forked from pub-solar/os
ci: deploy host_001_momo_koeln on every push to
momo/main The branch momo/main is now protected from direct pushes and changes should go through review before getting merged Fix drone lint errors: Pipeline stage 'Notification' declares invalid dependency 'Tests' Pipeline stage 'Publish ISO' declares invalid dependency 'Check'
This commit is contained in:
parent
4b5955a164
commit
716f22e32d
26
.drone.yml
26
.drone.yml
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
kind: pipeline
|
kind: pipeline
|
||||||
type: exec
|
type: exec
|
||||||
name: Check
|
name: Check and deploy
|
||||||
node:
|
node:
|
||||||
hosttype: baremetal
|
hosttype: baremetal
|
||||||
|
|
||||||
|
@ -17,6 +17,22 @@ steps:
|
||||||
- nix $$NIX_FLAGS develop --command nix flake show
|
- nix $$NIX_FLAGS develop --command nix flake show
|
||||||
- nix $$NIX_FLAGS build ".#nixosConfigurations.host_001_momo_koeln.config.system.build.toplevel"
|
- nix $$NIX_FLAGS build ".#nixosConfigurations.host_001_momo_koeln.config.system.build.toplevel"
|
||||||
|
|
||||||
|
- name: "Deploy"
|
||||||
|
when:
|
||||||
|
event:
|
||||||
|
- push
|
||||||
|
branch:
|
||||||
|
- momo/main
|
||||||
|
environment:
|
||||||
|
NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
|
||||||
|
PRIVATE_SSH_KEY:
|
||||||
|
from_secret: ci_private_ssh_key
|
||||||
|
commands:
|
||||||
|
- "mkdir ~/.ssh && chmod 700 ~/.ssh"
|
||||||
|
- echo "$$PRIVATE_SSH_KEY" > ~/.ssh/id_ed25519 && chmod 600 ~/.ssh/id_ed25519
|
||||||
|
- 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS'
|
||||||
|
- nix $$NIX_FLAGS develop --command deploy --magic-rollback false --skip-checks --targets '.#host_001_momo_koeln'
|
||||||
|
|
||||||
---
|
---
|
||||||
kind: pipeline
|
kind: pipeline
|
||||||
type: exec
|
type: exec
|
||||||
|
@ -76,9 +92,6 @@ steps:
|
||||||
from_secret: matrix_password
|
from_secret: matrix_password
|
||||||
template: "Test run triggered by tag: {{ build.tag }}. Test run exit status: {{ build.status }}. Artifacts uploaded to Manta: https://eu-central.manta.greenbaum.cloud/pub_solar/public/ci/{{ repo.Owner }}/{{ repo.Name }}/{{ build.number }}/foot_wayland_info.png"
|
template: "Test run triggered by tag: {{ build.tag }}. Test run exit status: {{ build.status }}. Artifacts uploaded to Manta: https://eu-central.manta.greenbaum.cloud/pub_solar/public/ci/{{ repo.Owner }}/{{ repo.Name }}/{{ build.number }}/foot_wayland_info.png"
|
||||||
|
|
||||||
depends_on:
|
|
||||||
- Tests
|
|
||||||
|
|
||||||
trigger:
|
trigger:
|
||||||
ref:
|
ref:
|
||||||
- refs/tags/v*
|
- refs/tags/v*
|
||||||
|
@ -132,9 +145,6 @@ steps:
|
||||||
unlink_first: true
|
unlink_first: true
|
||||||
strip_components: 3
|
strip_components: 3
|
||||||
|
|
||||||
depends_on:
|
|
||||||
- Check
|
|
||||||
|
|
||||||
trigger:
|
trigger:
|
||||||
branch:
|
branch:
|
||||||
- main
|
- main
|
||||||
|
@ -147,6 +157,6 @@ volumes:
|
||||||
|
|
||||||
---
|
---
|
||||||
kind: signature
|
kind: signature
|
||||||
hmac: 4eafc30355db63df1c207a267669400120d18a479bf850923cd646f7cb0fabac
|
hmac: e50c1347f8645fa2591afa05643eb0c293b70ef1628d157d16d3d819b27f6e7c
|
||||||
|
|
||||||
...
|
...
|
||||||
|
|
|
@ -12,17 +12,16 @@ in {
|
||||||
|
|
||||||
security.sudo.extraRules = [
|
security.sudo.extraRules = [
|
||||||
{
|
{
|
||||||
users = [ "${psCfg.user.name}" ];
|
users = ["${psCfg.user.name}"];
|
||||||
commands = [
|
commands = [
|
||||||
{
|
{
|
||||||
command = "ALL";
|
command = "ALL";
|
||||||
options = [ "NOPASSWD" ];
|
options = ["NOPASSWD"];
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
||||||
pub-solar = {
|
pub-solar = {
|
||||||
user = {
|
user = {
|
||||||
name = "barkeeper";
|
name = "barkeeper";
|
||||||
|
@ -35,9 +34,9 @@ in {
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work"
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb @hensoko"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb @hensoko"
|
||||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFro/k4Mgqyh8yV/7Zwjc0dv60ZM7bROBU9JNd99P/4co6fxPt1pJiU/pEz2Dax/HODxgcO+jFZfvPEuLMCeAl0= YubiKey #10593996 PIV Slot 9a @teutat3s"
|
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFro/k4Mgqyh8yV/7Zwjc0dv60ZM7bROBU9JNd99P/4co6fxPt1pJiU/pEz2Dax/HODxgcO+jFZfvPEuLMCeAl0= YubiKey #10593996 PIV Slot 9a @teutat3s"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP5MvCwNRtCcP1pSDrn0XZTNlpOqYnjHDm9/OI4hECW @ci-drone-runner"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue