--- kind: pipeline type: exec name: Check and deploy node: hosttype: baremetal steps: - name: "Check" when: event: - pull_request environment: NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config" commands: - 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS' - nix $$NIX_FLAGS develop --command nix flake show - nix $$NIX_FLAGS build ".#nixosConfigurations.host_001_momo_koeln.config.system.build.toplevel" - name: "Deploy" when: event: - push branch: - momo/main environment: NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config" PRIVATE_SSH_KEY: from_secret: ci_private_ssh_key SSH_HOST_KEY: "80.244.242.4 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE7XTCHfX6ta8EtkdOcZLnpdhMmXDfTebVMs4NC8JEPj" # SSH uses HOME from /etc/passwd, not from the environment, so override it SSHOPTS: "-o UserKnownHostsFile=$$HOME/.ssh/known_hosts -i $$HOME/.ssh/id_ed25519 -v" commands: - mkdir $$HOME/.ssh && chmod 700 $$HOME/.ssh - echo "$$PRIVATE_SSH_KEY" > $$HOME/.ssh/id_ed25519 && chmod 600 $$HOME/.ssh/id_ed25519 - echo "$$SSH_HOST_KEY" > $$HOME/.ssh/known_hosts - echo DEBUG env - env - echo DEBUG ls -alh $$HOME/.ssh - ls -alh $$HOME/.ssh - "echo DEBUG: Using NIX_FLAGS: $$NIX_FLAGS" - nix $$NIX_FLAGS develop --command deploy --magic-rollback false --skip-checks --targets '.#host_001_momo_koeln' --ssh-opts="$$SSHOPTS" --- kind: pipeline type: exec name: Tests node: hosttype: baremetal steps: - name: "Tests" environment: NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config" commands: - 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS' - nix $$NIX_FLAGS build ".#checks.x86_64-linux.customTestFor-PubSolarOS-firstTest" - nix-store --read-log result - nix $$NIX_FLAGS flake check - nix $$NIX_FLAGS develop --command echo OK - name: "Upload artifacts" environment: TRITON_DONT_SOURCE_PROFILE: 1 PRIVATE_SSH_KEY: from_secret: private_ssh_key MANTA_USER: pub_solar MANTA_URL: https://eu-central.manta.greenbaum.cloud MANTA_KEY_ID: "5d:5f:3d:22:8d:37:1f:e6:d6:ab:06:18:d9:a2:04:67" commands: - export TARGET_DIR="ci/$${DRONE_REPO}/$${DRONE_BUILD_NUMBER}" - echo env var TARGET_DIR is set to $$TARGET_DIR - "mkdir ~/.ssh && chmod 700 ~/.ssh" - echo "$$PRIVATE_SSH_KEY" > ~/.ssh/id_ed25519 && chmod 600 ~/.ssh/id_ed25519 - nix flake new --template "git+https://git.greenbaum.cloud/dev/tritonshell?ref=main" ./tritonshell - git add tritonshell - cd tritonshell - nix develop --command mput -p -f ../result/foot_wayland_info.png ~~/public/$${TARGET_DIR}/foot_wayland_info.png - nix develop --command mput -p -f ../result/test-wayland.out ~~/public/$${TARGET_DIR}/test-wayland.out trigger: ref: - refs/tags/v* - refs/tags/t* --- kind: pipeline type: docker name: Notification steps: - name: "Notify matrix" image: plugins/matrix settings: homeserver: https://matrix.pub.solar roomid: dfQBqwkhIzrFjMSsxy:pub.solar username: from_secret: matrix_username password: from_secret: matrix_password template: "Test run triggered by tag: {{ build.tag }}. Test run exit status: {{ build.status }}. Artifacts uploaded to Manta: https://eu-central.manta.greenbaum.cloud/pub_solar/public/ci/{{ repo.Owner }}/{{ repo.Name }}/{{ build.number }}/foot_wayland_info.png" trigger: ref: - refs/tags/v* - refs/tags/t* --- kind: pipeline type: docker name: Publish ISO steps: - name: "Build ISO" image: docker.nix-community.org/nixpkgs/nix-flakes:latest environment: NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config" volumes: - name: file-exchange path: /var/nix/iso-cache commands: - | nix $$NIX_FLAGS build \ '.#nixosConfigurations.bootstrap.config.system.build.isoImage' - cp $(readlink -f result)/iso/PubSolarOS*.iso /var/nix/iso-cache/ - nix shell nixpkgs#findutils - cd /var/nix/iso-cache/ - export ISO_NAME=$(find . -name '*.iso' -printf "%f\n") - sha256sum $ISO_NAME > $ISO_NAME.sha256 - ln -s $ISO_NAME PubSolarOS-latest.iso - cp $ISO_NAME.sha256 PubSolarOS-latest.iso.sha256 - nix run nixpkgs#gnused -- --in-place "s/$ISO_NAME/PubSolarOS-latest.iso/" PubSolarOS-latest.iso.sha256 - name: "Publish ISO" # https://github.com/appleboy/drone-scp/pull/141 got merged, yay image: appleboy/drone-scp:1.6.5-linux-amd64 volumes: - name: file-exchange path: /var/nix/iso-cache settings: host: from_secret: iso_web_ssh_host user: from_secret: iso_web_ssh_user port: from_secret: iso_web_ssh_port key: from_secret: iso_web_ssh_key target: /srv/www/os/download source: - /var/nix/iso-cache/*.iso - /var/nix/iso-cache/*.iso.sha256 unlink_first: true strip_components: 3 trigger: branch: - main event: - push volumes: - name: file-exchange temp: {} --- kind: signature hmac: 42b34b2493c918bc79eeb8bbb8eaa5480539a07cb0bd0f98b3affdefb3eed00b ...