ci: deploy host_001_momo_koeln on every push to momo/main #193

Merged
teutat3s merged 1 commit from momo/ci-deployment into momo/main 2023-03-07 20:21:57 +00:00
2 changed files with 21 additions and 12 deletions

View file

@ -1,7 +1,7 @@
--- ---
kind: pipeline kind: pipeline
type: exec type: exec
name: Check name: Check and deploy
node: node:
hosttype: baremetal hosttype: baremetal
@ -17,6 +17,22 @@ steps:
- nix $$NIX_FLAGS develop --command nix flake show - nix $$NIX_FLAGS develop --command nix flake show
- nix $$NIX_FLAGS build ".#nixosConfigurations.host_001_momo_koeln.config.system.build.toplevel" - nix $$NIX_FLAGS build ".#nixosConfigurations.host_001_momo_koeln.config.system.build.toplevel"
- name: "Deploy"
when:
event:
- push
branch:
- momo/main
environment:
NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
PRIVATE_SSH_KEY:
from_secret: ci_private_ssh_key
commands:
- "mkdir ~/.ssh && chmod 700 ~/.ssh"
- echo "$$PRIVATE_SSH_KEY" > ~/.ssh/id_ed25519 && chmod 600 ~/.ssh/id_ed25519
- 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS'
- nix $$NIX_FLAGS develop --command deploy --magic-rollback false --skip-checks --targets '.#host_001_momo_koeln'
--- ---
kind: pipeline kind: pipeline
type: exec type: exec
@ -76,9 +92,6 @@ steps:
from_secret: matrix_password from_secret: matrix_password
template: "Test run triggered by tag: {{ build.tag }}. Test run exit status: {{ build.status }}. Artifacts uploaded to Manta: https://eu-central.manta.greenbaum.cloud/pub_solar/public/ci/{{ repo.Owner }}/{{ repo.Name }}/{{ build.number }}/foot_wayland_info.png" template: "Test run triggered by tag: {{ build.tag }}. Test run exit status: {{ build.status }}. Artifacts uploaded to Manta: https://eu-central.manta.greenbaum.cloud/pub_solar/public/ci/{{ repo.Owner }}/{{ repo.Name }}/{{ build.number }}/foot_wayland_info.png"
depends_on:
- Tests
trigger: trigger:
ref: ref:
- refs/tags/v* - refs/tags/v*
@ -132,9 +145,6 @@ steps:
unlink_first: true unlink_first: true
strip_components: 3 strip_components: 3
depends_on:
- Check
trigger: trigger:
branch: branch:
- main - main
@ -147,6 +157,6 @@ volumes:
--- ---
kind: signature kind: signature
hmac: 4eafc30355db63df1c207a267669400120d18a479bf850923cd646f7cb0fabac hmac: e50c1347f8645fa2591afa05643eb0c293b70ef1628d157d16d3d819b27f6e7c
... ...

View file

@ -12,17 +12,16 @@ in {
security.sudo.extraRules = [ security.sudo.extraRules = [
{ {
users = [ "${psCfg.user.name}" ]; users = ["${psCfg.user.name}"];
commands = [ commands = [
{ {
command = "ALL"; command = "ALL";
options = [ "NOPASSWD" ]; options = ["NOPASSWD"];
} }
]; ];
} }
]; ];
pub-solar = { pub-solar = {
user = { user = {
name = "barkeeper"; name = "barkeeper";
@ -35,9 +34,9 @@ in {
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb @hensoko" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb @hensoko"
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFro/k4Mgqyh8yV/7Zwjc0dv60ZM7bROBU9JNd99P/4co6fxPt1pJiU/pEz2Dax/HODxgcO+jFZfvPEuLMCeAl0= YubiKey #10593996 PIV Slot 9a @teutat3s" "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFro/k4Mgqyh8yV/7Zwjc0dv60ZM7bROBU9JNd99P/4co6fxPt1pJiU/pEz2Dax/HODxgcO+jFZfvPEuLMCeAl0= YubiKey #10593996 PIV Slot 9a @teutat3s"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP5MvCwNRtCcP1pSDrn0XZTNlpOqYnjHDm9/OI4hECW @ci-drone-runner"
]; ];
}; };
}; };
}; };
} }