Compare commits
4 commits
90026d2734
...
aac9de0ae0
| Author | SHA1 | Date | |
|---|---|---|---|
| aac9de0ae0 | |||
| 5c88f24f8e | |||
| d7d88d4509 | |||
| 00421a0e44 |
2 changed files with 38 additions and 11 deletions
27
.github/workflows/ci.yml
vendored
27
.github/workflows/ci.yml
vendored
|
|
@ -25,11 +25,22 @@ jobs:
|
|||
attic use "$CACHE_REPOSITORY"
|
||||
- name: Run Builds and Checks
|
||||
run: nix-fast-build --no-nom --max-jobs 6 --skip-cached --attic-cache "$CACHE_REPOSITORY"
|
||||
- name: Deploy Docs
|
||||
if: success() && github.ref == 'refs/heads/main'
|
||||
run: |
|
||||
mkdir ~/.ssh/
|
||||
echo -e "Host lindberg-webapps.backplane.net.qo.is\n StrictHostKeyChecking no" >> ~/.ssh/config
|
||||
(umask 0077 && printf "%s\n" "${{ secrets.SSH_DEPLOY_KEY }}" > ~/.ssh/id_ed25519)
|
||||
deploy --skip-checks --remote-build .#lindberg-webapps.\"docs-ops.qo.is\"
|
||||
# Remote build is neccessary due to non-wheel nix users signing restrictions. However, the build should come from the cache anyway.
|
||||
deploy:
|
||||
needs: build
|
||||
if: success() && github.ref == 'refs/heads/54-deploy-vms-automatically'
|
||||
runs-on: nix
|
||||
env:
|
||||
SSH_DEPLOY_KEY: "${{ secrets.SSH_DEPLOY_KEY }}"
|
||||
strategy:
|
||||
matrix:
|
||||
profile:
|
||||
- docs-ops.qo.is
|
||||
- system-vm
|
||||
steps:
|
||||
- name: Initialize CI
|
||||
uses: https://git.qo.is/qo.is/actions-nix-init@main
|
||||
with:
|
||||
token: ${{ secrets.CI_TOKEN }}
|
||||
lfs: false
|
||||
- name: "Deploy profile"
|
||||
run: "auto-deploy ${{ matrix.profile }}"
|
||||
|
|
|
|||
|
|
@ -3,12 +3,28 @@
|
|||
#### Environment
|
||||
FLAKE_ROOT="$(git rev-parse --show-toplevel)"
|
||||
|
||||
export PROFILE="${1:-''}"
|
||||
export PROFILE="${1:-}"
|
||||
if [ -z "${PROFILE}" ]; then
|
||||
echo "🛑 Error: No deployment profile was specified as first parameter (e.g. \"${0} system-vm\")" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -z "${SSH_DEPLOY_KEY:-}" ]; then
|
||||
echo "ℹ️ Info: SSH_DEPLOY_KEY env variable was not set, ignoring."
|
||||
SSH_KEY_FILE_ARG=""
|
||||
else
|
||||
TEMP_KEY_FILE=$(mktemp /dev/shm/ssh_deploy_key.XXXXXXXX)
|
||||
touch "${TEMP_KEY_FILE}" && chmod 600 "${TEMP_KEY_FILE}"
|
||||
printf "%s\n" "${SSH_DEPLOY_KEY}" >"${TEMP_KEY_FILE}"
|
||||
SSH_KEY_FILE_ARG="-i ${TEMP_KEY_FILE}"
|
||||
|
||||
# Set up a trap to remove the temporary key file on script exit
|
||||
trap 'rm -f "${TEMP_KEY_FILE}"' EXIT
|
||||
trap 'rm -f "${TEMP_KEY_FILE}"' SIGINT
|
||||
trap 'rm -f "${TEMP_KEY_FILE}"' SIGTERM
|
||||
trap 'rm -f "${TEMP_KEY_FILE}"' SIGQUIT
|
||||
fi
|
||||
|
||||
HOSTS=$(nix eval --raw "${FLAKE_ROOT}"#deploy.nodes --apply "
|
||||
nodes: let
|
||||
inherit (builtins) attrNames filter concatStringsSep;
|
||||
|
|
@ -31,7 +47,7 @@ retry() {
|
|||
local -i attempt_num=1
|
||||
until "$@"; do
|
||||
if ((attempt_num == max_attempts)); then
|
||||
echo "⚠️ Warning: Attempt $attempt_num failed and there are no more attempts left!"
|
||||
echo "🛑 Error: Attempt $attempt_num failed and there are no more attempts left!" 1>&2
|
||||
return 1
|
||||
else
|
||||
echo "⚠️ Attempt $attempt_num failed! Trying again in $attempt_num seconds..."
|
||||
|
|
@ -44,6 +60,6 @@ retry() {
|
|||
for HOST in $HOSTS; do
|
||||
retry 3 deploy \
|
||||
--skip-checks \
|
||||
--ssh-opts "-o UserKnownHostsFile=${KNOWN_HOSTS_FILE}" \
|
||||
--ssh-opts "-o UserKnownHostsFile=${KNOWN_HOSTS_FILE} ${SSH_KEY_FILE_ARG:-''}" \
|
||||
--targets "${FLAKE_ROOT}#\"${HOST}\".\"${PROFILE}\""
|
||||
done
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue