nix-gitlab-ci/nix/repo/ci.nix at 428afaf603b91a83833d93561e680f054d087d18

mirror of https://gitlab.com/TECHNOFAB/nix-gitlab-ci.git synced 2025-12-12 02:00:13 +01:00

chore(ci): try setting ssl env vars in the test directly (cuz pure mode)

2025-09-04 08:39:37 +02:00

99 lines

3.4 KiB

Nix

Raw Blame History

 {inputs, ...}: let
   inherit (inputs) pkgs cilib;
 in
   cilib.mkCI {
     config.soonix = {
       componentUrl = "$CI_SERVER_FQDN/$CI_PROJECT_PATH/nix-gitlab-ci";
       componentVersion = "$CI_COMMIT_SHORT_SHA";
       componentInputs.cache_files = ["flake.*" "nix/repo/ci.nix"];
       # bootstrapping still needs to be done in the gitlab-ci.yml directly,
       # the child pipeline can then use the built images to test them
       extraData = {
         stages = ["build-images" "build" "trigger"];
         "build:image" = {
           stage = "build-images";
           parallel.matrix = [
             {ARCH = ["x86_64-linux" "aarch64-linux"];}
           ];
           image = "nixpkgs/nix-flakes:latest";
           script = ["nix build .#image --system $ARCH"];
           after_script = ["install -D result dist/nix-ci-$ARCH.tar.gz"];
           artifacts.paths = ["dist"];
         };
         "deploy:image" = {
           stage = "build-images";
           image = "nixpkgs/nix-flakes:latest";
           needs = ["build:image"];
           before_script = [
             # sh
             ''
               nix profile install nixpkgs#buildah
               export PATH="$PATH:$HOME/.nix-profile/bin"
               export REGISTRY_AUTH_FILE=''${HOME}/auth.json
               echo "$CI_REGISTRY_PASSWORD" | buildah login -u "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY
               mkdir -p /etc/containers && echo '{"default":[{"type":"insecureAcceptAnything"}]}' > /etc/containers/policy.json
               mkdir -p /var/tmp
             ''
           ];
           script = [
             # sh
             ''
               export NORMALIZED_BRANCH=''${CI_COMMIT_BRANCH/\//-}
               buildah manifest create localhost/nix-ci
               buildah manifest add localhost/nix-ci docker-archive:dist/nix-ci-x86_64-linux.tar.gz
               buildah manifest add localhost/nix-ci docker-archive:dist/nix-ci-aarch64-linux.tar.gz
               buildah manifest push --all localhost/nix-ci docker://''${CI_REGISTRY_IMAGE}/nix-ci:''${CI_COMMIT_SHORT_SHA}
               # branches
               if [ -z "$CI_COMMIT_TAG" ]; then
                 buildah manifest push --all localhost/nix-ci docker://''${CI_REGISTRY_IMAGE}/nix-ci:''${NORMALIZED_BRANCH/main/latest}
               fi
               # tags
               if [ -n "$CI_COMMIT_TAG" ]; then
                 buildah manifest push --all localhost/nix-ci docker://''${CI_REGISTRY_IMAGE}/nix-ci:''${CI_COMMIT_TAG}
               fi
             ''
           ];
         };
       };
     };
     pipelines."default" = {
       stages = ["test" "build" "deploy"];
       jobs = {
         "test" = {
           stage = "test";
           script = [
             "nix run .#tests -- --junit=junit.xml"
           ];
           allow_failure = true;
           artifacts = {
             when = "always";
             reports.junit = "junit.xml";
           };
         };
         "docs" = {
           stage = "build";
           script = [
             # sh
             ''
               nix build .#docs:default
               mkdir -p public
               cp -r result/. public/
             ''
           ];
           artifacts.paths = ["public"];
         };
         "pages" = {
           nix.enable = false;
           image = "alpine:latest";
           stage = "deploy";
           script = ["true"];
           artifacts.paths = ["public"];
           rules = [
             {
               "if" = "$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH";
             }
           ];
         };
       };
     };
   }

99 lines 3.4 KiB Nix Raw Blame History

99 lines

3.4 KiB

Nix

Raw Blame History