From b3de12c1f8063f86ccb7b4ebb9b534feff3053c1 Mon Sep 17 00:00:00 2001 From: "Casper V. Kristensen" Date: Fri, 29 Mar 2024 22:55:01 +0100 Subject: [PATCH] Replace Containerfile with Forgejo Actions --- .gitea/workflows/update.yaml | 39 ++++++++++++++++++++++++++++++++++++ Containerfile | 22 -------------------- 2 files changed, 39 insertions(+), 22 deletions(-) create mode 100644 .gitea/workflows/update.yaml delete mode 100644 Containerfile diff --git a/.gitea/workflows/update.yaml b/.gitea/workflows/update.yaml new file mode 100644 index 0000000..4ae2a1a --- /dev/null +++ b/.gitea/workflows/update.yaml @@ -0,0 +1,39 @@ +name: Update flake.lock + +on: + push: # TODO + # https://forgejo.org/docs/latest/user/actions/#onschedule + schedule: + - cron: "23 17 * * 1" + +jobs: + update: + runs-on: docker + container: + image: docker.io/nixos/nix:2.21.0 + steps: + - name: Configure SSH + run: | + mkdir ~/.ssh/ + echo "git.caspervk.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAvPxSg6XN6znT1T4H0U1lzJBsGY7Uann+TBisWD3Drd" > ~/.ssh/known_hosts + echo "${{ secrets.SNOWFLAKE_SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519 + chmod 0600 ~/.ssh/id_ed25519 + + - name: Configure Git + run: | + git config --global user.email "snowflake@caspervk.net" + git config --global user.name "snowflake" + + - name: Checkout repository + run: | + git clone git@git.caspervk.net:caspervk/nixos.git + cd nixos/ + + - name: Update flake.lock + run: | + nix --extra-experimental-features nix-command --extra-experimental-features flakes flake update --commit-lock-file + + - name: Push + run: | + git push + diff --git a/Containerfile b/Containerfile deleted file mode 100644 index 0c25cd1..0000000 --- a/Containerfile +++ /dev/null @@ -1,22 +0,0 @@ -# Automatic NixOS upgrades (modules/server/system.nix) requires updating -# flake.lock in the repository periodically. This repository is hosted on -# Gitea, which doesn't have good support for CI. Instead, this Containerfile -# is run on a server. This requires a Gitea access token[1] with repository -# read/write permissions. Note that we must use an account-wide access token to -# be able to clone through HTTPS (and utilise certificates rather than blindly -# trusting SSH keys), as repository deploy keys can only be used through -# SSH. The token should be passed as the GIT_PASSWORD environment variable. -# [1] https://git.caspervk.net/user/settings/applications - -FROM nixos/nix:latest - -CMD git clone https://caspervk:$GIT_PASSWORD@git.caspervk.net/caspervk/nixos.git && \ - cd nixos/ && \ - git config user.email "snowflake@caspervk.net" && \ - git config user.name "snowflake" && \ - # store in /dev/shm tmpfs to avoid an ever-growing nix store in the container - nix --extra-experimental-features nix-command --extra-experimental-features flakes flake update --commit-lock-file --store /dev/shm && \ - git push && \ - cd .. && \ - rm -rf nixos/ && \ - sleep 7d # Run again in a week. Requires `restart: unless-stopped`