Define BuildKite pipelines in Nix
After a handful of failed attempts to run lint-secrets.sh due to a missing `git-secrets` executable on my git server, I decided that now was a good time to use Nix to define my BuildKite pipelines. TL;DR: - Delete ci/scripts directory - Define ci/pipelines/{briefcase,socrates}.nix Outside of this repository: - I logged into my admin account at git.wpcarro.dev and changed my Gitea post-receive hook to trigger the briefcase pipeline - I logged into my BuildKite account, deleted my build-briefcase pipeline, created a new briefcase pipeline that called: ```shell nix-build -A ci.pipelines.briefcase -o briefcase.yaml buildkite-agent pipeline upload briefcase.yaml ``` One day I will audit all of my ad-hoc, non-mono-repo activity (like the steps I listed above) and attempt to fit everything herein... one step at a time, though!
This commit is contained in:
parent
13daa560ba
commit
3f3cba7c32
6 changed files with 33 additions and 18 deletions
14
ci/pipelines/briefcase.nix
Normal file
14
ci/pipelines/briefcase.nix
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
pipeline.steps = [
|
||||||
|
{
|
||||||
|
command = "${pkgs.git-secrets}/bin/git-secrets";
|
||||||
|
label = ":briefcase: Briefcase [lint]";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
command = "nix-build . -I briefcase=$(pwd) --no-out-link --show-trace";
|
||||||
|
label = ":briefcase: Briefcase [build]";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
in pkgs.writeText "briefcase.yaml" (builtins.toJSON pipeline)
|
18
ci/pipelines/socrates.nix
Normal file
18
ci/pipelines/socrates.nix
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
pipeline.steps = [
|
||||||
|
{
|
||||||
|
command = ''
|
||||||
|
nix-build '<nixpkgs/nixos>' \
|
||||||
|
-I briefcase="$(pwd)" \
|
||||||
|
-I nixpkgs=/var/lib/buildkite-agent-socrates/nixpkgs-channels \
|
||||||
|
-I nixos-config=nixos/socrates/default.nix \
|
||||||
|
-A system \
|
||||||
|
--no-out-link \
|
||||||
|
--show-trace
|
||||||
|
'';
|
||||||
|
label = ":laptop: Socrates [build]";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
in pkgs.writeText "socrates.yml" (builtins.toJSON pipeline)
|
|
@ -1,6 +0,0 @@
|
||||||
set -euo pipefail
|
|
||||||
|
|
||||||
nix-build . \
|
|
||||||
-I briefcase="$(pwd)" \
|
|
||||||
--no-out-link \
|
|
||||||
--show-trace
|
|
|
@ -1,9 +0,0 @@
|
||||||
set -euo pipefail
|
|
||||||
|
|
||||||
nix-build '<nixpkgs/nixos>' \
|
|
||||||
-I briefcase="$(pwd)" \
|
|
||||||
-I nixpkgs=/var/lib/buildkite-agent-socrates/nixpkgs-channels \
|
|
||||||
-I nixos-config=nixos/socrates/default.nix \
|
|
||||||
-A system \
|
|
||||||
--no-out-link \
|
|
||||||
--show-trace
|
|
|
@ -1,3 +0,0 @@
|
||||||
set -euo pipefail
|
|
||||||
|
|
||||||
git secrets --scan
|
|
|
@ -18,6 +18,7 @@ let
|
||||||
depot = depot;
|
depot = depot;
|
||||||
};
|
};
|
||||||
in {
|
in {
|
||||||
|
ci = readTree ./ci;
|
||||||
nixos = readTree ./nixos;
|
nixos = readTree ./nixos;
|
||||||
utils = readTree ./utils;
|
utils = readTree ./utils;
|
||||||
emacs = readTree ./emacs;
|
emacs = readTree ./emacs;
|
||||||
|
|
Loading…
Reference in a new issue