Switch to woodpecker for CI #42
9 changed files with 48 additions and 112 deletions
|
|
@ -1,24 +0,0 @@
|
|||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
pull_request:
|
||||
|
||||
env:
|
||||
NIX_CONFIG: 'extra-platforms = x86_64-linux'
|
||||
|
||||
jobs:
|
||||
check:
|
||||
runs-on: ubuntu-latest-aarch64
|
||||
steps:
|
||||
- uses: https://github.com/docker/setup-qemu-action@v3
|
||||
- uses: actions/checkout@v4
|
||||
- uses: https://github.com/cachix/install-nix-action@v26
|
||||
with:
|
||||
nix_path: nixpkgs=channel:nixos-unstable
|
||||
github_access_token: '${{ secrets.GH_TOKEN }}'
|
||||
- uses: https://github.com/cachix/cachix-action@v14
|
||||
with:
|
||||
name: kitchen
|
||||
authToken: '${{ secrets.CACHIX_TOKEN }}'
|
||||
- run: nix flake check --accept-flake-config
|
||||
|
|
@ -1,37 +0,0 @@
|
|||
on:
|
||||
schedule:
|
||||
- cron: '0 0 * * 1'
|
||||
|
||||
jobs:
|
||||
update-flake:
|
||||
runs-on: ubuntu-latest-aarch64
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: https://github.com/cachix/install-nix-action@v26
|
||||
with:
|
||||
nix_path: nixpkgs=channel:nixos-unstable
|
||||
github_access_token: '${{ secrets.GH_TOKEN }}'
|
||||
- name: Create branch
|
||||
run: git switch -c update/flake-lock
|
||||
- name: Update flake.lock
|
||||
run: nix flake update --commit-lock-file
|
||||
env:
|
||||
GIT_AUTHOR_NAME: kitchen-ci
|
||||
GIT_AUTHOR_EMAIL: do-not-reply@buffets.kitchen
|
||||
GIT_COMMITTER_NAME: kitchen-ci
|
||||
GIT_COMMITTER_EMAIL: do-not-reply@buffets.kitchen
|
||||
- name: Push to repo
|
||||
run: git push -f origin update/flake-lock
|
||||
- name: Create PR
|
||||
run: >
|
||||
curl -X POST "${{ env.GITHUB_API_URL }}/repos/${{ env.GITHUB_REPOSITORY }}/pulls"
|
||||
--fail
|
||||
-H "Content-Type: application/json"
|
||||
-H "Authorization: token ${{ secrets.BOT_TOKEN }}"
|
||||
-d '{
|
||||
"title": "build(flake): update inputs",
|
||||
"body": "",
|
||||
"base": "main",
|
||||
"head": "update/flake-lock",
|
||||
"assignee": "chef"
|
||||
}' || echo PR already open
|
||||
|
|
@ -11,6 +11,7 @@
|
|||
|
||||
extraDomainNames = [
|
||||
"*.buffet.sh"
|
||||
"*.buffets.kitchen"
|
||||
"buffets.kitchen"
|
||||
];
|
||||
};
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@
|
|||
./murmur.nix
|
||||
./nginx.nix
|
||||
./upgrade.nix
|
||||
./woodpecker.nix
|
||||
|
||||
../../users/maintainer
|
||||
];
|
||||
|
|
|
|||
|
|
@ -1,47 +0,0 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
numRunners = 1;
|
||||
in {
|
||||
age.secrets.kitchen-runner-token = {
|
||||
file = ../../secrets/kitchen-runner-token.age;
|
||||
owner = "gitea-runner";
|
||||
};
|
||||
|
||||
services.gitea-actions-runner = {
|
||||
package = pkgs.forgejo-actions-runner;
|
||||
|
||||
instances = lib.genAttrs (builtins.genList (n: "runner${builtins.toString n}") numRunners) (name: {
|
||||
enable = true;
|
||||
inherit name;
|
||||
url = config.services.forgejo.settings.server.ROOT_URL;
|
||||
tokenFile = config.age.secrets.kitchen-runner-token.path;
|
||||
labels = ["docker-aarch64" "ubuntu-latest-aarch64:docker://ghcr.io/catthehacker/ubuntu:act-latest"];
|
||||
settings = {
|
||||
log.level = "warn";
|
||||
container.network = "host";
|
||||
};
|
||||
});
|
||||
};
|
||||
|
||||
systemd.services = lib.genAttrs (builtins.genList (n: "gitea-runner-runner${builtins.toString n}") numRunners) (_: {
|
||||
serviceConfig.Nice = 15;
|
||||
});
|
||||
|
||||
virtualisation.podman = {
|
||||
enable = true;
|
||||
autoPrune.enable = true;
|
||||
dockerSocket.enable = true;
|
||||
};
|
||||
|
||||
users.groups.gitea-runner = {};
|
||||
users.users.gitea-runner = {
|
||||
isSystemUser = true;
|
||||
group = "gitea-runner";
|
||||
extraGroups = ["podman"];
|
||||
home = "/var/lib/gitea-runner/";
|
||||
};
|
||||
}
|
||||
|
|
@ -1,10 +1,6 @@
|
|||
{pkgs, ...}: let
|
||||
port = 3000;
|
||||
in {
|
||||
imports = [
|
||||
./forgejo-action-runner.nix
|
||||
];
|
||||
|
||||
services = {
|
||||
forgejo = {
|
||||
enable = true;
|
||||
|
|
@ -14,6 +10,10 @@ in {
|
|||
APP_NAME = "buffet's kitchen";
|
||||
};
|
||||
|
||||
actions = {
|
||||
ENABLED = false;
|
||||
};
|
||||
|
||||
admin = {
|
||||
SEND_NOTIFICATION_EMAIL_ON_NEW_USER = true;
|
||||
};
|
||||
|
|
@ -69,6 +69,10 @@ in {
|
|||
DISABLE_REGISTRATION = true;
|
||||
ENABLE_NOTIFY_MAIL = true;
|
||||
};
|
||||
|
||||
webhook = {
|
||||
ALLOWED_HOST_LIST = "external,loopback";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
|||
37
hosts/ami/woodpecker.nix
Normal file
37
hosts/ami/woodpecker.nix
Normal file
|
|
@ -0,0 +1,37 @@
|
|||
{config, ...}: {
|
||||
age.secrets.woodpecker.file = ../../secrets/woodpecker.age;
|
||||
|
||||
services = let
|
||||
port = 3007;
|
||||
in {
|
||||
woodpecker-server = {
|
||||
enable = true;
|
||||
|
||||
environment = {
|
||||
WOODPECKER_OPEN = "true";
|
||||
WOODPECKER_ORGS = "kitchen";
|
||||
WOODPECKER_ADMIN = "chef";
|
||||
WOODPECKER_HOST = "https://ci.buffets.kitchen/";
|
||||
WOODPECKER_SERVER_ADDR = ":${toString port}";
|
||||
|
||||
WOODPECKER_FORGEJO = "true";
|
||||
WOODPECKER_FORGEJO_URL = "https://buffets.kitchen/";
|
||||
};
|
||||
|
||||
environmentFile = config.age.secrets.woodpecker.path;
|
||||
};
|
||||
|
||||
nginx = {
|
||||
virtualHosts."build.buffets.kitchen" = {
|
||||
useACMEHost = "buffet.sh";
|
||||
forceSSL = true;
|
||||
|
||||
locations = {
|
||||
"/" = {
|
||||
proxyPass = "http://localhost:${toString port}";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -6,4 +6,5 @@ in {
|
|||
"secrets/hetzner-dns.age".publicKeys = [buffet];
|
||||
"secrets/kitchen-runner-token.age".publicKeys = [buffet];
|
||||
"secrets/msmtppassword.age".publicKeys = [buffet];
|
||||
"secrets/woodpecker.age".publicKeys = [buffet];
|
||||
}
|
||||
|
|
|
|||
BIN
secrets/woodpecker.age
Normal file
BIN
secrets/woodpecker.age
Normal file
Binary file not shown.
Loading…
Reference in a new issue