technofab/nix-gitlab-ci
1
0
Fork 0
mirror of https://gitlab.com/TECHNOFAB/nix-gitlab-ci.git synced 2025-12-11 17:50:08 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore(repo): add soonix to generate .gitlab-ci.yml

Browse source
This commit is contained in:
technofab 2025-09-02 10:35:35 +02:00
parent e074d716c4
commit 6e4347af69
No known key found for this signature in database
5 changed files with 137 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

54
.gitlab-ci.yml Normal file
View file

@ -0,0 +1,54 @@
# Generated by soonix, DO NOT EDIT
build:image:
after_script:
- install -D result dist/nix-ci-$ARCH.tar.gz
artifacts:
paths:
- dist
image: nixpkgs/nix-flakes:latest
parallel:
matrix:
- ARCH:
- x86_64-linux
- aarch64-linux
script:
- nix build .#image --system $ARCH
stage: build-images
deploy:image:
before_script:
- 'nix profile install nixpkgs#buildah
export PATH="$PATH:$HOME/.nix-profile/bin"
export REGISTRY_AUTH_FILE=${HOME}/auth.json
echo "$CI_REGISTRY_PASSWORD" | buildah login -u "$CI_REGISTRY_USER" --password-stdin
$CI_REGISTRY
mkdir -p /etc/containers && echo ''{"default":[{"type":"insecureAcceptAnything"}]}''
> /etc/containers/policy.json
mkdir -p /var/tmp
'
image: nixpkgs/nix-flakes:latest
needs:
- build:image
script:
- "export NORMALIZED_BRANCH=${CI_COMMIT_BRANCH/\\//-}\nbuildah manifest create localhost/nix-ci\n\
buildah manifest add localhost/nix-ci docker-archive:dist/nix-ci-x86_64-linux.tar.gz\n\
buildah manifest add localhost/nix-ci docker-archive:dist/nix-ci-aarch64-linux.tar.gz\n\
buildah manifest push --all localhost/nix-ci docker://${CI_REGISTRY_IMAGE}/nix-ci:${CI_COMMIT_SHORT_SHA}\n\
# branches\nif [ -z \"$CI_COMMIT_TAG\" ]; then\n buildah manifest push --all\
\ localhost/nix-ci docker://${CI_REGISTRY_IMAGE}/nix-ci:${NORMALIZED_BRANCH/main/latest}\n\
fi\n# tags\nif [ -n \"$CI_COMMIT_TAG\" ]; then\n buildah manifest push --all\
\ localhost/nix-ci docker://${CI_REGISTRY_IMAGE}/nix-ci:${CI_COMMIT_TAG}\nfi\n"
stage: build-images
include:
- component: $CI_SERVER_FQDN/$CI_PROJECT_PATH/nix-gitlab-ci@$CI_COMMIT_SHA@$CI_COMMIT_SHORT_SHA
inputs:
version: $CI_COMMIT_SHORT_SHA
stages:
- build-images
- build
- trigger

53
nix/repo/ci.nix
View file

@ -2,6 +2,59 @@
inherit (inputs) cilib;
in
cilib.mkCI {
config.soonix = {
componentUrl = "$CI_SERVER_FQDN/$CI_PROJECT_PATH/nix-gitlab-ci@$CI_COMMIT_SHA";
componentVersion = "$CI_COMMIT_SHORT_SHA";
# bootstrapping still needs to be done in the gitlab-ci.yml directly,
# the child pipeline can then use the built images to test them
extraData = {
stages = ["build-images" "build" "trigger"];
"build:image" = {
stage = "build-images";
parallel.matrix = [
{ARCH = ["x86_64-linux" "aarch64-linux"];}
];
image = "nixpkgs/nix-flakes:latest";
script = ["nix build .#image --system $ARCH"];
after_script = ["install -D result dist/nix-ci-$ARCH.tar.gz"];
artifacts.paths = ["dist"];
};
"deploy:image" = {
stage = "build-images";
image = "nixpkgs/nix-flakes:latest";
needs = ["build:image"];
before_script = [
# sh
''
nix profile install nixpkgs#buildah
export PATH="$PATH:$HOME/.nix-profile/bin"
export REGISTRY_AUTH_FILE=''${HOME}/auth.json
echo "$CI_REGISTRY_PASSWORD" | buildah login -u "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY
mkdir -p /etc/containers && echo '{"default":[{"type":"insecureAcceptAnything"}]}' > /etc/containers/policy.json
mkdir -p /var/tmp
''
];
script = [
# sh
''
export NORMALIZED_BRANCH=''${CI_COMMIT_BRANCH/\//-}
buildah manifest create localhost/nix-ci
buildah manifest add localhost/nix-ci docker-archive:dist/nix-ci-x86_64-linux.tar.gz
buildah manifest add localhost/nix-ci docker-archive:dist/nix-ci-aarch64-linux.tar.gz
buildah manifest push --all localhost/nix-ci docker://''${CI_REGISTRY_IMAGE}/nix-ci:''${CI_COMMIT_SHORT_SHA}
# branches
if [ -z "$CI_COMMIT_TAG" ]; then
buildah manifest push --all localhost/nix-ci docker://''${CI_REGISTRY_IMAGE}/nix-ci:''${NORMALIZED_BRANCH/main/latest}
fi
# tags
if [ -n "$CI_COMMIT_TAG" ]; then
buildah manifest push --all localhost/nix-ci docker://''${CI_REGISTRY_IMAGE}/nix-ci:''${CI_COMMIT_TAG}
fi
''
];
};
};
};
pipelines."default" = {
stages = ["test" "build" "deploy"];
jobs = {

12
nix/repo/devShells.nix
View file

@ -1,7 +1,13 @@
{inputs, ...}: let
inherit (inputs) pkgs devshell treefmt;
{
cell,
inputs,
...
}: let
inherit (inputs) pkgs devshell treefmt soonix;
inherit (cell) ci;
in {
default = devshell.mkShell {
imports = [soonix.devshellModule];
packages = [
pkgs.nil
(treefmt.mkWrapper pkgs {
@ -23,5 +29,7 @@ in {
};
})
];
soonix.hooks."ci" = ci.soonix;
};
}

18
nix/repo/flake.lock generated
View file

@ -38,9 +38,27 @@
"inputs": {
"devshell-lib": "devshell-lib",
"nixtest-lib": "nixtest-lib",
"soonix-lib": "soonix-lib",
"treefmt-nix": "treefmt-nix"
}
},
"soonix-lib": {
"locked": {
"dir": "lib",
"lastModified": 1756797658,
"narHash": "sha256-4rkyP4oaoqG/FFVL7W8U+8hGer4tOBPff/2SeN5tJYQ=",
"owner": "TECHNOFAB",
"repo": "soonix",
"rev": "3baef660cf8b87391d475a0455dd66fae0e60008",
"type": "gitlab"
},
"original": {
"dir": "lib",
"owner": "TECHNOFAB",
"repo": "soonix",
"type": "gitlab"
}
},
"treefmt-nix": {
"flake": false,
"locked": {

2
nix/repo/flake.nix
View file

@ -2,6 +2,7 @@
inputs = {
devshell-lib.url = "gitlab:rensa-nix/devshell?dir=lib";
nixtest-lib.url = "gitlab:TECHNOFAB/nixtest?dir=lib";
soonix-lib.url = "gitlab:TECHNOFAB/soonix?dir=lib";
treefmt-nix = {
url = "github:numtide/treefmt-nix";
flake = false;
@ -11,6 +12,7 @@
i
// {
devshell = i.devshell-lib.lib {inherit (i.parent) pkgs;};
soonix = i.soonix-lib.lib {inherit (i.parent) pkgs;};
ntlib = i.nixtest-lib.lib {inherit (i.parent) pkgs;};
cilib = import "${i.parent.self}/lib" {inherit (i.parent) pkgs;};
treefmt = import i.treefmt-nix;