# SPDX-FileCopyrightText: 2020 Luke Granger-Brown # # SPDX-License-Identifier: Apache-2.0 { depot, lib, pkgs, ... }: let cfg = { stages = [ "build" "deploy" ]; nixCache = { stage = "build"; image = "nixos/nix:latest"; script = [ "nix run -f ./ third_party.nixpkgs.bash -c ./hack/populate_secrets.sh" "nix build -v -f ./ci-root.nix --substituters \"https://cache.nixos.org/ s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1\"" "nix copy -v --to 's3://lukegb-nix-cache?endpoint=storage.googleapis.com' ./result" "cat ./result/other-systemPathJSON > systems.json" ]; artifacts = { paths = [ "systems.json" ]; expire_in = "30 days"; }; tags = [ "cacher" ]; }; docker-push = { stage = "deploy"; # This requires a sizable amount of temporary disk, so we run it on cacher instead. tags = [ "cacher" ]; script = "./hack/dockerpush.sh"; }; } // (lib.mapAttrs deployStage deployMachs); deployMachs = lib.filterAttrs (name: cfg: cfg.config.my.deploy.enable) depot.ops.nixos.systemConfigs; deployStage = machName: mach: { stage = "deploy"; needs = [{ job = "nixCache"; artifacts = true; }]; tags = [ "deployer" ]; resource_group = machName; script = ''./hack/deploy.sh "${machName}" "${mach.config.my.deploy.args}"''; environment = { name = machName; }; }; format = pkgs.formats.yaml { }; configFile = format.generate ".gitlab-ci.yml" cfg; in configFile