build: self host the ci pipeline (use the plugin's image the build itself) (#3)

Reviewed-on: https://git.vdx.hu/voidcontext/woodpecker-plugin-nix-attic/pulls/3 Co-authored-by: Gabor Pihaj <gabor.pihaj@gmail.com> Co-committed-by: Gabor Pihaj <gabor.pihaj@gmail.com>
2023-09-30 16:13:32 +00:00 · 2023-09-30 16:13:32 +00:00 · f2449dae50
commit f2449dae50
parent 95e2ebdb36
1 changed files with 25 additions and 33 deletions
--- a/.woodpecker/ci.yaml
+++ b/.woodpecker/ci.yaml
@ -1,45 +1,37 @@
 variables:
  - common_settings: &common_settings
      binary_cache: https://cache.nix.vdx.hu/private
      binary_cache_public_key: private:b6wO7rXF+4WtPCocEKlbdU/bTqEdJAqRrzOu0O3cK68=
      binary_cache_token:
        from_secret: attic_token
 steps:
  build:
-    image: nixos/nix:2.15.1
+    image: git.vdx.hu/voidcontext/woodpecker-plugin-nix-attic
-    commands:
+    settings:
-      - set -o pipefail
+      <<: *common_settings
      - echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf
      - echo "trusted-substituters = https://cache.nix.vdx.hu/private" >> /etc/nix/nix.conf
      - echo "extra-trusted-public-keys = private:b6wO7rXF+4WtPCocEKlbdU/bTqEdJAqRrzOu0O3cK68=" >> /etc/nix/nix.conf
      - echo "extra-substituters = https://cache.nix.vdx.hu/private" >> /etc/nix/nix.conf
      - echo "netrc-file = /tmp/nix-netrc" >> /etc/nix/nix.conf
      - echo "machine cache.nix.vdx.hu" > /tmp/nix-netrc
      - echo "password $ATTIC_TOKEN" >> /tmp/nix-netrc
      - nix build .#woodpecker-plugin-nix-attic-latest
      - nix-env -iA nixpkgs.docker-client
      # "persist" the generated image in the workspace
-      - cp $(realpath result) docker-image-latest
+      script: |
-      - docker load -i docker-image-latest
+          nix build .#woodpecker-plugin-nix-attic-latest
-    secrets: 
+          nix-env -iA nixpkgs.docker-client
-      - attic_token
+          cp $(realpath result) docker-image-latest
-      - forgejo_registry_token
+          docker load -i docker-image-latest
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
  publish-latest:
-    image: nixos/nix
+    image: git.vdx.hu/voidcontext/woodpecker-plugin-nix-attic
    when:
      - event: push
        branch: main
-    commands:
+    settings:
-      - set -o pipefail
+      <<: *common_settings
-      - echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf
+      # "persist" the generated image in the workspace
-      - echo "trusted-substituters = https://cache.nix.vdx.hu/private" >> /etc/nix/nix.conf
+      script: |
-      - echo "extra-trusted-public-keys = private:b6wO7rXF+4WtPCocEKlbdU/bTqEdJAqRrzOu0O3cK68=" >> /etc/nix/nix.conf
+          nix-env -iA nixpkgs.docker-client
-      - echo "extra-substituters = https://cache.nix.vdx.hu/private" >> /etc/nix/nix.conf
+          docker load -i docker-image-latest
-      - echo "netrc-file = /tmp/nix-netrc" >> /etc/nix/nix.conf
+          docker login -u vdx -p "$FORGEJO_REGISTRY_TOKEN" git.vdx.hu
-      - echo "machine cache.nix.vdx.hu" > /tmp/nix-netrc
+          docker push git.vdx.hu/voidcontext/woodpecker-plugin-nix-attic
-      - echo "password $ATTIC_TOKEN" >> /tmp/nix-netrc
+    secrets:
      - nix-env -iA nixpkgs.docker-client
      - docker load -i docker-image-latest
      - docker login -u vdx -p "$FORGEJO_REGISTRY_TOKEN" git.vdx.hu
      - docker push git.vdx.hu/voidcontext/woodpecker-plugin-nix-attic
    secrets: 
      - attic_token
      - forgejo_registry_token
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock