upload to attic

This commit is contained in:
Charlotte 🦝 Delenk 2023-01-16 17:53:11 +01:00
parent b586447af0
commit 88c43bd999
Signed by: darkkirb
GPG key ID: AB2BD8DAF2E37122
3 changed files with 14 additions and 4 deletions

View file

@ -28,22 +28,26 @@ jobs:
nix_path: nixpkgs=channel:nixos-unstable nix_path: nixpkgs=channel:nixos-unstable
extra_nix_config: | extra_nix_config: |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg= hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs= trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg= hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs= cache:6tx18bfuH66LOfrn37EmN2YxwNZI3qNk3lKHoz/XlXI=
experimental-features = nix-command flakes ca-derivations experimental-features = nix-command flakes ca-derivations
post-build-hook = ${{ github.workspace }}/scripts/post-build-hook post-build-hook = ${{ github.workspace }}/scripts/post-build-hook
substituters = https://cache.chir.rs/ https://cache.nixos.org/ substituters = https://cache.chir.rs/ https://cache.nixos.org/ https://attic.chir.rs/cache
extra-platforms = armv7l-linux aarch64-linux powerpc-linux powerpc64-linux powerpc64le-linux riscv32-linux riscv64-linux wasm32-wasi i686-linux extra-platforms = armv7l-linux aarch64-linux powerpc-linux powerpc64-linux powerpc64le-linux riscv32-linux riscv64-linux wasm32-wasi i686-linux
sandbox = false sandbox = false
- name: Download patched nix - name: Download patched nix
run: nix build github:DarkKirb/nix-packages#nix-s3-dedup run: nix build github:DarkKirb/nix-packages#nix-s3-dedup
- name: Download attic
run: nix build github:DarkKirb/nix-packages#attic-client
- name: Set up secrets - name: Set up secrets
run: | run: |
echo "$NIX_CACHE_KEY" > ~/cache.key echo "$NIX_CACHE_KEY" > ~/cache.key
sudo mkdir /root/.aws sudo mkdir /root/.aws
echo "$AWS_CREDENTIALS" | sudo tee /root/.aws/credentials > /dev/null echo "$AWS_CREDENTIALS" | sudo tee /root/.aws/credentials > /dev/null
nix run github:DarkKirb/nix-packages#attic-client -- login attic-server https://attic.chir.rs/ "$ATTIC_TOKEN"
env: env:
NIX_CACHE_KEY: ${{secrets.NIX_CACHE_KEY}} NIX_CACHE_KEY: ${{secrets.NIX_CACHE_KEY}}
AWS_CREDENTIALS: ${{secrets.AWS_CREDENTIALS}} AWS_CREDENTIALS: ${{secrets.AWS_CREDENTIALS}}
ATTIC_TOKEN: ${{secrets.ATTIC_TOKEN}}
- name: Build ${{ inputs.job }} - name: Build ${{ inputs.job }}
run: | run: |
DRV_PATH=$(nix-instantiate -E '(import ./.).${{ inputs.job }}') DRV_PATH=$(nix-instantiate -E '(import ./.).${{ inputs.job }}')

View file

@ -13,20 +13,24 @@ jobs:
with: with:
extra_nix_config: | extra_nix_config: |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg= hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs= trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg= hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs= cache:6tx18bfuH66LOfrn37EmN2YxwNZI3qNk3lKHoz/XlXI=
experimental-features = nix-command flakes ca-derivations experimental-features = nix-command flakes ca-derivations
post-build-hook = ${{ github.workspace }}/scripts/post-build-hook post-build-hook = ${{ github.workspace }}/scripts/post-build-hook
substituters = https://cache.chir.rs/ https://cache.nixos.org/ substituters = https://cache.chir.rs/ https://cache.nixos.org/ https://attic.chir.rs/cache
- name: Download patched nix - name: Download patched nix
run: nix build github:DarkKirb/nix-packages#nix-s3-dedup run: nix build github:DarkKirb/nix-packages#nix-s3-dedup
- name: Download attic
run: nix build github:DarkKirb/nix-packages#attic-client
- name: Set up secrets - name: Set up secrets
run: | run: |
echo "$NIX_CACHE_KEY" > ~/cache.key echo "$NIX_CACHE_KEY" > ~/cache.key
sudo mkdir /root/.aws sudo mkdir /root/.aws
echo "$AWS_CREDENTIALS" | sudo tee /root/.aws/credentials > /dev/null echo "$AWS_CREDENTIALS" | sudo tee /root/.aws/credentials > /dev/null
nix run github:DarkKirb/nix-packages#attic-client -- login attic-server https://attic.chir.rs/ "$ATTIC_TOKEN"
env: env:
NIX_CACHE_KEY: ${{secrets.NIX_CACHE_KEY}} NIX_CACHE_KEY: ${{secrets.NIX_CACHE_KEY}}
AWS_CREDENTIALS: ${{secrets.AWS_CREDENTIALS}} AWS_CREDENTIALS: ${{secrets.AWS_CREDENTIALS}}
ATTIC_TOKEN: ${{secrets.ATTIC_TOKEN}}
- run: | - run: |
for job in nixos-8gb-fsn1-1.x86_64-linux nutty-noon.x86_64-linux thinkrac.x86_64-linux nas.x86_64-linux instance-20221213-1915.aarch64-linux; do for job in nixos-8gb-fsn1-1.x86_64-linux nutty-noon.x86_64-linux thinkrac.x86_64-linux nas.x86_64-linux instance-20221213-1915.aarch64-linux; do

View file

@ -1,5 +1,7 @@
#!/bin/sh #!/bin/sh
set -euf set -euf
export IFS=' ' export IFS=' '
export XDG_CONFIG_HOME=/home/runner/.config
/nix/var/nix/profiles/default/bin/nix store sign --key-file /home/runner/cache.key $DRV_PATH /nix/var/nix/profiles/default/bin/nix store sign --key-file /home/runner/cache.key $DRV_PATH
/nix/var/nix/profiles/default/bin/nix run 'github:DarkKirb/nix-packages#nix-s3-dedup' -- copy --to 's3://cache-chir-rs?scheme=https&endpoint=s3.us-west-000.backblazeb2.com&secret-key=/home/runner/cache.key&multipart-upload=true&compression=zstd&compression-level=15' $DRV_PATH /nix/var/nix/profiles/default/bin/nix run 'github:DarkKirb/nix-packages#nix-s3-dedup' -- copy --to 's3://cache-chir-rs?scheme=https&endpoint=s3.us-west-000.backblazeb2.com&secret-key=/home/runner/cache.key&multipart-upload=true&compression=zstd&compression-level=15' $DRV_PATH
/nix/var/nix/profiles/default/bin/nix run 'github:DarkKirb/nix-packages#attic-client' -- push cache $OUT_PATHS