Skip to content

Commit

Permalink
Merge pull request #5 from Lorwp/ci-gaming
Browse files Browse the repository at this point in the history 
Re-Implement CI for the repo, plus some housekeeping
  • Loading branch information
@Lorwp
Lorwp authored Feb 18, 2025
2 parents 46623cb + 43b9be7 commit b3645fa
Show file tree
Hide file tree
Showing 8 changed files with 135 additions and 114 deletions.
69 changes: 45 additions & 24 deletions .github/workflows/colmena.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,31 +5,33 @@ on:
branches: [main]
pull_request:

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
build:
name: Build
runs-on: ubuntu-24.04
strategy:
matrix:
runner: [ubuntu-24.04]
node:
- tgsatan
- blockmoths
- vpn
- \@relay
- \@staging
- "tgsatan"
- "blockmoths"
- "vpn"
- "@relay-amd64"
- "@staging"
include:
- node: "@relay-arm"
runner: ubuntu-24.04-arm
runs-on: ${{ matrix.runner }}
steps:
# We use commit hashes for specifying versions here, so a malicious tag can't gain access to our secrets (At least while sha-1 collisions are rare, anyway)
- name: Install private ssh key
uses: shimataro/ssh-key-action@d4fffb50872869abe2d9a9098a6d9c5aa7d16be4 # Install our ssh key. TODO: Replace with our own bash script
with:
key: ${{ secrets.COLMENA_SSH_KEY }}
name: id_ed25519
known_hosts: ${{ secrets.COLMENA_KNOWN_HOSTS }}

- name: Login to headscale
uses: tailscale/github-action@8688eb839e58e6b25c1ae96cd99d1c173299b842 # Connect to headscale
if: github.repository == 'tgstation-operations/infrastructure' && github.ref == 'refs/heads/main'
with:
authkey: ${{ secrets.TS_AUTHKEY }}
authkey: ${{ secrets.TS_BUILD_AUTHKEY }}
args: --login-server=https://vpn.tgstation13.org

- name: Checkout Repository
Expand All @@ -40,14 +42,20 @@ jobs:
with:
extra_nix_config: |
accept-flake-config = true
extra-substituters = https://attic.tgstation13.org/tgstation-infrastructure
extra-trusted-public-keys = tgstation-infrastructure:tNpjd5GxK1xymRHsJdBLTpeDScA2mVPdKA/eIOLOE0I=
extra-substituters = https://nix-community.cachix.org
extra-trusted-public-keys = nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=
- name: Setup attic Binary Cache
if: github.repository == 'tgstation-operations/infrastructure' && github.ref == 'refs/heads/main'
# Format for pointing to caches is server:cache in these commands
run: |
nix profile install nixpkgs#attic-client
attic login tgstation https://attic.tgstation13.org ${{ secrets.ATTIC_JWT_TOKEN }}
attic use tgstation:tgstation-infrastructure
- name: Print nix config before Build
run: nix config show

- name: Build closure
run: nix run github:zhaofengli/colmena -- build --impure -v --eval-node-limit 2 --keep-result --on ${{ matrix.node }}
Expand All @@ -59,23 +67,33 @@ jobs:
deploy:
name: Deploy
needs: build
runs-on: ubuntu-24.04
if: ${{ github.repository == 'tgstation-operations/tgstation-nix' && github.ref == 'refs/heads/main' }}
if: ${{ github.repository == 'tgstation-operations/infrastructure' && github.ref == 'refs/heads/main' }}
environment: ${{ matrix.environment }}
strategy:
matrix:
runner: [ubuntu-24.04]
node:
- tgsatan
- blockmoths
- vpn
- \@relay
- \@staging
- "tgsatan"
- "blockmoths"
- "vpn"
- "@relay-amd64"
environment:
- production
include:
- runner: ubuntu-24.04-arm
node: "@relay-arm"
environment: production
- runner: ubuntu-24.04
node: "@staging"
environment: staging
runs-on: ${{ matrix.runner }}
steps:
- name: Install private ssh key
uses: shimataro/ssh-key-action@d4fffb50872869abe2d9a9098a6d9c5aa7d16be4 # Install our ssh key. TODO: Replace with our own bash script
with:
key: ${{ secrets.COLMENA_SSH_KEY }}
name: id_ed25519
known_hosts: ${{ secrets.COLMENA_KNOWN_HOSTS }}
known_hosts: ${{ vars.COLMENA_KNOWN_HOSTS }}

- name: Login to headscale
uses: tailscale/github-action@8688eb839e58e6b25c1ae96cd99d1c173299b842 # Connect to headscale
Expand All @@ -98,6 +116,9 @@ jobs:
run: |
nix profile install nixpkgs#attic-client
attic login tgstation https://attic.tgstation13.org ${{ secrets.ATTIC_JWT_TOKEN }}
- name: Print nix config before Build
run: nix config show

- name: Deploy closure to Nodes
run: nix run github:zhaofengli/colmena -- apply --impure -v --on ${{ matrix.node }}
42 changes: 21 additions & 21 deletions flake.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

74 changes: 8 additions & 66 deletions flake.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,7 +121,7 @@
targetHost = "chicago.tg.lan";
targetUser = "deploy";
tags = [
"relay"
"relay-amd64"
];
};
imports =
Expand All @@ -138,7 +138,7 @@
targetHost = "atlanta.tg.lan";
targetUser = "deploy";
tags = [
"relay"
"relay-amd64"
];
};
imports =
Expand All @@ -150,40 +150,6 @@
];
};

frankfurt2 = {
deployment = {
targetHost = "frankfurt2.tg.lan";
targetUser = "deploy";
tags = [
"relay"
];
};
imports =
flakeModules
++ [
(import ./modules/base.nix)
(import ./users)
(import ./nixos_systems/relay-node/eu/frankfurt2.nix)
];
};

frankfurt3 = {
deployment = {
targetHost = "frankfurt3.tg.lan";
targetUser = "deploy";
tags = [
"relay"
];
};
imports =
flakeModules
++ [
(import ./modules/base.nix)
(import ./users)
(import ./nixos_systems/relay-node/eu/frankfurt3.nix)
];
};

blockmoths = {
deployment = {
targetHost = "blockmoths.tg.lan";
Expand Down Expand Up @@ -235,7 +201,7 @@
targetHost = "lime.tg.lan";
targetUser = "deploy";
tags = [
"relay"
"relay-amd64"
];
};
imports =
Expand Down Expand Up @@ -268,7 +234,7 @@
targetHost = "dachshund.tg.lan";
targetUser = "deploy";
tags = [
"relay"
"relay-arm"
];
};
nixpkgs.system = "aarch64-linux";
Expand All @@ -285,7 +251,7 @@
targetHost = "knipp.tg.lan";
targetUser = "deploy";
tags = [
"relay"
"relay-arm"
];
};
nixpkgs.system = "aarch64-linux";
Expand All @@ -305,8 +271,6 @@
vpn
chicago
atlanta
frankfurt2
frankfurt3
blockmoths
wiggle
warsaw
Expand Down Expand Up @@ -342,19 +306,19 @@
};
bratwurst = {
pkgs-unstable = import nixpkgs-unstable {
system = "x86_64-linux";
system = "aarch64-linux";
config.allowUnfree = true;
};
};
dachshund = {
pkgs-unstable = import nixpkgs-unstable {
system = "x86_64-linux";
system = "aarch64-linux";
config.allowUnfree = true;
};
};
knipp = {
pkgs-unstable = import nixpkgs-unstable {
system = "x86_64-linux";
system = "aarch64-linux";
config.allowUnfree = true;
};
};
Expand Down Expand Up @@ -442,28 +406,6 @@
};
};
};
frankfurt2 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = flakeModules ++ frankfurt2.imports;
specialArgs = {
inherit self inputs nixpkgs fenix;
pkgs-unstable = import nixpkgs-unstable {
system = "x86_64-linux";
config.allowUnfree = true;
};
};
};
frankfurt3 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = flakeModules ++ frankfurt3.imports;
specialArgs = {
inherit self inputs nixpkgs fenix;
pkgs-unstable = import nixpkgs-unstable {
system = "x86_64-linux";
config.allowUnfree = true;
};
};
};
warsaw = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = flakeModules ++ warsaw.imports;
Expand Down
2 changes: 1 addition & 1 deletion modules/colmena_ci.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ in {
openssh.authorizedKeys.keys =
deployUsers
++ [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINerE77pg5ziJ2adbSZ7ftCa3kX49C1C2FSJd6h6XVP+ deploy@tgstation-nix"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQx1+Obgbo+YUubcQNFr4ry5Iob3U0fW3myAcG4PS79 deploy@tgstation-infra"
];
};

Expand Down
Loading

0 comments on commit b3645fa

Please sign in to comment.