forked from pub-solar/os
Benjamin Bädorf
3c3abec238
The logic inside the hook was rather broken, causing confusing merges, stashes, and aborts. Unfortunately `treefmt` does not provide a pure lint option that checks without writing the changes. So instead, we do this in CI.
155 lines
4.3 KiB
YAML
155 lines
4.3 KiB
YAML
---
|
|
kind: pipeline
|
|
type: exec
|
|
name: Check
|
|
node:
|
|
hosttype: baremetal
|
|
|
|
steps:
|
|
- name: "Check"
|
|
when:
|
|
event:
|
|
- pull_request
|
|
environment:
|
|
NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
|
|
commands:
|
|
- 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS'
|
|
- nix $$NIX_FLAGS develop --command nix flake show
|
|
- nix $$NIX_FLAGS develop --command treefmt --fail-on-change
|
|
- nix $$NIX_FLAGS develop --command editorconfig-checker
|
|
- nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel"
|
|
|
|
---
|
|
kind: pipeline
|
|
type: exec
|
|
name: Tests
|
|
node:
|
|
hosttype: baremetal
|
|
|
|
steps:
|
|
- name: "Tests"
|
|
environment:
|
|
NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
|
|
commands:
|
|
- 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS'
|
|
- nix $$NIX_FLAGS build ".#checks.x86_64-linux.customTestFor-PubSolarOS-firstTest"
|
|
- nix-store --read-log result
|
|
- nix $$NIX_FLAGS flake check
|
|
- nix $$NIX_FLAGS develop --command echo OK
|
|
|
|
- name: "Upload artifacts"
|
|
environment:
|
|
TRITON_DONT_SOURCE_PROFILE: 1
|
|
PRIVATE_SSH_KEY:
|
|
from_secret: private_ssh_key
|
|
MANTA_USER: pub_solar
|
|
MANTA_URL: https://eu-central.manta.greenbaum.cloud
|
|
MANTA_KEY_ID: "5d:5f:3d:22:8d:37:1f:e6:d6:ab:06:18:d9:a2:04:67"
|
|
commands:
|
|
- export TARGET_DIR="ci/$${DRONE_REPO}/$${DRONE_BUILD_NUMBER}"
|
|
- echo env var TARGET_DIR is set to $$TARGET_DIR
|
|
- "mkdir ~/.ssh && chmod 700 ~/.ssh"
|
|
- echo "$$PRIVATE_SSH_KEY" > ~/.ssh/id_ed25519 && chmod 600 ~/.ssh/id_ed25519
|
|
- nix flake new --template "git+https://git.greenbaum.cloud/dev/tritonshell?ref=main" ./tritonshell
|
|
- git add tritonshell
|
|
- cd tritonshell
|
|
- nix develop --command mput -p -f ../result/foot_wayland_info.png ~~/public/$${TARGET_DIR}/foot_wayland_info.png
|
|
- nix develop --command mput -p -f ../result/test-wayland.out ~~/public/$${TARGET_DIR}/test-wayland.out
|
|
|
|
trigger:
|
|
ref:
|
|
- refs/tags/v*
|
|
- refs/tags/t*
|
|
|
|
---
|
|
kind: pipeline
|
|
type: docker
|
|
name: Notification
|
|
|
|
steps:
|
|
- name: "Notify matrix"
|
|
image: plugins/matrix
|
|
settings:
|
|
homeserver: https://matrix.pub.solar
|
|
roomid: dfQBqwkhIzrFjMSsxy:pub.solar
|
|
username:
|
|
from_secret: matrix_username
|
|
password:
|
|
from_secret: matrix_password
|
|
template: "Test run triggered by tag: {{ build.tag }}. Test run exit status: {{ build.status }}. Artifacts uploaded to Manta: https://eu-central.manta.greenbaum.cloud/pub_solar/public/ci/{{ repo.Owner }}/{{ repo.Name }}/{{ build.number }}/foot_wayland_info.png"
|
|
|
|
depends_on:
|
|
- Tests
|
|
|
|
trigger:
|
|
ref:
|
|
- refs/tags/v*
|
|
- refs/tags/t*
|
|
|
|
---
|
|
kind: pipeline
|
|
type: docker
|
|
name: Publish ISO
|
|
|
|
steps:
|
|
- name: "Build ISO"
|
|
image: docker.nix-community.org/nixpkgs/nix-flakes:latest
|
|
environment:
|
|
NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
|
|
volumes:
|
|
- name: file-exchange
|
|
path: /var/nix/iso-cache
|
|
commands:
|
|
- |
|
|
nix $$NIX_FLAGS build \
|
|
'.#nixosConfigurations.bootstrap.config.system.build.isoImage'
|
|
- cp $(readlink -f result)/iso/PubSolarOS*.iso /var/nix/iso-cache/
|
|
- nix shell nixpkgs#findutils
|
|
- cd /var/nix/iso-cache/
|
|
- export ISO_NAME=$(find . -name '*.iso' -printf "%f\n")
|
|
- sha256sum $ISO_NAME > $ISO_NAME.sha256
|
|
- ln -s $ISO_NAME PubSolarOS-latest.iso
|
|
- cp $ISO_NAME.sha256 PubSolarOS-latest.iso.sha256
|
|
- nix run nixpkgs#gnused -- --in-place "s/$ISO_NAME/PubSolarOS-latest.iso/" PubSolarOS-latest.iso.sha256
|
|
|
|
- name: "Publish ISO"
|
|
# https://github.com/appleboy/drone-scp/pull/141 got merged, yay
|
|
image: appleboy/drone-scp:1.6.5-linux-amd64
|
|
volumes:
|
|
- name: file-exchange
|
|
path: /var/nix/iso-cache
|
|
settings:
|
|
host:
|
|
from_secret: iso_web_ssh_host
|
|
user:
|
|
from_secret: iso_web_ssh_user
|
|
port:
|
|
from_secret: iso_web_ssh_port
|
|
key:
|
|
from_secret: iso_web_ssh_key
|
|
target: /data/srv/www/os/download
|
|
source:
|
|
- /var/nix/iso-cache/*.iso
|
|
- /var/nix/iso-cache/*.iso.sha256
|
|
unlink_first: true
|
|
strip_components: 3
|
|
|
|
depends_on:
|
|
- Check
|
|
|
|
trigger:
|
|
branch:
|
|
- main
|
|
event:
|
|
- push
|
|
|
|
volumes:
|
|
- name: file-exchange
|
|
temp: {}
|
|
|
|
---
|
|
kind: signature
|
|
hmac: a116f78a0b22188052893bdb46aa40f8de66438826c10ced362ea183d7644d67
|
|
|
|
...
|