sercanto/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ci.nix: remove

Browse source 
- move effects to separate file

- set ciSystems in flake
This commit is contained in:
zowoq 2023-04-06 11:49:28 +10:00
parent c0bc25fab3
commit 1e5067920b
4 changed files with 47 additions and 43 deletions

3
bors.toml
View file

@ -1,6 +1,5 @@
cut_body_after = "" # don't include text from the PR body in the merge commit message cut_body_after = "" # don't include text from the PR body in the merge commit message
status = [ status = [
"ci/hercules/derivations",
"ci/hercules/effects",
"ci/hercules/evaluation", "ci/hercules/evaluation",
"ci/hercules/onPush/default",
] ]

40
ci.nix
View file

@ -1,40 +0,0 @@
# Add derivations to be built from the cache to this file
{ system ? builtins.currentSystem
, src ? { ref = null; }
}:
let
self = builtins.getFlake (toString ./.);
inherit (self.inputs.nixpkgs) lib;
effects = self.inputs.hercules-ci-effects.lib.withPkgs self.inputs.nixpkgs.legacyPackages.x86_64-linux;
terraform-deploy =
effects.runIf (src.ref == "refs/heads/trying" || src.ref == "refs/heads/staging")
(effects.mkEffect {
name = "terraform-deploy";
inputs = [ (builtins.getFlake (toString ./terraform/.)).outputs.devShells.x86_64-linux.default.nativeBuildInputs ];
src = lib.cleanSource ./.;
secretsMap.tf-secrets = "tf-secrets";
effectScript = ''
export TF_IN_AUTOMATION=1
export TF_INPUT=0
export SOPS_AGE_KEY="$(readSecretString tf-secrets .SOPS_AGE_KEY)"
export TF_TOKEN_app_terraform_io="$(readSecretString tf-secrets .TF_TOKEN_app_terraform_io)"
pushd terraform
terraform init
terraform validate
if [[ ${src.ref} == "refs/heads/staging" ]]; then
terraform apply -auto-approve
else
terraform plan
fi
'';
});
in
(lib.mapAttrs' (name: config: lib.nameValuePair "nixos-${name}" config.config.system.build.toplevel) self.outputs.nixosConfigurations) //
{
# FIXME: maybe find a more generic solution here?
devShell-x86_64 = self.outputs.devShells.x86_64-linux.default;
devShell-aarch64 = self.outputs.devShells.aarch64-linux.default;
inherit terraform-deploy;
} // self.outputs.checks.x86_64-linux # mainly for treefmt at the moment...

35
effect.nix Normal file
View file

@ -0,0 +1,35 @@
{ withSystem, ... }:
{
herculesCI = { config, ... }:
let
inherit (config.repo) ref;
in
{
onPush.default.outputs.effects = withSystem "x86_64-linux" ({ hci-effects, pkgs, ... }:
{
terraform-deploy =
hci-effects.runIf (ref == "refs/heads/trying" || ref == "refs/heads/staging")
(hci-effects.mkEffect {
name = "terraform-deploy";
inputs = [ (builtins.getFlake (toString ./terraform/.)).outputs.devShells.x86_64-linux.default.nativeBuildInputs ];
src = pkgs.lib.cleanSource ./.;
secretsMap.tf-secrets = "tf-secrets";
effectScript = ''
export TF_IN_AUTOMATION=1
export TF_INPUT=0
export SOPS_AGE_KEY="$(readSecretString tf-secrets .SOPS_AGE_KEY)"
export TF_TOKEN_app_terraform_io="$(readSecretString tf-secrets .TF_TOKEN_app_terraform_io)"
pushd terraform
terraform init
terraform validate
if [[ ${ref} == "refs/heads/staging" ]]; then
terraform apply -auto-approve
else
terraform plan
fi
'';
});
});
};
}

12
flake.nix
View file

@ -41,14 +41,24 @@
treefmt-nix.inputs.nixpkgs.follows = "nixpkgs"; treefmt-nix.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = inputs @ { flake-parts, ... }: outputs = inputs @ { flake-parts, self, ... }:
flake-parts.lib.mkFlake flake-parts.lib.mkFlake
{ inherit inputs; } { inherit inputs; }
{ {
systems = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ]; systems = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ];
herculesCI = { lib, ... }: {
ciSystems = [ "x86_64-linux" "aarch64-linux" ];
onPush.default.outputs = {
checks = lib.mkForce self.outputs.checks.x86_64-linux;
};
};
imports = [ imports = [
inputs.hercules-ci-effects.flakeModule
inputs.treefmt-nix.flakeModule inputs.treefmt-nix.flakeModule
./effect.nix
./shell.nix ./shell.nix
./treefmt.nix ./treefmt.nix
]; ];