about summary refs log tree commit diff stats
diff options
context:
space:
mode:
-rw-r--r--.build.yml48
1 files changed, 48 insertions, 0 deletions
diff --git a/.build.yml b/.build.yml
new file mode 100644
index 0000000..d4b2871
--- /dev/null
+++ b/.build.yml
@@ -0,0 +1,48 @@
+image: nixos/unstable
+sources:
+  - https://git.sr.ht/~alanpearce/website
+secrets:
+  - ce767f7f-3ac0-43fb-b225-fccbc9cdfaba
+  - 5a04c7f9-bba4-40ab-b54c-a2daae2989e8
+  - d0a0edd6-1d39-4959-b346-71f64af36a73
+environment:
+  NIX_CONFIG: |
+    experimental-features = nix-command flakes
+    max-jobs = 4
+    extra-substituters = https://binarycache.alanpearce.eu
+    extra-trusted-public-keys = binarycache.alanpearce.eu:ZwqO3XMuajPictjwih8OY2+RXnOKpjZEZFHJjGSxAI4=
+  FLY_APP: alanpearce-eu
+packages:
+  - nixos.just
+  - nixos.skopeo
+  - nixos.flyctl
+  - nixos.sentry-cli
+  - nixos.flake-checker
+  - nixos.hut
+tasks:
+  - check: |
+      cd website
+      flake-checker
+
+  - build: |
+      echo "VerifyHostKeyDNS yes" >> ~/.ssh/config
+      cd website
+      nix flake check
+      just docker-image-fly
+      nix copy --substitute-on-destination \
+        --to ssh://nixremote@linde.alanpearce.eu \
+        .#builder .#server $(nix-store --query --requisites )
+
+  - deploy: |
+      if [[ "$GIT_REF" != "refs/heads/main" ]]
+      then
+        exit
+      fi
+      cd website
+      sudo mkdir /etc/containers
+      echo '{"default":[{"type":"insecureAcceptAnything"}]}' | sudo tee /etc/containers/policy.json > /dev/null
+      fly auth docker
+      just docker-image-fly \
+        print-docker-tag \
+        push-to-registry \
+        deploy