darkkirb/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests 2 Projects Releases Packages Wiki Activity Actions
nixos-config/.drone.yml

129 lines
6.6 KiB
YAML
Raw Blame History

---
kind: pipeline
type: docker
name: update-flake
steps:
- name: Update flake
image: nixos/nix
commands:
- echo "substituters = https://cache.nixos.org/ https://f000.backblazeb2.com/file/cache-chir-rs/" >> /etc/nix/nix.conf
- echo "trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg= hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" >> /etc/nix/nix.conf
- echo "experimental-features = nix-command flakes ca-derivations" >> /etc/nix/nix.conf
- |
for job in nixos-8gb-fsn1-1 nutty-noon thinkrac installer nas; do
nix show-derivation -r ".#hydraJobs.$job.x86_64-linux" > ../old-$job.json
done
nix flake update
for job in nixos-8gb-fsn1-1 nutty-noon thinkrac installer nas; do
nix show-derivation -r ".#hydraJobs.$job.x86_64-linux" > ../new-$job.json
nix-shell -p python3 --run "python scripts/diff-drvs.py ../old-$job.json ../new-$job.json" > ../report-$job.txt
cat ../report-$job.txt >> ../full-report.txt
done
if [ -s ../full-report.txt ]; then
echo "Automatic flake.lock update" > ../pr-message.txt
echo "" >> ../pr-message.txt
for job in nixos-8gb-fsn1-1 nutty-noon thinkrac installer nas; do
echo "## Changes for $job:" >> ../pr-message.txt
echo '```' >> ../pr-message.txt
cat ../report-$job.txt >> ../pr-message.txt
echo '```' >> ../pr-message.txt
done
else
touch ../pr-message.txt
fi
mv ../pr-message.txt .
- name: Push git
image: alpine:latest
commands:
- apk add git openssh git-lfs
- mkdir ~/.ssh
- echo "$SSH_KEY" > ~/.ssh/id_ed25519
- chmod 600 ~/.ssh/id_ed25519
- echo "git.chir.rs ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQ77jA9S5qXDFGPLZRsC++AtxiXXeF8gVbkLlglx0GQ" > ~/.ssh/known_hosts
- echo "git.chir.rs ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDY0pZzNTAqaVqqfC31gYFixFs5KySv0UqvlDEAzEXJMB/pBWkE5GAd5Ik1NxD4QiAVWc2UARdmJEBbYf8mk5JiAv6fjsodJdJVRau4Ax7FtIfbxdFyzBgFery/KUnNIr6cmAWU2Af8JhzrnpEbhe5U3LftYnkdE1lI+iVqaQRARp0qikdzoAl3uMUhbdTxp1/6rtfN6bP2XZCsUx3t3W5ZG1QTQz8l7nrbXZX1TT3pZ2vcUANcMtOxEAwO6lbL210GX63C8XEoE7+4lLxRrSiaq3SkVlG07VspozKEtrrcsqCRNLebiaapmNWVoEq9Wd9VGAEjja5efyU6/HUlRogAOo1WP73UwoQLv5LTFH+ECoHhKS14xfPeXeVG8dbYyh5+CnmiVe43dH1qZw+ceYuYel31f47cAgScbxFvNkct0spK9m9mivnoUmYcxwTc+VbFbmnJvSuZw3a+OEYn9biitP/tTkYFiLZVdPZTxDkvd1oOyuVH9d4RMXbVgNS92/lr2iKFZkyhWMJ61hFMc2tupwmkp5Us5ce42XA0zC/aVY3vYoih/c5Ib0eZF1AEJdB6Bt5dWqITVsB3mip3Jn/mqVBIPTGXT6+FnGSEuL68Dj2yKBD7kj8YO/1SWpkVMy+bfoLXY/usgcaLCxpUu8dDrdrcKExLigCVbi3rdRmg7w==" >> ~/.ssh/known_hosts
- git remote set-url origin gitea@git.chir.rs:darkkirb/nixos-config.git
- git config --global 'user.email' 'gitea-bot@chir.rs'
- git config --global 'user.name' 'Gitea Bot'
- git add flake.lock
- git commit -m "Update flake"
- git push --force origin main:update-flake
environment:
SSH_KEY:
from_secret: SSH_KEY
- name: Create pull request
image: alpine:latest
commands:
- mv pr-message.txt ..
- apk add jq curl
- |
echo '{ "assignee": "DarkKirb", "base": "main", "head": "update-flake", "title": "Update flake" }' | jq '.body = $body' --arg body "$(cat ../pr-message.txt)" | curl -XPOST 'https://git.chir.rs/api/v1/repos/DarkKirb/nixos-config/pulls' -H "Accept: application/json" -H "Content-Type: application/json" -H "Authorization: Bearer $AUTHORISATION" --data-binary @-
environment:
AUTHORISATION:
from_secret: GITEA_KEY
trigger:
event:
- cron
cron:
- updater
---
kind: pipeline
type: docker
name: hydra-deploy
steps:
- name: Wait for hydra job
image: alpine:latest
commands:
- apk add jq curl
- |
while true; do
if [[ $(curl https://git.chir.rs/api/v1/repos/darkkirb/nixos-config/commits/$DRONE_COMMIT/status | jq '[.statuses[] | select(.target_url | contains("https://hydra.chir.rs/"))] | length') != 0 ]]; then
exit 0
fi
sleep 5
done
- name: Wait for hydra jobs to finish
image: alpine:latest
commands:
- apk add jq curl
- |
while true; do
if [[ $(curl https://git.chir.rs/api/v1/repos/darkkirb/nixos-config/commits/$DRONE_COMMIT/status | jq '[.statuses[] | select(.target_url | contains("https://hydra.chir.rs/")) | select(.status == "pending") ] | length') == 0 ]]; then
exit 0
fi
sleep 5
done
- name: Deploy successful hydra jobs
image: alpine:latest
commands:
- apk add jq curl git openssh
- mkdir ~/.ssh
- echo "$SSH_KEY" > ~/.ssh/id_ed25519
- chmod 600 ~/.ssh/id_ed25519
- echo "git.chir.rs ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQ77jA9S5qXDFGPLZRsC++AtxiXXeF8gVbkLlglx0GQ" > ~/.ssh/known_hosts
- echo "git.chir.rs ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDY0pZzNTAqaVqqfC31gYFixFs5KySv0UqvlDEAzEXJMB/pBWkE5GAd5Ik1NxD4QiAVWc2UARdmJEBbYf8mk5JiAv6fjsodJdJVRau4Ax7FtIfbxdFyzBgFery/KUnNIr6cmAWU2Af8JhzrnpEbhe5U3LftYnkdE1lI+iVqaQRARp0qikdzoAl3uMUhbdTxp1/6rtfN6bP2XZCsUx3t3W5ZG1QTQz8l7nrbXZX1TT3pZ2vcUANcMtOxEAwO6lbL210GX63C8XEoE7+4lLxRrSiaq3SkVlG07VspozKEtrrcsqCRNLebiaapmNWVoEq9Wd9VGAEjja5efyU6/HUlRogAOo1WP73UwoQLv5LTFH+ECoHhKS14xfPeXeVG8dbYyh5+CnmiVe43dH1qZw+ceYuYel31f47cAgScbxFvNkct0spK9m9mivnoUmYcxwTc+VbFbmnJvSuZw3a+OEYn9biitP/tTkYFiLZVdPZTxDkvd1oOyuVH9d4RMXbVgNS92/lr2iKFZkyhWMJ61hFMc2tupwmkp5Us5ce42XA0zC/aVY3vYoih/c5Ib0eZF1AEJdB6Bt5dWqITVsB3mip3Jn/mqVBIPTGXT6+FnGSEuL68Dj2yKBD7kj8YO/1SWpkVMy+bfoLXY/usgcaLCxpUu8dDrdrcKExLigCVbi3rdRmg7w==" >> ~/.ssh/known_hosts
- git remote set-url origin gitea@git.chir.rs:darkkirb/nixos-config.git
- |
for build in $(curl https://git.chir.rs/api/v1/repos/darkkirb/nixos-config/commits/$DRONE_COMMIT/status | jq -r '.statuses[] | select(.target_url | contains("https://hydra.chir.rs/")) | select(.status == "success" ) | .target_url'); do
JOB_JSON=$(curl -H "Accept: application/json" $build)
PROJECT=$(echo "$JOB_JSON" | jq -r '.project')
JOBSET=$(echo "$JOB_JSON" | jq -r '.jobset' | sed 's/nixos-config-update/nixos-config/')
JOB=$(echo "$JOB_JSON" | jq -r '.job')
JOB_NAME="$PROJECT/$JOBSET/$JOB"
git branch $JOB_NAME || true
git checkout $JOB_NAME
git reset --hard $DRONE_COMMIT
git push --force -u origin $JOB_NAME
done
environment:
SSH_KEY:
from_secret: SSH_KEY
trigger:
event:
- push
branch:
- main
Reference in a new issue View git blame Copy permalink