feat(autodeploy): Auto deploy to S3

2024-09-20 15:22:14 +02:00 · 2024-09-20 15:22:14 +02:00 · edbdb09cda
commit edbdb09cda
parent c58a5715e6
4 changed files with 121 additions and 0 deletions
--- a/.forgejo/workflows/build.yaml
+++ b/.forgejo/workflows/build.yaml
@ -0,0 +1,22 @@
+name: build configuration
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  build:
+    runs-on: nix
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: build
+        run: nix-shell --run 'mkdocs build'
+
+      - name: deploy
+        run: nix-shell -p awscli2 --run "aws s3 sync ./site/ s3://$BUCKET/ --delete --endpoint-url $URL"
+        env:
+          URL: "https://s3.dgnum.eu/"
+          BUCKET: hackens-website
+          AWS_ACCESS_KEY_ID: ${{ secrets.KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.SECRET_KEY }}
--- a/npins/default.nix
+++ b/npins/default.nix
@ -0,0 +1,80 @@
+# Generated by npins. Do not modify; will be overwritten regularly
+let
+  data = builtins.fromJSON (builtins.readFile ./sources.json);
+  version = data.version;
+
+  mkSource =
+    spec:
+    assert spec ? type;
+    let
+      path =
+        if spec.type == "Git" then
+          mkGitSource spec
+        else if spec.type == "GitRelease" then
+          mkGitSource spec
+        else if spec.type == "PyPi" then
+          mkPyPiSource spec
+        else if spec.type == "Channel" then
+          mkChannelSource spec
+        else
+          builtins.throw "Unknown source type ${spec.type}";
+    in
+    spec // { outPath = path; };
+
+  mkGitSource =
+    {
+      repository,
+      revision,
+      url ? null,
+      hash,
+      branch ? null,
+      ...
+    }:
+    assert repository ? type;
+    # At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository
+    # In the latter case, there we will always be an url to the tarball
+    if url != null then
+      (builtins.fetchTarball {
+        inherit url;
+        sha256 = hash; # FIXME: check nix version & use SRI hashes
+      })
+    else
+      assert repository.type == "Git";
+      let
+        urlToName =
+          url: rev:
+          let
+            matched = builtins.match "^.*/([^/]*)(\\.git)?$" repository.url;
+
+            short = builtins.substring 0 7 rev;
+
+            appendShort = if (builtins.match "[a-f0-9]*" rev) != null then "-${short}" else "";
+          in
+          "${if matched == null then "source" else builtins.head matched}${appendShort}";
+        name = urlToName repository.url revision;
+      in
+      builtins.fetchGit {
+        url = repository.url;
+        rev = revision;
+        inherit name;
+        # hash = hash;
+      };
+
+  mkPyPiSource =
+    { url, hash, ... }:
+    builtins.fetchurl {
+      inherit url;
+      sha256 = hash;
+    };
+
+  mkChannelSource =
+    { url, hash, ... }:
+    builtins.fetchTarball {
+      inherit url;
+      sha256 = hash;
+    };
+in
+if version == 3 then
+  builtins.mapAttrs (_: mkSource) data.pins
+else
+  throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`"
--- a/npins/sources.json
+++ b/npins/sources.json
@ -0,0 +1,11 @@
+{
+  "pins": {
+    "nixpkgs": {
+      "type": "Channel",
+      "name": "nixpkgs-unstable",
+      "url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.11pre682572.658e7223191d/nixexprs.tar.xz",
+      "hash": "05pxq7nhv78rb1gy7v73g962n4h6c81cybhzkg0j0h8hiki2s46c"
+    }
+  },
+  "version": 3
+}
--- a/shell.nix
+++ b/shell.nix
@ -0,0 +1,8 @@
+{ pkgs ? import (import ./npins).nixpkgs {} }:
+pkgs.mkShell {
+  packages = [
+    (pkgs.python3.withPackages (ps: [
+      ps.mkdocs
+    ]))
+  ];
+}