diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..c6bc9f2 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,54 @@ +# Generated by soonix, DO NOT EDIT +build:image: + after_script: + - install -D result dist/nix-ci-$ARCH.tar.gz + artifacts: + paths: + - dist + image: nixpkgs/nix-flakes:latest + parallel: + matrix: + - ARCH: + - x86_64-linux + - aarch64-linux + script: + - nix build .#image --system $ARCH + stage: build-images +deploy:image: + before_script: + - 'nix profile install nixpkgs#buildah + + export PATH="$PATH:$HOME/.nix-profile/bin" + + export REGISTRY_AUTH_FILE=${HOME}/auth.json + + echo "$CI_REGISTRY_PASSWORD" | buildah login -u "$CI_REGISTRY_USER" --password-stdin + $CI_REGISTRY + + mkdir -p /etc/containers && echo ''{"default":[{"type":"insecureAcceptAnything"}]}'' + > /etc/containers/policy.json + + mkdir -p /var/tmp + + ' + image: nixpkgs/nix-flakes:latest + needs: + - build:image + script: + - "export NORMALIZED_BRANCH=${CI_COMMIT_BRANCH/\\//-}\nbuildah manifest create localhost/nix-ci\n\ + buildah manifest add localhost/nix-ci docker-archive:dist/nix-ci-x86_64-linux.tar.gz\n\ + buildah manifest add localhost/nix-ci docker-archive:dist/nix-ci-aarch64-linux.tar.gz\n\ + buildah manifest push --all localhost/nix-ci docker://${CI_REGISTRY_IMAGE}/nix-ci:${CI_COMMIT_SHORT_SHA}\n\ + # branches\nif [ -z \"$CI_COMMIT_TAG\" ]; then\n buildah manifest push --all\ + \ localhost/nix-ci docker://${CI_REGISTRY_IMAGE}/nix-ci:${NORMALIZED_BRANCH/main/latest}\n\ + fi\n# tags\nif [ -n \"$CI_COMMIT_TAG\" ]; then\n buildah manifest push --all\ + \ localhost/nix-ci docker://${CI_REGISTRY_IMAGE}/nix-ci:${CI_COMMIT_TAG}\nfi\n" + stage: build-images +include: +- component: $CI_SERVER_FQDN/$CI_PROJECT_PATH/nix-gitlab-ci@$CI_COMMIT_SHA@$CI_COMMIT_SHORT_SHA + inputs: + version: $CI_COMMIT_SHORT_SHA +stages: +- build-images +- build +- trigger diff --git a/nix/repo/ci.nix b/nix/repo/ci.nix index 913d8fc..9362a05 100644 --- a/nix/repo/ci.nix +++ b/nix/repo/ci.nix @@ -2,6 +2,59 @@ inherit (inputs) cilib; in cilib.mkCI { + config.soonix = { + componentUrl = "$CI_SERVER_FQDN/$CI_PROJECT_PATH/nix-gitlab-ci@$CI_COMMIT_SHA"; + componentVersion = "$CI_COMMIT_SHORT_SHA"; + # bootstrapping still needs to be done in the gitlab-ci.yml directly, + # the child pipeline can then use the built images to test them + extraData = { + stages = ["build-images" "build" "trigger"]; + "build:image" = { + stage = "build-images"; + parallel.matrix = [ + {ARCH = ["x86_64-linux" "aarch64-linux"];} + ]; + image = "nixpkgs/nix-flakes:latest"; + script = ["nix build .#image --system $ARCH"]; + after_script = ["install -D result dist/nix-ci-$ARCH.tar.gz"]; + artifacts.paths = ["dist"]; + }; + "deploy:image" = { + stage = "build-images"; + image = "nixpkgs/nix-flakes:latest"; + needs = ["build:image"]; + before_script = [ + # sh + '' + nix profile install nixpkgs#buildah + export PATH="$PATH:$HOME/.nix-profile/bin" + export REGISTRY_AUTH_FILE=''${HOME}/auth.json + echo "$CI_REGISTRY_PASSWORD" | buildah login -u "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY + mkdir -p /etc/containers && echo '{"default":[{"type":"insecureAcceptAnything"}]}' > /etc/containers/policy.json + mkdir -p /var/tmp + '' + ]; + script = [ + # sh + '' + export NORMALIZED_BRANCH=''${CI_COMMIT_BRANCH/\//-} + buildah manifest create localhost/nix-ci + buildah manifest add localhost/nix-ci docker-archive:dist/nix-ci-x86_64-linux.tar.gz + buildah manifest add localhost/nix-ci docker-archive:dist/nix-ci-aarch64-linux.tar.gz + buildah manifest push --all localhost/nix-ci docker://''${CI_REGISTRY_IMAGE}/nix-ci:''${CI_COMMIT_SHORT_SHA} + # branches + if [ -z "$CI_COMMIT_TAG" ]; then + buildah manifest push --all localhost/nix-ci docker://''${CI_REGISTRY_IMAGE}/nix-ci:''${NORMALIZED_BRANCH/main/latest} + fi + # tags + if [ -n "$CI_COMMIT_TAG" ]; then + buildah manifest push --all localhost/nix-ci docker://''${CI_REGISTRY_IMAGE}/nix-ci:''${CI_COMMIT_TAG} + fi + '' + ]; + }; + }; + }; pipelines."default" = { stages = ["test" "build" "deploy"]; jobs = { diff --git a/nix/repo/devShells.nix b/nix/repo/devShells.nix index c754595..4a7da34 100644 --- a/nix/repo/devShells.nix +++ b/nix/repo/devShells.nix @@ -1,7 +1,13 @@ -{inputs, ...}: let - inherit (inputs) pkgs devshell treefmt; +{ + cell, + inputs, + ... +}: let + inherit (inputs) pkgs devshell treefmt soonix; + inherit (cell) ci; in { default = devshell.mkShell { + imports = [soonix.devshellModule]; packages = [ pkgs.nil (treefmt.mkWrapper pkgs { @@ -23,5 +29,7 @@ in { }; }) ]; + + soonix.hooks."ci" = ci.soonix; }; } diff --git a/nix/repo/flake.lock b/nix/repo/flake.lock index 1b7c64c..5483152 100644 --- a/nix/repo/flake.lock +++ b/nix/repo/flake.lock @@ -38,9 +38,27 @@ "inputs": { "devshell-lib": "devshell-lib", "nixtest-lib": "nixtest-lib", + "soonix-lib": "soonix-lib", "treefmt-nix": "treefmt-nix" } }, + "soonix-lib": { + "locked": { + "dir": "lib", + "lastModified": 1756797658, + "narHash": "sha256-4rkyP4oaoqG/FFVL7W8U+8hGer4tOBPff/2SeN5tJYQ=", + "owner": "TECHNOFAB", + "repo": "soonix", + "rev": "3baef660cf8b87391d475a0455dd66fae0e60008", + "type": "gitlab" + }, + "original": { + "dir": "lib", + "owner": "TECHNOFAB", + "repo": "soonix", + "type": "gitlab" + } + }, "treefmt-nix": { "flake": false, "locked": { diff --git a/nix/repo/flake.nix b/nix/repo/flake.nix index 42077d0..35542de 100644 --- a/nix/repo/flake.nix +++ b/nix/repo/flake.nix @@ -2,6 +2,7 @@ inputs = { devshell-lib.url = "gitlab:rensa-nix/devshell?dir=lib"; nixtest-lib.url = "gitlab:TECHNOFAB/nixtest?dir=lib"; + soonix-lib.url = "gitlab:TECHNOFAB/soonix?dir=lib"; treefmt-nix = { url = "github:numtide/treefmt-nix"; flake = false; @@ -11,6 +12,7 @@ i // { devshell = i.devshell-lib.lib {inherit (i.parent) pkgs;}; + soonix = i.soonix-lib.lib {inherit (i.parent) pkgs;}; ntlib = i.nixtest-lib.lib {inherit (i.parent) pkgs;}; cilib = import "${i.parent.self}/lib" {inherit (i.parent) pkgs;}; treefmt = import i.treefmt-nix;