diff --git a/.forgejo/workflows/eval-nodes.yaml b/.forgejo/workflows/eval-nodes.yaml index e838430..9a00c90 100644 --- a/.forgejo/workflows/eval-nodes.yaml +++ b/.forgejo/workflows/eval-nodes.yaml @@ -7,231 +7,378 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: ap01 + name: Eval ap01 + run: "nix-shell -A eval-nodes --run 'DRV=\"$(instantiate-node)\"\necho \"DRV=$DRV\"\ + \ >> $GITHUB_ENV\n'" + - name: Build ap01 + run: "STORE_PATH=\"$(nix-store --realise \"$DRV\")\"\necho \"STORE_PATH=$STORE_PATH\"\ + \ >> $GITHUB_ENV\n" + - env: STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/ STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_USER: admin - name: Build and cache ap01 - run: nix-shell -A eval-nodes --run cache-node + name: Cache ap01 + run: "nix-shell -A eval-nodes --run 'push-to-cache \"$STORE_PATH\"\n'" bridge01: runs-on: nix steps: - uses: actions/checkout@v3 - env: BUILD_NODE: bridge01 + name: Eval bridge01 + run: "nix-shell -A eval-nodes --run 'DRV=\"$(instantiate-node)\"\necho \"DRV=$DRV\"\ + \ >> $GITHUB_ENV\n'" + - name: Build bridge01 + run: "STORE_PATH=\"$(nix-store --realise \"$DRV\")\"\necho \"STORE_PATH=$STORE_PATH\"\ + \ >> $GITHUB_ENV\n" + - env: STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/ STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_USER: admin - name: Build and cache bridge01 - run: nix-shell -A eval-nodes --run cache-node + name: Cache bridge01 + run: "nix-shell -A eval-nodes --run 'push-to-cache \"$STORE_PATH\"\n'" build01: runs-on: nix steps: - uses: actions/checkout@v3 - env: BUILD_NODE: build01 + name: Eval build01 + run: "nix-shell -A eval-nodes --run 'DRV=\"$(instantiate-node)\"\necho \"DRV=$DRV\"\ + \ >> $GITHUB_ENV\n'" + - name: Build build01 + run: "STORE_PATH=\"$(nix-store --realise \"$DRV\")\"\necho \"STORE_PATH=$STORE_PATH\"\ + \ >> $GITHUB_ENV\n" + - env: STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/ STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_USER: admin - name: Build and cache build01 - run: nix-shell -A eval-nodes --run cache-node + name: Cache build01 + run: "nix-shell -A eval-nodes --run 'push-to-cache \"$STORE_PATH\"\n'" cof02: runs-on: nix steps: - uses: actions/checkout@v3 - env: BUILD_NODE: cof02 + name: Eval cof02 + run: "nix-shell -A eval-nodes --run 'DRV=\"$(instantiate-node)\"\necho \"DRV=$DRV\"\ + \ >> $GITHUB_ENV\n'" + - name: Build cof02 + run: "STORE_PATH=\"$(nix-store --realise \"$DRV\")\"\necho \"STORE_PATH=$STORE_PATH\"\ + \ >> $GITHUB_ENV\n" + - env: STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/ STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_USER: admin - name: Build and cache cof02 - run: nix-shell -A eval-nodes --run cache-node + name: Cache cof02 + run: "nix-shell -A eval-nodes --run 'push-to-cache \"$STORE_PATH\"\n'" compute01: runs-on: nix steps: - uses: actions/checkout@v3 - env: BUILD_NODE: compute01 + name: Eval compute01 + run: "nix-shell -A eval-nodes --run 'DRV=\"$(instantiate-node)\"\necho \"DRV=$DRV\"\ + \ >> $GITHUB_ENV\n'" + - name: Build compute01 + run: "STORE_PATH=\"$(nix-store --realise \"$DRV\")\"\necho \"STORE_PATH=$STORE_PATH\"\ + \ >> $GITHUB_ENV\n" + - env: STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/ STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_USER: admin - name: Build and cache compute01 - run: nix-shell -A eval-nodes --run cache-node + name: Cache compute01 + run: "nix-shell -A eval-nodes --run 'push-to-cache \"$STORE_PATH\"\n'" geo01: runs-on: nix steps: - uses: actions/checkout@v3 - env: BUILD_NODE: geo01 + name: Eval geo01 + run: "nix-shell -A eval-nodes --run 'DRV=\"$(instantiate-node)\"\necho \"DRV=$DRV\"\ + \ >> $GITHUB_ENV\n'" + - name: Build geo01 + run: "STORE_PATH=\"$(nix-store --realise \"$DRV\")\"\necho \"STORE_PATH=$STORE_PATH\"\ + \ >> $GITHUB_ENV\n" + - env: STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/ STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_USER: admin - name: Build and cache geo01 - run: nix-shell -A eval-nodes --run cache-node + name: Cache geo01 + run: "nix-shell -A eval-nodes --run 'push-to-cache \"$STORE_PATH\"\n'" geo02: runs-on: nix steps: - uses: actions/checkout@v3 - env: BUILD_NODE: geo02 + name: Eval geo02 + run: "nix-shell -A eval-nodes --run 'DRV=\"$(instantiate-node)\"\necho \"DRV=$DRV\"\ + \ >> $GITHUB_ENV\n'" + - name: Build geo02 + run: "STORE_PATH=\"$(nix-store --realise \"$DRV\")\"\necho \"STORE_PATH=$STORE_PATH\"\ + \ >> $GITHUB_ENV\n" + - env: STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/ STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_USER: admin - name: Build and cache geo02 - run: nix-shell -A eval-nodes --run cache-node + name: Cache geo02 + run: "nix-shell -A eval-nodes --run 'push-to-cache \"$STORE_PATH\"\n'" hypervisor01: runs-on: nix steps: - uses: actions/checkout@v3 - env: BUILD_NODE: hypervisor01 + name: Eval hypervisor01 + run: "nix-shell -A eval-nodes --run 'DRV=\"$(instantiate-node)\"\necho \"DRV=$DRV\"\ + \ >> $GITHUB_ENV\n'" + - name: Build hypervisor01 + run: "STORE_PATH=\"$(nix-store --realise \"$DRV\")\"\necho \"STORE_PATH=$STORE_PATH\"\ + \ >> $GITHUB_ENV\n" + - env: STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/ STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_USER: admin - name: Build and cache hypervisor01 - run: nix-shell -A eval-nodes --run cache-node + name: Cache hypervisor01 + run: "nix-shell -A eval-nodes --run 'push-to-cache \"$STORE_PATH\"\n'" hypervisor02: runs-on: nix steps: - uses: actions/checkout@v3 - env: BUILD_NODE: hypervisor02 + name: Eval hypervisor02 + run: "nix-shell -A eval-nodes --run 'DRV=\"$(instantiate-node)\"\necho \"DRV=$DRV\"\ + \ >> $GITHUB_ENV\n'" + - name: Build hypervisor02 + run: "STORE_PATH=\"$(nix-store --realise \"$DRV\")\"\necho \"STORE_PATH=$STORE_PATH\"\ + \ >> $GITHUB_ENV\n" + - env: STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/ STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_USER: admin - name: Build and cache hypervisor02 - run: nix-shell -A eval-nodes --run cache-node + name: Cache hypervisor02 + run: "nix-shell -A eval-nodes --run 'push-to-cache \"$STORE_PATH\"\n'" hypervisor03: runs-on: nix steps: - uses: actions/checkout@v3 - env: BUILD_NODE: hypervisor03 + name: Eval hypervisor03 + run: "nix-shell -A eval-nodes --run 'DRV=\"$(instantiate-node)\"\necho \"DRV=$DRV\"\ + \ >> $GITHUB_ENV\n'" + - name: Build hypervisor03 + run: "STORE_PATH=\"$(nix-store --realise \"$DRV\")\"\necho \"STORE_PATH=$STORE_PATH\"\ + \ >> $GITHUB_ENV\n" + - env: STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/ STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_USER: admin - name: Build and cache hypervisor03 - run: nix-shell -A eval-nodes --run cache-node + name: Cache hypervisor03 + run: "nix-shell -A eval-nodes --run 'push-to-cache \"$STORE_PATH\"\n'" netaccess01: runs-on: nix steps: - uses: actions/checkout@v3 - env: BUILD_NODE: netaccess01 + name: Eval netaccess01 + run: "nix-shell -A eval-nodes --run 'DRV=\"$(instantiate-node)\"\necho \"DRV=$DRV\"\ + \ >> $GITHUB_ENV\n'" + - name: Build netaccess01 + run: "STORE_PATH=\"$(nix-store --realise \"$DRV\")\"\necho \"STORE_PATH=$STORE_PATH\"\ + \ >> $GITHUB_ENV\n" + - env: STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/ STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_USER: admin - name: Build and cache netaccess01 - run: nix-shell -A eval-nodes --run cache-node + name: Cache netaccess01 + run: "nix-shell -A eval-nodes --run 'push-to-cache \"$STORE_PATH\"\n'" netcore00: runs-on: nix steps: - uses: actions/checkout@v3 - env: BUILD_NODE: netcore00 + name: Eval netcore00 + run: "nix-shell -A eval-nodes --run 'DRV=\"$(instantiate-node)\"\necho \"DRV=$DRV\"\ + \ >> $GITHUB_ENV\n'" + - name: Build netcore00 + run: "STORE_PATH=\"$(nix-store --realise \"$DRV\")\"\necho \"STORE_PATH=$STORE_PATH\"\ + \ >> $GITHUB_ENV\n" + - env: STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/ STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_USER: admin - name: Build and cache netcore00 - run: nix-shell -A eval-nodes --run cache-node + name: Cache netcore00 + run: "nix-shell -A eval-nodes --run 'push-to-cache \"$STORE_PATH\"\n'" netcore01: runs-on: nix steps: - uses: actions/checkout@v3 - env: BUILD_NODE: netcore01 + name: Eval netcore01 + run: "nix-shell -A eval-nodes --run 'DRV=\"$(instantiate-node)\"\necho \"DRV=$DRV\"\ + \ >> $GITHUB_ENV\n'" + - name: Build netcore01 + run: "STORE_PATH=\"$(nix-store --realise \"$DRV\")\"\necho \"STORE_PATH=$STORE_PATH\"\ + \ >> $GITHUB_ENV\n" + - env: STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/ STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_USER: admin - name: Build and cache netcore01 - run: nix-shell -A eval-nodes --run cache-node + name: Cache netcore01 + run: "nix-shell -A eval-nodes --run 'push-to-cache \"$STORE_PATH\"\n'" netcore02: runs-on: nix steps: - uses: actions/checkout@v3 - env: BUILD_NODE: netcore02 + name: Eval netcore02 + run: "nix-shell -A eval-nodes --run 'DRV=\"$(instantiate-node)\"\necho \"DRV=$DRV\"\ + \ >> $GITHUB_ENV\n'" + - name: Build netcore02 + run: "STORE_PATH=\"$(nix-store --realise \"$DRV\")\"\necho \"STORE_PATH=$STORE_PATH\"\ + \ >> $GITHUB_ENV\n" + - env: STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/ STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_USER: admin - name: Build and cache netcore02 - run: nix-shell -A eval-nodes --run cache-node + name: Cache netcore02 + run: "nix-shell -A eval-nodes --run 'push-to-cache \"$STORE_PATH\"\n'" rescue01: runs-on: nix steps: - uses: actions/checkout@v3 - env: BUILD_NODE: rescue01 + name: Eval rescue01 + run: "nix-shell -A eval-nodes --run 'DRV=\"$(instantiate-node)\"\necho \"DRV=$DRV\"\ + \ >> $GITHUB_ENV\n'" + - name: Build rescue01 + run: "STORE_PATH=\"$(nix-store --realise \"$DRV\")\"\necho \"STORE_PATH=$STORE_PATH\"\ + \ >> $GITHUB_ENV\n" + - env: STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/ STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_USER: admin - name: Build and cache rescue01 - run: nix-shell -A eval-nodes --run cache-node + name: Cache rescue01 + run: "nix-shell -A eval-nodes --run 'push-to-cache \"$STORE_PATH\"\n'" storage01: runs-on: nix steps: - uses: actions/checkout@v3 - env: BUILD_NODE: storage01 + name: Eval storage01 + run: "nix-shell -A eval-nodes --run 'DRV=\"$(instantiate-node)\"\necho \"DRV=$DRV\"\ + \ >> $GITHUB_ENV\n'" + - name: Build storage01 + run: "STORE_PATH=\"$(nix-store --realise \"$DRV\")\"\necho \"STORE_PATH=$STORE_PATH\"\ + \ >> $GITHUB_ENV\n" + - env: STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/ STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_USER: admin - name: Build and cache storage01 - run: nix-shell -A eval-nodes --run cache-node + name: Cache storage01 + run: "nix-shell -A eval-nodes --run 'push-to-cache \"$STORE_PATH\"\n'" tower01: runs-on: nix steps: - uses: actions/checkout@v3 - env: BUILD_NODE: tower01 + name: Eval tower01 + run: "nix-shell -A eval-nodes --run 'DRV=\"$(instantiate-node)\"\necho \"DRV=$DRV\"\ + \ >> $GITHUB_ENV\n'" + - name: Build tower01 + run: "STORE_PATH=\"$(nix-store --realise \"$DRV\")\"\necho \"STORE_PATH=$STORE_PATH\"\ + \ >> $GITHUB_ENV\n" + - env: STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/ STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_USER: admin - name: Build and cache tower01 - run: nix-shell -A eval-nodes --run cache-node + name: Cache tower01 + run: "nix-shell -A eval-nodes --run 'push-to-cache \"$STORE_PATH\"\n'" vault01: runs-on: nix steps: - uses: actions/checkout@v3 - env: BUILD_NODE: vault01 + name: Eval vault01 + run: "nix-shell -A eval-nodes --run 'DRV=\"$(instantiate-node)\"\necho \"DRV=$DRV\"\ + \ >> $GITHUB_ENV\n'" + - name: Build vault01 + run: "STORE_PATH=\"$(nix-store --realise \"$DRV\")\"\necho \"STORE_PATH=$STORE_PATH\"\ + \ >> $GITHUB_ENV\n" + - env: STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/ STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_USER: admin - name: Build and cache vault01 - run: nix-shell -A eval-nodes --run cache-node + name: Cache vault01 + run: "nix-shell -A eval-nodes --run 'push-to-cache \"$STORE_PATH\"\n'" web01: runs-on: nix steps: - uses: actions/checkout@v3 - env: BUILD_NODE: web01 + name: Eval web01 + run: "nix-shell -A eval-nodes --run 'DRV=\"$(instantiate-node)\"\necho \"DRV=$DRV\"\ + \ >> $GITHUB_ENV\n'" + - name: Build web01 + run: "STORE_PATH=\"$(nix-store --realise \"$DRV\")\"\necho \"STORE_PATH=$STORE_PATH\"\ + \ >> $GITHUB_ENV\n" + - env: STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/ STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_USER: admin - name: Build and cache web01 - run: nix-shell -A eval-nodes --run cache-node + name: Cache web01 + run: "nix-shell -A eval-nodes --run 'push-to-cache \"$STORE_PATH\"\n'" web02: runs-on: nix steps: - uses: actions/checkout@v3 - env: BUILD_NODE: web02 + name: Eval web02 + run: "nix-shell -A eval-nodes --run 'DRV=\"$(instantiate-node)\"\necho \"DRV=$DRV\"\ + \ >> $GITHUB_ENV\n'" + - name: Build web02 + run: "STORE_PATH=\"$(nix-store --realise \"$DRV\")\"\necho \"STORE_PATH=$STORE_PATH\"\ + \ >> $GITHUB_ENV\n" + - env: STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/ STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_USER: admin - name: Build and cache web02 - run: nix-shell -A eval-nodes --run cache-node + name: Cache web02 + run: "nix-shell -A eval-nodes --run 'push-to-cache \"$STORE_PATH\"\n'" web03: runs-on: nix steps: - uses: actions/checkout@v3 - env: BUILD_NODE: web03 + name: Eval web03 + run: "nix-shell -A eval-nodes --run 'DRV=\"$(instantiate-node)\"\necho \"DRV=$DRV\"\ + \ >> $GITHUB_ENV\n'" + - name: Build web03 + run: "STORE_PATH=\"$(nix-store --realise \"$DRV\")\"\necho \"STORE_PATH=$STORE_PATH\"\ + \ >> $GITHUB_ENV\n" + - env: STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/ STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_USER: admin - name: Build and cache web03 - run: nix-shell -A eval-nodes --run cache-node + name: Cache web03 + run: "nix-shell -A eval-nodes --run 'push-to-cache \"$STORE_PATH\"\n'" name: Build all the nodes on: pull_request: diff --git a/default.nix b/default.nix index e9f0c4a..f57333d 100644 --- a/default.nix +++ b/default.nix @@ -250,7 +250,10 @@ in passthru = mapAttrs (name: value: pkgs.mkShell (value // { inherit name; })) { pre-commit.shellHook = git-checks.shellHook; check-workflows.shellHook = workflows.shellHook; - eval-nodes.packages = [ scripts.cache-node ]; + eval-nodes.packages = [ + scripts.instantiate-node + scripts.push-to-cache + ]; eval-shell.packages = [ scripts.nix-build-and-cache ]; npins-shell.packages = [ pkgs.npins ]; }; diff --git a/scripts/cache-node.sh b/scripts/cache-node.sh index fab3636..68d1007 100755 --- a/scripts/cache-node.sh +++ b/scripts/cache-node.sh @@ -8,31 +8,5 @@ set -o nounset set -o pipefail shopt -s lastpipe -# Remove the `nixpkgs=` default input. -export NIX_PATH="nixpkgs=" - -system_type="$(colmena eval -E "{ nodes, ... }: nodes.${BUILD_NODE}.config.deployment.systemType" --show-trace)" -# Get rid of surrounding quotes. -system_type="${system_type%\"}" -system_type="${system_type#\"}" - -case "$system_type" in - nixos) - toplevel_path="config.system.build.toplevel" - ;; - zyxel-nwa50ax) - toplevel_path="config.system.outputs.zyxel-nwa-fit" - ;; - netconf) - toplevel_path="config.netconf.rpc" - ;; - *) - echo "Unsupported system type '$system_type' for caching; add an entry in 'scripts/cache-node.sh'" - exit 1 - ;; -esac - -drv=$(colmena eval --instantiate -E "{ nodes, ... }: nodes.${BUILD_NODE}.${toplevel_path}" --show-trace) - # Build the derivation and send it to the great beyond -push-to-cache "$(nix-store --realise "$drv")" +push-to-cache "$(nix-store --realise "$(instantiate-node)")" diff --git a/scripts/default.nix b/scripts/default.nix index 6a021ff..6c1d38b 100644 --- a/scripts/default.nix +++ b/scripts/default.nix @@ -20,8 +20,9 @@ let ; scripts = { + instantiate-node = [ colmena ]; cache-node = [ - colmena + self.instantiate-node self.push-to-cache ]; push-to-cache = [ ]; diff --git a/scripts/instantiate-node.sh b/scripts/instantiate-node.sh new file mode 100755 index 0000000..7087dee --- /dev/null +++ b/scripts/instantiate-node.sh @@ -0,0 +1,35 @@ +# SPDX-FileCopyrightText: 2024 Ryan Lahfa +# SPDX-FileCopyrightText: 2024 Tom Hubrecht +# +# SPDX-License-Identifier: EUPL-1.2 + +set -o errexit +set -o nounset +set -o pipefail +shopt -s lastpipe + +# Remove the `nixpkgs=` default input. +export NIX_PATH="nixpkgs=" + +system_type="$(colmena eval -E "{ nodes, ... }: nodes.${BUILD_NODE}.config.deployment.systemType" --show-trace)" +# Get rid of surrounding quotes. +system_type="${system_type%\"}" +system_type="${system_type#\"}" + +case "$system_type" in + nixos) + toplevel_path="config.system.build.toplevel" + ;; + zyxel-nwa50ax) + toplevel_path="config.system.outputs.zyxel-nwa-fit" + ;; + netconf) + toplevel_path="config.netconf.rpc" + ;; + *) + echo "Unsupported system type '$system_type' for caching; add an entry in 'scripts/cache-node.sh'" + exit 1 + ;; +esac + +colmena eval --instantiate -E "{ nodes, ... }: nodes.${BUILD_NODE}.${toplevel_path}" --show-trace diff --git a/workflows/eval-nodes.nix b/workflows/eval-nodes.nix index 4a591e1..6dc741e 100644 --- a/workflows/eval-nodes.nix +++ b/workflows/eval-nodes.nix @@ -22,16 +22,36 @@ in steps = [ { uses = "actions/checkout@v3"; } { - name = "Build and cache ${node}"; + name = "Eval ${node}"; run = nix-actions.lib.nix-shell { - script = "cache-node"; + script = '' + DRV="$(instantiate-node)" + echo "DRV=$DRV" >> $GITHUB_ENV + ''; + shell = "eval-nodes"; + }; + env.BUILD_NODE = node; + } + { + name = "Build ${node}"; + run = # bash + '' + STORE_PATH="$(nix-store --realise "$DRV")" + echo "STORE_PATH=$STORE_PATH" >> $GITHUB_ENV + ''; + } + { + name = "Cache ${node}"; + run = nix-actions.lib.nix-shell { + script = '' + push-to-cache "$STORE_PATH" + ''; shell = "eval-nodes"; }; env = { STORE_ENDPOINT = "https://tvix-store.dgnum.eu/infra-signing/"; STORE_USER = "admin"; STORE_PASSWORD = nix-actions.lib.secret "STORE_PASSWORD"; - BUILD_NODE = node; }; } ];