From 5062c04e4dc3224f43a8fe2895387eb12f8a3cbe Mon Sep 17 00:00:00 2001 From: arcnmx Date: Tue, 18 Apr 2023 06:53:09 -0700 Subject: [PATCH] update flake-cron ci --- .envrc | 1 + .github/workflows/flake-update.yml | 25 +++++++++++---------- .github/workflows/nodes.yml | 22 +++++++++--------- ci/flake-cron.nix | 36 +++++++++++++----------------- ci/nodes.nix | 2 +- flake.lock | 14 ++++++------ flake.nix | 2 +- 7 files changed, 49 insertions(+), 53 deletions(-) diff --git a/.envrc b/.envrc index cfbd5798..9a7b291c 100644 --- a/.envrc +++ b/.envrc @@ -9,3 +9,4 @@ if [[ -e trusted/trusted/flake.nix ]]; then fi use flake +watch_file flake.lock diff --git a/.github/workflows/flake-update.yml b/.github/workflows/flake-update.yml index 03ac0cf6..0b430eda 100644 --- a/.github/workflows/flake-update.yml +++ b/.github/workflows/flake-update.yml @@ -3,7 +3,6 @@ env: CI_ALLOW_ROOT: '1' CI_CONFIG: ./ci/flake-cron.nix CI_PLATFORM: gh-actions - OPENSSH_PRIVATE_KEY: ${{ secrets.OPENSSH_PRIVATE_KEY }} jobs: ci-check: name: flake-update check @@ -11,21 +10,22 @@ jobs: steps: - id: checkout name: git clone - uses: actions/checkout@v1 + uses: actions/checkout@v2 with: + fetch-depth: 0 submodules: false - id: nix-install name: nix install - uses: arcnmx/ci/actions/nix/install@nix2.4 + uses: arcnmx/ci/actions/nix/install@nix2.4-broken - id: ci-action-build name: nix build ci.gh-actions.configFile - uses: arcnmx/ci/actions/nix/build@nix2.4 + uses: arcnmx/ci/actions/nix/build@nix2.4-broken with: attrs: ci.gh-actions.configFile out-link: .ci/workflow.yml - id: ci-action-compare name: gh-actions compare - uses: arcnmx/ci/actions/nix/run@nix2.4 + uses: arcnmx/ci/actions/nix/run@nix2.4-broken with: args: -u .github/workflows/flake-update.yml .ci/workflow.yml attrs: nixpkgs.diffutils @@ -36,15 +36,16 @@ jobs: steps: - id: checkout name: git clone - uses: actions/checkout@v1 + uses: actions/checkout@v2 with: + fetch-depth: 0 submodules: false - id: nix-install name: nix install - uses: arcnmx/ci/actions/nix/install@nix2.4 + uses: arcnmx/ci/actions/nix/install@nix2.4-broken - id: ci-setup name: nix setup - uses: arcnmx/ci/actions/nix/run@nix2.4 + uses: arcnmx/ci/actions/nix/run@nix2.4-broken with: attrs: ci.job.flake-update.run.bootstrap quiet: false @@ -55,7 +56,7 @@ jobs: ' - id: ci-dirty name: nix test dirty - uses: arcnmx/ci/actions/nix/run@nix2.4 + uses: arcnmx/ci/actions/nix/run@nix2.4-broken with: attrs: ci.job.flake-update.run.test command: ci-build-dirty @@ -63,7 +64,7 @@ jobs: stdout: ${{ runner.temp }}/ci.build.dirty - id: ci-test name: nix test build - uses: arcnmx/ci/actions/nix/run@nix2.4 + uses: arcnmx/ci/actions/nix/run@nix2.4-broken with: attrs: ci.job.flake-update.run.test command: ci-build-realise @@ -74,7 +75,7 @@ jobs: CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }} id: ci-summary name: nix test results - uses: arcnmx/ci/actions/nix/run@nix2.4 + uses: arcnmx/ci/actions/nix/run@nix2.4-broken with: attrs: ci.job.flake-update.run.test command: ci-build-summarise @@ -86,7 +87,7 @@ jobs: id: ci-cache if: always() name: nix test cache - uses: arcnmx/ci/actions/nix/run@nix2.4 + uses: arcnmx/ci/actions/nix/run@nix2.4-broken with: attrs: ci.job.flake-update.run.test command: ci-build-cache diff --git a/.github/workflows/nodes.yml b/.github/workflows/nodes.yml index 6a257483..2691611c 100644 --- a/.github/workflows/nodes.yml +++ b/.github/workflows/nodes.yml @@ -9,21 +9,21 @@ jobs: steps: - id: checkout name: git clone - uses: actions/checkout@v1 + uses: actions/checkout@v2 with: submodules: false - id: nix-install name: nix install - uses: arcnmx/ci/actions/nix/install@nix2.4 + uses: arcnmx/ci/actions/nix/install@nix2.4-broken - id: ci-action-build name: nix build ci.gh-actions.configFile - uses: arcnmx/ci/actions/nix/build@nix2.4 + uses: arcnmx/ci/actions/nix/build@nix2.4-broken with: attrs: ci.gh-actions.configFile out-link: .ci/workflow.yml - id: ci-action-compare name: gh-actions compare - uses: arcnmx/ci/actions/nix/run@nix2.4 + uses: arcnmx/ci/actions/nix/run@nix2.4-broken with: args: -u .github/workflows/nodes.yml .ci/workflow.yml attrs: nixpkgs.diffutils @@ -34,15 +34,15 @@ jobs: steps: - id: checkout name: git clone - uses: actions/checkout@v1 + uses: actions/checkout@v2 with: submodules: false - id: nix-install name: nix install - uses: arcnmx/ci/actions/nix/install@nix2.4 + uses: arcnmx/ci/actions/nix/install@nix2.4-broken - id: ci-setup name: nix setup - uses: arcnmx/ci/actions/nix/run@nix2.4 + uses: arcnmx/ci/actions/nix/run@nix2.4-broken with: attrs: ci.job.tewi.run.bootstrap quiet: false @@ -53,7 +53,7 @@ jobs: ' - id: ci-dirty name: nix test dirty - uses: arcnmx/ci/actions/nix/run@nix2.4 + uses: arcnmx/ci/actions/nix/run@nix2.4-broken with: attrs: ci.job.tewi.run.test command: ci-build-dirty @@ -61,7 +61,7 @@ jobs: stdout: ${{ runner.temp }}/ci.build.dirty - id: ci-test name: nix test build - uses: arcnmx/ci/actions/nix/run@nix2.4 + uses: arcnmx/ci/actions/nix/run@nix2.4-broken with: attrs: ci.job.tewi.run.test command: ci-build-realise @@ -72,7 +72,7 @@ jobs: CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }} id: ci-summary name: nix test results - uses: arcnmx/ci/actions/nix/run@nix2.4 + uses: arcnmx/ci/actions/nix/run@nix2.4-broken with: attrs: ci.job.tewi.run.test command: ci-build-summarise @@ -84,7 +84,7 @@ jobs: id: ci-cache if: always() name: nix test cache - uses: arcnmx/ci/actions/nix/run@nix2.4 + uses: arcnmx/ci/actions/nix/run@nix2.4-broken with: attrs: ci.job.tewi.run.test command: ci-build-cache diff --git a/ci/flake-cron.nix b/ci/flake-cron.nix index bc0b53f4..bd542073 100644 --- a/ci/flake-cron.nix +++ b/ci/flake-cron.nix @@ -1,11 +1,13 @@ { lib, channels, config, ... }: -with lib; { +with lib; let + gitBranch = "arc"; +in { name = "flake-update"; nixpkgs.args.localSystem = "x86_64-linux"; ci = { - version = "nix2.4"; + version = "nix2.4-broken"; gh-actions = { enable = true; export = true; @@ -13,7 +15,6 @@ with lib; { }; - gh-actions.env.OPENSSH_PRIVATE_KEY = "\${{ secrets.OPENSSH_PRIVATE_KEY }}"; gh-actions.env.CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}"; @@ -89,21 +90,14 @@ with lib; { enable = false; }; displayName = "flake update build"; - environment = [ "OPENSSH_PRIVATE_KEY" "CACHIX_SIGNING_KEY" "GITHUB_REF" ]; + environment = [ "CACHIX_SIGNING_KEY" "GITHUB_REF" ]; command = let - main = (import ../.); filteredHosts = [ "tewi" ]; nodeBuildString = concatMapStringsSep " && " (node: "nix build -Lf . network.nodes.nixos.${node}.deploy.system -o result-${node} && nix-collect-garbage -d") filteredHosts; in '' # ${toString builtins.currentTime} - if [[ -n $OPENSSH_PRIVATE_KEY ]]; then - mkdir ~/.ssh - echo "$OPENSSH_PRIVATE_KEY" > ~/.ssh/id_rsa - chmod 0600 ~/.ssh/id_rsa - fi - nix flake update if git status --porcelain | grep -qF flake.lock; then @@ -114,15 +108,12 @@ with lib; { cachix push kittywitch result*/ & CACHIX_PUSH=$! fi - if [[ -n $OPENSSH_PRIVATE_KEY ]]; then - git add flake.lock - export GIT_{COMMITTER,AUTHOR}_EMAIL=github@kittywit.ch - export GIT_{COMMITTER,AUTHOR}_NAME="flake cron job" - git commit --message="ci: flake update" - if [[ $GITHUB_REF = refs/heads/main ]]; then - GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" \ - git push ssh://gitea@git.kittywit.ch:62954/kat/nixfiles.git HEAD:main - fi + git add flake.lock + export GIT_{COMMITTER,AUTHOR}_EMAIL=github@kittywit.ch + export GIT_{COMMITTER,AUTHOR}_NAME="flake cron job" + git commit --message="ci: flake update" + if [[ $GITHUB_REF = refs/heads/${gitBranch} ]]; then + git push origin HEAD:${gitBranch} fi wait ''${CACHIX_PUSH-} @@ -135,7 +126,10 @@ with lib; { }; }; - ci.gh-actions.checkoutOptions.submodules = false; + ci.gh-actions.checkoutOptions = { + submodules = false; + fetch-depth = 0; + }; cache.cachix = { arc = { diff --git a/ci/nodes.nix b/ci/nodes.nix index df59ce59..4b56440a 100644 --- a/ci/nodes.nix +++ b/ci/nodes.nix @@ -4,7 +4,7 @@ nixpkgs.args.localSystem = "x86_64-linux"; ci = { - version = "nix2.4"; + version = "nix2.4-broken"; gh-actions = { enable = true; export = true; diff --git a/flake.lock b/flake.lock index bcd3cb88..12c9660e 100644 --- a/flake.lock +++ b/flake.lock @@ -20,16 +20,16 @@ "ci": { "flake": false, "locked": { - "lastModified": 1668974663, - "narHash": "sha256-HnZEJNJfXAVJsk/0r5NB/vPmQ5aj7OMiEBFnJrV8LIU=", + "lastModified": 1668974694, + "narHash": "sha256-usfZB+CIVltVzkGUNXIdp0L+Nuaa6+gjLxbHT+1THiA=", "owner": "arcnmx", "repo": "ci", - "rev": "21b6f5f3bfafb1fc41c01d151be1b7515f83a1af", + "rev": "56a0b866c1c2fedc25eac788fcead8cd229cb2b2", "type": "github" }, "original": { "owner": "arcnmx", - "ref": "nix2.4", + "ref": "nix2.4-broken", "repo": "ci", "type": "github" } @@ -665,11 +665,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1681821469, - "narHash": "sha256-CoEr/MiWFzLkC+BI8rC4naJobsOYTccx3D4kUvABsg8=", + "lastModified": 1681821695, + "narHash": "sha256-uwyBGo/9IALi97AfMuzkJroQQhV6hkybaZVdw6pRNG4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "edb40ecd6734c7f4daab74e9fa6c08e524bb629a", + "rev": "5698b06b0731a2c15ff8c2351644427f8ad33993", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index b1621985..fe022087 100644 --- a/flake.nix +++ b/flake.nix @@ -7,7 +7,7 @@ flake = false; }; ci = { - url = "github:arcnmx/ci/nix2.4"; + url = "github:arcnmx/ci/nix2.4-broken"; flake = false; }; home-manager = {