diff options
Diffstat (limited to '.github/workflows')
| -rw-r--r-- | .github/workflows/ci.yaml | 61 | ||||
| -rw-r--r-- | .github/workflows/deploy.yaml | 96 |
2 files changed, 0 insertions, 157 deletions
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml deleted file mode 100644 index 182abb5..0000000 --- a/.github/workflows/ci.yaml +++ /dev/null @@ -1,61 +0,0 @@ -name: CI - -on: - pull_request: - workflow_call: - secrets: - CACHIX_AUTH_TOKEN: - description: "Auth token for cachix" - workflow_dispatch: - -env: - JUST_ARGS: --inputs-from . nixpkgs#just --command - -jobs: - build: - name: Build outputs - runs-on: ubuntu-latest - - steps: - - name: Free up space on runner - uses: jlumbroso/[email protected] - - - uses: actions/checkout@v4 - - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v9 - - - name: Setup Cachix - uses: cachix/cachix-action@v14 - with: - name: getchoo - authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - - - name: Run build - run: | - nix shell ${{ env.JUST_ARGS }} just ci - - check: - strategy: - fail-fast: false - matrix: - os: [ubuntu-latest, macos-latest] - - name: Check flake (${{ matrix.os }}) - runs-on: ${{ matrix.os }} - - steps: - - uses: actions/checkout@v4 - - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v9 - - - name: Setup Cachix - uses: cachix/cachix-action@v14 - with: - name: getchoo - authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - - - name: Run check - run: | - nix shell ${{ env.JUST_ARGS }} just check diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml deleted file mode 100644 index 388f3ac..0000000 --- a/.github/workflows/deploy.yaml +++ /dev/null @@ -1,96 +0,0 @@ -name: Deploy infrastructure - -on: - push: - branches: [main] - workflow_dispatch: - -jobs: - ci: - name: CI - uses: ./.github/workflows/ci.yaml - secrets: inherit - - nixos: - needs: ci - - name: Deploy NixOS systems - runs-on: ubuntu-latest - - environment: nixos - concurrency: - group: nixos - cancel-in-progress: true - - steps: - - uses: actions/checkout@v4 - - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v9 - - - name: Connect to Tailscale - uses: tailscale/github-action@v2 - with: - oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }} - oauth-secret: ${{ secrets.TS_OAUTH_SECRET }} - tags: tag:gha - - - name: Copy known_hosts - run: | - set -eux - - [ ! -d ~/.ssh ] && mkdir -p ~/.ssh - cp .known_hosts ~/.ssh/known_hosts - - - name: Run deploy - run: | - args=( - --inputs-from . - nixpkgs#just - --command - just deploy-all - ) - - nix shell "${args[@]}" - - terranix: - needs: nixos - - name: Apply Terranix plan - runs-on: ubuntu-latest - - environment: terranix - concurrency: - group: terranix - cancel-in-progress: true - - steps: - - uses: actions/checkout@v4 - - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v9 - - - name: Authenticate with TF Cloud - run: | - dir="$HOME/.terraform.d" - [ ! -d "$dir" ] && mkdir -p "$dir" - - cat > "$dir"/credentials.tfrc.json << EOF - { - "credentials": { - "app.terraform.io": { - "token": "${{ secrets.TF_API_TOKEN }}" - } - } - } - EOF - - - name: Apply plan - env: - CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} - OAUTH_CLIENT_ID: ${{ secrets.OAUTH_CLIENT_ID }} - OAUTH_CLIENT_SECRET: ${{ secrets.OAUTH_CLIENT_SECRET }} - run: | - nix develop .#terranix \ - --command bash -c \ - 'tofu init && tofu validate && tofu apply -auto-approve && just clean' |