pipeline: clone2: image: nixery.dev/shell/gitfull commands: - cd .. - rm -rf $CI_REPO_NAME - git clone https://git.chir.rs/$CI_REPO_OWNER/$CI_REPO_NAME - cd $CI_REPO_NAME when: - event: cron - event: manual update-${PACKAGE}: image: nixos/nix commands: - mkdir -p /etc/nix - | cat > /etc/nix/nix.conf << EOF # WARNING: this file is generated from the nix.* options in # your NixOS configuration, typically # /etc/nixos/configuration.nix. Do not edit it! build-users-group = nixbld allowed-users = * auto-optimise-store = true builders-use-substitutes = true require-sigs = true sandbox = false substituters = https://hydra.int.chir.rs/ https://cache.nixos.org/ system-features = big-parallel benchmark ca-derivations trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg= hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs= chir-rs:AnwyFacopHSkprD6aXY4/R3J9JYzTbV2rosJCBPaB28= trusted-substituters = trusted-users = @wheel experimental-features = nix-command flakes ca-derivations EOF - mkdir -p /tmp2 - chmod 1777 /tmp2 - export TMPDIR=/tmp2 - yes '' | nix-shell ./scripts/update.nix --argstr path ${PACKAGE} when: - event: cron - event: manual format: image: nixery.dev/shell/alejandra commands: - alejandra . when: - event: cron - event: manual git-push: image: nixery.dev/shell/openssh/gitfull/git-lfs/gnupg/shadow commands: - groupadd -g 0 root - useradd -u 0 -g root -d $HOME root - mkdir -p ~/.ssh - echo "$SSH_KEY" > ~/.ssh/id_ed25519 - chmod 600 ~/.ssh/id_ed25519 - echo "git.chir.rs ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQ77jA9S5qXDFGPLZRsC++AtxiXXeF8gVbkLlglx0GQ" > ~/.ssh/known_hosts - echo "git.chir.rs ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDY0pZzNTAqaVqqfC31gYFixFs5KySv0UqvlDEAzEXJMB/pBWkE5GAd5Ik1NxD4QiAVWc2UARdmJEBbYf8mk5JiAv6fjsodJdJVRau4Ax7FtIfbxdFyzBgFery/KUnNIr6cmAWU2Af8JhzrnpEbhe5U3LftYnkdE1lI+iVqaQRARp0qikdzoAl3uMUhbdTxp1/6rtfN6bP2XZCsUx3t3W5ZG1QTQz8l7nrbXZX1TT3pZ2vcUANcMtOxEAwO6lbL210GX63C8XEoE7+4lLxRrSiaq3SkVlG07VspozKEtrrcsqCRNLebiaapmNWVoEq9Wd9VGAEjja5efyU6/HUlRogAOo1WP73UwoQLv5LTFH+ECoHhKS14xfPeXeVG8dbYyh5+CnmiVe43dH1qZw+ceYuYel31f47cAgScbxFvNkct0spK9m9mivnoUmYcxwTc+VbFbmnJvSuZw3a+OEYn9biitP/tTkYFiLZVdPZTxDkvd1oOyuVH9d4RMXbVgNS92/lr2iKFZkyhWMJ61hFMc2tupwmkp5Us5ce42XA0zC/aVY3vYoih/c5Ib0eZF1AEJdB6Bt5dWqITVsB3mip3Jn/mqVBIPTGXT6+FnGSEuL68Dj2yKBD7kj8YO/1SWpkVMy+bfoLXY/usgcaLCxpUu8dDrdrcKExLigCVbi3rdRmg7w==" >> ~/.ssh/known_hosts - git remote set-url origin gitea@git.chir.rs:$CI_REPO_OWNER/$CI_REPO_NAME.git - git config --global 'user.email' 'gitea-bot@chir.rs' - git config --global 'user.name' 'Gitea Bot' - echo "$GPG_KEY" | gpg --import - git config --global "user.signingKey" "0x417A4BCCAB696E24" - git config --global "commit.gpgSign" "true" - git add . - git commit -am "Update ${PACKAGE}" - git push --force origin main:update-${PACKAGE} secrets: - gpg_key - ssh_key when: - event: cron - event: manual gitea-pr: image: nixery.dev/shell/curl commands: - | echo '{ "assignee": "darkkirb", "base": "main", "head": "update-${PACKAGE}", "title": "Update ${PACKAGE}", "body": "" }' | curl -X POST -H "Authorization: token $GITEA_TOKEN" -H "Content-Type: application/json" --data-binary @- "https://git.chir.rs/api/v1/repos/$CI_REPO_OWNER/$CI_REPO_NAME/pulls" secrets: - gitea_token when: - event: cron - event: manual matrix: PACKAGE: - akkoma - pleroma-fe - admin-fe - emoji-volpeon-blobfox - emoji-volpeon-bunhd - emoji-volpeon-drgn - emoji-volpeon-fox - emoji-volpeon-gphn - emoji-volpeon-raccoon - emoji-volpeon-vlpn - emoji-caro - lotte-art - nasin-nanpa - matrix-media-repo - mautrix-discord - mautrix-whatsapp - mautrix-signal - mautrix-telegram - python-mautrix - python-tulir-telethon - papermc - python-plover-stroke - python-rtf-tokenize - plover - plover-plugins-manager - python-simplefuzzyset - plover-plugin-emoji - plover-plugin-tapey-tape - plover-plugin-yaml-dictionary - plover-plugin-machine-hid - plover-plugin-rkb1-hid - plover-dict-didoesdigital - miifox-net - python-instagram - element-web - woodpecker-server - wordpress-plugins skip_clone: true