47 lines
1.3 KiB
YAML
47 lines
1.3 KiB
YAML
default:
|
|
image: nixos/nix:2.16.1
|
|
|
|
stages:
|
|
- update_flake_lock
|
|
- apply
|
|
- commit_flake
|
|
|
|
update_flake_lock:
|
|
stage: update_flake_lock
|
|
rules:
|
|
- if: $RUN_JOB == "update_flake_lock"
|
|
script:
|
|
- nix flake update --extra-experimental-features nix-command --extra-experimental-features flakes
|
|
artifacts:
|
|
paths:
|
|
- ./flake.lock
|
|
|
|
apply:
|
|
stage: apply
|
|
rules:
|
|
- if: $RUN_JOB == "deploy"
|
|
script:
|
|
- nix-env --install colmena
|
|
- eval $(ssh-agent -s)
|
|
- chmod 600 "$SSH_PRIVATE_KEY"
|
|
- ssh-add "$SSH_PRIVATE_KEY"
|
|
- git clone https://oauth2:${ACCESS_TOKEN_KNOWN_HOSTS}@git.grzb.de/yuri/known_hosts.git /root/.ssh
|
|
- colmena build
|
|
- colmena apply --no-keys
|
|
artifacts:
|
|
paths:
|
|
- ./flake.lock
|
|
|
|
commit_flake:
|
|
stage: commit_flake
|
|
rules:
|
|
- if: $RUN_JOB == "update_flake_lock"
|
|
variables:
|
|
GIT_AUTHOR_EMAIL: $GIT_AUTHOR_EMAIL
|
|
GIT_AUTHOR_NAME: $GIT_AUTHOR_NAME
|
|
GIT_COMMITTER_EMAIL: $GIT_COMMITTER_EMAIL
|
|
GIT_COMMITTER_NAME: $GIT_COMMITTER_NAME
|
|
ACCESS_TOKEN: $ACCESS_TOKEN
|
|
script:
|
|
- git commit -m "Update flake.lock file" -m "Triggered by scheduled pipeline $CI_PIPELINE_ID at $CI_PIPELINE_CREATED_AT." || failure_code=$?
|
|
- if [ "$failure_code" == "" ]; then git push https://gitlab-runner-server:${ACCESS_TOKEN}@${CI_SERVER_HOST}/yuri/nix-infra.git HEAD:$CI_COMMIT_BRANCH; fi
|