steffen/cryodev
1
0
Fork 0
Code Issues Pull requests Projects Releases 2 Packages Wiki Activity Actions
cryodev/.forgejo/workflows/deploy.yml
steffen e2e87d5694 switch CI deploy to local nixos-rebuild instead of deploy-rs over SSH 
Runner runs on the same server it deploys to, so SSH to itself was
unnecessarily complex. Now builds locally and activates directly.

- Replace deploy-rs SSH workflow with local build + switch
- Add NOPASSWD sudo for gitea-runner to run nix-env and
  switch-to-configuration (required for local deployment)
- Remove SSH key setup from deploy workflow
2026-03-14 14:33:06 +01:00

106 lines
3.4 KiB
YAML
Raw Blame History

name: Deploy
on:
push:
branches:
- main
jobs:
flake-check:
runs-on: host
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Run flake check
run: nix flake check --impure
deploy-cryodev-main:
needs: flake-check
runs-on: host
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Build system configuration
run: nix build .#nixosConfigurations.cryodev-main.config.system.build.toplevel --out-link result
- name: Deploy locally
run: sudo nix-env -p /nix/var/nix/profiles/system --set $(readlink -f result) && sudo result/bin/switch-to-configuration switch
build-pi-images:
needs: flake-check
runs-on: host
strategy:
matrix:
host: [cryodev-pi]
fail-fast: false
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Build SD image for ${{ matrix.host }}
run: |
echo "Building SD image for: ${{ matrix.host }}"
nix build .#nixosConfigurations.${{ matrix.host }}.config.system.build.sdImage \
--extra-platforms aarch64-linux \
--out-link result-${{ matrix.host }}
IMAGE_PATH=$(find result-${{ matrix.host }} -name "*.img.zst" -type f | head -1)
if [ -z "$IMAGE_PATH" ]; then
echo "Error: No image found!"
exit 1
fi
cp "$IMAGE_PATH" ./${{ matrix.host }}-sd-image.img.zst
sha256sum ${{ matrix.host }}-sd-image.img.zst > ${{ matrix.host }}-sd-image.img.zst.sha256
echo "Image size:"
ls -lh ${{ matrix.host }}-sd-image.img.zst
- name: Upload artifact
uses: actions/upload-artifact@v3
with:
name: ${{ matrix.host }}-sd-image
path: |
${{ matrix.host }}-sd-image.img.zst
${{ matrix.host }}-sd-image.img.zst.sha256
create-release:
needs: build-pi-images
runs-on: host
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Download all artifacts
uses: actions/download-artifact@v3
with:
path: artifacts/
- name: Create Release and Upload
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
VERSION="v$(date +%Y-%m-%d)-$(git rev-parse --short HEAD)"
curl -s -X POST \
-H "Authorization: token ${GITHUB_TOKEN}" \
-H "Content-Type: application/json" \
-d "{\"tag_name\": \"${VERSION}\", \"name\": \"Pi Images ${VERSION}\", \"body\": \"Raspberry Pi SD card images. See docs for usage.\", \"draft\": false, \"prerelease\": false}" \
"https://git.cryodev.xyz/api/v1/repos/${GITHUB_REPOSITORY}/releases" \
-o release.json
RELEASE_ID=$(jq -r '.id' release.json)
echo "Release ID: $RELEASE_ID"
for file in $(find artifacts -type f); do
echo "Uploading: $(basename $file)"
curl -s -X POST \
-H "Authorization: token ${GITHUB_TOKEN}" \
-H "Content-Type: application/octet-stream" \
--data-binary @"$file" \
"https://git.cryodev.xyz/api/v1/repos/${GITHUB_REPOSITORY}/releases/${RELEASE_ID}/assets?name=$(basename $file)"
done
echo "Done: https://git.cryodev.xyz/${GITHUB_REPOSITORY}/releases/tag/${VERSION}"
Reference in a new issue View git blame Copy permalink