dgnum.eu/default.nix

168 lines
4.4 KiB
Nix

# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
{
sources ? import ./npins,
pkgs ? import sources.nixpkgs { },
}:
let
nix-reuse = import sources.nix-reuse { inherit pkgs; };
nix-hooks = import sources.git-hooks;
nix-actions = import sources.nix-actions { inherit pkgs; };
# Hooks definition
reuse = nix-reuse.install {
defaultLicense = "EUPL-1.2";
defaultCopyright = "La Délégation Générale Numérique <contact@dgnum.eu>";
downloadLicenses = true;
generatedPaths = [
"**/.envrc"
".forgejo/workflows/*"
".gitignore"
"REUSE.toml"
"npins/*"
"package.json"
"package-lock.json"
"shell.nix"
"src/_data/*.json"
"src/assets/css/dgnum.css"
];
annotations = [
# Bulma source
{
path = "src/assets/scss/bulma/**";
license = "MIT";
copyright = "2023 Jeremy Thomas";
}
# Content files
{
path = "src/**.md";
license = "CC-BY-4.0";
}
# Reserved files
{
path = [
"src/_uploads/**"
];
license = "LicenseRef-Reserved";
}
];
};
git-hooks = nix-hooks.run {
src = ./.;
hooks = {
reuse = {
enable = true;
package = pkgs.reuse;
stages = [ "pre-push" ];
};
commitizen.enable = true;
};
};
workflows = nix-actions.install {
src = ./.;
workflows = {
deploy-dgnum = {
name = "Deploy dgnum.eu";
on.push.branches = [ "main" ];
jobs.deploy = {
runs-on = "nix";
steps = [
(nix-actions.steps.checkout { path = "dgnum.eu"; })
{
name = "Build the website";
run = "nix-build dgnum.eu";
}
{
name = "Update the website on codeberg";
run = # bash
''
export HOME="$GITHUB_WORKSPACE"
echo "[+] Using SSH_DEPLOY_KEY"
# Setup deploy key
DEPLOY_KEY_FILE="$HOME/.ssh/deploy_key"
mkdir .ssh
echo "$SSH_DEPLOY_KEY" > "$DEPLOY_KEY_FILE"
chmod 600 "$DEPLOY_KEY_FILE"
# Setup known hosts
KNOWN_HOSTS_FILE="$HOME/.ssh/known_hosts"
ssh-keyscan -H codeberg.org > "$KNOWN_HOSTS_FILE"
export GIT_SSH_COMMAND="ssh -i $DEPLOY_KEY_FILE -o UserKnownHostsFile=$KNOWN_HOSTS_FILE"
GIT_CMD_REPOSITORY="git@codeberg.org:DGNum/$GIT_REPOSITORY.git"
echo "[+] Cloning remote repository"
git clone --single-branch --depth 1 --branch main "$GIT_CMD_REPOSITORY" "$GIT_REPOSITORY"
echo "[+] Updating assets"
rm -r "$GIT_REPOSITORY"/*
# Update assets
cp -R --no-preserve=mode,ownership,timestamps result/* "$GIT_REPOSITORY/"
cd "$GIT_REPOSITORY"
echo "[+] Adding .domains file"
cat << EOL > .domains
dgnum.eu
dev.dgnum.eu
EOL
echo "[+] Creating commit"
ORIGIN_COMMIT="https://$GIT_ORIGIN_SERVER/$GITHUB_REPOSITORY/commit/$GITHUB_SHA"
git add . .domains
git diff-index --quiet HEAD || git commit --message "Automatic pages update from $ORIGIN_COMMIT"
echo "[+] Pushing update"
git push "$GIT_CMD_REPOSITORY" --set-upstream main
'';
env = {
SSH_DEPLOY_KEY = nix-actions.lib.secret "SSH_DEPLOY_KEY";
GIT_REPOSITORY = "pages";
GIT_ORIGIN_SERVER = "git.dgnum.eu";
GIT_AUTHOR_NAME = "Forgejo Action";
GIT_AUTHOR_EMAIL = "automated-update@dgnum.eu";
GIT_COMMITTER_NAME = "Forgejo Action";
GIT_COMMITTER_EMAIL = "automated-update@dgnum.eu";
};
}
];
};
};
};
};
in
(pkgs.callPackage ./package.nix { })
// {
devShell = pkgs.mkShell {
name = "dgnum-eu.dev";
shellHook = builtins.concatStringsSep "\n" [
git-hooks.shellHook
reuse.shellHook
workflows.shellHook
];
packages = [
pkgs.nodejs
pkgs.sass
] ++ git-hooks.enabledPackages;
};
}