Skip to content
Run Colmena

Add dependency for tgstation-server to wait for mysql.service #33

Sign in to view logs

Add dependency for tgstation-server to wait for mysql.service

Add dependency for tgstation-server to wait for mysql.service #33

Workflow file for this run

.github/workflows/colmena.yml at baec37f
name: "Run Colmena"
on:
push:
branches: [main]
pull_request:
jobs:
build:
name: Build
runs-on: ubuntu-24.04
strategy:
matrix:
node:
- tgsatan
- blockmoths
- vpn
- \@relay
- \@staging
steps:
# We use commit hashes for specifying versions here, so a malicious tag can't gain access to our secrets (At least while sha-1 collisions are rare, anyway)
- name: Install private ssh key
uses: shimataro/ssh-key-action@d4fffb50872869abe2d9a9098a6d9c5aa7d16be4 # Install our ssh key. TODO: Replace with our own bash script
with:
key: ${{ secrets.COLMENA_SSH_KEY }}
name: id_ed25519
known_hosts: ${{ secrets.COLMENA_KNOWN_HOSTS }}
- name: Login to headscale
uses: tailscale/github-action@8688eb839e58e6b25c1ae96cd99d1c173299b842 # Connect to headscale
with:
authkey: ${{ secrets.TS_AUTHKEY }}
args: --login-server=https://vpn.tgstation13.org
- name: Checkout Repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # Checkout the repository
- name: Install Nix
uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # Install nix itself. We don't need to specify a channel since we're using flakes
with:
extra_nix_config: |
accept-flake-config = true
extra-substituters = https://attic.tgstation13.org/tgstation-infrastructure
extra-trusted-public-keys = tgstation-infrastructure:tNpjd5GxK1xymRHsJdBLTpeDScA2mVPdKA/eIOLOE0I=
- name: Setup attic Binary Cache
# Format for pointing to caches is server:cache in these commands
run: |
nix profile install nixpkgs#attic-client
attic login tgstation https://attic.tgstation13.org ${{ secrets.ATTIC_JWT_TOKEN }}
- name: Build closure
run: nix run github:zhaofengli/colmena -- build --impure -v --eval-node-limit 2 --keep-result --on ${{ matrix.node }}
- name: Push closure to attic
if: github.repository == 'tgstation-operations/tgstation-nix' && github.ref == 'refs/heads/main'
run: attic push tgstation:tgstation-infrastructure .gcroots/*
deploy:
name: Deploy
needs: build
runs-on: ubuntu-24.04
if: ${{ github.repository == 'tgstation-operations/tgstation-nix' && github.ref == 'refs/heads/main' }}
strategy:
matrix:
node:
- tgsatan
- blockmoths
- vpn
- \@relay
- \@staging
steps:
- name: Install private ssh key
uses: shimataro/ssh-key-action@d4fffb50872869abe2d9a9098a6d9c5aa7d16be4 # Install our ssh key. TODO: Replace with our own bash script
with:
key: ${{ secrets.COLMENA_SSH_KEY }}
name: id_ed25519
known_hosts: ${{ secrets.COLMENA_KNOWN_HOSTS }}
- name: Login to headscale
uses: tailscale/github-action@8688eb839e58e6b25c1ae96cd99d1c173299b842 # Connect to headscale
with:
authkey: ${{ secrets.TS_AUTHKEY }}
args: --login-server=https://vpn.tgstation13.org
- name: Checkout Repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # Checkout the repository
- name: Install Nix
uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # Install nix itself. We don't need to specify a channel since we're using flakes
with:
extra_nix_config: |
accept-flake-config = true
extra-substituters = https://attic.tgstation13.org/tgstation-infrastructure
extra-trusted-public-keys = tgstation-infrastructure:tNpjd5GxK1xymRHsJdBLTpeDScA2mVPdKA/eIOLOE0I=
- name: Authenticate Attic Binary Cache
run: |
nix profile install nixpkgs#attic-client
attic login tgstation https://attic.tgstation13.org ${{ secrets.ATTIC_JWT_TOKEN }}
- name: Deploy closure to Nodes
run: nix run github:zhaofengli/colmena -- apply --impure -v --on ${{ matrix.node }}