depot/nix/gitlab-ci/default.nix

88 lines
3.1 KiB
Nix

# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0
{ depot, lib, pkgs, ... }:
let
cfg = let
macOS = system: {
stage = "build";
image = "nixos/nix:latest";
script = [
"nix run -f ./ third_party.nixpkgs.bash -c ./hack/populate_secrets.sh"
"nix build -v -f ./ci-root.nix --system ${system} --argstr system ${system} --substituters \"https://cache.nixos.org/ s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1\""
"nix copy -v --to 's3://lukegb-nix-cache?endpoint=storage.googleapis.com' ./result"
];
allow_failure = true;
tags = [ "macos" ];
};
linux = system: {
stage = "build";
image = "nixos/nix:latest";
script = [
"nix run -f ./ third_party.nixpkgs.bash -c ./hack/populate_secrets.sh"
"nix build -v -f ./ci-root.nix --system ${system} --argstr system ${system} --substituters \"https://cache.nixos.org/ s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1\""
"nix run -f ./ go.nix.bcacheup -c bcacheup --cache_url vaultgs://lukegb-nix-cache --vault_addr unix:///run/tokend/sock --vault_token_source gcp/roleset/binary-cache-deployer/token ./result"
"cat ./result/other-systemPathJSON > systems.json"
];
artifacts = {
paths = [ "systems.json" ];
expire_in = "30 days";
};
tags = [ "cacher" ];
};
in {
stages = [ "build" "deploy-mach" "deploy-other" ];
nixCache-x86_64-linux = linux "x86_64-linux";
nixCache-aarch64-linux = linux "aarch64-linux";
nixCache-x86_64-darwin = macOS "x86_64-darwin";
nixCache-aarch64-darwin = macOS "aarch64-darwin";
flipperzero-firmware = {
stage = "deploy-other";
needs = [{ job = "nixCache-x86_64-linux"; artifacts = false; }];
tags = [ "cacher" ];
only.refs = [ "branch/default" ];
script = ''
export NIX_PATH=nixpkgs=$(readlink -f third_party/nixpkgs)
$(nix-build -A nix.pkgs.flipperzero-firmware.upload)/bin/upload-f0
'';
};
lukegbcom = {
stage = "deploy-other";
needs = [{ job = "nixCache-x86_64-linux"; artifacts = false; }];
tags = [ "cacher" ];
only.refs = [ "branch/default" ];
script = ''
export NIX_PATH=nixpkgs=$(readlink -f third_party/nixpkgs)
cd web/lukegbcom
./deploy.sh
'';
};
} // (lib.mapAttrs deployStage deployMachs);
deployMachs = lib.filterAttrs (name: cfg: cfg.config.my.deploy.enable) depot.ops.nixos.systemConfigs;
deployStage = machName: mach: ({
stage = "deploy-mach";
needs = [{ job = "nixCache-${mach.config.my.systemType}"; artifacts = true; }];
tags = [ "deployer" ];
resource_group = machName;
script = ''./hack/deploy.sh "${machName}" "${mach.config.my.deploy.args}"'';
environment = {
name = machName;
};
allow_failure = true;
only.refs = [ "branch/default" ];
} // lib.optionalAttrs (!mach.config.my.deploy.enable) {
when = "manual";
});
format = pkgs.formats.yaml { };
configFile = format.generate ".gitlab-ci.yml" cfg;
in
configFile