# borrowed from https://gitlab.com/nix17/nixos-config/-/blob/main/.gitlab-ci.yml stages: - flake - test - deploy # Update the flake for any changes upstream # Passed in from upstream # $PACKAGE_NAME = name of the flake that needs to be updated # $UPDATE_FLAKE = flag to update the flake update: stage: flake # from https://forum.gitlab.com/t/git-push-from-inside-a-gitlab-runner/30554/5 before_script: # set teh ssh key for the commit - eval $(ssh-agent -s) - echo "${CI_KEY}" | tr -d '\r' | ssh-add - > /dev/null - mkdir -p ~/.ssh - chmod 700 ~/.ssh - echo "$CI_KEY" >> ~/.ssh/id_rsa.pub - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config' script: - git config --global user.email "${CI_EMAIL}" - git config --global user.name "${CI_USERNAME}" # the part that updates the flake - nix --experimental-features 'nix-command flakes' flake lock --update-input $PACKAGE_NAME - git add flake.lock - git commit -m "[skip ci] Updated flake for $PACKAGE_NAME" || echo "No changes, nothing to commit" # we have a custom domain - git remote rm origin && git remote add origin ssh://git@gitlab.skynet.ie:2222/compsoc/skynet/nixos.git - git push origin HEAD:$CI_COMMIT_REF_NAME # update teh hash for further along in the pipeline # https://nsirap.com/posts/043-change-value-of-variable-in-gitlab%20copy/ - echo "FLAKE_COMMIT=$(git rev-parse HEAD)" >> flake.env - file -bi flake.env artifacts: reports: dotenv: flake.env only: refs: - main variables: - $UPDATE_FLAKE == "yes" build: stage: test before_script: - . "$HOME/.nix-profile/etc/profile.d/nix.sh" # use the new flake - (if [ "$FLAKE_COMMIT" != "" ]; then git pull origin $FLAKE_COMMIT; fi); script: - nix --experimental-features 'nix-command flakes' run nixpkgs#colmena -- build # every commit on main will build and deploy deploy: stage: deploy before_script: # setup ssh key - eval $(ssh-agent -s) - echo "$DEPLOY_KEY" | tr -d '\r' | ssh-add - > /dev/null - mkdir -p ~/.ssh - chmod 700 ~/.ssh # load nix environment - . "$HOME/.nix-profile/etc/profile.d/nix.sh" - (if [ "$FLAKE_COMMIT" != "" ]; then git pull origin $FLAKE_COMMIT; fi); script: # dns is always deployed first - nix --experimental-features 'nix-command flakes' run nixpkgs#colmena -- apply --on @active-dns - nix --experimental-features 'nix-command flakes' run nixpkgs#colmena -- apply --on @active-core - nix --experimental-features 'nix-command flakes' run nixpkgs#colmena -- apply --on @active only: refs: - main