Oleks
72 lines
2.8 KiB
YAML
72 lines
2.8 KiB
YAML
labels:
|
|
arch: arm64
|
|
|
|
clone:
|
|
- name: clone
|
|
image: woodpeckerci/plugin-git
|
|
environment:
|
|
CI_NETRC_MACHINE: git.oleks.space
|
|
CI_NETRC_USERNAME: oleks
|
|
CI_NETRC_PASSWORD:
|
|
from_secret: gitea_clone_token
|
|
PLUGIN_TAGS: "false"
|
|
PLUGIN_DEPTH: "1"
|
|
|
|
when:
|
|
- event: push
|
|
branch: [main, master]
|
|
- event: tag
|
|
ref: "refs/tags/v*"
|
|
|
|
steps:
|
|
- name: build-and-push
|
|
image: git.oleks.space/oleks/nix-ci:latest
|
|
environment:
|
|
GITEA_CLONE_TOKEN:
|
|
from_secret: gitea_clone_token
|
|
CI_REGISTRY_TOKEN:
|
|
from_secret: registry_token
|
|
backend_options:
|
|
kubernetes:
|
|
resources:
|
|
requests:
|
|
memory: 4Gi
|
|
commands:
|
|
# Bootstrap nix substituters and netrc — same as siblings in this repo.
|
|
- echo "79.76.48.244 git.oleks.space nix-cache-upload.oleks.space" >>/etc/hosts
|
|
- |
|
|
cat >>/etc/nix/nix.conf <<'EOF'
|
|
experimental-features = nix-command flakes
|
|
trusted-substituters = https://nix-cache-mirror.oleks.space https://nix-cache-custom.oleks.space/attic-infra-cache-k3s-1
|
|
substituters = https://nix-cache-mirror.oleks.space https://nix-cache-custom.oleks.space/attic-infra-cache-k3s-1
|
|
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= attic-infra-cache-k3s-1:qYSNK3DmttQXCFqn1t50qoWGtQNPRFWq9mgQjD05DeU=
|
|
EOF
|
|
- if [ -n "$GITEA_CLONE_TOKEN" ]; then echo "machine git.oleks.space login oleks password $GITEA_CLONE_TOKEN" >~/.netrc && chmod 600 ~/.netrc; fi
|
|
|
|
# Resolve the upstream Angie version and build the image stream script.
|
|
- VERSION="$(nix eval --raw .#angieVersion)"
|
|
- echo "Building angie $VERSION"
|
|
- STREAM="$(nix build .#default --print-out-paths --no-link)"
|
|
|
|
# skopeo writes intermediate files under /var/tmp by default; the
|
|
# nix-ci image doesn't seed that path, so point it at $HOME/tmp.
|
|
- mkdir -p "$HOME/tmp"
|
|
- export TMPDIR="$HOME/tmp"
|
|
|
|
# Auth + push to Gitea OCI registry under both <ver>-arm64 and latest-arm64.
|
|
- mkdir -p ~/.config/containers
|
|
- |
|
|
printf '{"auths":{"git.oleks.space":{"auth":"%s"}}}\n' \
|
|
"$(printf 'oleks:%s' "$CI_REGISTRY_TOKEN" | base64 -w0)" \
|
|
> ~/.config/containers/auth.json
|
|
- |
|
|
nix run nixpkgs#skopeo -- copy --insecure-policy \
|
|
--authfile ~/.config/containers/auth.json \
|
|
docker-archive:<("$STREAM") \
|
|
docker://git.oleks.space/oleks/angie:$VERSION-arm64
|
|
- |
|
|
nix run nixpkgs#skopeo -- copy --insecure-policy \
|
|
--authfile ~/.config/containers/auth.json \
|
|
docker://git.oleks.space/oleks/angie:$VERSION-arm64 \
|
|
docker://git.oleks.space/oleks/angie:latest-arm64
|