From c4008ecd66476c54ea92cff52e03f0b8bf4c6bbc Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Wed, 7 Aug 2024 19:39:22 -0500 Subject: [PATCH 1/3] reduce unused imports --- agents/fj-hetzner-aarch64.nix | 2 +- flake.nix | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/agents/fj-hetzner-aarch64.nix b/agents/fj-hetzner-aarch64.nix index 7be3787..466309d 100644 --- a/agents/fj-hetzner-aarch64.nix +++ b/agents/fj-hetzner-aarch64.nix @@ -1,4 +1,4 @@ -{ pkgs, config, lib, ... }: +{ pkgs, config, ... }: { imports = [ ../cachix.nix diff --git a/flake.nix b/flake.nix index 992edff..cab5f3c 100644 --- a/flake.nix +++ b/flake.nix @@ -108,7 +108,7 @@ # Cachix deploy for automated deployments packages.aarch64-linux.default = let - inherit (common "aarch64-linux") cachix-deploy-lib pkgs; + inherit (common "aarch64-linux") cachix-deploy-lib; in cachix-deploy-lib.nixos { # system = "aarch64-linux"; @@ -116,7 +116,7 @@ }; packages.x86_64-linux.default = let - inherit (common "x86_64-linux") cachix-deploy-lib pkgs; + inherit (common "x86_64-linux") cachix-deploy-lib; in cachix-deploy-lib.nixos { imports = x86_64-linux-modules; @@ -136,7 +136,7 @@ agents = { "fj-hetzner-aarch64-01" = let - inherit (common "aarch64-linux") cachix-deploy-lib pkgs; + inherit (common "aarch64-linux") cachix-deploy-lib; in cachix-deploy-lib.nixos { # system = "aarch64-linux"; @@ -153,7 +153,7 @@ agents = { "fj-shadowfax-01" = let - inherit (common "x86_64-linux") cachix-deploy-lib pkgs; + inherit (common "x86_64-linux") cachix-deploy-lib; in cachix-deploy-lib.nixos { imports = x86_64-linux-modules; -- 2.46.0 From f3ea81472abbb14bda79d6094c8234b53997220b Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Wed, 7 Aug 2024 19:40:21 -0500 Subject: [PATCH 2/3] packages already in system --- shell.nix | 21 ++------------------- 1 file changed, 2 insertions(+), 19 deletions(-) diff --git a/shell.nix b/shell.nix index 39ab879..0886006 100644 --- a/shell.nix +++ b/shell.nix @@ -1,32 +1,15 @@ # Shell for bootstrapping flake-enabled nix and home-manager -{ pkgs ? let - # If pkgs is not defined, instantiate nixpkgs from locked commit - lock = (builtins.fromJSON (builtins.readFile ./flake.lock)).nodes.nixpkgs.locked; - nixpkgs = fetchTarball { - url = "https://github.com/nixos/nixpkgs/archive/${lock.rev}.tar.gz"; - sha256 = lock.narHash; - }; - system = builtins.currentSystem; - overlays = [ ]; # Explicit blank overlay to avoid interference - in - import nixpkgs { inherit system overlays; } -, ... -}: -let -in +{ pkgs ? import {} }: pkgs.mkShell { # Enable experimental features without having to specify the argument NIX_CONFIG = "experimental-features = nix-command flakes"; nativeBuildInputs = with pkgs; [ - nix - home-manager git - nil - nixpkgs-fmt go-task sops pre-commit gitleaks + statix ]; } -- 2.46.0 From 8fbab9d869496097811ca29db20d4fe751a3359e Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Wed, 7 Aug 2024 20:09:36 -0500 Subject: [PATCH 3/3] PR --> Build --> Merge --> Deploy --- .forgejo/workflows/build.yaml | 13 +++------- .forgejo/workflows/deploy.yaml | 47 ++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+), 10 deletions(-) create mode 100644 .forgejo/workflows/deploy.yaml diff --git a/.forgejo/workflows/build.yaml b/.forgejo/workflows/build.yaml index faf0b24..2843873 100644 --- a/.forgejo/workflows/build.yaml +++ b/.forgejo/workflows/build.yaml @@ -1,6 +1,8 @@ -name: "Build" +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json +name: "Build on PR" on: pull_request: + types: [opened, synchronize] push: branches: ["main"] paths: @@ -30,11 +32,9 @@ jobs: if: ${{ !github.event.pull_request.head.repo.fork }} with: name: hsndev - # If you chose API tokens for write access OR if you have a private cache authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - name: Garbage collect build dependencies run: nix-collect-garbage - - name: Build new ${{ matrix.system }} system and push to cachix id: "build" shell: bash @@ -49,10 +49,3 @@ jobs: CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} run: | echo $DRVOUT | cachix push hsndev - - name: Deploy ${{ matrix.system }} runners - id: "deploy" - if: success() - env: - CACHIX_ACTIVATE_TOKEN: ${{ secrets.CACHIX_ACTIVATE_TOKEN }} - run: | - cachix deploy activate $DRVOUT \ No newline at end of file diff --git a/.forgejo/workflows/deploy.yaml b/.forgejo/workflows/deploy.yaml new file mode 100644 index 0000000..f2fde20 --- /dev/null +++ b/.forgejo/workflows/deploy.yaml @@ -0,0 +1,47 @@ +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json +name: "Deploy on PR Merge" +on: + pull_request: + types: [closed] + +jobs: + if_merged: + if: github.event.pull_request.merged == true + strategy: + matrix: + include: + - name: fj-hetzner-aarch64-01 + system: aarch64-linux + os: native-aarch64 + - name: fj-shadowfax-01 + system: x86_64-linux + os: native-x86_64 + runs-on: ${{ matrix.os }} + env: + PATH: ${{ format('{0}:{1}', '/run/current-system/sw/bin', env.PATH) }} + steps: + - name: Checkout repository + uses: https://github.com/actions/checkout@v4 + with: + fetch-depth: 0 + - uses: https://github.com/cachix/cachix-action@v15 + if: ${{ !github.event.pull_request.head.repo.fork }} + with: + name: hsndev + authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' + - name: Garbage collect build dependencies + run: nix-collect-garbage + - name: Build new ${{ matrix.system }} system and push to cachix + id: "build" + shell: bash + run: | + set -o pipefail + DRVOUT=$(nix build .#deploy-json.${{ matrix.system }} --print-out-paths) + echo "DRVOUT=$DRVOUT" >> $GITHUB_ENV + - name: Deploy ${{ matrix.system }} runners + id: "deploy" + if: success() + env: + CACHIX_ACTIVATE_TOKEN: ${{ secrets.CACHIX_ACTIVATE_TOKEN }} + run: | + cachix deploy activate $DRVOUT -- 2.46.0