2025-12-11 17:50:08 +01:00 · 2025-09-02 10:35:35 +02:00 · 2025-09-02 10:35:35 +02:00 · 6e4347af69
commit 6e4347af69
parent e074d716c4
5 changed files with 137 additions and 2 deletions
--- a/nix/repo/ci.nix
+++ b/nix/repo/ci.nix
@ -2,6 +2,59 @@
  inherit (inputs) cilib;
 in
  cilib.mkCI {
+    config.soonix = {
+      componentUrl = "$CI_SERVER_FQDN/$CI_PROJECT_PATH/nix-gitlab-ci@$CI_COMMIT_SHA";
+      componentVersion = "$CI_COMMIT_SHORT_SHA";
+      # bootstrapping still needs to be done in the gitlab-ci.yml directly,
+      # the child pipeline can then use the built images to test them
+      extraData = {
+        stages = ["build-images" "build" "trigger"];
+        "build:image" = {
+          stage = "build-images";
+          parallel.matrix = [
+            {ARCH = ["x86_64-linux" "aarch64-linux"];}
+          ];
+          image = "nixpkgs/nix-flakes:latest";
+          script = ["nix build .#image --system $ARCH"];
+          after_script = ["install -D result dist/nix-ci-$ARCH.tar.gz"];
+          artifacts.paths = ["dist"];
+        };
+        "deploy:image" = {
+          stage = "build-images";
+          image = "nixpkgs/nix-flakes:latest";
+          needs = ["build:image"];
+          before_script = [
+            # sh
+            ''
+              nix profile install nixpkgs#buildah
+              export PATH="$PATH:$HOME/.nix-profile/bin"
+              export REGISTRY_AUTH_FILE=''${HOME}/auth.json
+              echo "$CI_REGISTRY_PASSWORD" | buildah login -u "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY
+              mkdir -p /etc/containers && echo '{"default":[{"type":"insecureAcceptAnything"}]}' > /etc/containers/policy.json
+              mkdir -p /var/tmp
+            ''
+          ];
+          script = [
+            # sh
+            ''
+              export NORMALIZED_BRANCH=''${CI_COMMIT_BRANCH/\//-}
+              buildah manifest create localhost/nix-ci
+              buildah manifest add localhost/nix-ci docker-archive:dist/nix-ci-x86_64-linux.tar.gz
+              buildah manifest add localhost/nix-ci docker-archive:dist/nix-ci-aarch64-linux.tar.gz
+              buildah manifest push --all localhost/nix-ci docker://''${CI_REGISTRY_IMAGE}/nix-ci:''${CI_COMMIT_SHORT_SHA}
+              # branches
+              if [ -z "$CI_COMMIT_TAG" ]; then
+                buildah manifest push --all localhost/nix-ci docker://''${CI_REGISTRY_IMAGE}/nix-ci:''${NORMALIZED_BRANCH/main/latest}
+              fi
+              # tags
+              if [ -n "$CI_COMMIT_TAG" ]; then
+                buildah manifest push --all localhost/nix-ci docker://''${CI_REGISTRY_IMAGE}/nix-ci:''${CI_COMMIT_TAG}
+              fi
+            ''
+          ];
+        };
+      };
+    };
    pipelines."default" = {
      stages = ["test" "build" "deploy"];
      jobs = {