Oleks
b797aefb28
Replace the bespoke ci/publish.py attic-push logic with parity-lib's
mkAtticClosurePublish builder (attic-closure archetype, cluster#104,
emmett#44). Adds the parity input (locked at d265a79) and wires the
per-arch package closures through builders.mkAtticClosurePublish, with
the endpoint (nix-cache-upload.oleks.space) and passEntry
(infra/attic/ci_token) overridden so the attic push is byte-for-byte the
pre-parity behaviour.
.woodpecker/{amd64,arm64}.yaml thinned to PUBLISH=1 nix run .#publish /
.#publish-aarch64-linux so CI and a local run share one audited impl.
Dead ci/publish.py + ci/build.py removed.
pipeline-doctor: 9 passed / 0 failed / 0 warned.
45 lines
1.3 KiB
YAML
45 lines
1.3 KiB
YAML
# Build flake-hub packages for x86_64-linux and push to attic.
|
|
# Separate workflow per arch — sharing one PVC across arches makes
|
|
# the second pod permanently Unschedulable (PV node affinity binds
|
|
# to the first arch's node).
|
|
|
|
when:
|
|
- event: push
|
|
branch: main
|
|
|
|
clone:
|
|
- name: clone
|
|
image: woodpeckerci/plugin-git
|
|
environment:
|
|
CI_NETRC_MACHINE: git.oleks.space
|
|
CI_NETRC_USERNAME: oleks
|
|
CI_NETRC_PASSWORD:
|
|
from_secret: gitea_clone_token
|
|
PLUGIN_TAGS: "false"
|
|
PLUGIN_DEPTH: "1"
|
|
|
|
steps:
|
|
- name: build-amd64
|
|
image: git.oleks.space/oleks/nix-ci:latest
|
|
environment:
|
|
ATTIC_TOKEN:
|
|
from_secret: attic_token
|
|
GITEA_CLONE_TOKEN:
|
|
from_secret: gitea_clone_token
|
|
backend_options:
|
|
kubernetes:
|
|
nodeSelector:
|
|
kubernetes.io/arch: amd64
|
|
labels:
|
|
commit-tag: "${CI_COMMIT_TAG}"
|
|
commit-branch: "${CI_COMMIT_BRANCH}"
|
|
pipeline-number: "${CI_PIPELINE_NUMBER}"
|
|
commands:
|
|
- echo "▸ arch=$(uname -m)"
|
|
- sh ci/setup.sh
|
|
# Same front door as a local `nix run .#publish -- --publish`. The app
|
|
# is parity-lib's mkAtticClosurePublish (attic-closure archetype); CI and
|
|
# local share one audited impl. PUBLISH=1 makes it actually push (local
|
|
# runs dry-run).
|
|
- PUBLISH=1 nix run .#publish
|