gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(system): ci options

Browse source
This commit is contained in:
arcnmx 2024-04-16 03:43:26 -07:00
parent a1e7a31caa
commit 743593452d
9 changed files with 139 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

63
.github/workflows/nodes.yml vendored
View file

@ -130,8 +130,8 @@ jobs:
command: ci-build-cache command: ci-build-cache
quiet: false quiet: false
stdin: ${{ runner.temp }}/ci.build.cache stdin: ${{ runner.temp }}/ci.build.cache
extern: extern-test:
name: nodes-extern name: nodes-extern-test
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- id: checkout - id: checkout
@ -146,7 +146,7 @@ jobs:
name: nix test dirty name: nix test dirty
uses: arcnmx/ci/actions/nix/run@v0.7 uses: arcnmx/ci/actions/nix/run@v0.7
with: with:
attrs: ci.job.extern.run.test attrs: ci.job.extern-test.run.test
command: ci-build-dirty command: ci-build-dirty
quiet: false quiet: false
stdout: ${{ runner.temp }}/ci.build.dirty stdout: ${{ runner.temp }}/ci.build.dirty
@ -154,7 +154,7 @@ jobs:
name: nix test build name: nix test build
uses: arcnmx/ci/actions/nix/run@v0.7 uses: arcnmx/ci/actions/nix/run@v0.7
with: with:
attrs: ci.job.extern.run.test attrs: ci.job.extern-test.run.test
command: ci-build-realise command: ci-build-realise
ignore-exit-code: true ignore-exit-code: true
quiet: false quiet: false
@ -165,7 +165,7 @@ jobs:
name: nix test results name: nix test results
uses: arcnmx/ci/actions/nix/run@v0.7 uses: arcnmx/ci/actions/nix/run@v0.7
with: with:
attrs: ci.job.extern.run.test attrs: ci.job.extern-test.run.test
command: ci-build-summarise command: ci-build-summarise
quiet: false quiet: false
stdin: ${{ runner.temp }}/ci.build.dirty stdin: ${{ runner.temp }}/ci.build.dirty
@ -177,7 +177,7 @@ jobs:
name: nix test cache name: nix test cache
uses: arcnmx/ci/actions/nix/run@v0.7 uses: arcnmx/ci/actions/nix/run@v0.7
with: with:
attrs: ci.job.extern.run.test attrs: ci.job.extern-test.run.test
command: ci-build-cache command: ci-build-cache
quiet: false quiet: false
stdin: ${{ runner.temp }}/ci.build.cache stdin: ${{ runner.temp }}/ci.build.cache
@ -283,6 +283,57 @@ jobs:
command: ci-build-cache command: ci-build-cache
quiet: false quiet: false
stdin: ${{ runner.temp }}/ci.build.cache stdin: ${{ runner.temp }}/ci.build.cache
kuwubernetes:
name: nodes-kuwubernetes
runs-on: ubuntu-latest
steps:
- id: checkout
name: git clone
uses: actions/checkout@v4
with:
submodules: false
- id: nix-install
name: nix install
uses: arcnmx/ci/actions/nix/install@v0.7
- id: ci-dirty
name: nix test dirty
uses: arcnmx/ci/actions/nix/run@v0.7
with:
attrs: ci.job.kuwubernetes.run.test
command: ci-build-dirty
quiet: false
stdout: ${{ runner.temp }}/ci.build.dirty
- id: ci-test
name: nix test build
uses: arcnmx/ci/actions/nix/run@v0.7
with:
attrs: ci.job.kuwubernetes.run.test
command: ci-build-realise
ignore-exit-code: true
quiet: false
stdin: ${{ runner.temp }}/ci.build.dirty
- env:
CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }}
id: ci-summary
name: nix test results
uses: arcnmx/ci/actions/nix/run@v0.7
with:
attrs: ci.job.kuwubernetes.run.test
command: ci-build-summarise
quiet: false
stdin: ${{ runner.temp }}/ci.build.dirty
stdout: ${{ runner.temp }}/ci.build.cache
- env:
CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }}
id: ci-cache
if: always()
name: nix test cache
uses: arcnmx/ci/actions/nix/run@v0.7
with:
attrs: ci.job.kuwubernetes.run.test
command: ci-build-cache
quiet: false
stdin: ${{ runner.temp }}/ci.build.cache
litterbox: litterbox:
name: nodes-litterbox name: nodes-litterbox
runs-on: ubuntu-latest runs-on: ubuntu-latest

23
ci/actions-test.sh
View file

@ -10,6 +10,7 @@ fi
NIX_BUILD_ARGS=( NIX_BUILD_ARGS=(
--show-trace --show-trace
) )
NIX_BUILD_ARGS_ASYNC=()
init_nfargs() { init_nfargs() {
nflinksuffix="$1" nflinksuffix="$1"
@ -44,16 +45,31 @@ for nfsystem in "${NF_NIX_SYSTEMS[@]}"; do
nfinstallable="${NF_CONFIG_ROOT}#nixosConfigurations.${nfsystem}.config.system.build.toplevel" nfinstallable="${NF_CONFIG_ROOT}#nixosConfigurations.${nfsystem}.config.system.build.toplevel"
init_nfargs "-$nfsystem" init_nfargs "-$nfsystem"
if [[ -n ${NF_ACTIONS_TEST_ASYNC-} ]]; then nfwarn=
NIX_BUILD_ARGS+=("$nfinstallable") if [[ " ${NF_NIX_SYSTEMS_WARN[*]} " = *" $nfsystem "* ]]; then
nfwarn=1
fi
if [[ -n ${NF_ACTIONS_TEST_ASYNC-} && -z $nfwarn ]]; then
NIX_BUILD_ARGS_ASYNC+=("$nfinstallable")
continue continue
fi fi
echo "building ${nfsystem}..." >&2 echo "building ${nfsystem}..." >&2
echo >&2
nfbuildexit=0
nix build "$nfinstallable" \ nix build "$nfinstallable" \
"${nfargs[@]}" \ "${nfargs[@]}" \
"$@" "$@" || nfbuildexit=$?
if [[ $nfbuildexit -ne 0 ]]; then
if [[ -n $nfwarn ]]; then
echo "build failure allowed for ${nfsystem}, ignoring..." >&2
continue
fi
exit $nfbuildexit
fi
nfgc nfgc
done done
@ -62,6 +78,7 @@ if [[ -n ${NF_ACTIONS_TEST_ASYNC-} ]]; then
init_nfargs "" init_nfargs ""
nix build \ nix build \
"${nfargs[@]}" \ "${nfargs[@]}" \
"${NIX_BUILD_ARGS_ASYNC[@]}" \
"$@" "$@"
nfgc nfgc

11
ci/nix.nix
View file

@ -4,16 +4,5 @@
"nodes.nix" "nodes.nix"
"flake-cron.nix" "flake-cron.nix"
]; ];
nixosSystems = [
"ct"
"hakurei"
"reimu"
"aya"
"utsuho"
"tei"
"litterbox"
"keycloak"
"mediabox"
];
}; };
} }

13
ci/nodes.nix
View file

@ -24,15 +24,14 @@ with lib; {
}; };
jobs = let jobs = let
inherit ((import ./nix.nix).ci) nixosSystems; enabledSystems = filterAttrs (_: system: system.config.ci.enable) channels.nixfiles.lib.systems;
in in
mapAttrs' (k: nameValuePair "${k}") (genAttrs nixosSystems (host: { mapAttrs' (name: system: nameValuePair "${name}" {
tasks.${host}.inputs = channels.nixfiles.nixosConfigurations.${host}.config.system.build.toplevel; tasks.system = {
})) // { inputs = channels.nixfiles.nixosConfigurations.${name}.config.system.build.toplevel;
extern = { warn = system.config.ci.allowFailure;
tasks.test.inputs = channels.nixfiles.nixosConfigurations.extern-test.config.system.build.toplevel;
};
}; };
}) enabledSystems;
ci.gh-actions.checkoutOptions.submodules = false; ci.gh-actions.checkoutOptions.submodules = false;
cache.cachix.arc = { cache.cachix.arc = {

43
modules/system/ci.nix Normal file
View file

@ -0,0 +1,43 @@
{
name,
config,
lib,
inputs,
...
}: let
inherit (inputs.self.lib.lib) domain;
inherit (lib.options) mkOption mkEnableOption;
inherit (lib.modules) mkIf mkOptionDefault;
in {
options.ci = with lib.types; {
enable = mkEnableOption "build via CI" // {
default = config.type == "NixOS";
};
allowFailure = mkOption {
type = bool;
default = false;
};
};
config = {
deploy = let
nixos = config.built;
in {
sshUser = mkOptionDefault "root";
user = mkOptionDefault "root";
sshOpts = mkIf (config.type == "NixOS") (
mkOptionDefault ["-p" "${builtins.toString (builtins.head nixos.config.services.openssh.ports)}"]
);
autoRollback = mkOptionDefault true;
magicRollback = mkOptionDefault true;
fastConnection = mkOptionDefault false;
hostname = mkOptionDefault "${name}.local.${domain}";
profiles.system = {
user = "root";
path = let
inherit (inputs.self.legacyPackages.${config.system}.deploy-rs) activate;
in
activate.nixos nixos;
};
};
};
}

11
packages/default.nix
View file

@ -20,6 +20,15 @@
NF_NIX_WHITELIST_DIRS=(${string.concatMapSep " " string.escapeShellArg fmt.nix.whitelistDirs}) NF_NIX_WHITELIST_DIRS=(${string.concatMapSep " " string.escapeShellArg fmt.nix.whitelistDirs})
NF_NIX_WHITELIST_FILES=(${string.concatMapSep " " string.escapeShellArg fmt.nix.whitelist}) NF_NIX_WHITELIST_FILES=(${string.concatMapSep " " string.escapeShellArg fmt.nix.whitelist})
''; '';
exportsSystems = let
inherit (inputs.self.lib) systems;
nixosSystems = set.filter (_: system: system.config.ci.enable) systems;
warnSystems = set.filter (_: system: system.config.ci.allowFailure) nixosSystems;
toSystems = systems: string.concatMapSep " " string.escapeShellArg (set.keys systems);
in ''
NF_NIX_SYSTEMS=(${toSystems nixosSystems})
NF_NIX_SYSTEMS_WARN=(${toSystems warnSystems})
'';
output = { output = {
inherit inherit
(pkgs.buildPackages) (pkgs.buildPackages)
@ -72,7 +81,7 @@
''; '';
nf-actions-test = pkgs.writeShellScriptBin "nf-actions-test" '' nf-actions-test = pkgs.writeShellScriptBin "nf-actions-test" ''
${exports} ${exports}
NF_NIX_SYSTEMS=(${string.concatMapSep " " string.escapeShellArg ci.nixosSystems}) ${exportsSystems}
source ${../ci/actions-test.sh} source ${../ci/actions-test.sh}
''; '';
nf-update = pkgs.writeShellScriptBin "nf-update" '' nf-update = pkgs.writeShellScriptBin "nf-update" ''

1
systems/kuwubernetes/default.nix
View file

@ -4,6 +4,7 @@ _: {
modules = [ modules = [
./nixos.nix ./nixos.nix
]; ];
ci.allowFailure = true;
proxmox = { proxmox = {
vm = { vm = {
id = 201; id = 201;

1
systems/litterbox/default.nix
View file

@ -4,6 +4,7 @@ _: {
]; ];
arch = "x86_64"; arch = "x86_64";
type = "NixOS"; type = "NixOS";
ci.allowFailure = true;
modules = [ modules = [
./nixos.nix ./nixos.nix
]; ];

1
systems/tewi/default.nix
View file

@ -1,6 +1,7 @@
_: { _: {
arch = "x86_64"; arch = "x86_64";
type = "NixOS"; type = "NixOS";
ci.enable = false;
modules = [ modules = [
./nixos.nix ./nixos.nix
]; ];