c45a603d1c
- Add Comin service for cryodev-main (polls git repo, auto-deploys) - Fix cryodev-pi Comin URL (cryodev-server.git -> cryodev.git) - Remove deploy-rs from CI pipeline (was insecure with shared runner) - Remove deploy SSH key, root SSH login, sudo rules for gitea-runner - Revert PermitRootLogin back to 'no' - CI now only runs flake-check + build (no deploy) - Deployment happens via Comin (both hosts poll and self-deploy)
106 lines
3.3 KiB
YAML
106 lines
3.3 KiB
YAML
name: Deploy
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
|
|
jobs:
|
|
flake-check:
|
|
runs-on: host
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Run flake check
|
|
run: nix flake check --impure
|
|
|
|
build-hosts:
|
|
needs: flake-check
|
|
runs-on: host
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Build cryodev-main
|
|
run: nix build .#nixosConfigurations.cryodev-main.config.system.build.toplevel --impure
|
|
|
|
- name: Build cryodev-pi
|
|
run: nix build .#nixosConfigurations.cryodev-pi.config.system.build.toplevel --impure
|
|
|
|
build-pi-images:
|
|
needs: flake-check
|
|
runs-on: host
|
|
strategy:
|
|
matrix:
|
|
host: [cryodev-pi]
|
|
fail-fast: false
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Build SD image for ${{ matrix.host }}
|
|
run: |
|
|
echo "Building SD image for: ${{ matrix.host }}"
|
|
nix build .#nixosConfigurations.${{ matrix.host }}.config.system.build.sdImage \
|
|
--extra-platforms aarch64-linux \
|
|
--out-link result-${{ matrix.host }}
|
|
|
|
IMAGE_PATH=$(find result-${{ matrix.host }} -name "*.img.zst" -type f | head -1)
|
|
if [ -z "$IMAGE_PATH" ]; then
|
|
echo "Error: No image found!"
|
|
exit 1
|
|
fi
|
|
|
|
cp "$IMAGE_PATH" ./${{ matrix.host }}-sd-image.img.zst
|
|
sha256sum ${{ matrix.host }}-sd-image.img.zst > ${{ matrix.host }}-sd-image.img.zst.sha256
|
|
|
|
echo "Image size:"
|
|
ls -lh ${{ matrix.host }}-sd-image.img.zst
|
|
|
|
- name: Upload artifact
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: ${{ matrix.host }}-sd-image
|
|
path: |
|
|
${{ matrix.host }}-sd-image.img.zst
|
|
${{ matrix.host }}-sd-image.img.zst.sha256
|
|
|
|
create-release:
|
|
needs: build-pi-images
|
|
runs-on: host
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Download all artifacts
|
|
uses: actions/download-artifact@v3
|
|
with:
|
|
path: artifacts/
|
|
|
|
- name: Create Release and Upload
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
run: |
|
|
VERSION="v$(date +%Y-%m-%d)-$(git rev-parse --short HEAD)"
|
|
|
|
curl -s -X POST \
|
|
-H "Authorization: token ${GITHUB_TOKEN}" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"tag_name\": \"${VERSION}\", \"name\": \"Pi Images ${VERSION}\", \"body\": \"Raspberry Pi SD card images. See docs for usage.\", \"draft\": false, \"prerelease\": false}" \
|
|
"https://git.cryodev.xyz/api/v1/repos/${GITHUB_REPOSITORY}/releases" \
|
|
-o release.json
|
|
|
|
RELEASE_ID=$(jq -r '.id' release.json)
|
|
echo "Release ID: $RELEASE_ID"
|
|
|
|
for file in $(find artifacts -type f); do
|
|
echo "Uploading: $(basename $file)"
|
|
curl -s -X POST \
|
|
-H "Authorization: token ${GITHUB_TOKEN}" \
|
|
-H "Content-Type: application/octet-stream" \
|
|
--data-binary @"$file" \
|
|
"https://git.cryodev.xyz/api/v1/repos/${GITHUB_REPOSITORY}/releases/${RELEASE_ID}/assets?name=$(basename $file)"
|
|
done
|
|
|
|
echo "Done: https://git.cryodev.xyz/${GITHUB_REPOSITORY}/releases/tag/${VERSION}"
|