---
kind: pipeline
type: docker
name: Upstreaming

steps:
  - name: "Sync 'devos' branch with upstream"
    image: alpine/git
    when:
      event:
        - cron
      cron:
        - sync-main-with-upstream
    environment:
      GITEA_SSH_KEY:
        from_secret: gitea_ssh_key
    commands:
      - ./.drone/setup_ssh.sh
      - git remote add devos git@git.b12f.io:pub-solar/devos
      - git remote set-url origin git@git.b12f.io:pub-solar/os
      - git fetch --all
      - git checkout -b devos --track origin/devos
      - git merge -X theirs devos/main
      - git push origin devos
      - git remote set-url origin https://git.b12f.io/pub-solar/os.git

  - name: "Sync $BRANCH with upstream"
    image: alpine/git
    when:
      event:
        - cron
      cron:
        - sync-main-with-upstream
        - sync-b12f-with-main
        - sync-teutat3s-with-main
    environment:
      GITEA_SSH_KEY:
        from_secret: gitea_ssh_key
    commands:
      - git fetch origin
      - git checkout origin/main
      - ./.drone/setup_ssh.sh
      - git remote set-url origin git@git.b12f.io:pub-solar/os
      - git fetch --all
      - ./.drone/upstream-branch.sh

  - name: "Open pull request for failed merge"
    image: nixery.dev/shell/tea
    when:
      status:
        - failure
      event:
        - cron
      cron:
        - sync-main-with-upstream
        - sync-b12f-with-main
        - sync-teutat3s-with-main
    environment:
      TEA_CONFIG:
        from_secret: tea_config
    commands:
      - mkdir -p ~/.config/tea
      - echo "$$TEA_CONFIG" > ~/.config/tea/config.yml
      - tea pulls create --base main --head devos

  - name: "Notify matrix"
    image: plugins/matrix
    when:
      status:
        - failure
      event:
        - cron
      cron:
        - sync-main-with-upstream
        - sync-b12f-with-main
        - sync-teutat3s-with-main
    settings:
      homeserver: https://matrix.pub.solar
      roomid: dfQBqwkhIzrFjMSsxy:pub.solar
      username:
        from_secret: matrix_username
      password:
        from_secret: matrix_password
      template: "Upstreaming {{ build.status }} [{{ build.branch }}#{{ truncate build.commit 8 }}]({{ build.link }}) by {{ build.author }}. [Pull requests](https://git.b12f.io/pub-solar/os/pulls)"

trigger:
  event:
    - cron

---
kind: pipeline
type: docker
name: Check

steps:
  - name: "Check"
    image: nixpkgs/nix-flakes:nixos-21.05
    when:
      event:
        - pull_request
        - tag
    commands:
      - echo "" >> /etc/nix/nix.conf
      - echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf
      - echo "substituters = https://nrdxp.cachix.org https://nix-community.cachix.org https://cache.nixos.org" >> /etc/nix/nix.conf
      - echo "trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> /etc/nix/nix.conf
      # Currently broken
      #- nix -Lv flake check
      - nix -Lv build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel"
      - nix -Lv develop -c echo OK
      - nix -Lv develop --command bud --help

---
kind: pipeline
type: docker
name: Publish ISO

steps:
  - name: "Build ISO"
    image: nixpkgs/nix-flakes:nixos-21.05
    volumes:
      - name: nix-store
        path: /var/nix/iso-cache
    commands:
      - echo "" >> /etc/nix/nix.conf
      - echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf
      - echo "substituters = https://nrdxp.cachix.org https://nix-community.cachix.org https://cache.nixos.org" >> /etc/nix/nix.conf
      - echo "trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> /etc/nix/nix.conf
      - nix -Lv develop --command bud build bootstrap bootstrapIso
      - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/

  - name: "Publish ISO"
    image: appleboy/drone-scp
    volumes:
      - name: nix-store
        path: /var/nix/iso-cache
    settings:
      host:
        from_secret: ssh_host
      user:
        from_secret: ssh_user
      port:
        from_secret: ssh_port
      key:
        from_secret: ssh_key
      target: /var/www/pub.solar
      source:
        - /var/nix/iso-cache/*.iso
      strip_components: 3

trigger:
  event:
    - push
  branch:
    - feature/basic-iso

volumes:
  - name: nix-store
    host:
      path: "/var/nix/iso-cache"

---
kind: signature
hmac: 539937d723b620778939dcac3819b0f6a4c396f1c477a2783ae3fb6feab0f4d7

...