forked from pub-solar/infra
Merge pull request 'ci: update forgejo runner to fix cache' (#152) from ci/update-forgejo-runner into main
Reviewed-on: pub-solar/infra#152 Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
This commit is contained in:
commit
d62b6cda92
Signed by:
pub.solar gitea
pub.solar gitea
GPG key ID:
F0332B04B7054873
|
|
@ -24,26 +24,48 @@ jobs:
|
||||||
echo "hash=$(md5sum flake.lock | awk '{print $1}')" >> $GITHUB_OUTPUT
|
echo "hash=$(md5sum flake.lock | awk '{print $1}')" >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
- name: Restore and cache Nix store
|
- name: Restore and cache Nix store
|
||||||
uses: https://github.com/nix-community/cache-nix-action@v5
|
uses: https://github.com/nix-community/cache-nix-action@v4.0.3
|
||||||
id: nix-store-cache
|
id: nix-store-cache
|
||||||
with:
|
with:
|
||||||
primary-key: cache-${{ runner.os }}-nix-store-${{ steps.flake-lock-hash.outputs.hash }}
|
key: cache-${{ runner.os }}-nix-store-${{ steps.flake-lock-hash.outputs.hash }}
|
||||||
restore-prefixes-first-match: |
|
restore-keys: |
|
||||||
cache-${{ runner.os }}-nix-store-
|
cache-${{ runner.os }}-nix-store-
|
||||||
|
|
||||||
gc-linux: true
|
gc-linux: true
|
||||||
gc-max-store-size-linux: 10000000000
|
gc-max-store-size-linux: 10000000000
|
||||||
|
|
||||||
purge: true
|
purge-caches: true
|
||||||
purge-prefixes: cache-${{ runner.os }}-nix-store-
|
purge-key: cache-${{ runner.os }}-nix-store-
|
||||||
purge-created: 42
|
purge-created: true
|
||||||
|
purge-created-max-age: 42
|
||||||
|
|
||||||
- name: Prepare cachix
|
- name: Prepare cachix
|
||||||
uses: https://github.com/cachix/cachix-action@v14
|
uses: https://github.com/cachix/cachix-action@v14
|
||||||
with:
|
with:
|
||||||
name: pub-solar
|
name: pub-solar
|
||||||
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
|
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
|
||||||
|
useDaemon: false
|
||||||
|
|
||||||
- name: Run flake checks
|
- name: Run flake checks
|
||||||
run: |
|
run: |
|
||||||
|
# Prevent cache garbage collection by creating GC roots
|
||||||
|
for target in $(nix flake show --json --all-systems | jq '
|
||||||
|
.["nixosConfigurations"] |
|
||||||
|
to_entries[] |
|
||||||
|
.key
|
||||||
|
' | tr -d '"'
|
||||||
|
); do
|
||||||
|
nix --print-build-logs --verbose --accept-flake-config --access-tokens '' \
|
||||||
|
build --out-link ./result-$target ".#nixosConfigurations.${target}.config.system.build.toplevel"
|
||||||
|
done
|
||||||
|
|
||||||
nix --print-build-logs --verbose --accept-flake-config --access-tokens '' flake check
|
nix --print-build-logs --verbose --accept-flake-config --access-tokens '' flake check
|
||||||
|
|
||||||
|
# Add GC roots for flake inputs, too
|
||||||
|
# https://github.com/NixOS/nix/issues/4250#issuecomment-1146878407
|
||||||
|
mkdir --parents "$NIX_USER_PROFILE_DIR"
|
||||||
|
gc_root_prefix="$NIX_USER_PROFILE_DIR"/infra-flake-
|
||||||
|
echo "Adding gcroots flake inputs with prefix $gc_root_prefix ..."
|
||||||
|
nix flake archive --json 2>/dev/null | jq --raw-output '.inputs | to_entries[] | "ln --force --symbolic --no-target-directory "+.value.path+" \"'"$gc_root_prefix"'"+.key+"\""' | while read -r line; do
|
||||||
|
eval "$line"
|
||||||
|
done
|
||||||
|
|
|
||||||
|
|
@ -13,16 +13,43 @@
|
||||||
# Needed for the docker runner to communicate with the act_runner cache
|
# Needed for the docker runner to communicate with the act_runner cache
|
||||||
networking.firewall.trustedInterfaces = [ "br-+" ];
|
networking.firewall.trustedInterfaces = [ "br-+" ];
|
||||||
|
|
||||||
|
users.users.gitea-runner = {
|
||||||
|
home = "/var/lib/gitea-runner/flora-6";
|
||||||
|
useDefaultShell = true;
|
||||||
|
group = "gitea-runner";
|
||||||
|
isSystemUser = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.groups.gitea-runner = {};
|
||||||
|
|
||||||
|
systemd.services."gitea-runner-flora\\x2d6".serviceConfig = {
|
||||||
|
DynamicUser = lib.mkForce false;
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d '/data/gitea-actions-runner' 0750 gitea-runner gitea-runner - -"
|
||||||
|
"d '/var/lib/gitea-runner' 0750 gitea-runner gitea-runner - -"
|
||||||
|
];
|
||||||
|
|
||||||
# forgejo actions runner
|
# forgejo actions runner
|
||||||
# https://forgejo.org/docs/latest/admin/actions/
|
# https://forgejo.org/docs/latest/admin/actions/
|
||||||
# https://docs.gitea.com/usage/actions/quickstart
|
# https://docs.gitea.com/usage/actions/quickstart
|
||||||
services.gitea-actions-runner = {
|
services.gitea-actions-runner = {
|
||||||
package = pkgs.forgejo-actions-runner;
|
package = pkgs.forgejo-runner;
|
||||||
instances."flora-6" = {
|
instances."flora-6" = {
|
||||||
enable = true;
|
enable = true;
|
||||||
name = config.networking.hostName;
|
name = config.networking.hostName;
|
||||||
url = "https://git.pub.solar";
|
url = "https://git.pub.solar";
|
||||||
tokenFile = config.age.secrets.forgejo-actions-runner-token.path;
|
tokenFile = config.age.secrets.forgejo-actions-runner-token.path;
|
||||||
|
settings = {
|
||||||
|
cache = {
|
||||||
|
enabled = true;
|
||||||
|
dir = "/data/gitea-actions-runner/actcache";
|
||||||
|
host = "";
|
||||||
|
port = 0;
|
||||||
|
external_server = "";
|
||||||
|
};
|
||||||
|
};
|
||||||
labels = [
|
labels = [
|
||||||
# provide a debian 12 bookworm base with Node.js for actions
|
# provide a debian 12 bookworm base with Node.js for actions
|
||||||
"debian-latest:docker://git.pub.solar/pub-solar/actions-base-image:20-bookworm"
|
"debian-latest:docker://git.pub.solar/pub-solar/actions-base-image:20-bookworm"
|
||||||
|
|
|
||||||
|
|
@ -13,6 +13,7 @@
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
forgejo-runner = unstable.forgejo-runner;
|
||||||
element-themes = prev.callPackage ./pkgs/element-themes { inherit (inputs) element-themes; };
|
element-themes = prev.callPackage ./pkgs/element-themes { inherit (inputs) element-themes; };
|
||||||
})
|
})
|
||||||
];
|
];
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue