oleks/angie-arm64
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
68f56637e97285b646c7499091e579e09714b60b
angie-arm64/.woodpecker.yaml
T
Oleks 68f56637e9
ci/woodpecker/push/woodpecker Pipeline was successful
Details
ci: add publish-arm64 flake app for local parity (emmett#44) 
Introduce a shared publish-arm64 flake app (archetype oci-image-skopeo)
that builds the arm64 docker-archive via Nix and skopeo-copies it to the
Gitea OCI registry as :<ver>-arm64, mirroring to :latest-arm64. Both
.woodpecker.yaml and `nix run .#publish-arm64` invoke the same app so CI
and local cannot drift.

- dry-run by default; PUBLISH=1 to actually push (safe to run locally)
- token via $REGISTRY_TOKEN, fallback pass infra/gitea/personal_access_token_packages_rw
- token never printed; no set -x on token-bearing paths
- rename CI secret env CI_REGISTRY_TOKEN -> REGISTRY_TOKEN
- thin .woodpecker.yaml: one PUBLISH=1 nix run line
- --help/--dry-run honored; meta.description set
2026-06-02 03:35:13 +03:00

51 lines
1.9 KiB
YAML
Raw Blame History

labels:
arch: arm64
clone:
- name: clone
image: woodpeckerci/plugin-git
environment:
CI_NETRC_MACHINE: git.oleks.space
CI_NETRC_USERNAME: oleks
CI_NETRC_PASSWORD:
from_secret: gitea_clone_token
PLUGIN_TAGS: "false"
PLUGIN_DEPTH: "1"
when:
- event: push
branch: [main, master]
- event: tag
ref: "refs/tags/v*"
steps:
- name: build-and-push
image: git.oleks.space/oleks/nix-ci:latest
environment:
GITEA_CLONE_TOKEN:
from_secret: gitea_clone_token
# Single token env var shared by CI + local parity (emmett#44).
REGISTRY_TOKEN:
from_secret: registry_token
backend_options:
kubernetes:
resources:
requests:
memory: 4Gi
commands:
# Bootstrap nix substituters and netrc — same as siblings in this repo.
- echo "79.76.48.244 git.oleks.space nix-cache-upload.oleks.space" >>/etc/hosts
- |
cat >>/etc/nix/nix.conf <<'EOF'
experimental-features = nix-command flakes
trusted-substituters = https://nix-cache-mirror.oleks.space https://nix-cache-custom.oleks.space/attic-infra-cache-k3s-1
substituters = https://nix-cache-mirror.oleks.space https://nix-cache-custom.oleks.space/attic-infra-cache-k3s-1
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= attic-infra-cache-k3s-1:qYSNK3DmttQXCFqn1t50qoWGtQNPRFWq9mgQjD05DeU=
EOF
- if [ -n "$GITEA_CLONE_TOKEN" ]; then echo "machine git.oleks.space login oleks password $GITEA_CLONE_TOKEN" >~/.netrc && chmod 600 ~/.netrc; fi
# Thin front door: CI and `nix run .#publish-arm64` on emmett run the
# exact same shared app (emmett#44, archetype oci-image-skopeo). The app
# is dry-run by default; PUBLISH=1 makes it actually push.
- PUBLISH=1 nix run .#publish-arm64
Reference in New Issue View Git Blame Copy Permalink