infrastructure/.gitlab-ci.yml

75 lines
1.9 KiB
YAML
Raw Normal View History

2023-10-03 09:18:37 +00:00
image: nixos/nix:2.17.1
2023-04-12 12:47:22 +00:00
variables:
NIXOS_VERSION: "unstable"
NIXPKGS_ALLOW_UNFREE: "1"
NIXPKGS_ALLOW_INSECURE: "1"
stages:
- test
- deploy
2023-04-22 08:46:30 +00:00
- scheduled
2023-04-12 12:47:22 +00:00
before_script:
- mv .gitlab/passwd /etc/passwd
- mv .gitlab/group /etc/group
- mv nix.conf /etc/nix/nix.conf
- nix-channel --add https://nixos.org/channels/nixos-${NIXOS_VERSION} nixos
- nix-channel --update
test:
stage: test
script:
- nix flake check
rules:
- if: $CI_PIPELINE_SOURCE == "schedule"
when: never
2023-04-16 20:24:39 +00:00
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
when: never
2023-04-16 19:49:49 +00:00
- when: always
2023-04-12 12:47:22 +00:00
deploy:
stage: deploy
script:
# Init OpenSSH
- nix-env -iA nixos.openssh
- eval "$(ssh-agent -s)"
- chmod 0600 $SSH_PRIVATE_KEY
- ssh-add $SSH_PRIVATE_KEY
# Deploy everything
- nix develop --command deploy
rules:
- if: $CI_PIPELINE_SOURCE == "schedule"
when: never
2023-04-12 12:47:22 +00:00
- if: $CI_COMMIT_BRANCH == "master"
check updates:
2023-04-22 08:46:30 +00:00
stage: scheduled
script:
# Prepare git access
- nix-env -iA nixos.openssh
- eval "$(ssh-agent -s)"
- chmod 0600 $SSH_UPDATE_KEY
- ssh-add $SSH_UPDATE_KEY
- git config --global user.name "NixOS Flake Update"
- git config --global user.email "git@lewd.wtf"
- git remote rm origin && git remote add origin "git@git.lewd.wtf:${CI_PROJECT_PATH}.git"
# Update flakes
- nix flake update
# Push changes
2023-04-16 20:07:03 +00:00
- git branch -D flakes_update || true
- git checkout -b flakes_update
2023-04-16 19:59:50 +00:00
- git add flake.lock
- git commit -m 'Update NixOS Flakes'
2023-04-16 20:21:30 +00:00
- GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" git push -f --set-upstream origin flakes_update -o merge_request.create
rules:
- if: $CI_PIPELINE_SOURCE == "schedule"
2023-04-22 08:46:30 +00:00
clean nix store:
stage: scheduled
script:
- nix-collect-garbage --delete-older-than 14d
rules:
- if: $CI_PIPELINE_SOURCE == "schedule"