diff options
-rw-r--r-- | .build.yml | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/.build.yml b/.build.yml new file mode 100644 index 0000000..d4b2871 --- /dev/null +++ b/.build.yml @@ -0,0 +1,48 @@ +image: nixos/unstable +sources: + - https://git.sr.ht/~alanpearce/website +secrets: + - ce767f7f-3ac0-43fb-b225-fccbc9cdfaba + - 5a04c7f9-bba4-40ab-b54c-a2daae2989e8 + - d0a0edd6-1d39-4959-b346-71f64af36a73 +environment: + NIX_CONFIG: | + experimental-features = nix-command flakes + max-jobs = 4 + extra-substituters = https://binarycache.alanpearce.eu + extra-trusted-public-keys = binarycache.alanpearce.eu:ZwqO3XMuajPictjwih8OY2+RXnOKpjZEZFHJjGSxAI4= + FLY_APP: alanpearce-eu +packages: + - nixos.just + - nixos.skopeo + - nixos.flyctl + - nixos.sentry-cli + - nixos.flake-checker + - nixos.hut +tasks: + - check: | + cd website + flake-checker + + - build: | + echo "VerifyHostKeyDNS yes" >> ~/.ssh/config + cd website + nix flake check + just docker-image-fly + nix copy --substitute-on-destination \ + --to ssh://nixremote@linde.alanpearce.eu \ + .#builder .#server $(nix-store --query --requisites ) + + - deploy: | + if [[ "$GIT_REF" != "refs/heads/main" ]] + then + exit + fi + cd website + sudo mkdir /etc/containers + echo '{"default":[{"type":"insecureAcceptAnything"}]}' | sudo tee /etc/containers/policy.json > /dev/null + fly auth docker + just docker-image-fly \ + print-docker-tag \ + push-to-registry \ + deploy |