nixos/.gitlab-ci.yml

# Automatic NixOS upgrades (modules/server/system.nix) requires updating
# flake.lock in the repository periodically. This repository is hosted on
# Gitea, which doesn't have good support for CI. Instead, the repository is
# mirrored to GitLab.com, where the following is configured to run on a
# schedule. The GitLab repository is then mirrored back to Gitea:
#
#                      ┌──────────┐
#                      │ Schedule │
#                      └────┬─────┘
#                         Update
#                       flake.lock
#                           │
# ┌─────────┐  Mirror  ┌────▼─────┐
# │  Gitea  │◄────────►│  GitLab  │
# └─────────┘          └──────────┘
#
# GitLab:
#   Settings:
#     Access Tokens:
#       - "Push Token": read_repository,write_repository, Maintainer
#     Repository:
#       Mirroring repositories:
#          - ssh://git@git.caspervk.net:2222/caspervk/nixos.git, SSH public key authentication
#     CI/CD:
#       Variables:
#         ACCESS_TOKEN: <Push Token>, Protect, Mask
#   Build:
#     Pipeline schedules:
#       - Update flake.nix
#         23 17 * * MON
#
# Gitea:
#   Settings:
#     Repository:
#       Mirror Settings:
#         - URL: <GitLab repo HTTP URL>
#           Authorization:
#             Username: oauth2
#             Password: <Push Token>
#             Sync when commits are pushed: Yes
#     Deploy Keys:
#       - <"Copy SSH public key" from GitLab>Settings>Repository>Mirroring repositories>
#         Enable Write Access: Yes

workflow:
  rules:
    - if: '$CI_PIPELINE_SOURCE == "schedule"'

Update flake.nix:
  image: nixos/nix:latest
  script:
    - git config user.email "snowflake@caspervk.net"
    - git config user.name "snowflake"
    - nix --extra-experimental-features nix-command --extra-experimental-features flakes flake update --commit-lock-file
    - git push https://oauth2:$ACCESS_TOKEN@gitlab.com/$CI_PROJECT_PATH HEAD:$CI_COMMIT_BRANCH
Document GitLab CI configuration 2023-08-26 17:05:03 +02:00			`# Automatic NixOS upgrades (modules/server/system.nix) requires updating`
			`# flake.lock in the repository periodically. This repository is hosted on`
			`# Gitea, which doesn't have good support for CI. Instead, the repository is`
			`# mirrored to GitLab.com, where the following is configured to run on a`
			`# schedule. The GitLab repository is then mirrored back to Gitea:`
			`#`
			`# ┌──────────┐`
			`# │ Schedule │`
			`# └────┬─────┘`
			`# Update`
			`# flake.lock`
			`# │`
			`# ┌─────────┐ Mirror ┌────▼─────┐`
			`# │ Gitea │◄────────►│ GitLab │`
			`# └─────────┘ └──────────┘`
			`#`
			`# GitLab:`
			`# Settings:`
			`# Access Tokens:`
			`# - "Push Token": read_repository,write_repository, Maintainer`
			`# Repository:`
			`# Mirroring repositories:`
			`# - ssh://git@git.caspervk.net:2222/caspervk/nixos.git, SSH public key authentication`
			`# CI/CD:`
			`# Variables:`
			`# ACCESS_TOKEN: <Push Token>, Protect, Mask`
			`# Build:`
			`# Pipeline schedules:`
			`# - Update flake.nix`
			`# 23 17 * * MON`
			`#`
			`# Gitea:`
			`# Settings:`
			`# Repository:`
			`# Mirror Settings:`
			`# - URL: <GitLab repo HTTP URL>`
			`# Authorization:`
			`# Username: oauth2`
			`# Password: <Push Token>`
			`# Sync when commits are pushed: Yes`
			`# Deploy Keys:`
			`# - <"Copy SSH public key" from GitLab>Settings>Repository>Mirroring repositories>`
			`# Enable Write Access: Yes`

ci: enable experimental flake features 2023-08-25 02:34:42 +02:00			`workflow:`
			`rules:`
			`- if: '$CI_PIPELINE_SOURCE == "schedule"'`

Document GitLab CI configuration 2023-08-26 17:05:03 +02:00			`Update flake.nix:`
gitlab ci 2023-08-25 02:29:10 +02:00			`image: nixos/nix:latest`
			`script:`
			`- git config user.email "snowflake@caspervk.net"`
			`- git config user.name "snowflake"`
ci: enable experimental flake features 2023-08-25 02:34:42 +02:00			`- nix --extra-experimental-features nix-command --extra-experimental-features flakes flake update --commit-lock-file`
CI_PROJECT_PATH 2023-08-25 02:48:55 +02:00			`- git push https://oauth2:$ACCESS_TOKEN@gitlab.com/$CI_PROJECT_PATH HEAD:$CI_COMMIT_BRANCH`