diff --git a/.woodpecker/ci.yaml b/.woodpecker/ci.yaml new file mode 100644 index 0000000..506cb44 --- /dev/null +++ b/.woodpecker/ci.yaml @@ -0,0 +1,45 @@ +steps: + build: + image: nixos/nix:2.15.1 + commands: + - set -o pipefail + - echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf + - echo "trusted-substituters = https://cache.nix.vdx.hu/private" >> /etc/nix/nix.conf + - echo "extra-trusted-public-keys = private:b6wO7rXF+4WtPCocEKlbdU/bTqEdJAqRrzOu0O3cK68=" >> /etc/nix/nix.conf + - echo "extra-substituters = https://cache.nix.vdx.hu/private" >> /etc/nix/nix.conf + - echo "netrc-file = /tmp/nix-netrc" >> /etc/nix/nix.conf + - echo "machine cache.nix.vdx.hu" > /tmp/nix-netrc + - echo "password $ATTIC_TOKEN" >> /tmp/nix-netrc + - nix build .#woodpecker-plugin-nix-attic-latest + - nix-env -iA nixpkgs.docker-client + # "persist" the generated image in the workspace + - cp $(realpath result) docker-image-latest + - docker load -i docker-image-latest + secrets: + - attic_token + - forgejo_registry_token + volumes: + - /var/run/docker.sock:/var/run/docker.sock + publish-latest: + image: nixos/nix + when: + - event: push + branch: main + commands: + - set -o pipefail + - echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf + - echo "trusted-substituters = https://cache.nix.vdx.hu/private" >> /etc/nix/nix.conf + - echo "extra-trusted-public-keys = private:b6wO7rXF+4WtPCocEKlbdU/bTqEdJAqRrzOu0O3cK68=" >> /etc/nix/nix.conf + - echo "extra-substituters = https://cache.nix.vdx.hu/private" >> /etc/nix/nix.conf + - echo "netrc-file = /tmp/nix-netrc" >> /etc/nix/nix.conf + - echo "machine cache.nix.vdx.hu" > /tmp/nix-netrc + - echo "password $ATTIC_TOKEN" >> /tmp/nix-netrc + - nix-env -iA nixpkgs.docker-client + - docker load -i docker-image-latest + - docker login -u vdx -p "$FORGEJO_REGISTRY_TOKEN" git.vdx.hu + - docker push git.vdx.hu/voidcontext/woodpecker-plugin-nix-attic + secrets: + - attic_token + - forgejo_registry_token + volumes: + - /var/run/docker.sock:/var/run/docker.sock diff --git a/flake.nix b/flake.nix index 2381be5..28be3df 100644 --- a/flake.nix +++ b/flake.nix @@ -4,63 +4,67 @@ inputs.nixpkgs.url = "nixpkgs/771b86d407c567b57d791197ec464b46a5480b0b"; inputs.attic.url = "github:zhaofengli/attic"; - outputs = { self, nixpkgs, attic }: { + outputs = { + self, + nixpkgs, + attic, + }: let + pkgs = import nixpkgs { + system = "x86_64-linux"; + overlays = [attic.overlays.default]; + }; + entrypoint = pkgs.writeShellApplication { + name = "woodpecker-nix-attic-entrypoint"; + text = '' + cat << EOF >> /etc/nix/nix.conf + experimental-features = nix-command flakes + trusted-substituters = $PLUGIN_BINARY_CACHE + extra-trusted-public-keys = $PLUGIN_BINARY_CACHE_PUBLIC_KEY + extra-substituters = $PLUGIN_BINARY_CACHE + netrc-file = /tmp/netrc + EOF - packages.x86_64-linux.woodpecker-plugin-nix-attic = - let - pkgs = import nixpkgs { - system = "x86_64-linux"; - overlays = [attic.overlays.default]; + if [[ $PLUGIN_BINARY_CACHE =~ ^https?:\/\/([^\/]+) ]]; then + machine=''${BASH_REMATCH[1]} + cat << EOF >> /tmp/netrc + machine $machine + password $PLUGIN_BINARY_CACHE_TOKEN + EOF + + fi + + export PATH=/bin:/$PATH + + ''${PLUGIN_COMMAND} + ''; + }; + nixImage = pkgs.dockerTools.pullImage { + imageName = "nixos/nix"; + imageDigest = "sha256:cee9f1cda2d794c53ca0db0794ee54cfea32748dddb718beba9bf654416e437a"; + sha256 = "1angy2h02q3smpcyja3h3rzqx6nip50w56pn3yc56qcr9q896ffb"; + finalImageName = "nixos/nix"; + finalImageTag = "2.15.1"; + }; + mkImage = tag: + pkgs.dockerTools.buildImage { + name = "git.vdx.hu/voidcontext/woodpecker-plugin-nix-attic"; + tag = tag; + fromImage = nixImage; + # runAsRoot = '' + # #!${pkgs.stdenv.shell} + # export PATH=/bin:/usr/bin:/sbin:/usr/sbin:$PATH + # ''; + copyToRoot = pkgs.buildEnv { + name = "woodpecker-plugin-nix-attic-image-root"; + paths = [pkgs.gnumake pkgs.attic-client entrypoint]; + pathsToLink = ["/bin"]; }; - entrypoint = pkgs.writeShellApplication { - name = "woodpecker-nix-attic-entrypoint"; - text = '' -cat << EOF >> /etc/nix/nix.conf -experimental-features = nix-command flakes -trusted-substituters = $PLUGIN_BINARY_CACHE -extra-trusted-public-keys = $PLUGIN_BINARY_CACHE_PUBLIC_KEY -extra-substituters = $PLUGIN_BINARY_CACHE -netrc-file = /tmp/netrc -EOF -if [[ $PLUGIN_BINARY_CACHE =~ ^https?:\/\/([^\/]+) ]]; then - machine=''${BASH_REMATCH[1]} - cat << EOF >> /tmp/netrc -machine $machine -password $PLUGIN_BINARY_CACHE_TOKEN -EOF - -fi - -export PATH=/bin:/$PATH - -''${PLUGIN_COMMAND} - ''; - }; - nixImage = pkgs.dockerTools.pullImage { - imageName = "nixos/nix"; - imageDigest = "sha256:ea010add01de314c23def4f333c2881ac5dda92031aaf5260a4d9491af401179"; - sha256 = "1qkkqn00h90dhql2jx2bgf08qfd0fkwycy9kg0w7gcpij2p4lq9r"; - finalImageName = "nixos/nix"; - finalImageTag = "2.18.0"; - }; - in - pkgs.dockerTools.buildImage { - name = "git.vdx.hu/voidcontext/woodpecker-plugin-nix-attic"; - tag = "latest"; - fromImage = nixImage; - # runAsRoot = '' - # #!${pkgs.stdenv.shell} - # export PATH=/bin:/usr/bin:/sbin:/usr/sbin:$PATH - # ''; - copyToRoot = pkgs.buildEnv { - name = "woodpecker-plugin-nix-attic-image-root"; - paths = [ pkgs.gnumake pkgs.attic-client entrypoint ]; - pathsToLink = [ "/bin" ]; - }; - - config.Cmd = ["/bin/woodpecker-nix-attic-entrypoint"]; - diskSize = 2048; - }; + config.Cmd = ["/bin/woodpecker-nix-attic-entrypoint"]; + diskSize = 2048; + }; + in { + packages.x86_64-linux.woodpecker-plugin-nix-attic-latest = mkImage "latest"; + packages.x86_64-linux.woodpecker-plugin-nix-attic-release = mkImage "0.1.0"; }; }