nix-infra/.gitlab-ci.yml

default:
  image: nixos/nix:2.16.1

stages:
  - update_flake_lock
  - apply
  - commit_flake

update_flake_lock:
  stage: update_flake_lock
  rules:
    - if: $RUN_JOB == "update_flake_lock"
  script:
    - nix flake update --extra-experimental-features nix-command --extra-experimental-features flakes
  artifacts:
    paths:
      - ./flake.lock

apply:
  stage: apply
  rules:
    - if: $RUN_JOB == "deploy"
  script:
    - nix-env --install colmena
    - eval $(ssh-agent -s)
    - chmod 600 "$SSH_PRIVATE_KEY"
    - ssh-add "$SSH_PRIVATE_KEY"
    - git clone https://oauth2:${ACCESS_TOKEN_KNOWN_HOSTS}@git.grzb.de/yuri/known_hosts.git /root/.ssh
    - colmena build
    - colmena apply --no-keys
  artifacts:
    paths:
      - ./flake.lock

commit_flake:
  stage: commit_flake
  rules:
    - if: $RUN_JOB == "update_flake_lock"
  variables:
    GIT_AUTHOR_EMAIL: $GIT_AUTHOR_EMAIL
    GIT_AUTHOR_NAME: $GIT_AUTHOR_NAME
    GIT_COMMITTER_EMAIL: $GIT_COMMITTER_EMAIL
    GIT_COMMITTER_NAME: $GIT_COMMITTER_NAME
    ACCESS_TOKEN: $ACCESS_TOKEN
  script:
    - git commit -m "Update flake.lock file" -m "Triggered by scheduled pipeline $CI_PIPELINE_ID at $CI_PIPELINE_CREATED_AT." || failure_code=$?
    - if [ "$failure_code" == "" ]; then git push https://gitlab-runner-server:${ACCESS_TOKEN}@${CI_SERVER_HOST}/yuri/nix-infra.git HEAD:$CI_COMMIT_BRANCH; fi
Add .gitlab-ci.yml 2023-07-11 11:34:08 +02:00			`default:`
			`image: nixos/nix:2.16.1`

			`stages:`
			`- update_flake_lock`
			`- apply`
			`- commit_flake`

			`update_flake_lock:`
			`stage: update_flake_lock`
Only run pipeline when specific RUN_JOB variable value is set 2023-08-07 22:24:43 +02:00			`rules:`
			`- if: $RUN_JOB == "update_flake_lock"`
Add .gitlab-ci.yml 2023-07-11 11:34:08 +02:00			`script:`
			`- nix flake update --extra-experimental-features nix-command --extra-experimental-features flakes`
Add commit flake stage 2023-07-13 21:42:08 +02:00			`artifacts:`
			`paths:`
			`- ./flake.lock`
Add .gitlab-ci.yml 2023-07-11 11:34:08 +02:00
			`apply:`
			`stage: apply`
Only run pipeline when specific RUN_JOB variable value is set 2023-08-07 22:24:43 +02:00			`rules:`
			`- if: $RUN_JOB == "deploy"`
Add .gitlab-ci.yml 2023-07-11 11:34:08 +02:00			`script:`
			`- nix-env --install colmena`
Add colmena apply stage 2023-07-13 20:56:30 +02:00			`- eval $(ssh-agent -s)`
			`- chmod 600 "$SSH_PRIVATE_KEY"`
			`- ssh-add "$SSH_PRIVATE_KEY"`
			`- git clone https://oauth2:${ACCESS_TOKEN_KNOWN_HOSTS}@git.grzb.de/yuri/known_hosts.git /root/.ssh`
Add commit flake stage 2023-07-13 21:42:08 +02:00			`- colmena build`
miau 2023-07-13 00:28:22 +02:00			`- colmena apply --no-keys`
Add commit flake stage 2023-07-13 21:42:08 +02:00			`artifacts:`
			`paths:`
			`- ./flake.lock`
Add .gitlab-ci.yml 2023-07-11 11:34:08 +02:00
			`commit_flake:`
			`stage: commit_flake`
Only run pipeline when specific RUN_JOB variable value is set 2023-08-07 22:24:43 +02:00			`rules:`
			`- if: $RUN_JOB == "update_flake_lock"`
Add colmena apply stage 2023-07-13 20:56:30 +02:00			`variables:`
			`GIT_AUTHOR_EMAIL: $GIT_AUTHOR_EMAIL`
			`GIT_AUTHOR_NAME: $GIT_AUTHOR_NAME`
			`GIT_COMMITTER_EMAIL: $GIT_COMMITTER_EMAIL`
			`GIT_COMMITTER_NAME: $GIT_COMMITTER_NAME`
			`ACCESS_TOKEN: $ACCESS_TOKEN`
Add .gitlab-ci.yml 2023-07-11 11:34:08 +02:00			`script:`
Add commit flake stage 2023-07-13 21:42:08 +02:00			`- git commit -m "Update flake.lock file" -m "Triggered by scheduled pipeline $CI_PIPELINE_ID at $CI_PIPELINE_CREATED_AT." \|\| failure_code=$?`
			`- if [ "$failure_code" == "" ]; then git push https://gitlab-runner-server:${ACCESS_TOKEN}@${CI_SERVER_HOST}/yuri/nix-infra.git HEAD:$CI_COMMIT_BRANCH; fi`