Oleks
34 lines
1.2 KiB
YAML
34 lines
1.2 KiB
YAML
labels:
|
|
arch: amd64
|
|
|
|
when:
|
|
- event: tag
|
|
ref: "refs/tags/v*"
|
|
|
|
# Local-pipeline parity (cluster #192, emmett#44). The flake apps ARE the shared
|
|
# code: this same `nix run .#publish` is what a developer runs on emmett. The
|
|
# pure-stdlib bridge.py + a stock CPython closure are fully Nix-expressible, so
|
|
# both arches build from this single amd64 runner (amd64 native + arm64
|
|
# pkgsCross) — no Dockerfile, no buildkit, no remote builder, no howard pin.
|
|
# nix2container copy-to (skopeo) pushes each arch; regctl assembles the index.
|
|
# The app DRY-RUNS by default; CI opts in with PUBLISH=1. :latest is a digest
|
|
# copy of :TAG made last and guarded off for dev tags.
|
|
steps:
|
|
- name: publish
|
|
image: git.oleks.space/oleks/nix-ci:latest
|
|
environment:
|
|
# One token env var everywhere; the app reads it (never interpolated).
|
|
REGISTRY_TOKEN:
|
|
from_secret: registry_token
|
|
commands:
|
|
- echo "▸ arch=$(uname -m)"
|
|
- nixos-ci-entrypoint bash -c "set -e; PUBLISH=1 nix run .#publish"
|
|
backend_options:
|
|
kubernetes:
|
|
nodeSelector:
|
|
kubernetes.io/arch: amd64
|
|
labels:
|
|
commit-tag: "${CI_COMMIT_TAG}"
|
|
commit-branch: "${CI_COMMIT_BRANCH}"
|
|
pipeline-number: "${CI_PIPELINE_NUMBER}"
|