Oleks
9d80f47625
attic-closure archetype: no parity-lib builder exists for attic pushes, so
wrap the existing per-arch package build in ci/publish.py (woodpecker-peek
pattern) and expose `nix run .#{stage,publish}-amd64` + `.#publish`.
Two-halves rule: STAGE nix-builds every package in the arch list into the
local store (emmett-buildable); PUBLISH additionally attic-pushes each
closure. Local runs DRY-RUN unless --push/PUBLISH=1; CI sets PUBLISH=1.
The .woodpecker/{amd64,arm64}.yaml now call the same ci/publish.py so CI
and local runs can't drift. arm64 stays node-bound (no emmett cross path),
so it has no local-parity app. ci/build.py becomes a forwarding shim.
42 lines
1.2 KiB
YAML
42 lines
1.2 KiB
YAML
# Build flake-hub packages for x86_64-linux and push to attic.
|
|
# Separate workflow per arch — sharing one PVC across arches makes
|
|
# the second pod permanently Unschedulable (PV node affinity binds
|
|
# to the first arch's node).
|
|
|
|
when:
|
|
- event: push
|
|
branch: main
|
|
|
|
clone:
|
|
- name: clone
|
|
image: woodpeckerci/plugin-git
|
|
environment:
|
|
CI_NETRC_MACHINE: git.oleks.space
|
|
CI_NETRC_USERNAME: oleks
|
|
CI_NETRC_PASSWORD:
|
|
from_secret: gitea_clone_token
|
|
PLUGIN_TAGS: "false"
|
|
PLUGIN_DEPTH: "1"
|
|
|
|
steps:
|
|
- name: build-amd64
|
|
image: git.oleks.space/oleks/nix-ci:latest
|
|
environment:
|
|
ATTIC_TOKEN:
|
|
from_secret: attic_token
|
|
GITEA_CLONE_TOKEN:
|
|
from_secret: gitea_clone_token
|
|
backend_options:
|
|
kubernetes:
|
|
nodeSelector:
|
|
kubernetes.io/arch: amd64
|
|
labels:
|
|
commit-tag: "${CI_COMMIT_TAG}"
|
|
commit-branch: "${CI_COMMIT_BRANCH}"
|
|
pipeline-number: "${CI_PIPELINE_NUMBER}"
|
|
commands:
|
|
- sh ci/setup.sh
|
|
# Same entrypoint as a local `nix run .#publish-amd64 -- --push`.
|
|
# PUBLISH=1 makes the shared script actually push (local runs dry-run).
|
|
- PUBLISH=1 python3 ci/publish.py x86_64-linux
|