freshlybakedca.ke
a.starrysky.fyi
+1
-1
.tangled/workflows/packetmix-build.yml
+1
-1
.tangled/workflows/packetmix-build.yml
+102
.tangled/workflows/packetmix-release.yml
+102
.tangled/workflows/packetmix-release.yml
···
1
+
# SPDX-FileCopyrightText: 2025 FreshlyBakedCake
2
+
#
3
+
# SPDX-License-Identifier: MIT
4
+
when:
5
+
- event: ["push"]
6
+
branch: ["main"]
7
+
8
+
engine: nixery
9
+
10
+
dependencies:
11
+
nixpkgs:
12
+
- lix
13
+
- gnugrep
14
+
- openssh
15
+
16
+
steps:
17
+
- name: Get remote builds SSH key
18
+
command: |
19
+
echo "$KEY_SSH_REMOTE_BUILD" > /tmp/key-ssh-remote-build
20
+
chmod 600 /tmp/key-ssh-remote-build
21
+
- name: Get release push SSH key
22
+
command: |
23
+
echo "$KEY_SSH_RELEASE_PUSH" > /tmp/key-ssh-release-push
24
+
chmod 600 /tmp/key-ssh-release-push
25
+
- name: Add base system files
26
+
command: |
27
+
# Let us SSH to midnight by name
28
+
echo "192.168.0.6 midnight" >> /etc/hosts
29
+
30
+
# Avoid missing user with UID 0 error on ssh...
31
+
echo "root:x:0:0:System administrator:/root:/run/current-system/sw/bin/bash" >> /etc/passwd
32
+
33
+
# Turn off SSH host key checking
34
+
echo "StrictHostKeyChecking no" >> /etc/ssh/ssh_config
35
+
echo "UserKnownHostsFile /dev/null" >> /etc/ssh/ssh_config
36
+
37
+
echo "Host midnight" >> /etc/ssh/ssh_config
38
+
echo " User remoteBuilds" >> /etc/ssh/ssh_config
39
+
echo " IdentityFile /tmp/key-ssh-remote-build" >> /etc/ssh/ssh_config
40
+
echo "Host tangled.org" >> /etc/ssh/ssh_config
41
+
echo " User git" >> /etc/ssh/ssh_config
42
+
echo " IdentityFile /tmp/key-ssh-release-push" >> /etc/ssh/ssh_config
43
+
44
+
echo "extra-experimental-features = nix-command" >> /etc/nix/nix.conf
45
+
echo "max-jobs = 0" >> /etc/nix/nix.conf
46
+
echo "builders = ssh-ng://remoteBuilds@midnight?ssh-key=/tmp/key-ssh-remote-build x86_64-linux" >> /etc/nix/nix.conf
47
+
- name: Evaluate all systems
48
+
command: |
49
+
set +e
50
+
set -o pipefail
51
+
52
+
mkdir -p /tmp/systems-drv-paths
53
+
54
+
systems=$(nix eval \
55
+
--expr 'builtins.concatStringsSep "\n" (builtins.attrNames (import ./packetmix/ci.nix).systems.nixos)' \
56
+
--impure \
57
+
--show-trace --raw)
58
+
59
+
for system in $systems; do
60
+
echo "Evaluating system $system"
61
+
62
+
eval_out=$(nix eval \
63
+
-f ./packetmix/ci.nix "systems.nixos.$system.result.config.system.build.toplevel.drvPath" \
64
+
--show-trace --raw \
65
+
2>&1 >"/tmp/systems-drv-paths/$system" | tee /dev/stderr)
66
+
eval_status=$?
67
+
68
+
if [ $eval_status -ne 0 ]; then
69
+
echo "Evaluating the system '$system' failed with exit code $eval_status"
70
+
echo "Please fix this and squash into your existing commits"
71
+
exit $eval_status
72
+
fi
73
+
74
+
eval_warns=$(echo "$eval_out" | grep "evaluation warning:" || true)
75
+
76
+
if [ -n "$eval_warns" ]; then
77
+
echo "There were some warnings while evaluating the system '$system':"
78
+
echo "$eval_warns"
79
+
echo "Please fix these and squash into your existing commits"
80
+
exit 1
81
+
fi
82
+
done
83
+
- name: Build all systems
84
+
command: |
85
+
set -e
86
+
87
+
for derivation_path in /tmp/systems-drv-paths/*; do
88
+
echo "Building system $(basename $derivation_path)"
89
+
90
+
nix-copy-closure \
91
+
--to 'midnight' \
92
+
"$(cat $derivation_path)"
93
+
nix build \
94
+
"$(cat $derivation_path)"'^*' \
95
+
--store 'ssh-ng://remoteBuilds@midnight?ssh-key=/tmp/key-ssh-remote-build' \
96
+
--eval-store auto \
97
+
--show-trace --print-out-paths
98
+
done
99
+
- name: Push to release
100
+
command: |
101
+
git remote set-url --push git@tangled.sh:freshlybakedca.ke/patisserie
102
+
git push origin HEAD:refs/heads/release