{inputs, ...}: let inherit (inputs) pkgs cilib; inherit (pkgs.lib) concatStringsSep; in cilib.mkCI { pipelines."default" = { stages = ["build" "upload"]; jobs = let SYSTEMS = ["aarch64-linux" "x86_64-linux"]; TEMPLATES = ["nix-kubernetes"]; in { "build" = { stage = "build"; parallel.matrix = [ {TEMPLATE = TEMPLATES;} ]; nix.deps = [pkgs.gnutar]; script = [ # sh '' nix build .#''${TEMPLATE} install -D result templates/''${TEMPLATE}.tf.json tar -cf templates/''${TEMPLATE}.tar -C templates ''${TEMPLATE}.tf.json '' ]; artifacts.paths = ["templates/"]; }; "build:image" = { stage = "build"; parallel.matrix = [ {SYSTEM = SYSTEMS;} ]; script = [ # sh '' nix build .#nix-coder-image --system $SYSTEM install -D result dist/nix-coder-image_''${SYSTEM}.tar.gz '' ]; artifacts.paths = ["dist/"]; }; "upload" = { stage = "upload"; nix.deps = [pkgs.buildah]; needs = ["build:image"]; before_script = [ # sh '' export REGISTRY_AUTH_FILE=''${HOME}/auth.json echo "$CI_REGISTRY_PASSWORD" | buildah login -u "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY mkdir -p /etc/containers echo '{"default":[{"type":"insecureAcceptAnything"}]}' > /etc/containers/policy.json mkdir -p /var/tmp '' ]; script = [ # sh '' buildah manifest create localhost/nix-coder-image ${concatStringsSep "\n" (map ( sys: "buildah manifest add localhost/nix-coder-image docker-archive:dist/nix-coder-image_${sys}.tar.gz" ) SYSTEMS)} buildah manifest push --all localhost/nix-coder-image \ docker://''${CI_REGISTRY_IMAGE}/nix-coder-image:$CI_COMMIT_SHORT_SHA '' ]; }; }; }; }