about summary refs log tree commit diff stats
diff options
context:
space:
mode:
-rw-r--r--flake.nix10
-rw-r--r--gitlab-ci.yml39
-rw-r--r--nix/default.nix19
-rw-r--r--nix/scripts.nix20
4 files changed, 72 insertions, 16 deletions
diff --git a/flake.nix b/flake.nix
index 2d15ecb..5416016 100644
--- a/flake.nix
+++ b/flake.nix
@@ -28,6 +28,15 @@
         {
           inherit packages;
           devShells = {
+            ci = pkgs.mkShell {
+              packages = with pkgs; [
+                skopeo
+                flyctl
+              ]
+              ++ (import ./nix/scripts.nix {
+                inherit pkgs;
+              });
+            };
             default = pkgs.mkShell {
               inputsFrom = [ packages.builder ];
               packages = with pkgs; [
@@ -36,6 +45,7 @@
                 go-tools
                 gomod2nix.packages.${system}.default
                 gci
+                skopeo
                 netlify-cli
                 flyctl
               ]
diff --git a/gitlab-ci.yml b/gitlab-ci.yml
new file mode 100644
index 0000000..889c3db
--- /dev/null
+++ b/gitlab-ci.yml
@@ -0,0 +1,39 @@
+default:
+  image: nixpkgs/nix-flakes
+  before_script:
+    - . <(nix print-dev-env .#ci)
+    - export GOPATH=~/go
+
+check:
+  script:
+    - nix flake check . --print-build-logs
+
+build:
+  needs:
+    - check
+  variables:
+    CI_REGISTRY_IMAGE: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG
+    FLY_REGISTRY_IMAGE: registry.fly.io/alanpearce-eu
+  script:
+    - IMAGE_TAG="$(date --utc +%Y%m%d%H%M%S)-${CI_COMMIT_SHA}"
+    - nix build --max-jobs auto .\#server
+    - mkdir -p "/etc/containers/"
+    - echo '{"default":[{"type":"insecureAcceptAnything"}]}' > /etc/containers/policy.json
+    - image-fly
+    # - skopeo login --username "$CI_REGISTRY_USER" --password "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
+    - skopeo --tmpdir=$TMPDIR inspect docker-archive://$(readlink -f result)
+    # - skopeo --tmpdir=$TMPDIR copy --dest-precompute-digests docker-archive://$(readlink -f result) docker://$CI_REGISTRY_IMAGE:${IMAGE_TAG}
+    - fly auth docker
+    - skopeo --tmpdir=$TMPDIR copy --dest-precompute-digests docker-archive://$(readlink -f result) docker://${FLY_REGISTRY_IMAGE}:${IMAGE_TAG}
+    - echo "FLY_REGISTRY_IMAGE_TAG=${FLY_REGISTRY_IMAGE}:${IMAGE_TAG}" >> build.env
+  artifacts:
+    reports:
+      dotenv: build.env
+
+deploy:
+  needs:
+    - build
+  script:
+    - fly deploy --image $FLY_REGISTRY_IMAGE_TAG
+  rules:
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
diff --git a/nix/default.nix b/nix/default.nix
index d586e2b..cd62ebf 100644
--- a/nix/default.nix
+++ b/nix/default.nix
@@ -3,16 +3,15 @@ let
   revision = "${self.lastModifiedDate}-${self.shortRev or self.dirtyShortRev or "dirty"}";
   version = self.shortRev or self.dirtyShortRev or "unstable-${self.lastModified}";
   dockerTag = self.rev or self.dirtyRev or "unstable-${self.lastModified}";
-  mkDocker = server:
+  mkDocker = type: server:
     let
       PORT = 3000;
     in
-    pkgs.dockerTools.streamLayeredImage {
+    pkgs.dockerTools.${type} {
       name = "registry.fly.io/alanpearce-eu";
       tag = dockerTag;
-      contents = [ server ];
       config = {
-        Cmd = [ "website" ];
+        Cmd = [ "${server}/bin/website" ];
         Env = [
           "PRODUCTION=true"
           "PORT=${builtins.toString PORT}"
@@ -23,6 +22,8 @@ let
         };
       };
     };
+  mkDockerStream = mkDocker "streamLayeredImage";
+  mkDockerImage = mkDocker "buildLayeredImage";
 in
 rec {
   default = server;
@@ -66,8 +67,10 @@ rec {
     modules = ./gomod2nix.toml;
     ldflags = [ "-s" "-w" "-X" "main.Commit=${version}" ];
   };
-  docker = mkDocker server;
-  docker-aarch64-linux = mkDocker (self.packages.aarch64-linux.server);
-  docker-x86_64-linux = mkDocker (self.packages.x86_64-linux.server);
-  fly = docker-x86_64-linux;
+  docker-stream = mkDockerStream server;
+  docker-stream-aarch64-linux = mkDockerStream (self.packages.aarch64-linux.server);
+  docker-stream-x86_64-linux = mkDockerStream (self.packages.x86_64-linux.server);
+  docker-image = mkDockerImage server;
+  docker-image-aarch64-linux = mkDockerImage (self.packages.aarch64-linux.server);
+  docker-image-x86_64-linux = mkDockerImage (self.packages.x86_64-linux.server);
 }
diff --git a/nix/scripts.nix b/nix/scripts.nix
index e48de76..b50ba16 100644
--- a/nix/scripts.nix
+++ b/nix/scripts.nix
@@ -5,12 +5,14 @@ let
      --watch flake.nix \
      --watch flake.lock \
   '';
-  image = (builtins.fromTOML (builtins.readFile ../fly.toml)).build.image;
+  imageName = (builtins.fromTOML (builtins.readFile ../fly.toml)).build.image;
   nonDarwinSystem = builtins.replaceStrings [ "darwin" ] [ "linux" ] pkgs.stdenv.system;
-  attr = "docker-${nonDarwinSystem}";
+  flySystem = "x86_64-linux";
+  mkAttr = type: system: ".#docker-${type}-${system}";
   sh = (pkgs.lib.optionalString pkgs.stdenv.isDarwin "ssh linux-builder ")
     + "sh";
-  stream = attr: "nix build --print-out-paths .#${attr} | ${sh}";
+  stream = system: "nix build --print-out-paths ${(mkAttr "stream") system} | ${sh}";
+  image = system: "nix build ${(mkAttr "image") system}";
 in
 with pkgs; [
   (writeShellScriptBin "watch-builder" ''
@@ -22,10 +24,12 @@ with pkgs; [
   (writeShellScriptBin "check-licenses" ''
     ${go-licenses}/bin/go-licenses check --include_tests ./... --disallowed_types=restricted,forbidden
   '')
-  (writeShellScriptBin "stream" "${stream attr}")
-  (writeShellScriptBin "stream-fly" "${stream "fly"}")
+  (writeShellScriptBin "stream" "${stream nonDarwinSystem}")
+  (writeShellScriptBin "stream-fly" "${stream flySystem}")
+  (writeShellScriptBin "image" "${image nonDarwinSystem}")
+  (writeShellScriptBin "image-fly" "${image flySystem}")
   (writeShellScriptBin "load-locally" ''
-    ${stream attr} | ${docker-client}/bin/docker load "$@"
+    stream | ${docker-client}/bin/docker load "$@"
   '')
   (writeShellScriptBin "push-to-registry" ''
     if test -z "''${1:-}"; then
@@ -39,12 +43,12 @@ with pkgs; [
       exit 1
     fi
     echo skopeo copy docker-archive:/dev/stdin "$@"
-    stream-fly | ${gzip}/bin/gzip --fast | ${skopeo}/bin/skopeo copy docker-archive:/dev/stdin "$@"
+    stream fly | ${gzip}/bin/gzip --fast | ${skopeo}/bin/skopeo copy docker-archive:/dev/stdin "$@"
   '')
   (writeShellScriptBin "deploy" ''
     set -eu
     TAG=$(git rev-parse HEAD)
-    IMAGE=${image}:$TAG
+    IMAGE=${imageName}:$TAG
     push-to-registry docker://$IMAGE
     ${pkgs.flyctl}/bin/flyctl deploy --image $IMAGE
   '')