diff --git a/bors.toml b/bors.toml
index 369554d..db87164 100644
--- a/bors.toml
+++ b/bors.toml
@@ -1,6 +1,5 @@
cut_body_after = "" # don't include text from the PR body in the merge commit message
status = [
- "ci/hercules/derivations",
- "ci/hercules/effects",
"ci/hercules/evaluation",
+ "ci/hercules/onPush/default",
]
diff --git a/ci.nix b/ci.nix
deleted file mode 100644
index cb6a8c4..0000000
--- a/ci.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-# Add derivations to be built from the cache to this file
-{ system ? builtins.currentSystem
-, src ? { ref = null; }
-}:
-let
- self = builtins.getFlake (toString ./.);
- inherit (self.inputs.nixpkgs) lib;
-
- effects = self.inputs.hercules-ci-effects.lib.withPkgs self.inputs.nixpkgs.legacyPackages.x86_64-linux;
- terraform-deploy =
- effects.runIf (src.ref == "refs/heads/trying" || src.ref == "refs/heads/staging")
- (effects.mkEffect {
- name = "terraform-deploy";
- inputs = [ (builtins.getFlake (toString ./terraform/.)).outputs.devShells.x86_64-linux.default.nativeBuildInputs ];
- src = lib.cleanSource ./.;
- secretsMap.tf-secrets = "tf-secrets";
- effectScript = ''
- export TF_IN_AUTOMATION=1
- export TF_INPUT=0
- export SOPS_AGE_KEY="$(readSecretString tf-secrets .SOPS_AGE_KEY)"
- export TF_TOKEN_app_terraform_io="$(readSecretString tf-secrets .TF_TOKEN_app_terraform_io)"
-
- pushd terraform
- terraform init
- terraform validate
- if [[ ${src.ref} == "refs/heads/staging" ]]; then
- terraform apply -auto-approve
- else
- terraform plan
- fi
- '';
- });
-in
-(lib.mapAttrs' (name: config: lib.nameValuePair "nixos-${name}" config.config.system.build.toplevel) self.outputs.nixosConfigurations) //
-{
- # FIXME: maybe find a more generic solution here?
- devShell-x86_64 = self.outputs.devShells.x86_64-linux.default;
- devShell-aarch64 = self.outputs.devShells.aarch64-linux.default;
- inherit terraform-deploy;
-} // self.outputs.checks.x86_64-linux # mainly for treefmt at the moment...
diff --git a/effect.nix b/effect.nix
new file mode 100644
index 0000000..0e61cbc
--- /dev/null
+++ b/effect.nix
@@ -0,0 +1,35 @@
+{ withSystem, ... }:
+{
+ herculesCI = { config, ... }:
+ let
+ inherit (config.repo) ref;
+ in
+ {
+ onPush.default.outputs.effects = withSystem "x86_64-linux" ({ hci-effects, pkgs, ... }:
+ {
+ terraform-deploy =
+ hci-effects.runIf (ref == "refs/heads/trying" || ref == "refs/heads/staging")
+ (hci-effects.mkEffect {
+ name = "terraform-deploy";
+ inputs = [ (builtins.getFlake (toString ./terraform/.)).outputs.devShells.x86_64-linux.default.nativeBuildInputs ];
+ src = pkgs.lib.cleanSource ./.;
+ secretsMap.tf-secrets = "tf-secrets";
+ effectScript = ''
+ export TF_IN_AUTOMATION=1
+ export TF_INPUT=0
+ export SOPS_AGE_KEY="$(readSecretString tf-secrets .SOPS_AGE_KEY)"
+ export TF_TOKEN_app_terraform_io="$(readSecretString tf-secrets .TF_TOKEN_app_terraform_io)"
+
+ pushd terraform
+ terraform init
+ terraform validate
+ if [[ ${ref} == "refs/heads/staging" ]]; then
+ terraform apply -auto-approve
+ else
+ terraform plan
+ fi
+ '';
+ });
+ });
+ };
+}
diff --git a/flake.nix b/flake.nix
index 629588f..963058f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -41,14 +41,24 @@
treefmt-nix.inputs.nixpkgs.follows = "nixpkgs";
};
- outputs = inputs @ { flake-parts, ... }:
+ outputs = inputs @ { flake-parts, self, ... }:
flake-parts.lib.mkFlake
{ inherit inputs; }
{
systems = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ];
+ herculesCI = { lib, ... }: {
+ ciSystems = [ "x86_64-linux" "aarch64-linux" ];
+
+ onPush.default.outputs = {
+ checks = lib.mkForce self.outputs.checks.x86_64-linux;
+ };
+ };
+
imports = [
+ inputs.hercules-ci-effects.flakeModule
inputs.treefmt-nix.flakeModule
+ ./effect.nix
./shell.nix
./treefmt.nix
];