os/.drone.yml

167 lines
5.1 KiB
YAML

---
kind: pipeline
type: exec
name: Check and deploy
node:
hosttype: baremetal
steps:
- name: "Check"
when:
event:
- pull_request
environment:
NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
commands:
- 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS'
- nix $$NIX_FLAGS develop --command nix flake show
- nix $$NIX_FLAGS build ".#nixosConfigurations.host_001_momo_koeln.config.system.build.toplevel"
- name: "Deploy"
when:
event:
- push
branch:
- momo/main
environment:
NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
PRIVATE_SSH_KEY:
from_secret: ci_private_ssh_key
SSH_HOST_KEY: "80.244.242.4 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE7XTCHfX6ta8EtkdOcZLnpdhMmXDfTebVMs4NC8JEPj"
commands:
- mkdir $$HOME/.ssh && chmod 700 $$HOME/.ssh
- echo "$$PRIVATE_SSH_KEY" > $$HOME/.ssh/id_ed25519 && chmod 600 $$HOME/.ssh/id_ed25519
- echo "$$SSH_HOST_KEY" > $$HOME/.ssh/known_hosts
# SSH uses HOME from /etc/passwd, not from the environment, so override it
- export SSHOPTS="-o UserKnownHostsFile=$$HOME/.ssh/known_hosts -i $$HOME/.ssh/id_ed25519"
- "echo DEBUG: Using NIX_FLAGS: $$NIX_FLAGS"
- nix $$NIX_FLAGS develop --command deploy --magic-rollback false --skip-checks --targets '.#host_001_momo_koeln' --ssh-opts="$$SSHOPTS"
---
kind: pipeline
type: exec
name: Tests
node:
hosttype: baremetal
steps:
- name: "Tests"
environment:
NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
commands:
- 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS'
- nix $$NIX_FLAGS build ".#checks.x86_64-linux.customTestFor-PubSolarOS-firstTest"
- nix-store --read-log result
- nix $$NIX_FLAGS flake check
- nix $$NIX_FLAGS develop --command echo OK
- name: "Upload artifacts"
environment:
TRITON_DONT_SOURCE_PROFILE: 1
PRIVATE_SSH_KEY:
from_secret: private_ssh_key
MANTA_USER: pub_solar
MANTA_URL: https://eu-central.manta.greenbaum.cloud
MANTA_KEY_ID: "5d:5f:3d:22:8d:37:1f:e6:d6:ab:06:18:d9:a2:04:67"
commands:
- export TARGET_DIR="ci/$${DRONE_REPO}/$${DRONE_BUILD_NUMBER}"
- echo env var TARGET_DIR is set to $$TARGET_DIR
- "mkdir ~/.ssh && chmod 700 ~/.ssh"
- echo "$$PRIVATE_SSH_KEY" > ~/.ssh/id_ed25519 && chmod 600 ~/.ssh/id_ed25519
- nix flake new --template "git+https://git.greenbaum.cloud/dev/tritonshell?ref=main" ./tritonshell
- git add tritonshell
- cd tritonshell
- nix develop --command mput -p -f ../result/foot_wayland_info.png ~~/public/$${TARGET_DIR}/foot_wayland_info.png
- nix develop --command mput -p -f ../result/test-wayland.out ~~/public/$${TARGET_DIR}/test-wayland.out
trigger:
ref:
- refs/tags/v*
- refs/tags/t*
---
kind: pipeline
type: docker
name: Notification
steps:
- name: "Notify matrix"
image: plugins/matrix
settings:
homeserver: https://matrix.pub.solar
roomid: dfQBqwkhIzrFjMSsxy:pub.solar
username:
from_secret: matrix_username
password:
from_secret: matrix_password
template: "Test run triggered by tag: {{ build.tag }}. Test run exit status: {{ build.status }}. Artifacts uploaded to Manta: https://eu-central.manta.greenbaum.cloud/pub_solar/public/ci/{{ repo.Owner }}/{{ repo.Name }}/{{ build.number }}/foot_wayland_info.png"
trigger:
ref:
- refs/tags/v*
- refs/tags/t*
---
kind: pipeline
type: docker
name: Publish ISO
steps:
- name: "Build ISO"
image: docker.nix-community.org/nixpkgs/nix-flakes:latest
environment:
NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
volumes:
- name: file-exchange
path: /var/nix/iso-cache
commands:
- |
nix $$NIX_FLAGS build \
'.#nixosConfigurations.bootstrap.config.system.build.isoImage'
- cp $(readlink -f result)/iso/PubSolarOS*.iso /var/nix/iso-cache/
- nix shell nixpkgs#findutils
- cd /var/nix/iso-cache/
- export ISO_NAME=$(find . -name '*.iso' -printf "%f\n")
- sha256sum $ISO_NAME > $ISO_NAME.sha256
- ln -s $ISO_NAME PubSolarOS-latest.iso
- cp $ISO_NAME.sha256 PubSolarOS-latest.iso.sha256
- nix run nixpkgs#gnused -- --in-place "s/$ISO_NAME/PubSolarOS-latest.iso/" PubSolarOS-latest.iso.sha256
- name: "Publish ISO"
# https://github.com/appleboy/drone-scp/pull/141 got merged, yay
image: appleboy/drone-scp:1.6.5-linux-amd64
volumes:
- name: file-exchange
path: /var/nix/iso-cache
settings:
host:
from_secret: iso_web_ssh_host
user:
from_secret: iso_web_ssh_user
port:
from_secret: iso_web_ssh_port
key:
from_secret: iso_web_ssh_key
target: /data/srv/www/os/download
source:
- /var/nix/iso-cache/*.iso
- /var/nix/iso-cache/*.iso.sha256
unlink_first: true
strip_components: 3
trigger:
branch:
- main
event:
- push
volumes:
- name: file-exchange
temp: {}
---
kind: signature
hmac: a600be61980312efec74374647cdff7e3876a7858caf51433a8b76148312edc1
...