diff --git a/.envrc b/.envrc index 1d953f4..ed85d67 100644 --- a/.envrc +++ b/.envrc @@ -1 +1,2 @@ +watch_file workflows/* use nix diff --git a/.forgejo/workflows/check-meta.yaml b/.forgejo/workflows/check-meta.yaml index 27af558..7053542 100644 --- a/.forgejo/workflows/check-meta.yaml +++ b/.forgejo/workflows/check-meta.yaml @@ -1,25 +1,21 @@ -name: Check meta -on: - pull_request: - branches: - - main - push: - paths: - - 'meta/*' - jobs: - check_meta: - runs-on: nix - steps: - - uses: actions/checkout@v3 - - - name: Check the validity of meta options - run: nix-build meta/verify.nix -A meta - check_dns: runs-on: nix steps: - - uses: actions/checkout@v3 - - - name: Check the validity of the DNS configuration - run: nix-build meta/verify.nix -A dns --no-out-link + - uses: actions/checkout@v3 + - name: Check the validity of the DNS configuration + run: nix-build meta/verify.nix -A dns --no-out-link + check_meta: + runs-on: nix + steps: + - uses: actions/checkout@v3 + - name: Check the validity of meta options + run: nix-build meta/verify.nix -A meta +name: Check meta +'on': + pull_request: + branches: + - main + push: + paths: + - meta/* diff --git a/.forgejo/workflows/check-workflows.yaml b/.forgejo/workflows/check-workflows.yaml new file mode 100644 index 0000000..86e006a --- /dev/null +++ b/.forgejo/workflows/check-workflows.yaml @@ -0,0 +1,15 @@ +jobs: + check_workflows: + runs-on: nix + steps: + - uses: actions/checkout@v3 + - name: Check that the workflows are up to date + run: nix-shell --run '[ $(git status --porcelain) -eq 0 ]' +name: Check workflows +'on': + pull_request: + branches: + - main + push: + paths: + - workflows/* diff --git a/.forgejo/workflows/ds-fr.yaml b/.forgejo/workflows/ds-fr.yaml deleted file mode 100644 index f54b414..0000000 --- a/.forgejo/workflows/ds-fr.yaml +++ /dev/null @@ -1,56 +0,0 @@ -name: ds-fr update -on: - schedule: - - cron: "26 18 * * wed" - -jobs: - npins_update: - runs-on: nix - steps: - - uses: actions/checkout@v3 - with: - token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} - - - name: Update DS and open PR if necessary - run: | - # Fetch the latest release tag - VERSION=$(curl -L \ - -H "Accept: application/vnd.github+json" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - https://api.github.com/repos/demarches-simplifiees/demarches-simplifiees.fr/releases/latest \ - | jq -r '.tag_name') - - # Move to the ds-fr directory - cd machines/compute01/ds-fr/package - - # Run the update script - ./update.sh -v "$VERSION" - - if [ ! -z "$(git diff --name-only)" ]; then - echo "[+] Changes detected, pushing updates." - - git switch -C ds-update - - git add . - - git config user.name "DGNum Chores" - git config user.email "tech@dgnum.eu" - - git commit --message "chore(ds-fr): Update" - git push --set-upstream origin ds-update --force - - # Connect to the server with the cli - tea login add \ - -n dgnum-chores \ - -t '${{ secrets.TEA_DGNUM_CHORES_TOKEN }}' \ - -u https://git.dgnum.eu - - # Create a pull request if needed - # i.e. no PR with the same title exists - if [ -z "$(tea pr ls -f='title,author' -o simple | grep 'chore(ds-fr): Update dgnum-chores')" ]; then - tea pr create \ - --description "Automatic ds-fr update" \ - --title "chore(ds-fr): Update" \ - --head ds-update - fi - fi diff --git a/.forgejo/workflows/eval-nodes.yaml b/.forgejo/workflows/eval-nodes.yaml new file mode 100644 index 0000000..614dae6 --- /dev/null +++ b/.forgejo/workflows/eval-nodes.yaml @@ -0,0 +1,119 @@ +jobs: + bridge01: + runs-on: nix + steps: + - uses: actions/checkous@v3 + - env: + BUILD_NODE: bridge01 + STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/ + STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} + STORE_USER: admin + name: Build and cache bridge01 + run: nix-shell --run cache-node + compute01: + runs-on: nix + steps: + - uses: actions/checkous@v3 + - env: + BUILD_NODE: compute01 + STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/ + STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} + STORE_USER: admin + name: Build and cache compute01 + run: nix-shell --run cache-node + geo01: + runs-on: nix + steps: + - uses: actions/checkous@v3 + - env: + BUILD_NODE: geo01 + STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/ + STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} + STORE_USER: admin + name: Build and cache geo01 + run: nix-shell --run cache-node + geo02: + runs-on: nix + steps: + - uses: actions/checkous@v3 + - env: + BUILD_NODE: geo02 + STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/ + STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} + STORE_USER: admin + name: Build and cache geo02 + run: nix-shell --run cache-node + rescue01: + runs-on: nix + steps: + - uses: actions/checkous@v3 + - env: + BUILD_NODE: rescue01 + STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/ + STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} + STORE_USER: admin + name: Build and cache rescue01 + run: nix-shell --run cache-node + storage01: + runs-on: nix + steps: + - uses: actions/checkous@v3 + - env: + BUILD_NODE: storage01 + STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/ + STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} + STORE_USER: admin + name: Build and cache storage01 + run: nix-shell --run cache-node + vault01: + runs-on: nix + steps: + - uses: actions/checkous@v3 + - env: + BUILD_NODE: vault01 + STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/ + STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} + STORE_USER: admin + name: Build and cache vault01 + run: nix-shell --run cache-node + web01: + runs-on: nix + steps: + - uses: actions/checkous@v3 + - env: + BUILD_NODE: web01 + STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/ + STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} + STORE_USER: admin + name: Build and cache web01 + run: nix-shell --run cache-node + web02: + runs-on: nix + steps: + - uses: actions/checkous@v3 + - env: + BUILD_NODE: web02 + STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/ + STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} + STORE_USER: admin + name: Build and cache web02 + run: nix-shell --run cache-node + web03: + runs-on: nix + steps: + - uses: actions/checkous@v3 + - env: + BUILD_NODE: web03 + STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/ + STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} + STORE_USER: admin + name: Build and cache web03 + run: nix-shell --run cache-node +name: Build all the nodes +'on': + pull_request: + branches: + - main + push: + branches: + - main diff --git a/.forgejo/workflows/eval.yaml b/.forgejo/workflows/eval.yaml deleted file mode 100644 index cadb56d..0000000 --- a/.forgejo/workflows/eval.yaml +++ /dev/null @@ -1,200 +0,0 @@ -name: build configuration -on: - pull_request: - types: [opened, synchronize, edited, reopened] - branches: - - main - push: - branches: - - main - -jobs: - build_and_cache_compute01: - runs-on: nix - steps: - - uses: actions/checkout@v3 - - - name: Build and cache the node - run: nix-shell --run cache-node - env: - STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/" - STORE_USER: "admin" - STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} - BUILD_NODE: "compute01" - - - uses: actions/upload-artifact@v3 - if: always() - with: - name: outputs_compute01 - path: paths.txt - - build_and_cache_storage01: - runs-on: nix - steps: - - uses: actions/checkout@v3 - - - name: Build and cache the node - run: nix-shell --run cache-node - env: - STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/" - STORE_USER: "admin" - STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} - BUILD_NODE: "storage01" - - - uses: actions/upload-artifact@v3 - if: always() - with: - name: outputs_storage01 - path: paths.txt - - build_and_cache_rescue01: - runs-on: nix - steps: - - uses: actions/checkout@v3 - - - name: Build and cache the node - run: nix-shell --run cache-node - env: - STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/" - STORE_USER: "admin" - STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} - BUILD_NODE: "rescue01" - - - uses: actions/upload-artifact@v3 - if: always() - with: - name: outputs_rescue01 - path: paths.txt - - build_and_cache_geo01: - runs-on: nix - steps: - - uses: actions/checkout@v3 - - - name: Build and cache the node - run: nix-shell --run cache-node - env: - STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/" - STORE_USER: "admin" - STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} - BUILD_NODE: "geo01" - - - uses: actions/upload-artifact@v3 - if: always() - with: - name: outputs_geo01 - path: paths.txt - - build_and_cache_geo02: - runs-on: nix - steps: - - uses: actions/checkout@v3 - - - name: Build and cache the node - run: nix-shell --run cache-node - env: - STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/" - STORE_USER: "admin" - STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} - BUILD_NODE: "geo02" - - - uses: actions/upload-artifact@v3 - if: always() - with: - name: outputs_geo02 - path: paths.txt - - build_and_cache_vault01: - runs-on: nix - steps: - - uses: actions/checkout@v3 - - - name: Build and cache the node - run: nix-shell --run cache-node - env: - STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/" - STORE_USER: "admin" - STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} - BUILD_NODE: "vault01" - - - uses: actions/upload-artifact@v3 - if: always() - with: - name: outputs_vault01 - path: paths.txt - - build_and_cache_web01: - runs-on: nix - steps: - - uses: actions/checkout@v3 - - - name: Build and cache the node - run: nix-shell --run cache-node - env: - STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/" - STORE_USER: "admin" - STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} - BUILD_NODE: "web01" - - - uses: actions/upload-artifact@v3 - if: always() - with: - name: outputs_web01 - path: paths.txt - - build_and_cache_web02: - runs-on: nix - steps: - - uses: actions/checkout@v3 - - - name: Build and cache the node - run: nix-shell --run cache-node - env: - STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/" - STORE_USER: "admin" - STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} - BUILD_NODE: "web02" - - - uses: actions/upload-artifact@v3 - if: always() - with: - name: outputs_web02 - path: paths.txt - - build_and_cache_web03: - runs-on: nix - steps: - - uses: actions/checkout@v3 - - - name: Build and cache the node - run: nix-shell --run cache-node - env: - STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/" - STORE_USER: "admin" - STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} - BUILD_NODE: "web03" - - - uses: actions/upload-artifact@v3 - if: always() - with: - name: outputs_web02 - path: paths.txt - - build_and_cache_bridge01: - runs-on: nix - steps: - - uses: actions/checkout@v3 - - - name: Build and cache the node - run: nix-shell --run cache-node - env: - STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/" - STORE_USER: "admin" - STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }} - BUILD_NODE: "bridge01" - - - uses: actions/upload-artifact@v3 - if: always() - with: - name: outputs_web02 - path: paths.txt diff --git a/.forgejo/workflows/lint.yaml b/.forgejo/workflows/lint.yaml deleted file mode 100644 index 4b58ae7..0000000 --- a/.forgejo/workflows/lint.yaml +++ /dev/null @@ -1,11 +0,0 @@ -name: lint -on: [push, pull_request] - -jobs: - check: - runs-on: nix - steps: - - uses: actions/checkout@v3 - - - name: Run pre-commit on all files - run: nix-shell --run 'pre-commit run --all-files --hook-stage pre-push --show-diff-on-failure' -A shells.pre-commit ./. diff --git a/.forgejo/workflows/npins-update.yaml b/.forgejo/workflows/npins-update.yaml new file mode 100644 index 0000000..17ab93b --- /dev/null +++ b/.forgejo/workflows/npins-update.yaml @@ -0,0 +1,25 @@ +jobs: + npins_update: + runs-on: nix + steps: + - uses: actions/checkout@v3 + with: + depth: 0 + token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} + - name: Update dependencies and open PR if necessary + run: "npins update\n\nif [ ! -z \"$(git diff --name-only)\" ]; then\n echo\ + \ \"[+] Changes detected, pushing updates.\"\n\n git switch -C npins-update\n\ + \n git add npins\n\n git config user.name \"DGNum Chores\"\n git config\ + \ user.email \"tech@dgnum.eu\"\n\n git commit --message \"chore(npins): Update\"\ + \n git push --set-upstream origin npins-update --force\n\n # Connect to\ + \ the server with the cli\n tea login add \\\n -n dgnum-chores \\\n \ + \ -t \"${{ secrets.TEA_DGNUM_CHORES_TOKEN }}\" \\\n -u https://git.dgnum.eu\n\ + \n # Create a pull request if needed\n # i.e. no PR with the same title\ + \ exists\n if [ -z \"$(tea pr ls -f='title,author' -o simple | grep 'chore(npins):\ + \ Update dgnum-chores')\" ]; then\n tea pr create \\\n --description\ + \ \"Automatic npins update\" \\\n --title \"chore(npins): Update\" \\\ + \n --head npins-update\n fi\nfi\n" +name: npins update +'on': + schedule: + - cron: 25 15 * * * diff --git a/.forgejo/workflows/pre-commit.yaml b/.forgejo/workflows/pre-commit.yaml new file mode 100644 index 0000000..f99163b --- /dev/null +++ b/.forgejo/workflows/pre-commit.yaml @@ -0,0 +1,12 @@ +jobs: + check: + runs-on: nix + steps: + - uses: actions/checkout@v3 + - name: Run pre-commit on all files + run: nix-shell --run 'pre-commit run --all-files --hook-stage pre-push --show-diff-on-failure' + -A shells.pre-commit ./. +name: Run pre-commit on all files +'on': +- push +- pull_request diff --git a/default.nix b/default.nix index 414feb8..5ac7bd5 100644 --- a/default.nix +++ b/default.nix @@ -41,7 +41,14 @@ }: let - git-checks = (import (builtins.storePath sources.git-hooks)).run { + inherit (pkgs.lib) + isFunction + mapAttrs' + nameValuePair + removeSuffix + ; + + git-checks = (import sources.git-hooks).run { src = ./.; hooks = { @@ -67,6 +74,20 @@ let commitizen.enable = true; }; }; + + workflows = (import sources.nix-actions { inherit pkgs; }).install { + src = ./.; + + workflows = mapAttrs' ( + name: _: + nameValuePair (removeSuffix ".nix" name) ( + let + w = import ./workflows/${name}; + in + if isFunction w then w { inherit (pkgs) lib; } else w + ) + ) (builtins.readDir ./workflows); + }; in { @@ -97,6 +118,7 @@ in shellHook = '' ${git-checks.shellHook} + ${workflows.shellHook} ''; preferLocalBuild = true; diff --git a/npins/sources.json b/npins/sources.json index b2feca3..cd0384c 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -194,6 +194,20 @@ "url": "https://github.com/RaitoBezarius/microvm.nix/archive/49899c9a4fdf75320785e79709bf1608c34caeb8.tar.gz", "hash": "0sz6azdpiz4bd36x23bcdhx6mwyqj8zl5cczjgv48xqfmysy8zwy" }, + "nix-actions": { + "type": "GitRelease", + "repository": { + "type": "Git", + "url": "https://git.dgnum.eu/DGNum/nix-actions.git" + }, + "pre_releases": false, + "version_upper_bound": null, + "release_prefix": null, + "version": "v0.2.1", + "revision": "36a74f5ff6d8cb07c5e198baec715fc27a795f8a", + "url": null, + "hash": "10dc607x3yy1k10nzfgij3qjn6v585yj5dnmnk71zsbmczvx52yb" + }, "nix-modules": { "type": "Git", "repository": { diff --git a/workflows/check-meta.nix b/workflows/check-meta.nix new file mode 100644 index 0000000..13a9777 --- /dev/null +++ b/workflows/check-meta.nix @@ -0,0 +1,31 @@ +{ + name = "Check meta"; + on = { + pull_request.branches = [ "main" ]; + push.paths = [ "meta/*" ]; + }; + + jobs = { + check_meta = { + runs-on = "nix"; + steps = [ + { uses = "actions/checkout@v3"; } + { + name = "Check the validity of meta options"; + run = "nix-build meta/verify.nix -A meta"; + } + ]; + }; + + check_dns = { + runs-on = "nix"; + steps = [ + { uses = "actions/checkout@v3"; } + { + name = "Check the validity of the DNS configuration"; + run = "nix-build meta/verify.nix -A dns --no-out-link"; + } + ]; + }; + }; +} diff --git a/workflows/check-workflows.nix b/workflows/check-workflows.nix new file mode 100644 index 0000000..2497359 --- /dev/null +++ b/workflows/check-workflows.nix @@ -0,0 +1,20 @@ +{ + name = "Check workflows"; + on = { + pull_request.branches = [ "main" ]; + push.paths = [ "workflows/*" ]; + }; + + jobs = { + check_workflows = { + runs-on = "nix"; + steps = [ + { uses = "actions/checkout@v3"; } + { + name = "Check that the workflows are up to date"; + run = "nix-shell --run '[ $(git status --porcelain) -eq 0 ]'"; + } + ]; + }; + }; +} diff --git a/workflows/eval-nodes.nix b/workflows/eval-nodes.nix new file mode 100644 index 0000000..21c2a40 --- /dev/null +++ b/workflows/eval-nodes.nix @@ -0,0 +1,32 @@ +{ lib }: + +let + inherit (lib) attrNames genAttrs; + + nodes = attrNames (builtins.readDir ../machines); +in + +{ + name = "Build all the nodes"; + on = { + pull_request.branches = [ "main" ]; + push.branches = [ "main" ]; + }; + + jobs = genAttrs nodes (node: { + runs-on = "nix"; + steps = [ + { uses = "actions/checkous@v3"; } + { + name = "Build and cache ${node}"; + run = "nix-shell --run cache-node"; + env = { + STORE_ENDPOINT = "https://tvix-store.dgnum.eu/infra-signing/"; + STORE_USER = "admin"; + STORE_PASSWORD = "\${{ secrets.STORE_PASSWORD }}"; + BUILD_NODE = node; + }; + } + ]; + }); +} diff --git a/.forgejo/workflows/npins.yaml b/workflows/npins-update.nix similarity index 59% rename from .forgejo/workflows/npins.yaml rename to workflows/npins-update.nix index f1cff0e..bc9eae1 100644 --- a/.forgejo/workflows/npins.yaml +++ b/workflows/npins-update.nix @@ -1,31 +1,24 @@ -name: npins update -on: - schedule: +{ + name = "npins update"; + on.schedule = [ # Run at 11 o'clock every wednesday - - cron: "25 15 * * *" + { cron = "25 15 * * *"; } + ]; -jobs: - npins_update: - runs-on: nix - steps: - # - name: Install applications - # run: apt-get update && apt-get install sudo - # - - uses: actions/checkout@v3 - with: - depth: 0 - token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} - # - # - uses: https://github.com/cachix/install-nix-action@v22 - # with: - # nix_path: nixpkgs=channel:nixos-unstable + jobs.npins_update = { + runs-on = "nix"; + steps = [ + { + uses = "actions/checkout@v3"; + "with" = { + depth = 0; + token = "\${{ secrets.TEA_DGNUM_CHORES_TOKEN }}"; + }; + } - # - name: Install tea - # run: | - # nix-env -f '' -i tea - - - name: Update dependencies and open PR if necessary - run: | + { + name = "Update dependencies and open PR if necessary"; + run = '' npins update if [ ! -z "$(git diff --name-only)" ]; then @@ -44,7 +37,7 @@ jobs: # Connect to the server with the cli tea login add \ -n dgnum-chores \ - -t '${{ secrets.TEA_DGNUM_CHORES_TOKEN }}' \ + -t "''${{ secrets.TEA_DGNUM_CHORES_TOKEN }}" \ -u https://git.dgnum.eu # Create a pull request if needed @@ -56,3 +49,8 @@ jobs: --head npins-update fi fi + ''; + } + ]; + }; +} diff --git a/workflows/pre-commit.nix b/workflows/pre-commit.nix new file mode 100644 index 0000000..19cf3c8 --- /dev/null +++ b/workflows/pre-commit.nix @@ -0,0 +1,18 @@ +{ + name = "Run pre-commit on all files"; + on = [ + "push" + "pull_request" + ]; + + jobs.check = { + runs-on = "nix"; + steps = [ + { uses = "actions/checkout@v3"; } + { + name = "Run pre-commit on all files"; + run = "nix-shell --run 'pre-commit run --all-files --hook-stage pre-push --show-diff-on-failure' -A shells.pre-commit ./."; + } + ]; + }; +}