oleks/alertmanager-gotify-bridge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
71ec9709a860454ceef46f888d7841bf7b845cb7
alertmanager-gotify-bridge/.woodpecker.yaml
T
Oleks 71ec9709a8 ci: convert OCI pipeline to parity-lib nix2container builder 
The payload (pure-stdlib bridge.py + a stock CPython closure) is fully
Nix-expressible, so this is NOT an escape-hatch/buildkit repo: both arches
build on emmett (amd64 native + arm64 pkgsCross of stock python3 from the
binary cache) with no buildkit, qemu, docker daemon, or howard pin.

Replace the partial amd64-only scaffold with parity-lib's
mkNix2ContainerPublish, completing the arm64 leg + multi-arch index. The
per-arch nix2container image derivations are kept verbatim; stage/publish/
publish-index/publish/push-staged now come from the shared builder so CI and
local invoke identical code. Thin .woodpecker.yaml to a single
nix run .#publish; retire the buildx/remote-builder steps.

The Dockerfile is now unused (the cutover drops it) but kept in-tree so the
server-side hadolint pre-receive hook does not crash on a file deletion.

Refs cluster #192, emmett#44.
2026-06-02 09:26:57 +03:00

33 lines
1.2 KiB
YAML
Raw Blame History

labels:
arch: amd64
when:
- event: tag
ref: "refs/tags/v*"
# Local-pipeline parity (cluster #192, emmett#44). The flake apps ARE the shared
# code: this same `nix run .#publish` is what a developer runs on emmett. The
# pure-stdlib bridge.py + a stock CPython closure are fully Nix-expressible, so
# both arches build from this single amd64 runner (amd64 native + arm64
# pkgsCross) — no Dockerfile, no buildkit, no remote builder, no howard pin.
# nix2container copy-to (skopeo) pushes each arch; regctl assembles the index.
# The app DRY-RUNS by default; CI opts in with PUBLISH=1. :latest is a digest
# copy of :TAG made last and guarded off for dev tags.
steps:
- name: publish
image: git.oleks.space/oleks/nix-ci:latest
environment:
# One token env var everywhere; the app reads it (never interpolated).
REGISTRY_TOKEN:
from_secret: registry_token
commands:
- nixos-ci-entrypoint bash -c "set -e; PUBLISH=1 nix run .#publish"
backend_options:
kubernetes:
nodeSelector:
kubernetes.io/arch: amd64
labels:
commit-tag: "${CI_COMMIT_TAG}"
commit-branch: "${CI_COMMIT_BRANCH}"
pipeline-number: "${CI_PIPELINE_NUMBER}"
Reference in New Issue View Git Blame Copy Permalink