ci: re-introduce github actions
parent
d7e2590026
commit
1dcfa5a8d2
|
@ -0,0 +1,72 @@
|
|||
name: CI
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [main]
|
||||
|
||||
jobs:
|
||||
get-x86_64-hosts:
|
||||
runs-on: self-hosted-x86_64-linux
|
||||
outputs:
|
||||
matrix: ${{ steps.hosts_out.outputs.matrix }}
|
||||
steps:
|
||||
- name: repository checkout
|
||||
uses: actions/checkout@v4
|
||||
- id: hosts_out
|
||||
name: set hosts var
|
||||
run: |
|
||||
{
|
||||
echo -n "matrix="
|
||||
nix eval -I nixpkgs=$(nix flake metadata nixpkgs --json | jq -r .path) --raw --impure --expr '
|
||||
with import <nixpkgs> { };
|
||||
builtins.toJSON (lib.mapAttrsToList (n: v: n)
|
||||
(lib.attrsets.filterAttrs (n: v: v.pkgs.system == pkgs.system)
|
||||
(builtins.getFlake(builtins.toString ./.)).outputs.nixosConfigurations))'
|
||||
echo ""
|
||||
} >> "$GITHUB_OUTPUT"
|
||||
|
||||
get-aarch64-hosts:
|
||||
runs-on: self-hosted-aarch64-linux
|
||||
outputs:
|
||||
matrix: ${{ steps.hosts.outputs.matrix }}
|
||||
steps:
|
||||
- name: repository checkout
|
||||
uses: actions/checkout@v4
|
||||
- name: hosts
|
||||
run: |
|
||||
{
|
||||
echo -n "matrix="
|
||||
nix eval -I nixpkgs=$(nix flake metadata nixpkgs --json | jq -r .path) --raw --impure --expr '
|
||||
with import <nixpkgs> { };
|
||||
builtins.toJSON (lib.mapAttrsToList (n: v: n)
|
||||
(lib.attrsets.filterAttrs (n: v: v.pkgs.system == pkgs.system)
|
||||
(builtins.getFlake(builtins.toString ./.)).outputs.nixosConfigurations))'
|
||||
} >> "$GITHUB_OUTPUT"
|
||||
|
||||
build-nixos-x86_64-linux:
|
||||
runs-on: self-hosted-x86_64-linux
|
||||
needs: [get-x86_64-hosts]
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
host: ${{ fromJson(needs.get-x86_64-hosts.outputs.matrix) }}
|
||||
steps:
|
||||
- name: repository checkout
|
||||
uses: actions/checkout@v4
|
||||
- name: build host configuration ${{ matrix.host }}
|
||||
run: nixos-rebuild build --verbose --flake ".#${{ matrix.host }}"
|
||||
|
||||
build-nixos-aarch64-linux:
|
||||
runs-on: self-hosted-aarch64-linux
|
||||
needs: [get-aarch64-hosts]
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
host: ${{ fromJson(needs.get-aarch64-hosts.outputs.matrix) }}
|
||||
steps:
|
||||
- name: repository checkout
|
||||
uses: actions/checkout@v4
|
||||
- name: build host configuration ${{ matrix.host }}
|
||||
run: nixos-rebuild build --verbose --flake ".#${{ matrix.host }}"
|
||||
|
||||
|
|
@ -3,33 +3,7 @@
|
|||
let
|
||||
gitea-runner-directory = "/var/lib/gitea-runner";
|
||||
meta = import ../meta.nix;
|
||||
in {
|
||||
age.secrets = {
|
||||
gitea-runner-token.file =
|
||||
../secrets/gitea-runner-token-${config.networking.hostName}.age;
|
||||
ci-secrets = { # for printer host sd images
|
||||
file = ../secrets/ci-secrets.age;
|
||||
mode = "444";
|
||||
};
|
||||
};
|
||||
|
||||
services.gitea-actions-runner.instances.nix = {
|
||||
enable = true;
|
||||
name = config.networking.hostName;
|
||||
tokenFile = config.age.secrets.gitea-runner-token.path;
|
||||
labels = [
|
||||
"nixos-${pkgs.system}:host"
|
||||
"nixos:host"
|
||||
"self-hosted-${pkgs.system}"
|
||||
"self-hosted"
|
||||
];
|
||||
url = "https://code.hackerspace.pl";
|
||||
settings = {
|
||||
cache.enabled = true;
|
||||
host.workdir_parent = "${gitea-runner-directory}/action-cache-dir";
|
||||
};
|
||||
|
||||
hostPackages = with pkgs; [
|
||||
ci-packages = with pkgs; [
|
||||
bash
|
||||
coreutils
|
||||
curl
|
||||
|
@ -44,6 +18,45 @@ in {
|
|||
nixos-rebuild
|
||||
envsubst
|
||||
];
|
||||
ci-labels = [
|
||||
"nixos-${pkgs.system}:host"
|
||||
"nixos:host"
|
||||
"self-hosted-${pkgs.system}"
|
||||
"self-hosted"
|
||||
];
|
||||
in {
|
||||
age.secrets = {
|
||||
gitea-runner-token.file =
|
||||
../secrets/gitea-runner-token-${config.networking.hostName}.age;
|
||||
github-runner-token.file =
|
||||
../secrets/github-runner-token-${config.networking.hostName}.age;
|
||||
ci-secrets = { # for printer host sd images
|
||||
file = ../secrets/ci-secrets.age;
|
||||
mode = "444";
|
||||
};
|
||||
};
|
||||
|
||||
services.github-runners."nix-${config.networking.hostName}" = {
|
||||
enable = true;
|
||||
extraLabels = ci-labels;
|
||||
tokenFile = config.age.secrets.github-runner-token.path;
|
||||
url = "https://github.com/arachnist/nibylandia";
|
||||
|
||||
extraPackages = ci-packages;
|
||||
};
|
||||
|
||||
services.gitea-actions-runner.instances.nix = {
|
||||
enable = true;
|
||||
name = config.networking.hostName;
|
||||
tokenFile = config.age.secrets.gitea-runner-token.path;
|
||||
labels = ci-labels;
|
||||
url = "https://code.hackerspace.pl";
|
||||
settings = {
|
||||
cache.enabled = true;
|
||||
host.workdir_parent = "${gitea-runner-directory}/action-cache-dir";
|
||||
};
|
||||
|
||||
hostPackages = ci-packages;
|
||||
};
|
||||
|
||||
systemd.services.gitea-runner-nix.environment = {
|
||||
|
|
|
@ -84,6 +84,10 @@ in {
|
|||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/gitea-runner-token-scylla.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.scylla.publicKey ];
|
||||
"secrets/github-runner-token-zorigami.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/github-runner-token-scylla.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.scylla.publicKey ];
|
||||
"secrets/ci-secrets.age".publicKeys = meta.users.ar ++ (with meta.hosts; [
|
||||
scylla.publicKey
|
||||
zorigami.publicKey
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kY4Rgg x91UKTDL+BFy/c7hvrzvSZZeMx7z74hAAC4xL838Xgk
|
||||
gPIhvfNBAH6U0YfV8uihqDBgMJ3NYcEUmeyUZw/w7KE
|
||||
-> ssh-ed25519 grc4Uw YPSkqvjIGyTBcsW400MCUwAoGSsaBB1bp30K9BNkkiA
|
||||
+o4ggXpugZYHxuaVK7vNbPTu5cIXFZjSTA9dkYTs53A
|
||||
-> ssh-ed25519 CJl5MQ ledMNLcITvGMSiMlKDzlsL9/0xtbqko8QJ/PelSWqFo
|
||||
e83se5K8qwBqXCjO2tPcDZGPQ9Tnq296f3r056YjraQ
|
||||
--- 9rN7EL1kFrdya85sOy6NAgNKPC+ca85IdhOi1QUW5D4
|
||||
à;«è,Uÿ€¼k$[N¦ßÿ¹äÐÓ—.Áôoä㘢ÜÀ
ý…ïÓœ8èÂ,²Šå>TÂãp±ÉÿÎP°;
|
|
@ -0,0 +1,9 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kY4Rgg wXaqegoMDgK0MZ/QhwX7wIlHR4Y27IcPgeODG2Wubxk
|
||||
xHJC1iR0/nTLcZeYHkGWCnMzCjOFxPhmfdAbe76B6Oo
|
||||
-> ssh-ed25519 grc4Uw rKs94vbBfgXlKCv3qZBN8IPSxig5vWOOiJNqRC8yMkI
|
||||
8AE1kp25a2Nzv+07p9n3/vuy6LY5fPjEcf+sLRvU/Bg
|
||||
-> ssh-ed25519 DLT88w QP8cAQWsJJJSXUbnb/PJ9OGs5l4nifVyHQerDXcv0Bg
|
||||
dqoBSDTc6XdmOoirOv8/2hDfrGKm1pHaTO1D3m89K+I
|
||||
--- U/QEquparqU/juJuP85JQ9ttnBoypiYAtdCdsvWENZI
|
||||
å©ne<6E>˜‚‹T˜ø";€¶¸ÿ¾™²¢tÞ‰gSž.S_m5#`¾Øá!{õÖ<øƒÝŒ×û`p
|
Loading…
Reference in New Issue