# borrowed from https://gitlab.com/nix17/nixos-config/-/blob/main/.gitlab-ci.yml stages: - flake - test - deploy - deploy_gitlab # Update the flake for any changes upstream # Passed in from upstream # $PACKAGE_NAME = name of the flake that needs to be updated # $UPDATE_FLAKE = flag to update the flake update: stage: flake tags: - nix # from https://forum.gitlab.com/t/git-push-from-inside-a-gitlab-runner/30554/5 before_script: # set teh ssh key for the commit - eval $(ssh-agent -s) - echo "${CI_KEY}" | tr -d '\r' | ssh-add - > /dev/null - mkdir -p ~/.ssh - chmod 700 ~/.ssh - echo "$CI_KEY" >> ~/.ssh/id_rsa.pub - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config' script: - git config --global user.email "${CI_EMAIL}" - git config --global user.name "${CI_USERNAME}" # the part that updates the flake - nix flake lock --update-input $PACKAGE_NAME - git add flake.lock - git commit -m "[skip ci] Updated flake for $PACKAGE_NAME" || echo "No changes, nothing to commit" # we have a custom domain - git remote rm origin && git remote add origin ssh://git@gitlab.skynet.ie:2222/compsoc1/skynet/nixos.git - git push origin HEAD:$CI_COMMIT_REF_NAME only: refs: - main variables: - $UPDATE_FLAKE == "yes" .scripts_base: &scripts_base # load nix environment - git pull origin $CI_COMMIT_REF_NAME - . "$HOME/.nix-profile/etc/profile.d/nix.sh" - nix-shell -p colmena .scripts_deploy: &scripts_deploy # setup ssh key - eval $(ssh-agent -s) - echo "$DEPLOY_KEY" | tr -d '\r' | ssh-add - > /dev/null - mkdir -p ~/.ssh - chmod 700 ~/.ssh # every commit on main will build and deploy .build_template: &builder tags: - nix before_script: - *scripts_base only: changes: - applications/**/* - machines/**/* - secrets/**/* - flake.* - .gitlab-ci.yml # deploy items only run on main .deploy_template: &deployment before_script: - *scripts_deploy - *scripts_base only: refs: - main build: <<: *builder stage: test script: - colmena build # dns always has to be deployed first deploy_dns: <<: *builder <<: *deployment stage: deploy script: - colmena apply --on @active-dns deploy_core: <<: *builder <<: *deployment stage: deploy needs: - deploy_dns script: - colmena apply --on @active-core deploy_active: <<: *builder <<: *deployment stage: deploy needs: - deploy_dns script: - colmena apply --on @active deploy_gitlab: <<: *builder <<: *deployment stage: deploy_gitlab script: - colmena apply --on @active-gitlab when: manual