Update ⬆️ #205
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Update | |
| 'on': | |
| schedule: | |
| - cron: '30 3 * * 1,5' # At 03:30 on Monday, and Friday. | |
| workflow_dispatch: | |
| jobs: | |
| update: | |
| name: Update dependencies | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/[email protected] | |
| - uses: DeterminateSystems/nix-installer-action@v6 | |
| - uses: DeterminateSystems/magic-nix-cache-action@v2 | |
| - uses: cachix/cachix-action@v12 | |
| with: | |
| name: etu | |
| extraPullNames: 'nix-community' | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| # Update flake | |
| - name: Update flake inputs | |
| run: 'nix flake update' | |
| env: | |
| github_token: '${{ secrets.GITHUB_TOKEN }}' | |
| # Pre-fetch deps | |
| - name: Pre-fetch deps | |
| run: 'nix develop --command true' | |
| env: | |
| github_token: '${{ secrets.GITHUB_TOKEN }}' | |
| # Do updates of nixpkgs and other dependencies. | |
| - name: Update all dependencies | |
| run: 'nix develop --command make update-all' | |
| env: | |
| github_token: '${{ secrets.GITHUB_TOKEN }}' | |
| # Commit the updated dependencies to temporary branch | |
| - uses: stefanzweifel/[email protected] | |
| with: | |
| commit_message: 'cron(treewide): Upgrade systems' | |
| branch: tmp-updater-branch | |
| create_branch: true | |
| push_options: '--force' | |
| cache: | |
| name: Cache system | |
| runs-on: ubuntu-22.04 | |
| needs: update | |
| strategy: | |
| matrix: | |
| hostname: | |
| - laptop-private-elis | |
| - server-main-elis | |
| - server-sparv | |
| - vps04 | |
| - vps06 | |
| steps: | |
| # Clone the code from the temporary branch | |
| - uses: actions/[email protected] | |
| with: | |
| ref: tmp-updater-branch | |
| - uses: DeterminateSystems/nix-installer-action@v6 | |
| - uses: DeterminateSystems/magic-nix-cache-action@v2 | |
| - uses: cachix/cachix-action@v12 | |
| with: | |
| name: etu | |
| extraPullNames: 'nix-community' | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| # Build systems. | |
| - name: Build system derivation | |
| uses: nick-fields/[email protected] | |
| with: | |
| max_attempts: 3 | |
| timeout_minutes: 60 | |
| command: 'nix build .#nixosConfigurations.${{ matrix.hostname }}.config.system.build.toplevel' | |
| cache-shell: | |
| name: Cache nix shell | |
| runs-on: ubuntu-22.04 | |
| needs: update | |
| steps: | |
| # Clone the code from the temporary branch | |
| - uses: actions/[email protected] | |
| with: | |
| ref: tmp-updater-branch | |
| - uses: DeterminateSystems/nix-installer-action@v6 | |
| - uses: DeterminateSystems/magic-nix-cache-action@v2 | |
| - uses: cachix/cachix-action@v12 | |
| with: | |
| name: etu | |
| extraPullNames: 'nix-community' | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| - name: Check the flake | |
| run: 'nix build .#devShells.x86_64-linux.default' | |
| check: | |
| name: Check flake | |
| runs-on: ubuntu-22.04 | |
| needs: cache | |
| steps: | |
| # Clone the code from the temporary branch | |
| - uses: actions/[email protected] | |
| with: | |
| ref: tmp-updater-branch | |
| - uses: DeterminateSystems/nix-installer-action@v6 | |
| - uses: DeterminateSystems/magic-nix-cache-action@v2 | |
| - uses: cachix/cachix-action@v12 | |
| with: | |
| name: etu | |
| extraPullNames: 'nix-community' | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| - name: Check the flake | |
| run: 'nix flake check' | |
| promote: | |
| name: Promote to main branch | |
| runs-on: ubuntu-22.04 | |
| needs: check | |
| steps: | |
| - uses: actions/[email protected] | |
| with: | |
| ref: main | |
| - name: Get remote branch data | |
| run: 'git fetch' | |
| - name: Get the tmp-updater-branch branch | |
| run: 'git checkout tmp-updater-branch' | |
| - name: Push temporary branch to main branch | |
| run: 'git push origin tmp-updater-branch:main' | |
| - name: Delete the temporary branch | |
| run: 'git push origin --delete tmp-updater-branch' | |
| deploy: | |
| name: Deploy systems | |
| runs-on: ubuntu-22.04 | |
| needs: promote | |
| # Don't cancel jobs if one job fails | |
| continue-on-error: true | |
| strategy: | |
| matrix: | |
| hostname: | |
| - server-main-elis | |
| - server-sparv | |
| - vps04 | |
| - vps06 | |
| steps: | |
| - uses: actions/[email protected] | |
| - run: | | |
| git pull | |
| - uses: DeterminateSystems/nix-installer-action@v6 | |
| - uses: DeterminateSystems/magic-nix-cache-action@v2 | |
| - uses: cachix/cachix-action@v12 | |
| with: | |
| name: etu | |
| extraPullNames: 'nix-community' | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| # Configure SSH key | |
| - uses: shimataro/[email protected] | |
| with: | |
| key: ${{ secrets.SSH_PRIVATE_KEY }} | |
| name: id_ed25519 | |
| known_hosts: ${{ secrets.SSH_KNOWN_HOSTS }} | |
| # Build systems. | |
| - name: Build system derivation | |
| uses: nick-fields/[email protected] | |
| with: | |
| max_attempts: 2 | |
| timeout_minutes: 30 | |
| command: 'nix build .#nixosConfigurations.${{ matrix.hostname }}.config.system.build.toplevel' | |
| # Deploy systems | |
| - name: Deploy system | |
| uses: nick-fields/[email protected] | |
| with: | |
| max_attempts: 2 | |
| timeout_minutes: 30 | |
| command: 'nix develop -c deploy .#${{ matrix.hostname }}' |