From edbdb09cdac34f3cdac0d4ac4c8e934bc27d5420 Mon Sep 17 00:00:00 2001 From: sinavir Date: Fri, 20 Sep 2024 15:22:14 +0200 Subject: [PATCH] feat(autodeploy): Auto deploy to S3 --- .forgejo/workflows/build.yaml | 22 ++++++++++ npins/default.nix | 80 +++++++++++++++++++++++++++++++++++ npins/sources.json | 11 +++++ shell.nix | 8 ++++ 4 files changed, 121 insertions(+) create mode 100644 .forgejo/workflows/build.yaml create mode 100644 npins/default.nix create mode 100644 npins/sources.json create mode 100644 shell.nix diff --git a/.forgejo/workflows/build.yaml b/.forgejo/workflows/build.yaml new file mode 100644 index 0000000..3db8eb4 --- /dev/null +++ b/.forgejo/workflows/build.yaml @@ -0,0 +1,22 @@ +name: build configuration +on: + push: + branches: + - master + +jobs: + build: + runs-on: nix + steps: + - uses: actions/checkout@v3 + + - name: build + run: nix-shell --run 'mkdocs build' + + - name: deploy + run: nix-shell -p awscli2 --run "aws s3 sync ./site/ s3://$BUCKET/ --delete --endpoint-url $URL" + env: + URL: "https://s3.dgnum.eu/" + BUCKET: hackens-website + AWS_ACCESS_KEY_ID: ${{ secrets.KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.SECRET_KEY }} diff --git a/npins/default.nix b/npins/default.nix new file mode 100644 index 0000000..5e7d086 --- /dev/null +++ b/npins/default.nix @@ -0,0 +1,80 @@ +# Generated by npins. Do not modify; will be overwritten regularly +let + data = builtins.fromJSON (builtins.readFile ./sources.json); + version = data.version; + + mkSource = + spec: + assert spec ? type; + let + path = + if spec.type == "Git" then + mkGitSource spec + else if spec.type == "GitRelease" then + mkGitSource spec + else if spec.type == "PyPi" then + mkPyPiSource spec + else if spec.type == "Channel" then + mkChannelSource spec + else + builtins.throw "Unknown source type ${spec.type}"; + in + spec // { outPath = path; }; + + mkGitSource = + { + repository, + revision, + url ? null, + hash, + branch ? null, + ... + }: + assert repository ? type; + # At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository + # In the latter case, there we will always be an url to the tarball + if url != null then + (builtins.fetchTarball { + inherit url; + sha256 = hash; # FIXME: check nix version & use SRI hashes + }) + else + assert repository.type == "Git"; + let + urlToName = + url: rev: + let + matched = builtins.match "^.*/([^/]*)(\\.git)?$" repository.url; + + short = builtins.substring 0 7 rev; + + appendShort = if (builtins.match "[a-f0-9]*" rev) != null then "-${short}" else ""; + in + "${if matched == null then "source" else builtins.head matched}${appendShort}"; + name = urlToName repository.url revision; + in + builtins.fetchGit { + url = repository.url; + rev = revision; + inherit name; + # hash = hash; + }; + + mkPyPiSource = + { url, hash, ... }: + builtins.fetchurl { + inherit url; + sha256 = hash; + }; + + mkChannelSource = + { url, hash, ... }: + builtins.fetchTarball { + inherit url; + sha256 = hash; + }; +in +if version == 3 then + builtins.mapAttrs (_: mkSource) data.pins +else + throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`" diff --git a/npins/sources.json b/npins/sources.json new file mode 100644 index 0000000..a3d5509 --- /dev/null +++ b/npins/sources.json @@ -0,0 +1,11 @@ +{ + "pins": { + "nixpkgs": { + "type": "Channel", + "name": "nixpkgs-unstable", + "url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.11pre682572.658e7223191d/nixexprs.tar.xz", + "hash": "05pxq7nhv78rb1gy7v73g962n4h6c81cybhzkg0j0h8hiki2s46c" + } + }, + "version": 3 +} \ No newline at end of file diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..c2919c9 --- /dev/null +++ b/shell.nix @@ -0,0 +1,8 @@ +{ pkgs ? import (import ./npins).nixpkgs {} }: +pkgs.mkShell { + packages = [ + (pkgs.python3.withPackages (ps: [ + ps.mkdocs + ])) + ]; +}