Add Woodpecker CI for multi-arch builds

2026-03-13 01:36:40 +02:00
parent ae7905a5f5
commit e40a8c5c73
3 changed files with 96 additions and 0 deletions
@@ -0,0 +1,55 @@
+# Build flake-hub packages for all architectures and push to attic
+
+clone:
+  - name: clone
+    image: woodpeckerci/plugin-git
+    environment:
+      CI_NETRC_MACHINE: git.oleks.space
+      CI_NETRC_USERNAME: oleks
+      CI_NETRC_PASSWORD:
+        from_secret: gitea_clone_token
+
+when:
+  - event: push
+    branch: main
+
+# Build packages for each architecture in parallel
+steps:
+  - name: build-x86_64-linux
+    image: nixos/nix:latest
+    environment:
+      ATTIC_TOKEN:
+        from_secret: attic_token
+    backend_options:
+      kubernetes:
+        nodeSelector:
+          kubernetes.io/arch: amd64
+    commands:
+      - sh ci/setup.sh
+      - sh ci/build.sh x86_64-linux
+
+  - name: build-aarch64-linux
+    image: nixos/nix:latest
+    environment:
+      ATTIC_TOKEN:
+        from_secret: attic_token
+    backend_options:
+      kubernetes:
+        nodeSelector:
+          kubernetes.io/arch: arm64
+    commands:
+      - sh ci/setup.sh
+      - sh ci/build.sh aarch64-linux
+
+  - name: build-s390x-linux
+    image: nixos/nix:latest
+    environment:
+      ATTIC_TOKEN:
+        from_secret: attic_token
+    backend_options:
+      kubernetes:
+        nodeSelector:
+          kubernetes.io/arch: s390x
+    commands:
+      - sh ci/setup.sh
+      - sh ci/build.sh s390x-linux
@@ -0,0 +1,22 @@
+#!/bin/sh
+# Build all flake-hub packages and push to attic
+set -e
+
+ARCH="$1"
+ATTIC_CACHE="attic-infra-cache-k3s-1"
+ATTIC_SERVER="https://nix-cache-upload.oleks.space"
+
+echo "=== Building flake-hub packages for ${ARCH} ==="
+
+# Setup attic
+attic=$(nix build --inputs-from . nixpkgs#attic-client --print-out-paths --no-link)/bin/attic
+"${attic}" login ci "${ATTIC_SERVER}" "${ATTIC_TOKEN}"
+
+echo "Building packages..."
+nix build ".#packages.${ARCH}.hello-world" --print-build-logs
+"${attic}" push "${ATTIC_CACHE}" result
+
+nix build ".#packages.${ARCH}.xonsh" --print-build-logs
+"${attic}" push "${ATTIC_CACHE}" result
+
+echo "✅ Build completed for ${ARCH}"
@@ -0,0 +1,19 @@
+#!/bin/sh
+# Bootstrap nix environment for CI (runs inside nixos/nix:latest)
+set -e
+
+# Direct to armer public IP — bypass Cloudflare upload size limits
+# Hairpin NAT on armer handles redirect for pods running on armer itself
+echo "79.76.48.244 git.oleks.space nix-cache-upload.oleks.space" >>/etc/hosts
+
+cat >>/etc/nix/nix.conf <<'EOF'
+experimental-features = nix-command flakes
+trusted-substituters = https://nix-cache-mirror.oleks.space https://nix-cache-custom.oleks.space/attic-infra-cache-k3s-1
+substituters = https://nix-cache-mirror.oleks.space https://nix-cache-custom.oleks.space/attic-infra-cache-k3s-1
+trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc= cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E= nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA= attic-infra-cache-k3s-1:qYSNK3DmttQXCFqn1t50qoWGtQNPRFWq9mgQjD05DeU=
+EOF
+
+if [ -n "$GITEA_CLONE_TOKEN" ]; then
+	echo "machine git.oleks.space login oleks password $GITEA_CLONE_TOKEN" >~/.netrc
+	chmod 600 ~/.netrc
+fi