mirror of
https://github.com/gensokyo-zone/infrastructure.git
synced 2026-02-09 12:29:19 -08:00
ci: Moved niv-cron from trusted.
This commit is contained in:
kat witch
parent
ce7863f7af
commit
5da8bd2221
3 changed files with 158 additions and 4 deletions
92
.github/workflows/niv-update.yml
vendored
Normal file
92
.github/workflows/niv-update.yml
vendored
Normal file
|
|
@ -0,0 +1,92 @@
|
||||||
|
env:
|
||||||
|
CI_ALLOW_ROOT: '1'
|
||||||
|
CI_CONFIG: ./ci/niv-cron.nix
|
||||||
|
CI_PLATFORM: gh-actions
|
||||||
|
OPENSSH_PRIVATE_KEY: ${{ secrets.OPENSSH_PRIVATE_KEY }}
|
||||||
|
jobs:
|
||||||
|
ci-check:
|
||||||
|
name: niv-update check
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- id: checkout
|
||||||
|
name: git clone
|
||||||
|
uses: actions/checkout@v1
|
||||||
|
with:
|
||||||
|
submodules: false
|
||||||
|
- id: nix-install
|
||||||
|
name: nix install
|
||||||
|
uses: arcnmx/ci/actions/nix/install@master
|
||||||
|
- id: ci-action-build
|
||||||
|
name: nix build ci.gh-actions.configFile
|
||||||
|
uses: arcnmx/ci/actions/nix/build@master
|
||||||
|
with:
|
||||||
|
attrs: ci.gh-actions.configFile
|
||||||
|
out-link: .ci/workflow.yml
|
||||||
|
- id: ci-action-compare
|
||||||
|
name: gh-actions compare
|
||||||
|
uses: arcnmx/ci/actions/nix/run@master
|
||||||
|
with:
|
||||||
|
args: -u .github/workflows/niv-update.yml .ci/workflow.yml
|
||||||
|
attrs: nixpkgs.diffutils
|
||||||
|
command: diff
|
||||||
|
niv-update:
|
||||||
|
name: niv-update
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- id: checkout
|
||||||
|
name: git clone
|
||||||
|
uses: actions/checkout@v1
|
||||||
|
with:
|
||||||
|
submodules: false
|
||||||
|
- id: nix-install
|
||||||
|
name: nix install
|
||||||
|
uses: arcnmx/ci/actions/nix/install@master
|
||||||
|
- id: ci-setup
|
||||||
|
name: nix setup
|
||||||
|
uses: arcnmx/ci/actions/nix/run@master
|
||||||
|
with:
|
||||||
|
attrs: ci.job.niv-update.run.bootstrap
|
||||||
|
quiet: false
|
||||||
|
- id: ci-dirty
|
||||||
|
name: nix test dirty
|
||||||
|
uses: arcnmx/ci/actions/nix/run@master
|
||||||
|
with:
|
||||||
|
attrs: ci.job.niv-update.run.test
|
||||||
|
command: ci-build-dirty
|
||||||
|
quiet: false
|
||||||
|
stdout: ${{ runner.temp }}/ci.build.dirty
|
||||||
|
- id: ci-test
|
||||||
|
name: nix test build
|
||||||
|
uses: arcnmx/ci/actions/nix/run@master
|
||||||
|
with:
|
||||||
|
attrs: ci.job.niv-update.run.test
|
||||||
|
command: ci-build-realise
|
||||||
|
ignore-exit-code: true
|
||||||
|
quiet: false
|
||||||
|
stdin: ${{ runner.temp }}/ci.build.dirty
|
||||||
|
- env:
|
||||||
|
CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }}
|
||||||
|
id: ci-summary
|
||||||
|
name: nix test results
|
||||||
|
uses: arcnmx/ci/actions/nix/run@master
|
||||||
|
with:
|
||||||
|
attrs: ci.job.niv-update.run.test
|
||||||
|
command: ci-build-summarise
|
||||||
|
quiet: false
|
||||||
|
stdin: ${{ runner.temp }}/ci.build.dirty
|
||||||
|
stdout: ${{ runner.temp }}/ci.build.cache
|
||||||
|
- env:
|
||||||
|
CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }}
|
||||||
|
id: ci-cache
|
||||||
|
if: always()
|
||||||
|
name: nix test cache
|
||||||
|
uses: arcnmx/ci/actions/nix/run@master
|
||||||
|
with:
|
||||||
|
attrs: ci.job.niv-update.run.test
|
||||||
|
command: ci-build-cache
|
||||||
|
quiet: false
|
||||||
|
stdin: ${{ runner.temp }}/ci.build.cache
|
||||||
|
name: niv-update
|
||||||
|
'on':
|
||||||
|
schedule:
|
||||||
|
- cron: 0 0 * * *
|
||||||
62
ci/niv-cron.nix
Normal file
62
ci/niv-cron.nix
Normal file
|
|
@ -0,0 +1,62 @@
|
||||||
|
{ lib, channels, ... }:
|
||||||
|
with lib; {
|
||||||
|
name = "niv-update";
|
||||||
|
ci.gh-actions.enable = true;
|
||||||
|
ci.gh-actions.export = true;
|
||||||
|
|
||||||
|
gh-actions.env.OPENSSH_PRIVATE_KEY = "\${{ secrets.OPENSSH_PRIVATE_KEY }}";
|
||||||
|
|
||||||
|
gh-actions = {
|
||||||
|
on = {
|
||||||
|
schedule = [ {
|
||||||
|
cron = "0 0 * * *";
|
||||||
|
} ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
jobs.niv-update = {
|
||||||
|
tasks.niv-build.inputs = with channels.cipkgs;
|
||||||
|
ci.command {
|
||||||
|
name = "niv-update-build";
|
||||||
|
displayName = "niv update build";
|
||||||
|
nativeBuildInputs = [ nix ];
|
||||||
|
environment = [ "OPENSSH_PRIVATE_KEY" ];
|
||||||
|
command = ''
|
||||||
|
mkdir ~/.ssh
|
||||||
|
echo "$OPENSSH_PRIVATE_KEY" > ~/.ssh/id_rsa
|
||||||
|
chmod 0600 ~/.ssh/id_rsa
|
||||||
|
GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" git clone ssh://gitea@git.kittywit.ch:62954/kat/nixfiles.git
|
||||||
|
rmdir nixfiles/trusted
|
||||||
|
ln -s $PWD nixfiles/trusted
|
||||||
|
cd nixfiles
|
||||||
|
nix run -f . pkgs.niv -c niv update
|
||||||
|
if git status --porcelain | grep -qF nix/sources.json ; then
|
||||||
|
if nix build -Lf . hosts.{athame,yule,samhain}.config.system.build.toplevel; then
|
||||||
|
git add nix/sources.json
|
||||||
|
export GIT_{COMMITTER,AUTHOR}_EMAIL=kat@kittywit.ch
|
||||||
|
export GIT_{COMMITTER,AUTHOR}_NAME=kat witch
|
||||||
|
git commit --message="ci-trusted: niv update"
|
||||||
|
GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" git push
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
impure = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
ci.gh-actions.checkoutOptions.submodules = false;
|
||||||
|
|
||||||
|
cache.cachix = {
|
||||||
|
arc = {
|
||||||
|
enable = true;
|
||||||
|
publicKey = "arc.cachix.org-1:DZmhclLkB6UO0rc0rBzNpwFbbaeLfyn+fYccuAy7YVY=";
|
||||||
|
signingKey = null;
|
||||||
|
};
|
||||||
|
kittywitch = {
|
||||||
|
enable = true;
|
||||||
|
publicKey =
|
||||||
|
"kittywitch.cachix.org-1:KIzX/G5cuPw5WgrXad6UnrRZ8UDr7jhXzRTK/lmqyK0=";
|
||||||
|
signingKey = "mewp";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
@ -6,14 +6,14 @@
|
||||||
export START_DIR="$PWD"
|
export START_DIR="$PWD"
|
||||||
cd ${toString ./.}
|
cd ${toString ./.}
|
||||||
export NF_CONFIG_ROOT=${toString ./.}/ci
|
export NF_CONFIG_ROOT=${toString ./.}/ci
|
||||||
NF_CONFIG_FILES=($NF_CONFIG_ROOT/hosts.nix)
|
NF_CONFIG_FILES=($NF_CONFIG_ROOT/{hosts,niv-cron}.nix)
|
||||||
for f in "''${NF_CONFIG_FILES[@]}"; do
|
for f in "''${NF_CONFIG_FILES[@]}"; do
|
||||||
echo $f
|
echo $f
|
||||||
nix run --arg config $f ci.run.gh-actions-generate
|
nix run --arg config $f ci.run.gh-actions-generate
|
||||||
done
|
done
|
||||||
cd ${toString ./trusted}
|
cd ${toString ./trusted}
|
||||||
export TRUSTED_CONFIG_ROOT=${toString ./trusted}/ci
|
export TRUSTED_CONFIG_ROOT=${toString ./trusted}/ci
|
||||||
TRUSTED_CONFIG_FILES=($TRUSTED_CONFIG_ROOT/{hosts,niv-cron}.nix)
|
TRUSTED_CONFIG_FILES=($TRUSTED_CONFIG_ROOT/hosts.nix)
|
||||||
for f in "''${TRUSTED_CONFIG_FILES[@]}"; do
|
for f in "''${TRUSTED_CONFIG_FILES[@]}"; do
|
||||||
echo $f
|
echo $f
|
||||||
nix run --arg config $f ci.run.gh-actions-generate
|
nix run --arg config $f ci.run.gh-actions-generate
|
||||||
|
|
@ -24,14 +24,14 @@
|
||||||
export START_DIR="$PWD"
|
export START_DIR="$PWD"
|
||||||
cd ${toString ./.}
|
cd ${toString ./.}
|
||||||
export NF_CONFIG_ROOT=${toString ./.}/ci
|
export NF_CONFIG_ROOT=${toString ./.}/ci
|
||||||
NF_CONFIG_FILES=($NF_CONFIG_ROOT/hosts.nix)
|
NF_CONFIG_FILES=($NF_CONFIG_ROOT/{hosts,niv-cron}.nix)
|
||||||
for f in "''${NF_CONFIG_FILES[@]}"; do
|
for f in "''${NF_CONFIG_FILES[@]}"; do
|
||||||
echo $f
|
echo $f
|
||||||
nix run --arg config $f ci.test
|
nix run --arg config $f ci.test
|
||||||
done
|
done
|
||||||
cd ${toString ./trusted}
|
cd ${toString ./trusted}
|
||||||
export TRUSTED_CONFIG_ROOT=${toString ./trusted}/ci
|
export TRUSTED_CONFIG_ROOT=${toString ./trusted}/ci
|
||||||
TRUSTED_CONFIG_FILES=($TRUSTED_CONFIG_ROOT/{hosts,niv-cron}.nix)
|
TRUSTED_CONFIG_FILES=($TRUSTED_CONFIG_ROOT/hosts.nix)
|
||||||
for f in "''${TRUSTED_CONFIG_FILES[@]}"; do
|
for f in "''${TRUSTED_CONFIG_FILES[@]}"; do
|
||||||
echo $f
|
echo $f
|
||||||
nix run --arg config $f ci.test
|
nix run --arg config $f ci.test
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue