nix-gitlab-ci/nix/repo/ci.nix at 537d5c7c87ba921418c6540750be78dcfea31c99

mirror of https://gitlab.com/TECHNOFAB/nix-gitlab-ci.git synced 2025-12-12 10:10:06 +01:00

chore(repo): add soonix to generate .gitlab-ci.yml

2025-09-02 10:35:35 +02:00

98 lines

3.4 KiB

Nix

Raw Blame History

 {inputs, ...}: let
   inherit (inputs) cilib;
 in
   cilib.mkCI {
     config.soonix = {
       componentUrl = "$CI_SERVER_FQDN/$CI_PROJECT_PATH/nix-gitlab-ci@$CI_COMMIT_SHA";
       componentVersion = "$CI_COMMIT_SHORT_SHA";
       # bootstrapping still needs to be done in the gitlab-ci.yml directly,
       # the child pipeline can then use the built images to test them
       extraData = {
         stages = ["build-images" "build" "trigger"];
         "build:image" = {
           stage = "build-images";
           parallel.matrix = [
             {ARCH = ["x86_64-linux" "aarch64-linux"];}
           ];
           image = "nixpkgs/nix-flakes:latest";
           script = ["nix build .#image --system $ARCH"];
           after_script = ["install -D result dist/nix-ci-$ARCH.tar.gz"];
           artifacts.paths = ["dist"];
         };
         "deploy:image" = {
           stage = "build-images";
           image = "nixpkgs/nix-flakes:latest";
           needs = ["build:image"];
           before_script = [
             # sh
             ''
               nix profile install nixpkgs#buildah
               export PATH="$PATH:$HOME/.nix-profile/bin"
               export REGISTRY_AUTH_FILE=''${HOME}/auth.json
               echo "$CI_REGISTRY_PASSWORD" | buildah login -u "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY
               mkdir -p /etc/containers && echo '{"default":[{"type":"insecureAcceptAnything"}]}' > /etc/containers/policy.json
               mkdir -p /var/tmp
             ''
           ];
           script = [
             # sh
             ''
               export NORMALIZED_BRANCH=''${CI_COMMIT_BRANCH/\//-}
               buildah manifest create localhost/nix-ci
               buildah manifest add localhost/nix-ci docker-archive:dist/nix-ci-x86_64-linux.tar.gz
               buildah manifest add localhost/nix-ci docker-archive:dist/nix-ci-aarch64-linux.tar.gz
               buildah manifest push --all localhost/nix-ci docker://''${CI_REGISTRY_IMAGE}/nix-ci:''${CI_COMMIT_SHORT_SHA}
               # branches
               if [ -z "$CI_COMMIT_TAG" ]; then
                 buildah manifest push --all localhost/nix-ci docker://''${CI_REGISTRY_IMAGE}/nix-ci:''${NORMALIZED_BRANCH/main/latest}
               fi
               # tags
               if [ -n "$CI_COMMIT_TAG" ]; then
                 buildah manifest push --all localhost/nix-ci docker://''${CI_REGISTRY_IMAGE}/nix-ci:''${CI_COMMIT_TAG}
               fi
             ''
           ];
         };
       };
     };
     pipelines."default" = {
       stages = ["test" "build" "deploy"];
       jobs = {
         "test" = {
           stage = "test";
           script = [
             "nix run .#tests -- --junit=junit.xml"
           ];
           allow_failure = true;
           artifacts = {
             when = "always";
             reports.junit = "junit.xml";
           };
         };
         "docs" = {
           stage = "build";
           script = [
             # sh
             ''
               nix build .#docs:default
               mkdir -p public
               cp -r result/. public/
             ''
           ];
           artifacts.paths = ["public"];
         };
         "pages" = {
           nix.enable = false;
           image = "alpine:latest";
           stage = "deploy";
           script = ["true"];
           artifacts.paths = ["public"];
           rules = [
             {
               "if" = "$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH";
             }
           ];
         };
       };
     };
   }

98 lines 3.4 KiB Nix Raw Blame History

98 lines

3.4 KiB

Nix

Raw Blame History