feat(nix): Use passthru for shells and return to importing the scripts
All checks were successful
Check workflows / check_workflows (push) Successful in 23s
Build all the nodes / bridge01 (push) Successful in 1m7s
Build all the nodes / geo02 (push) Successful in 1m6s
Build all the nodes / geo01 (push) Successful in 1m8s
Build all the nodes / rescue01 (push) Successful in 1m13s
Build all the nodes / compute01 (push) Successful in 1m29s
Build all the nodes / storage01 (push) Successful in 1m9s
Run pre-commit on all files / check (push) Successful in 24s
Build all the nodes / vault01 (push) Successful in 1m13s
Build all the nodes / web02 (push) Successful in 1m12s
Build all the nodes / web03 (push) Successful in 1m17s
Build all the nodes / web01 (push) Successful in 1m49s

This commit is contained in:
Tom Hubrecht 2024-11-14 22:18:40 +01:00
parent 6fbda40e5e
commit bf06d2573b
Signed by: thubrecht
SSH key fingerprint: SHA256:r+nK/SIcWlJ0zFZJGHtlAoRwq1Rm+WcKAm5ADYMoQPc
11 changed files with 56 additions and 56 deletions

View file

@ -4,7 +4,7 @@ jobs:
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: Check the validity of the DNS configuration - name: Check the validity of the DNS configuration
run: nix-build meta/verify.nix -A dns --no-out-link run: nix-build meta/verify.nix -A dns
check_meta: check_meta:
runs-on: nix runs-on: nix
steps: steps:

View file

@ -4,7 +4,8 @@ jobs:
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: Check that the workflows are up to date - name: Check that the workflows are up to date
run: nix-shell --run '[ $(git status --porcelain | wc -l) -eq 0 ]' run: nix-shell -A check-workflows --run '[ $(git status --porcelain | wc -l)
-eq 0 ]'
name: Check workflows name: Check workflows
'on': 'on':
pull_request: pull_request:

View file

@ -9,7 +9,7 @@ jobs:
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
STORE_USER: admin STORE_USER: admin
name: Build and cache bridge01 name: Build and cache bridge01
run: nix-shell --run cache-node run: nix-shell -A eval-nodes --run cache-node
compute01: compute01:
runs-on: nix runs-on: nix
steps: steps:
@ -20,7 +20,7 @@ jobs:
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
STORE_USER: admin STORE_USER: admin
name: Build and cache compute01 name: Build and cache compute01
run: nix-shell --run cache-node run: nix-shell -A eval-nodes --run cache-node
geo01: geo01:
runs-on: nix runs-on: nix
steps: steps:
@ -31,7 +31,7 @@ jobs:
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
STORE_USER: admin STORE_USER: admin
name: Build and cache geo01 name: Build and cache geo01
run: nix-shell --run cache-node run: nix-shell -A eval-nodes --run cache-node
geo02: geo02:
runs-on: nix runs-on: nix
steps: steps:
@ -42,7 +42,7 @@ jobs:
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
STORE_USER: admin STORE_USER: admin
name: Build and cache geo02 name: Build and cache geo02
run: nix-shell --run cache-node run: nix-shell -A eval-nodes --run cache-node
rescue01: rescue01:
runs-on: nix runs-on: nix
steps: steps:
@ -53,7 +53,7 @@ jobs:
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
STORE_USER: admin STORE_USER: admin
name: Build and cache rescue01 name: Build and cache rescue01
run: nix-shell --run cache-node run: nix-shell -A eval-nodes --run cache-node
storage01: storage01:
runs-on: nix runs-on: nix
steps: steps:
@ -64,7 +64,7 @@ jobs:
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
STORE_USER: admin STORE_USER: admin
name: Build and cache storage01 name: Build and cache storage01
run: nix-shell --run cache-node run: nix-shell -A eval-nodes --run cache-node
vault01: vault01:
runs-on: nix runs-on: nix
steps: steps:
@ -75,7 +75,7 @@ jobs:
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
STORE_USER: admin STORE_USER: admin
name: Build and cache vault01 name: Build and cache vault01
run: nix-shell --run cache-node run: nix-shell -A eval-nodes --run cache-node
web01: web01:
runs-on: nix runs-on: nix
steps: steps:
@ -86,7 +86,7 @@ jobs:
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
STORE_USER: admin STORE_USER: admin
name: Build and cache web01 name: Build and cache web01
run: nix-shell --run cache-node run: nix-shell -A eval-nodes --run cache-node
web02: web02:
runs-on: nix runs-on: nix
steps: steps:
@ -97,7 +97,7 @@ jobs:
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
STORE_USER: admin STORE_USER: admin
name: Build and cache web02 name: Build and cache web02
run: nix-shell --run cache-node run: nix-shell -A eval-nodes --run cache-node
web03: web03:
runs-on: nix runs-on: nix
steps: steps:
@ -108,7 +108,7 @@ jobs:
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
STORE_USER: admin STORE_USER: admin
name: Build and cache web03 name: Build and cache web03
run: nix-shell --run cache-node run: nix-shell -A eval-nodes --run cache-node
name: Build all the nodes name: Build all the nodes
'on': 'on':
pull_request: pull_request:

View file

@ -4,8 +4,8 @@ jobs:
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: Run pre-commit on all files - name: Run pre-commit on all files
run: nix-shell --run 'pre-commit run --all-files --hook-stage pre-push --show-diff-on-failure' run: nix-shell -A pre-commit --run 'pre-commit run --all-files --hook-stage
-A shells.pre-commit ./. pre-push --show-diff-on-failure'
name: Run pre-commit on all files name: Run pre-commit on all files
'on': 'on':
- push - push

View file

@ -43,6 +43,7 @@
let let
inherit (pkgs.lib) inherit (pkgs.lib)
isFunction isFunction
mapAttrs
mapAttrs' mapAttrs'
nameValuePair nameValuePair
removeSuffix removeSuffix
@ -88,6 +89,8 @@ let
) )
) (builtins.readDir ./workflows); ) (builtins.readDir ./workflows);
}; };
scripts = import ./scripts { inherit pkgs; };
in in
{ {
@ -99,37 +102,35 @@ in
mkCacheSettings = import ./machines/storage01/tvix-cache/cache-settings.nix; mkCacheSettings = import ./machines/storage01/tvix-cache/cache-settings.nix;
shells = { devShell = pkgs.mkShell {
default = pkgs.mkShell { name = "dgnum-infra";
name = "dgnum-infra";
packages = [ packages = [
(pkgs.nixos-generators.overrideAttrs (_: { (pkgs.nixos-generators.overrideAttrs (_: {
version = "1.8.0-unstable"; version = "1.8.0-unstable";
src = builtins.storePath sources.nixos-generators; src = sources.nixos-generators;
})) }))
pkgs.npins pkgs.npins
(pkgs.callPackage ./lib/colmena { inherit (nix-pkgs) colmena; }) (pkgs.callPackage ./lib/colmena { inherit (nix-pkgs) colmena; })
(pkgs.callPackage "${sources.agenix}/pkgs/agenix.nix" { }) (pkgs.callPackage "${sources.agenix}/pkgs/agenix.nix" { })
(pkgs.callPackage "${sources.lon}/nix/packages/lon.nix" { }) (pkgs.callPackage "${sources.lon}/nix/packages/lon.nix" { })
] ++ (builtins.attrValues scripts);
] ++ (pkgs.callPackage ./scripts { }); shellHook = ''
${git-checks.shellHook}
${workflows.shellHook}
'';
shellHook = '' preferLocalBuild = true;
${git-checks.shellHook}
${workflows.shellHook}
'';
preferLocalBuild = true; ###
}; # Alternative shells
pre-commit = pkgs.mkShell { passthru = mapAttrs (name: value: pkgs.mkShell (value // { inherit name; })) {
name = "pre-commit-shell"; pre-commit.shellHook = git-checks.shellHook;
check-workflows.shellHook = workflows.shellHook;
shellHook = '' eval-nodes.packages = [ scripts.cache-node ];
${git-checks.shellHook}
'';
}; };
}; };
} }

View file

@ -1,16 +1,14 @@
{ { pkgs }:
lib,
writeShellApplication,
# Dependencies
colmena,
jq,
nvd,
...
}:
let let
inherit (lib) mapAttrsToList; inherit (pkgs.lib) mapAttrs;
inherit (pkgs)
writeShellApplication
colmena
jq
nvd
;
scripts = { scripts = {
cache-node = [ colmena ]; cache-node = [ colmena ];
@ -24,7 +22,7 @@ let
}; };
in in
mapAttrsToList ( mapAttrs (
name: runtimeInputs: name: runtimeInputs:
writeShellApplication { writeShellApplication {
inherit name runtimeInputs; inherit name runtimeInputs;

View file

@ -1 +1 @@
(import ./. { }).shells.default (import ./. { }).devShell

View file

@ -23,7 +23,7 @@
{ uses = "actions/checkout@v3"; } { uses = "actions/checkout@v3"; }
{ {
name = "Check the validity of the DNS configuration"; name = "Check the validity of the DNS configuration";
run = "nix-build meta/verify.nix -A dns --no-out-link"; run = "nix-build meta/verify.nix -A dns";
} }
]; ];
}; };

View file

@ -12,7 +12,7 @@
{ uses = "actions/checkout@v3"; } { uses = "actions/checkout@v3"; }
{ {
name = "Check that the workflows are up to date"; name = "Check that the workflows are up to date";
run = "nix-shell --run '[ $(git status --porcelain | wc -l) -eq 0 ]'"; run = "nix-shell -A check-workflows --run '[ $(git status --porcelain | wc -l) -eq 0 ]'";
} }
]; ];
}; };

View file

@ -19,7 +19,7 @@ in
{ uses = "actions/checkout@v3"; } { uses = "actions/checkout@v3"; }
{ {
name = "Build and cache ${node}"; name = "Build and cache ${node}";
run = "nix-shell --run cache-node"; run = "nix-shell -A eval-nodes --run cache-node";
env = { env = {
STORE_ENDPOINT = "https://tvix-store.dgnum.eu/infra-signing/"; STORE_ENDPOINT = "https://tvix-store.dgnum.eu/infra-signing/";
STORE_USER = "admin"; STORE_USER = "admin";

View file

@ -11,7 +11,7 @@
{ uses = "actions/checkout@v3"; } { uses = "actions/checkout@v3"; }
{ {
name = "Run pre-commit on all files"; name = "Run pre-commit on all files";
run = "nix-shell --run 'pre-commit run --all-files --hook-stage pre-push --show-diff-on-failure' -A shells.pre-commit ./."; run = "nix-shell -A pre-commit --run 'pre-commit run --all-files --hook-stage pre-push --show-diff-on-failure'";
} }
]; ];
}; };