ar
/
nibylandia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ci: re-introduce github actions

main
Ari Gerus 2024-02-25 21:44:28 +01:00
parent 5b24182876
commit a1ed7fd120
5 changed files with 128 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
.github/workflows/ci.yml vendored Normal file
View File

@ -0,0 +1,72 @@
name: CI
on:
push:
branches: [main]
jobs:
get-x86_64-hosts:
runs-on: self-hosted-x86_64-linux
outputs:
matrix: ${{ steps.hosts_out.outputs.matrix }}
steps:
- name: repository checkout
uses: actions/checkout@v4
- id: hosts_out
name: set hosts var
run: |
{
echo -n "matrix="
nix eval -I nixpkgs=$(nix flake metadata nixpkgs --json | jq -r .path) --raw --impure --expr '
with import <nixpkgs> { };
builtins.toJSON (lib.mapAttrsToList (n: v: n)
(lib.attrsets.filterAttrs (n: v: v.pkgs.system == pkgs.system)
(builtins.getFlake(builtins.toString ./.)).outputs.nixosConfigurations))'
echo ""
} >> "$GITHUB_OUTPUT"
get-aarch64-hosts:
runs-on: self-hosted-aarch64-linux
outputs:
matrix: ${{ steps.hosts.outputs.matrix }}
steps:
- name: repository checkout
uses: actions/checkout@v4
- name: hosts
run: |
{
echo -n "matrix="
nix eval -I nixpkgs=$(nix flake metadata nixpkgs --json | jq -r .path) --raw --impure --expr '
with import <nixpkgs> { };
builtins.toJSON (lib.mapAttrsToList (n: v: n)
(lib.attrsets.filterAttrs (n: v: v.pkgs.system == pkgs.system)
(builtins.getFlake(builtins.toString ./.)).outputs.nixosConfigurations))'
} >> "$GITHUB_OUTPUT"
build-nixos-x86_64-linux:
runs-on: self-hosted-x86_64-linux
needs: [get-x86_64-hosts]
strategy:
fail-fast: false
matrix:
host: ${{ fromJson(needs.get-x86_64-hosts.outputs.matrix) }}
steps:
- name: repository checkout
uses: actions/checkout@v4
- name: build host configuration ${{ matrix.host }}
run: nixos-rebuild build --verbose --flake ".#${{ matrix.host }}"
build-nixos-aarch64-linux:
runs-on: self-hosted-aarch64-linux
needs: [get-aarch64-hosts]
strategy:
fail-fast: false
matrix:
host: ${{ fromJson(needs.get-aarch64-hosts.outputs.matrix) }}
steps:
- name: repository checkout
uses: actions/checkout@v4
- name: build host configuration ${{ matrix.host }}
run: nixos-rebuild build --verbose --flake ".#${{ matrix.host }}"

55
modules/ci-runners.nix
View File

@ -3,47 +3,60 @@
let
gitea-runner-directory = "/var/lib/gitea-runner";
meta = import ../meta.nix;
ci-packages = with pkgs; [
bash
coreutils
curl
gawk
git-lfs
nixFlakes
gitFull
gnused
nodejs
wget
jq
nixos-rebuild
envsubst
];
ci-labels = [
"nixos-${pkgs.system}:host"
"nixos:host"
"self-hosted-${pkgs.system}"
"self-hosted"
];
in {
age.secrets = {
gitea-runner-token.file =
../secrets/gitea-runner-token-${config.networking.hostName}.age;
github-runner-token.file =
../secrets/github-runner-token-${config.networking.hostName}.age;
ci-secrets = { # for printer host sd images
file = ../secrets/ci-secrets.age;
mode = "444";
};
};
services.github-runners."nix-${config.networking.hostName}" = {
enable = true;
extraLabels = ci-labels;
tokenFile = config.age.secrets.github-runner-token.path;
url = "https://github.com/arachnist/nibylandia";
extraPackages = ci-packages;
};
services.gitea-actions-runner.instances.nix = {
enable = true;
name = config.networking.hostName;
tokenFile = config.age.secrets.gitea-runner-token.path;
labels = [
"nixos-${pkgs.system}:host"
"nixos:host"
"self-hosted-${pkgs.system}"
"self-hosted"
];
labels = ci-labels;
url = "https://code.hackerspace.pl";
settings = {
cache.enabled = true;
host.workdir_parent = "${gitea-runner-directory}/action-cache-dir";
};
hostPackages = with pkgs; [
bash
coreutils
curl
gawk
git-lfs
nixFlakes
gitFull
gnused
nodejs
wget
jq
nixos-rebuild
envsubst
];
hostPackages = ci-packages;
};
systemd.services.gitea-runner-nix.environment = {

4
secrets.nix
View File

@ -84,6 +84,10 @@ in {
++ [ meta.hosts.zorigami.publicKey ];
"secrets/gitea-runner-token-scylla.age".publicKeys = meta.users.ar
++ [ meta.hosts.scylla.publicKey ];
"secrets/github-runner-token-zorigami.age".publicKeys = meta.users.ar
++ [ meta.hosts.zorigami.publicKey ];
"secrets/github-runner-token-scylla.age".publicKeys = meta.users.ar
++ [ meta.hosts.scylla.publicKey ];
"secrets/ci-secrets.age".publicKeys = meta.users.ar ++ (with meta.hosts; [
scylla.publicKey
zorigami.publicKey

9
secrets/github-runner-token-scylla.age Normal file
View File

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 kY4Rgg x91UKTDL+BFy/c7hvrzvSZZeMx7z74hAAC4xL838Xgk
gPIhvfNBAH6U0YfV8uihqDBgMJ3NYcEUmeyUZw/w7KE
-> ssh-ed25519 grc4Uw YPSkqvjIGyTBcsW400MCUwAoGSsaBB1bp30K9BNkkiA
+o4ggXpugZYHxuaVK7vNbPTu5cIXFZjSTA9dkYTs53A
-> ssh-ed25519 CJl5MQ ledMNLcITvGMSiMlKDzlsL9/0xtbqko8QJ/PelSWqFo
e83se5K8qwBqXCjO2tPcDZGPQ9Tnq296f3r056YjraQ
--- 9rN7EL1kFrdya85sOy6NAgNKPC+ca85IdhOi1QUW5D4
à;«è,Uÿ€¼k$[N¦ßÿ¹äÐÓ—.Áôoä㘢ÜÀ ý…ïÓœ8èÂ,²Šå>TÂãp±ÉÿÎP°;

9
secrets/github-runner-token-zorigami.age Normal file
View File

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 kY4Rgg wXaqegoMDgK0MZ/QhwX7wIlHR4Y27IcPgeODG2Wubxk
xHJC1iR0/nTLcZeYHkGWCnMzCjOFxPhmfdAbe76B6Oo
-> ssh-ed25519 grc4Uw rKs94vbBfgXlKCv3qZBN8IPSxig5vWOOiJNqRC8yMkI
8AE1kp25a2Nzv+07p9n3/vuy6LY5fPjEcf+sLRvU/Bg
-> ssh-ed25519 DLT88w QP8cAQWsJJJSXUbnb/PJ9OGs5l4nifVyHQerDXcv0Bg
dqoBSDTc6XdmOoirOv8/2hDfrGKm1pHaTO1D3m89K+I
--- U/QEquparqU/juJuP85JQ9ttnBoypiYAtdCdsvWENZI
å©ne<6E>˜T˜ø";€¶¸ÿ¾™²¢ tÞ‰gSž.S_m5#`¾Øá!{õÖ<øƒÝŒ×û`p