Adds the attic-closure archetype builder (build closure + attic push, no registry artifact) so caddy/overlay-xonsh/flake-hub/woodpecker-peek share one implementation. Adds non-flake mode to pipeline-doctor so ci-script repos (gitea-mcp, helms) pass the gate. Self-check 9/9; gitea-mcp now passes.
This commit is contained in:
Oleks
@@ -7,6 +7,21 @@ semantic versioning; the version is a conceptual tag (no git tag is created).
|
||||
|
||||
## Unreleased
|
||||
|
||||
- **Feature: `mkAtticClosurePublish` — the attic-closure builder (cluster #198).**
|
||||
Models the archetype parity-lib was missing: build a Nix closure and push it to
|
||||
the Attic binary cache (NO registry artifact). Yields `stage-<arch>` (`nix build`
|
||||
the closure, no push), `publish-<arch>`/`publish` (build + `attic login` + `attic
|
||||
push`; dry-run by default, `--publish`/`PUBLISH=1` to push; token via `$ATTIC_TOKEN`
|
||||
or `pass`, never echoed), and `push-staged`. Lets caddy-with-replace (#104) drop its
|
||||
generic-publish over-reach and overlay-xonsh (#105) convert off N/A; flake-hub /
|
||||
woodpecker-peek can retire their bespoke attic wraps.
|
||||
- **`pipeline-doctor` non-flake mode (cluster #191/#193).** A repo with NO root
|
||||
`flake.nix` is now a VALID parity form if it ships the ci-script entrypoints
|
||||
(`ci/local.sh`, or `ci/build.sh` + `ci/publish.sh`) called by a thin
|
||||
`.woodpecker.yaml` — so the non-flake go-binary/helm references (gitea-mcp, helms)
|
||||
PASS the gate instead of failing for lacking a flake. The token-leak scan and the
|
||||
#191 no-`set -x`-in-token-scripts scan still run on their `ci/*.sh` in full.
|
||||
Verified: gitea-mcp now 9/9, parity-lib + numpy-s390x still 9/9.
|
||||
- **Feature: `verify-digest` for nix2container (cluster #195).** `mkNix2ContainerPublish`
|
||||
now also returns a `verify-digest` app that builds each locally-buildable arch
|
||||
image and prints its OCI **manifest digest** with NO registry contact (it
|
||||
|
||||
Reference in New Issue
Block a user