ci: re-introduce github actions
parent
5b24182876
commit
a1ed7fd120
|
@ -0,0 +1,72 @@
|
||||||
|
name: CI
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches: [main]
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
get-x86_64-hosts:
|
||||||
|
runs-on: self-hosted-x86_64-linux
|
||||||
|
outputs:
|
||||||
|
matrix: ${{ steps.hosts_out.outputs.matrix }}
|
||||||
|
steps:
|
||||||
|
- name: repository checkout
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
- id: hosts_out
|
||||||
|
name: set hosts var
|
||||||
|
run: |
|
||||||
|
{
|
||||||
|
echo -n "matrix="
|
||||||
|
nix eval -I nixpkgs=$(nix flake metadata nixpkgs --json | jq -r .path) --raw --impure --expr '
|
||||||
|
with import <nixpkgs> { };
|
||||||
|
builtins.toJSON (lib.mapAttrsToList (n: v: n)
|
||||||
|
(lib.attrsets.filterAttrs (n: v: v.pkgs.system == pkgs.system)
|
||||||
|
(builtins.getFlake(builtins.toString ./.)).outputs.nixosConfigurations))'
|
||||||
|
echo ""
|
||||||
|
} >> "$GITHUB_OUTPUT"
|
||||||
|
|
||||||
|
get-aarch64-hosts:
|
||||||
|
runs-on: self-hosted-aarch64-linux
|
||||||
|
outputs:
|
||||||
|
matrix: ${{ steps.hosts.outputs.matrix }}
|
||||||
|
steps:
|
||||||
|
- name: repository checkout
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
- name: hosts
|
||||||
|
run: |
|
||||||
|
{
|
||||||
|
echo -n "matrix="
|
||||||
|
nix eval -I nixpkgs=$(nix flake metadata nixpkgs --json | jq -r .path) --raw --impure --expr '
|
||||||
|
with import <nixpkgs> { };
|
||||||
|
builtins.toJSON (lib.mapAttrsToList (n: v: n)
|
||||||
|
(lib.attrsets.filterAttrs (n: v: v.pkgs.system == pkgs.system)
|
||||||
|
(builtins.getFlake(builtins.toString ./.)).outputs.nixosConfigurations))'
|
||||||
|
} >> "$GITHUB_OUTPUT"
|
||||||
|
|
||||||
|
build-nixos-x86_64-linux:
|
||||||
|
runs-on: self-hosted-x86_64-linux
|
||||||
|
needs: [get-x86_64-hosts]
|
||||||
|
strategy:
|
||||||
|
fail-fast: false
|
||||||
|
matrix:
|
||||||
|
host: ${{ fromJson(needs.get-x86_64-hosts.outputs.matrix) }}
|
||||||
|
steps:
|
||||||
|
- name: repository checkout
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
- name: build host configuration ${{ matrix.host }}
|
||||||
|
run: nixos-rebuild build --verbose --flake ".#${{ matrix.host }}"
|
||||||
|
|
||||||
|
build-nixos-aarch64-linux:
|
||||||
|
runs-on: self-hosted-aarch64-linux
|
||||||
|
needs: [get-aarch64-hosts]
|
||||||
|
strategy:
|
||||||
|
fail-fast: false
|
||||||
|
matrix:
|
||||||
|
host: ${{ fromJson(needs.get-aarch64-hosts.outputs.matrix) }}
|
||||||
|
steps:
|
||||||
|
- name: repository checkout
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
- name: build host configuration ${{ matrix.host }}
|
||||||
|
run: nixos-rebuild build --verbose --flake ".#${{ matrix.host }}"
|
||||||
|
|
||||||
|
|
|
@ -3,47 +3,60 @@
|
||||||
let
|
let
|
||||||
gitea-runner-directory = "/var/lib/gitea-runner";
|
gitea-runner-directory = "/var/lib/gitea-runner";
|
||||||
meta = import ../meta.nix;
|
meta = import ../meta.nix;
|
||||||
|
ci-packages = with pkgs; [
|
||||||
|
bash
|
||||||
|
coreutils
|
||||||
|
curl
|
||||||
|
gawk
|
||||||
|
git-lfs
|
||||||
|
nixFlakes
|
||||||
|
gitFull
|
||||||
|
gnused
|
||||||
|
nodejs
|
||||||
|
wget
|
||||||
|
jq
|
||||||
|
nixos-rebuild
|
||||||
|
envsubst
|
||||||
|
];
|
||||||
|
ci-labels = [
|
||||||
|
"nixos-${pkgs.system}:host"
|
||||||
|
"nixos:host"
|
||||||
|
"self-hosted-${pkgs.system}"
|
||||||
|
"self-hosted"
|
||||||
|
];
|
||||||
in {
|
in {
|
||||||
age.secrets = {
|
age.secrets = {
|
||||||
gitea-runner-token.file =
|
gitea-runner-token.file =
|
||||||
../secrets/gitea-runner-token-${config.networking.hostName}.age;
|
../secrets/gitea-runner-token-${config.networking.hostName}.age;
|
||||||
|
github-runner-token.file =
|
||||||
|
../secrets/github-runner-token-${config.networking.hostName}.age;
|
||||||
ci-secrets = { # for printer host sd images
|
ci-secrets = { # for printer host sd images
|
||||||
file = ../secrets/ci-secrets.age;
|
file = ../secrets/ci-secrets.age;
|
||||||
mode = "444";
|
mode = "444";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.github-runners."nix-${config.networking.hostName}" = {
|
||||||
|
enable = true;
|
||||||
|
extraLabels = ci-labels;
|
||||||
|
tokenFile = config.age.secrets.github-runner-token.path;
|
||||||
|
url = "https://github.com/arachnist/nibylandia";
|
||||||
|
|
||||||
|
extraPackages = ci-packages;
|
||||||
|
};
|
||||||
|
|
||||||
services.gitea-actions-runner.instances.nix = {
|
services.gitea-actions-runner.instances.nix = {
|
||||||
enable = true;
|
enable = true;
|
||||||
name = config.networking.hostName;
|
name = config.networking.hostName;
|
||||||
tokenFile = config.age.secrets.gitea-runner-token.path;
|
tokenFile = config.age.secrets.gitea-runner-token.path;
|
||||||
labels = [
|
labels = ci-labels;
|
||||||
"nixos-${pkgs.system}:host"
|
|
||||||
"nixos:host"
|
|
||||||
"self-hosted-${pkgs.system}"
|
|
||||||
"self-hosted"
|
|
||||||
];
|
|
||||||
url = "https://code.hackerspace.pl";
|
url = "https://code.hackerspace.pl";
|
||||||
settings = {
|
settings = {
|
||||||
cache.enabled = true;
|
cache.enabled = true;
|
||||||
host.workdir_parent = "${gitea-runner-directory}/action-cache-dir";
|
host.workdir_parent = "${gitea-runner-directory}/action-cache-dir";
|
||||||
};
|
};
|
||||||
|
|
||||||
hostPackages = with pkgs; [
|
hostPackages = ci-packages;
|
||||||
bash
|
|
||||||
coreutils
|
|
||||||
curl
|
|
||||||
gawk
|
|
||||||
git-lfs
|
|
||||||
nixFlakes
|
|
||||||
gitFull
|
|
||||||
gnused
|
|
||||||
nodejs
|
|
||||||
wget
|
|
||||||
jq
|
|
||||||
nixos-rebuild
|
|
||||||
envsubst
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.gitea-runner-nix.environment = {
|
systemd.services.gitea-runner-nix.environment = {
|
||||||
|
|
|
@ -84,6 +84,10 @@ in {
|
||||||
++ [ meta.hosts.zorigami.publicKey ];
|
++ [ meta.hosts.zorigami.publicKey ];
|
||||||
"secrets/gitea-runner-token-scylla.age".publicKeys = meta.users.ar
|
"secrets/gitea-runner-token-scylla.age".publicKeys = meta.users.ar
|
||||||
++ [ meta.hosts.scylla.publicKey ];
|
++ [ meta.hosts.scylla.publicKey ];
|
||||||
|
"secrets/github-runner-token-zorigami.age".publicKeys = meta.users.ar
|
||||||
|
++ [ meta.hosts.zorigami.publicKey ];
|
||||||
|
"secrets/github-runner-token-scylla.age".publicKeys = meta.users.ar
|
||||||
|
++ [ meta.hosts.scylla.publicKey ];
|
||||||
"secrets/ci-secrets.age".publicKeys = meta.users.ar ++ (with meta.hosts; [
|
"secrets/ci-secrets.age".publicKeys = meta.users.ar ++ (with meta.hosts; [
|
||||||
scylla.publicKey
|
scylla.publicKey
|
||||||
zorigami.publicKey
|
zorigami.publicKey
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 kY4Rgg x91UKTDL+BFy/c7hvrzvSZZeMx7z74hAAC4xL838Xgk
|
||||||
|
gPIhvfNBAH6U0YfV8uihqDBgMJ3NYcEUmeyUZw/w7KE
|
||||||
|
-> ssh-ed25519 grc4Uw YPSkqvjIGyTBcsW400MCUwAoGSsaBB1bp30K9BNkkiA
|
||||||
|
+o4ggXpugZYHxuaVK7vNbPTu5cIXFZjSTA9dkYTs53A
|
||||||
|
-> ssh-ed25519 CJl5MQ ledMNLcITvGMSiMlKDzlsL9/0xtbqko8QJ/PelSWqFo
|
||||||
|
e83se5K8qwBqXCjO2tPcDZGPQ9Tnq296f3r056YjraQ
|
||||||
|
--- 9rN7EL1kFrdya85sOy6NAgNKPC+ca85IdhOi1QUW5D4
|
||||||
|
à;«è,Uÿ€¼k$[N¦ßÿ¹äÐÓ—.Áôoä㘢ÜÀ
ý…ïÓœ8èÂ,²Šå>TÂãp±ÉÿÎP°;
|
|
@ -0,0 +1,9 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 kY4Rgg wXaqegoMDgK0MZ/QhwX7wIlHR4Y27IcPgeODG2Wubxk
|
||||||
|
xHJC1iR0/nTLcZeYHkGWCnMzCjOFxPhmfdAbe76B6Oo
|
||||||
|
-> ssh-ed25519 grc4Uw rKs94vbBfgXlKCv3qZBN8IPSxig5vWOOiJNqRC8yMkI
|
||||||
|
8AE1kp25a2Nzv+07p9n3/vuy6LY5fPjEcf+sLRvU/Bg
|
||||||
|
-> ssh-ed25519 DLT88w QP8cAQWsJJJSXUbnb/PJ9OGs5l4nifVyHQerDXcv0Bg
|
||||||
|
dqoBSDTc6XdmOoirOv8/2hDfrGKm1pHaTO1D3m89K+I
|
||||||
|
--- U/QEquparqU/juJuP85JQ9ttnBoypiYAtdCdsvWENZI
|
||||||
|
å©ne<6E>˜‚‹T˜ø";€¶¸ÿ¾™²¢tÞ‰gSž.S_m5#`¾Øá!{õÖ<øƒÝŒ×û`p
|
Loading…
Reference in New Issue