nixos/.gitlab-ci.yml

172 lines
4.3 KiB
YAML
Raw Normal View History

2023-06-18 20:22:44 +00:00
# borrowed from https://gitlab.com/nix17/nixos-config/-/blob/main/.gitlab-ci.yml
stages:
- misc
- test
2023-07-26 22:23:55 +00:00
- deploy
2023-08-07 02:03:46 +00:00
- deploy_gitlab
2023-06-18 20:22:44 +00:00
2023-07-26 22:32:20 +00:00
# Update the flake for any changes upstream
2023-06-18 20:22:44 +00:00
# Passed in from upstream
# $PACKAGE_NAME = name of the flake that needs to be updated
# $UPDATE_FLAKE = flag to update the flake
update:
stage: misc
2023-07-30 04:08:29 +00:00
tags:
- nix
2023-06-18 20:22:44 +00:00
# from https://forum.gitlab.com/t/git-push-from-inside-a-gitlab-runner/30554/5
before_script:
2023-07-26 22:32:20 +00:00
# set teh ssh key for the commit
2023-07-26 22:35:58 +00:00
- eval $(ssh-agent -s)
2023-06-18 20:22:44 +00:00
- echo "${CI_KEY}" | tr -d '\r' | ssh-add - > /dev/null
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- echo "$CI_KEY" >> ~/.ssh/id_rsa.pub
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
script:
- git config --global user.email "${CI_EMAIL}"
- git config --global user.name "${CI_USERNAME}"
# the part that updates the flake
- nix --experimental-features 'nix-command flakes' flake lock --update-input $PACKAGE_NAME
2023-06-18 20:22:44 +00:00
- git add flake.lock
- git commit -m "Updated flake for $PACKAGE_NAME" || echo "No changes, nothing to commit"
2023-06-18 20:22:44 +00:00
# we have a custom domain
2023-08-11 06:52:33 +00:00
- git remote rm origin && git remote add origin ssh://git@gitlab.skynet.ie:2222/compsoc1/skynet/nixos.git
2023-06-18 20:22:44 +00:00
- git push origin HEAD:$CI_COMMIT_REF_NAME
only:
refs:
- main
variables:
- $UPDATE_FLAKE == "yes"
sync_repos:
stage: misc
image: registry.gitlab.com/gitlab-ci-utils/curl-jq:2.0.0
script:
- cd sync
- chmod +x ./sync.sh
- ./sync.sh
rules:
- if: $UPDATE_FLAKE == "yes"
when: never
- if: '$CI_PROJECT_NAMESPACE == "compsoc1/skynet" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
changes:
- sync/repos.csv
.scripts_base: &scripts_base
# load nix environment
2023-08-09 19:56:22 +00:00
- . "$HOME/.nix-profile/etc/profile.d/nix.sh"
- nix --extra-experimental-features 'nix-command flakes' profile install nixpkgs#colmena
.scripts_deploy: &scripts_deploy
# setup ssh key
- eval $(ssh-agent -s)
- echo "$DEPLOY_KEY" | tr -d '\r' | ssh-add - > /dev/null
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
.scripts_cache: &scripts_cache
- nix --extra-experimental-features 'nix-command flakes' profile install nixpkgs#attic-client
- attic login skynet https://nix-cache.skynet.ie/ $CACHE_KEY
- attic use skynet-cache
2024-07-20 13:12:03 +00:00
# add any new items to the cache
- attic watch-store skynet-cache &
2023-07-26 22:32:20 +00:00
# every commit on main will build and deploy
.build_template: &builder
2023-07-30 04:08:29 +00:00
tags:
- nix
2023-07-26 22:23:55 +00:00
before_script:
- *scripts_base
- *scripts_cache
2023-09-28 10:14:05 +00:00
rules:
- if: $UPDATE_FLAKE == "yes"
when: never
2023-09-28 10:14:05 +00:00
- changes:
- applications/**/*
- machines/**/*
- secrets/**/*
- flake.*
- .gitlab-ci.yml
2024-01-27 20:49:18 +00:00
- config/**/*
# deploy items only run on main
.deploy_template: &deployment
before_script:
- *scripts_deploy
- *scripts_base
- *scripts_cache
2023-09-28 10:10:56 +00:00
rules:
- if: $UPDATE_FLAKE == "yes"
when: never
2023-09-28 10:20:57 +00:00
- if: '$CI_PROJECT_NAMESPACE == "compsoc1/skynet" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
changes:
- flake.nix
- flake.lock
- applications/**/*
- machines/**/*
- secrets/**/*
2024-01-27 20:49:18 +00:00
- config/**/*
linter:
<<: *builder
stage: test
script:
- nix --extra-experimental-features 'nix-command flakes' fmt -- --check .
2023-08-07 02:03:46 +00:00
build:
<<: *builder
2023-08-07 02:03:46 +00:00
stage: test
script:
2024-07-20 13:12:03 +00:00
- nix --extra-experimental-features 'nix-command flakes' develop
2023-11-20 17:33:51 +00:00
- colmena build -v --on @active-dns
- colmena build -v --on @active-core
- colmena build -v --on @active
- colmena build -v --on @active-ext
- colmena build -v --on @active-git
2023-08-07 02:03:46 +00:00
# dns always has to be deployed first
deploy_dns:
<<: *builder
<<: *deployment
stage: deploy
2023-08-07 02:03:46 +00:00
script:
2023-11-20 17:33:51 +00:00
- colmena apply -v --on @active-dns
2023-08-07 02:03:46 +00:00
deploy_core:
<<: *builder
<<: *deployment
2023-08-07 02:03:46 +00:00
stage: deploy
needs:
- deploy_dns
script:
2023-11-20 17:33:51 +00:00
- colmena apply -v --on @active-core
2023-08-07 02:03:46 +00:00
deploy_active:
<<: *builder
<<: *deployment
2023-08-07 02:03:46 +00:00
stage: deploy
needs:
- deploy_dns
script:
2023-11-20 17:33:51 +00:00
- colmena apply -v --on @active
2023-08-07 02:03:46 +00:00
2023-09-28 13:06:44 +00:00
# this is just skynet server
deploy_ext:
<<: *builder
<<: *deployment
stage: deploy
needs:
- deploy_dns
script:
2023-11-20 17:33:51 +00:00
- colmena apply -v --on @active-ext
2023-09-28 13:06:44 +00:00
2023-08-07 02:03:46 +00:00
deploy_gitlab:
<<: *builder
<<: *deployment
2023-08-07 02:03:46 +00:00
stage: deploy_gitlab
script:
- colmena apply -v --on @active-git
2024-01-27 20:49:18 +00:00
when: manual