diff options
| author | William Carroll <wpcarro@gmail.com> | 2020-08-21T10·12+0100 |
|---|---|---|
| committer | William Carroll <wpcarro@gmail.com> | 2020-08-21T10·12+0100 |
| commit | 3f3cba7c320a78b554e47c179c078ad790257065 (patch) | |
| tree | 140ae2579e1bb777fb39c08a56876816bcae03e2 | |
| parent | 13daa560ba83c5a1c8e6785ebc47c0086225461b (diff) | |
Define BuildKite pipelines in Nix
After a handful of failed attempts to run lint-secrets.sh due to a missing
`git-secrets` executable on my git server, I decided that now was a good time to
use Nix to define my BuildKite pipelines.
TL;DR:
- Delete ci/scripts directory
- Define ci/pipelines/{briefcase,socrates}.nix
Outside of this repository:
- I logged into my admin account at git.wpcarro.dev and changed my Gitea
post-receive hook to trigger the briefcase pipeline
- I logged into my BuildKite account, deleted my build-briefcase pipeline,
created a new briefcase pipeline that called:
```shell
nix-build -A ci.pipelines.briefcase -o briefcase.yaml
buildkite-agent pipeline upload briefcase.yaml
```
One day I will audit all of my ad-hoc, non-mono-repo activity (like the steps I
listed above) and attempt to fit everything herein... one step at a time,
though!
| -rw-r--r-- | ci/pipelines/briefcase.nix | 14 | ||||
| -rw-r--r-- | ci/pipelines/socrates.nix | 18 | ||||
| -rwxr-xr-x | ci/scripts/build-briefcase.sh | 6 | ||||
| -rwxr-xr-x | ci/scripts/build-socrates.sh | 9 | ||||
| -rw-r--r-- | ci/scripts/lint-secrets.sh | 3 | ||||
| -rw-r--r-- | default.nix | 1 |
6 files changed, 33 insertions, 18 deletions
diff --git a/ci/pipelines/briefcase.nix b/ci/pipelines/briefcase.nix new file mode 100644 index 000000000000..d010718a1c19 --- /dev/null +++ b/ci/pipelines/briefcase.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: + +let + pipeline.steps = [ + { + command = "${pkgs.git-secrets}/bin/git-secrets"; + label = ":briefcase: Briefcase [lint]"; + } + { + command = "nix-build . -I briefcase=$(pwd) --no-out-link --show-trace"; + label = ":briefcase: Briefcase [build]"; + } + ]; +in pkgs.writeText "briefcase.yaml" (builtins.toJSON pipeline) diff --git a/ci/pipelines/socrates.nix b/ci/pipelines/socrates.nix new file mode 100644 index 000000000000..ffea654daef3 --- /dev/null +++ b/ci/pipelines/socrates.nix @@ -0,0 +1,18 @@ +{ pkgs, ... }: + +let + pipeline.steps = [ + { + command = '' + nix-build '<nixpkgs/nixos>' \ + -I briefcase="$(pwd)" \ + -I nixpkgs=/var/lib/buildkite-agent-socrates/nixpkgs-channels \ + -I nixos-config=nixos/socrates/default.nix \ + -A system \ + --no-out-link \ + --show-trace + ''; + label = ":laptop: Socrates [build]"; + } + ]; +in pkgs.writeText "socrates.yml" (builtins.toJSON pipeline) diff --git a/ci/scripts/build-briefcase.sh b/ci/scripts/build-briefcase.sh deleted file mode 100755 index b5e1b8e9f3bd..000000000000 --- a/ci/scripts/build-briefcase.sh +++ /dev/null @@ -1,6 +0,0 @@ -set -euo pipefail - -nix-build . \ - -I briefcase="$(pwd)" \ - --no-out-link \ - --show-trace diff --git a/ci/scripts/build-socrates.sh b/ci/scripts/build-socrates.sh deleted file mode 100755 index f822c16ec1fe..000000000000 --- a/ci/scripts/build-socrates.sh +++ /dev/null @@ -1,9 +0,0 @@ -set -euo pipefail - -nix-build '<nixpkgs/nixos>' \ - -I briefcase="$(pwd)" \ - -I nixpkgs=/var/lib/buildkite-agent-socrates/nixpkgs-channels \ - -I nixos-config=nixos/socrates/default.nix \ - -A system \ - --no-out-link \ - --show-trace diff --git a/ci/scripts/lint-secrets.sh b/ci/scripts/lint-secrets.sh deleted file mode 100644 index 1ff22a10637a..000000000000 --- a/ci/scripts/lint-secrets.sh +++ /dev/null @@ -1,3 +0,0 @@ -set -euo pipefail - -git secrets --scan diff --git a/default.nix b/default.nix index 55bb447a5c5b..0df52cce6a79 100644 --- a/default.nix +++ b/default.nix @@ -18,6 +18,7 @@ let depot = depot; }; in { + ci = readTree ./ci; nixos = readTree ./nixos; utils = readTree ./utils; emacs = readTree ./emacs; |