forked from pub-solar/os
172 lines
5.2 KiB
YAML
172 lines
5.2 KiB
YAML
---
|
|
kind: pipeline
|
|
type: exec
|
|
name: Check and deploy
|
|
node:
|
|
hosttype: baremetal
|
|
|
|
steps:
|
|
- name: "Check"
|
|
when:
|
|
event:
|
|
- pull_request
|
|
environment:
|
|
NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
|
|
commands:
|
|
- 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS'
|
|
- nix $$NIX_FLAGS develop --command nix flake show
|
|
- nix $$NIX_FLAGS build ".#nixosConfigurations.host_001_momo_koeln.config.system.build.toplevel"
|
|
|
|
- name: "Deploy"
|
|
when:
|
|
event:
|
|
- push
|
|
branch:
|
|
- momo/main
|
|
environment:
|
|
NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
|
|
PRIVATE_SSH_KEY:
|
|
from_secret: ci_private_ssh_key
|
|
SSH_HOST_KEY: "80.244.242.4 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE7XTCHfX6ta8EtkdOcZLnpdhMmXDfTebVMs4NC8JEPj"
|
|
# SSH uses HOME from /etc/passwd, not from the environment, so override it
|
|
SSHOPTS: "-o UserKnownHostsFile=$$HOME/.ssh/known_hosts -i $$HOME/.ssh/id_ed25519 -v"
|
|
commands:
|
|
- mkdir $$HOME/.ssh && chmod 700 $$HOME/.ssh
|
|
- echo "$$PRIVATE_SSH_KEY" > $$HOME/.ssh/id_ed25519 && chmod 600 $$HOME/.ssh/id_ed25519
|
|
- echo "$$SSH_HOST_KEY" > $$HOME/.ssh/known_hosts
|
|
- export $$SSHOPTS
|
|
- echo DEBUG env
|
|
- env
|
|
- echo DEBUG ls -alh $$HOME/.ssh
|
|
- ls -alh $$HOME/.ssh
|
|
- "echo DEBUG: Using NIX_FLAGS: $$NIX_FLAGS"
|
|
- nix $$NIX_FLAGS develop --command deploy --magic-rollback false --skip-checks --targets '.#host_001_momo_koeln' --ssh-opts="$SSHOPTS"
|
|
|
|
---
|
|
kind: pipeline
|
|
type: exec
|
|
name: Tests
|
|
node:
|
|
hosttype: baremetal
|
|
|
|
steps:
|
|
- name: "Tests"
|
|
environment:
|
|
NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
|
|
commands:
|
|
- 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS'
|
|
- nix $$NIX_FLAGS build ".#checks.x86_64-linux.customTestFor-PubSolarOS-firstTest"
|
|
- nix-store --read-log result
|
|
- nix $$NIX_FLAGS flake check
|
|
- nix $$NIX_FLAGS develop --command echo OK
|
|
|
|
- name: "Upload artifacts"
|
|
environment:
|
|
TRITON_DONT_SOURCE_PROFILE: 1
|
|
PRIVATE_SSH_KEY:
|
|
from_secret: private_ssh_key
|
|
MANTA_USER: pub_solar
|
|
MANTA_URL: https://eu-central.manta.greenbaum.cloud
|
|
MANTA_KEY_ID: "5d:5f:3d:22:8d:37:1f:e6:d6:ab:06:18:d9:a2:04:67"
|
|
commands:
|
|
- export TARGET_DIR="ci/$${DRONE_REPO}/$${DRONE_BUILD_NUMBER}"
|
|
- echo env var TARGET_DIR is set to $$TARGET_DIR
|
|
- "mkdir ~/.ssh && chmod 700 ~/.ssh"
|
|
- echo "$$PRIVATE_SSH_KEY" > ~/.ssh/id_ed25519 && chmod 600 ~/.ssh/id_ed25519
|
|
- nix flake new --template "git+https://git.greenbaum.cloud/dev/tritonshell?ref=main" ./tritonshell
|
|
- git add tritonshell
|
|
- cd tritonshell
|
|
- nix develop --command mput -p -f ../result/foot_wayland_info.png ~~/public/$${TARGET_DIR}/foot_wayland_info.png
|
|
- nix develop --command mput -p -f ../result/test-wayland.out ~~/public/$${TARGET_DIR}/test-wayland.out
|
|
|
|
trigger:
|
|
ref:
|
|
- refs/tags/v*
|
|
- refs/tags/t*
|
|
|
|
---
|
|
kind: pipeline
|
|
type: docker
|
|
name: Notification
|
|
|
|
steps:
|
|
- name: "Notify matrix"
|
|
image: plugins/matrix
|
|
settings:
|
|
homeserver: https://matrix.pub.solar
|
|
roomid: dfQBqwkhIzrFjMSsxy:pub.solar
|
|
username:
|
|
from_secret: matrix_username
|
|
password:
|
|
from_secret: matrix_password
|
|
template: "Test run triggered by tag: {{ build.tag }}. Test run exit status: {{ build.status }}. Artifacts uploaded to Manta: https://eu-central.manta.greenbaum.cloud/pub_solar/public/ci/{{ repo.Owner }}/{{ repo.Name }}/{{ build.number }}/foot_wayland_info.png"
|
|
|
|
trigger:
|
|
ref:
|
|
- refs/tags/v*
|
|
- refs/tags/t*
|
|
|
|
---
|
|
kind: pipeline
|
|
type: docker
|
|
name: Publish ISO
|
|
|
|
steps:
|
|
- name: "Build ISO"
|
|
image: docker.nix-community.org/nixpkgs/nix-flakes:latest
|
|
environment:
|
|
NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
|
|
volumes:
|
|
- name: file-exchange
|
|
path: /var/nix/iso-cache
|
|
commands:
|
|
- |
|
|
nix $$NIX_FLAGS build \
|
|
'.#nixosConfigurations.bootstrap.config.system.build.isoImage'
|
|
- cp $(readlink -f result)/iso/PubSolarOS*.iso /var/nix/iso-cache/
|
|
- nix shell nixpkgs#findutils
|
|
- cd /var/nix/iso-cache/
|
|
- export ISO_NAME=$(find . -name '*.iso' -printf "%f\n")
|
|
- sha256sum $ISO_NAME > $ISO_NAME.sha256
|
|
- ln -s $ISO_NAME PubSolarOS-latest.iso
|
|
- cp $ISO_NAME.sha256 PubSolarOS-latest.iso.sha256
|
|
- nix run nixpkgs#gnused -- --in-place "s/$ISO_NAME/PubSolarOS-latest.iso/" PubSolarOS-latest.iso.sha256
|
|
|
|
- name: "Publish ISO"
|
|
# https://github.com/appleboy/drone-scp/pull/141 got merged, yay
|
|
image: appleboy/drone-scp:1.6.5-linux-amd64
|
|
volumes:
|
|
- name: file-exchange
|
|
path: /var/nix/iso-cache
|
|
settings:
|
|
host:
|
|
from_secret: iso_web_ssh_host
|
|
user:
|
|
from_secret: iso_web_ssh_user
|
|
port:
|
|
from_secret: iso_web_ssh_port
|
|
key:
|
|
from_secret: iso_web_ssh_key
|
|
target: /srv/www/os/download
|
|
source:
|
|
- /var/nix/iso-cache/*.iso
|
|
- /var/nix/iso-cache/*.iso.sha256
|
|
unlink_first: true
|
|
strip_components: 3
|
|
|
|
trigger:
|
|
branch:
|
|
- main
|
|
event:
|
|
- push
|
|
|
|
volumes:
|
|
- name: file-exchange
|
|
temp: {}
|
|
|
|
---
|
|
kind: signature
|
|
hmac: 8a69d4de3b049877a17f6a6f5a336943057139472028343283d3e570760e8bcd
|
|
|
|
...
|