Oleks
9d80f47625
attic-closure archetype: no parity-lib builder exists for attic pushes, so
wrap the existing per-arch package build in ci/publish.py (woodpecker-peek
pattern) and expose `nix run .#{stage,publish}-amd64` + `.#publish`.
Two-halves rule: STAGE nix-builds every package in the arch list into the
local store (emmett-buildable); PUBLISH additionally attic-pushes each
closure. Local runs DRY-RUN unless --push/PUBLISH=1; CI sets PUBLISH=1.
The .woodpecker/{amd64,arm64}.yaml now call the same ci/publish.py so CI
and local runs can't drift. arm64 stays node-bound (no emmett cross path),
so it has no local-parity app. ci/build.py becomes a forwarding shim.
42 lines
1.3 KiB
YAML
42 lines
1.3 KiB
YAML
# Build flake-hub packages for aarch64-linux and push to attic.
|
|
# Separate workflow per arch — see amd64.yaml for rationale.
|
|
|
|
when:
|
|
- event: push
|
|
branch: main
|
|
|
|
clone:
|
|
- name: clone
|
|
image: woodpeckerci/plugin-git
|
|
environment:
|
|
CI_NETRC_MACHINE: git.oleks.space
|
|
CI_NETRC_USERNAME: oleks
|
|
CI_NETRC_PASSWORD:
|
|
from_secret: gitea_clone_token
|
|
PLUGIN_TAGS: "false"
|
|
PLUGIN_DEPTH: "1"
|
|
|
|
steps:
|
|
- name: build-arm64
|
|
image: git.oleks.space/oleks/nix-ci:latest
|
|
environment:
|
|
ATTIC_TOKEN:
|
|
from_secret: attic_token
|
|
GITEA_CLONE_TOKEN:
|
|
from_secret: gitea_clone_token
|
|
backend_options:
|
|
kubernetes:
|
|
nodeSelector:
|
|
kubernetes.io/arch: arm64
|
|
labels:
|
|
commit-tag: "${CI_COMMIT_TAG}"
|
|
commit-branch: "${CI_COMMIT_BRANCH}"
|
|
pipeline-number: "${CI_PIPELINE_NUMBER}"
|
|
commands:
|
|
- sh ci/setup.sh
|
|
# NODE-BOUND LEG (emmett#44, cluster#192): aarch64-linux can't be built on
|
|
# emmett (linux/amd64) and these native packages have no cross path, so this
|
|
# leg has no local-parity flake app — it must run on an aarch64 node (the
|
|
# arch nodeSelector above). Same shared entrypoint as amd64, only arch differs.
|
|
- PUBLISH=1 python3 ci/publish.py aarch64-linux
|