diff options
-rw-r--r-- | flake.nix | 10 | ||||
-rw-r--r-- | gitlab-ci.yml | 39 | ||||
-rw-r--r-- | nix/default.nix | 19 | ||||
-rw-r--r-- | nix/scripts.nix | 20 |
4 files changed, 72 insertions, 16 deletions
diff --git a/flake.nix b/flake.nix index 2d15ecb..5416016 100644 --- a/flake.nix +++ b/flake.nix @@ -28,6 +28,15 @@ { inherit packages; devShells = { + ci = pkgs.mkShell { + packages = with pkgs; [ + skopeo + flyctl + ] + ++ (import ./nix/scripts.nix { + inherit pkgs; + }); + }; default = pkgs.mkShell { inputsFrom = [ packages.builder ]; packages = with pkgs; [ @@ -36,6 +45,7 @@ go-tools gomod2nix.packages.${system}.default gci + skopeo netlify-cli flyctl ] diff --git a/gitlab-ci.yml b/gitlab-ci.yml new file mode 100644 index 0000000..889c3db --- /dev/null +++ b/gitlab-ci.yml @@ -0,0 +1,39 @@ +default: + image: nixpkgs/nix-flakes + before_script: + - . <(nix print-dev-env .#ci) + - export GOPATH=~/go + +check: + script: + - nix flake check . --print-build-logs + +build: + needs: + - check + variables: + CI_REGISTRY_IMAGE: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG + FLY_REGISTRY_IMAGE: registry.fly.io/alanpearce-eu + script: + - IMAGE_TAG="$(date --utc +%Y%m%d%H%M%S)-${CI_COMMIT_SHA}" + - nix build --max-jobs auto .\#server + - mkdir -p "/etc/containers/" + - echo '{"default":[{"type":"insecureAcceptAnything"}]}' > /etc/containers/policy.json + - image-fly + # - skopeo login --username "$CI_REGISTRY_USER" --password "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY" + - skopeo --tmpdir=$TMPDIR inspect docker-archive://$(readlink -f result) + # - skopeo --tmpdir=$TMPDIR copy --dest-precompute-digests docker-archive://$(readlink -f result) docker://$CI_REGISTRY_IMAGE:${IMAGE_TAG} + - fly auth docker + - skopeo --tmpdir=$TMPDIR copy --dest-precompute-digests docker-archive://$(readlink -f result) docker://${FLY_REGISTRY_IMAGE}:${IMAGE_TAG} + - echo "FLY_REGISTRY_IMAGE_TAG=${FLY_REGISTRY_IMAGE}:${IMAGE_TAG}" >> build.env + artifacts: + reports: + dotenv: build.env + +deploy: + needs: + - build + script: + - fly deploy --image $FLY_REGISTRY_IMAGE_TAG + rules: + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH diff --git a/nix/default.nix b/nix/default.nix index d586e2b..cd62ebf 100644 --- a/nix/default.nix +++ b/nix/default.nix @@ -3,16 +3,15 @@ let revision = "${self.lastModifiedDate}-${self.shortRev or self.dirtyShortRev or "dirty"}"; version = self.shortRev or self.dirtyShortRev or "unstable-${self.lastModified}"; dockerTag = self.rev or self.dirtyRev or "unstable-${self.lastModified}"; - mkDocker = server: + mkDocker = type: server: let PORT = 3000; in - pkgs.dockerTools.streamLayeredImage { + pkgs.dockerTools.${type} { name = "registry.fly.io/alanpearce-eu"; tag = dockerTag; - contents = [ server ]; config = { - Cmd = [ "website" ]; + Cmd = [ "${server}/bin/website" ]; Env = [ "PRODUCTION=true" "PORT=${builtins.toString PORT}" @@ -23,6 +22,8 @@ let }; }; }; + mkDockerStream = mkDocker "streamLayeredImage"; + mkDockerImage = mkDocker "buildLayeredImage"; in rec { default = server; @@ -66,8 +67,10 @@ rec { modules = ./gomod2nix.toml; ldflags = [ "-s" "-w" "-X" "main.Commit=${version}" ]; }; - docker = mkDocker server; - docker-aarch64-linux = mkDocker (self.packages.aarch64-linux.server); - docker-x86_64-linux = mkDocker (self.packages.x86_64-linux.server); - fly = docker-x86_64-linux; + docker-stream = mkDockerStream server; + docker-stream-aarch64-linux = mkDockerStream (self.packages.aarch64-linux.server); + docker-stream-x86_64-linux = mkDockerStream (self.packages.x86_64-linux.server); + docker-image = mkDockerImage server; + docker-image-aarch64-linux = mkDockerImage (self.packages.aarch64-linux.server); + docker-image-x86_64-linux = mkDockerImage (self.packages.x86_64-linux.server); } diff --git a/nix/scripts.nix b/nix/scripts.nix index e48de76..b50ba16 100644 --- a/nix/scripts.nix +++ b/nix/scripts.nix @@ -5,12 +5,14 @@ let --watch flake.nix \ --watch flake.lock \ ''; - image = (builtins.fromTOML (builtins.readFile ../fly.toml)).build.image; + imageName = (builtins.fromTOML (builtins.readFile ../fly.toml)).build.image; nonDarwinSystem = builtins.replaceStrings [ "darwin" ] [ "linux" ] pkgs.stdenv.system; - attr = "docker-${nonDarwinSystem}"; + flySystem = "x86_64-linux"; + mkAttr = type: system: ".#docker-${type}-${system}"; sh = (pkgs.lib.optionalString pkgs.stdenv.isDarwin "ssh linux-builder ") + "sh"; - stream = attr: "nix build --print-out-paths .#${attr} | ${sh}"; + stream = system: "nix build --print-out-paths ${(mkAttr "stream") system} | ${sh}"; + image = system: "nix build ${(mkAttr "image") system}"; in with pkgs; [ (writeShellScriptBin "watch-builder" '' @@ -22,10 +24,12 @@ with pkgs; [ (writeShellScriptBin "check-licenses" '' ${go-licenses}/bin/go-licenses check --include_tests ./... --disallowed_types=restricted,forbidden '') - (writeShellScriptBin "stream" "${stream attr}") - (writeShellScriptBin "stream-fly" "${stream "fly"}") + (writeShellScriptBin "stream" "${stream nonDarwinSystem}") + (writeShellScriptBin "stream-fly" "${stream flySystem}") + (writeShellScriptBin "image" "${image nonDarwinSystem}") + (writeShellScriptBin "image-fly" "${image flySystem}") (writeShellScriptBin "load-locally" '' - ${stream attr} | ${docker-client}/bin/docker load "$@" + stream | ${docker-client}/bin/docker load "$@" '') (writeShellScriptBin "push-to-registry" '' if test -z "''${1:-}"; then @@ -39,12 +43,12 @@ with pkgs; [ exit 1 fi echo skopeo copy docker-archive:/dev/stdin "$@" - stream-fly | ${gzip}/bin/gzip --fast | ${skopeo}/bin/skopeo copy docker-archive:/dev/stdin "$@" + stream fly | ${gzip}/bin/gzip --fast | ${skopeo}/bin/skopeo copy docker-archive:/dev/stdin "$@" '') (writeShellScriptBin "deploy" '' set -eu TAG=$(git rev-parse HEAD) - IMAGE=${image}:$TAG + IMAGE=${imageName}:$TAG push-to-registry docker://$IMAGE ${pkgs.flyctl}/bin/flyctl deploy --image $IMAGE '') |