHIX_PUSH=$! fi if [[ -n $OPENSSH_PRIVATE_KEY ]]; then