mirror of
https://github.com/gensokyo-zone/infrastructure.git
synced 2026-02-09 04:19:19 -08:00
CI: Flakes.
This commit is contained in:
kat witch
parent
7c5836558a
commit
924dbf67c3
GPG key ID:
465E64DECEA8CF0F
7 changed files with 130 additions and 144 deletions
|
|
@ -1,8 +1,13 @@
|
|||
{ lib, channels, config, ... }:
|
||||
with lib; {
|
||||
name = "niv-update";
|
||||
ci.gh-actions.enable = true;
|
||||
ci.gh-actions.export = true;
|
||||
name = "flake-update";
|
||||
ci = {
|
||||
version = "nix2.4";
|
||||
gh-actions = {
|
||||
enable = true;
|
||||
export = true;
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
gh-actions.env.OPENSSH_PRIVATE_KEY = "\${{ secrets.OPENSSH_PRIVATE_KEY }}";
|
||||
|
|
@ -41,7 +46,7 @@ with lib; {
|
|||
let
|
||||
paths = [
|
||||
"default.nix" # sourceCache
|
||||
"ci/niv-cron.nix"
|
||||
"ci/flake-cron.nix"
|
||||
config.ci.gh-actions.path
|
||||
];
|
||||
in
|
||||
|
|
@ -69,23 +74,22 @@ with lib; {
|
|||
|
||||
channels = {
|
||||
nixfiles.path = ../.;
|
||||
nixpkgs.path = "${channels.nixfiles.sources.nixpkgs}";
|
||||
nixpkgs.path = "${channels.nixfiles.inputs.nixpkgs}";
|
||||
};
|
||||
|
||||
environment.test = {
|
||||
inherit (channels.cipkgs) cachix;
|
||||
inherit (channels.nixpkgs) niv;
|
||||
};
|
||||
|
||||
jobs.niv-update = {
|
||||
tasks.niv-build.inputs = with channels.cipkgs;
|
||||
jobs.flake-update = {
|
||||
tasks.flake-build.inputs = with channels.cipkgs;
|
||||
ci.command {
|
||||
name = "niv-update-build";
|
||||
name = "flake-update-build";
|
||||
allowSubstitutes = false;
|
||||
cache = {
|
||||
enable = false;
|
||||
};
|
||||
displayName = "niv update build";
|
||||
displayName = "flake update build";
|
||||
environment = [ "OPENSSH_PRIVATE_KEY" "CACHIX_SIGNING_KEY" "GITHUB_REF" ];
|
||||
command =
|
||||
let
|
||||
|
|
@ -104,27 +108,11 @@ with lib; {
|
|||
chmod 0600 ~/.ssh/id_rsa
|
||||
fi
|
||||
|
||||
git init -q sources
|
||||
${concatStringsSep "\n" (mapAttrsToList (source: spec: let
|
||||
update = "niv update ${source}";
|
||||
fetch = "timeout 30 git -C sources fetch -q --depth 1 ${spec.repo} ${spec.branch}:source-${source}";
|
||||
revision = "$(git -C sources show-ref -s source-${source})";
|
||||
isGit = hasPrefix "https://" spec.repo or "";
|
||||
git = ''
|
||||
if ${fetch}; then
|
||||
echo "${source}:${spec.branch} HEAD at ${revision}" >&2
|
||||
${update} -r ${revision} || true
|
||||
else
|
||||
echo "failed to fetch latest revision from ${spec.repo}" >&2
|
||||
fi
|
||||
'';
|
||||
auto = "${update} || true";
|
||||
in if isGit then git else auto) (removeAttrs channels.nixfiles.sources [ "__functor" ]))}
|
||||
${concatStringsSep "\n" (mapAttrsToList (n: v: "nix flake --update-input ${n}") channels.nixfiles.inputs)}
|
||||
|
||||
if git status --porcelain | grep -qF nix/sources.json; then
|
||||
git -P diff nix/sources.json
|
||||
nix build --no-link -Lf . sourceCache.local
|
||||
echo "checking that network.nodes.still build..." >&2
|
||||
if git status --porcelain | grep -qF flake.lock; then
|
||||
git -P diff flake.lock
|
||||
echo "checking that network.nodes.still build..." >&2
|
||||
if ${hostBuildString}; then
|
||||
if [[ -n $CACHIX_SIGNING_KEY ]]; then
|
||||
nix build --no-link -Lf . sourceCache.all
|
||||
|
|
@ -136,8 +124,8 @@ with lib; {
|
|||
if [[ -n $OPENSSH_PRIVATE_KEY ]]; then
|
||||
git add nix/sources.json
|
||||
export GIT_{COMMITTER,AUTHOR}_EMAIL=github@kittywit.ch
|
||||
export GIT_{COMMITTER,AUTHOR}_NAME="niv cron job"
|
||||
git commit --message="ci: niv update"
|
||||
export GIT_{COMMITTER,AUTHOR}_NAME="flake cron job"
|
||||
git commit --message="ci: flake update"
|
||||
if [[ $GITHUB_REF = refs/heads/main ]]; then
|
||||
GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" \
|
||||
git push ssh://gitea@git.kittywit.ch:62954/kat/nixfiles.git HEAD:main
|
||||
17
ci/nodes.nix
17
ci/nodes.nix
|
|
@ -1,7 +1,12 @@
|
|||
{ lib, config, channels, env, ... }: with lib; {
|
||||
name = "nodes";
|
||||
ci.gh-actions.enable = true;
|
||||
ci.gh-actions.export = true;
|
||||
ci = {
|
||||
version = "nix2.4";
|
||||
gh-actions = {
|
||||
enable = true;
|
||||
export = true;
|
||||
};
|
||||
};
|
||||
channels.nixfiles.path = ../.;
|
||||
|
||||
nix.config = {
|
||||
|
|
@ -21,7 +26,6 @@
|
|||
};
|
||||
};
|
||||
|
||||
# ensure sources are fetched and available in the local store before evaluating host configs
|
||||
environment.bootstrap = {
|
||||
archbinfmt =
|
||||
let
|
||||
|
|
@ -42,13 +46,6 @@
|
|||
echo ':armv6l-linux:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff:/run/binfmt/arm-linux:' > /proc/sys/fs/binfmt_misc/register
|
||||
echo ':armv7l-linux:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff:/run/binfmt/arm-linux:' > /proc/sys/fs/binfmt_misc/register
|
||||
'';
|
||||
sourceCache = channels.cipkgs.runCommand "sources"
|
||||
{
|
||||
srcs = attrNames channels.nixfiles.sourceCache.local;
|
||||
} ''
|
||||
mkdir -p $out/share/sources
|
||||
ln -s $srcs $out/share/sources/
|
||||
'';
|
||||
};
|
||||
|
||||
jobs =
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue