ci: add deploy workflow and authorize CI key for yarn
- add gitea actions workflow to build and deploy on push to main - authorize CI deploy key for root SSH on desktop - workflow unlocks git-crypt, builds yarn config, deploys if desktop reachable
This commit is contained in:
51
.gitea/workflows/deploy.yml
Normal file
51
.gitea/workflows/deploy.yml
Normal file
@@ -0,0 +1,51 @@
|
|||||||
|
name: Build and Deploy Desktop
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches: [main]
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
deploy:
|
||||||
|
runs-on: nix
|
||||||
|
steps:
|
||||||
|
- uses: https://github.com/actions/checkout@v4
|
||||||
|
with:
|
||||||
|
fetch-depth: 0
|
||||||
|
|
||||||
|
- name: Unlock git-crypt
|
||||||
|
run: |
|
||||||
|
git-crypt unlock /run/agenix/git-crypt-key-dotfiles
|
||||||
|
|
||||||
|
- name: Build NixOS configuration (yarn)
|
||||||
|
run: |
|
||||||
|
nix build .#nixosConfigurations.yarn.config.system.build.toplevel -L
|
||||||
|
|
||||||
|
- name: Deploy to desktop
|
||||||
|
run: |
|
||||||
|
eval $(ssh-agent -s)
|
||||||
|
ssh-add /run/agenix/ci-deploy-key
|
||||||
|
if ssh -i /run/agenix/ci-deploy-key -o StrictHostKeyChecking=no -o ConnectTimeout=10 root@desktop "echo reachable" 2>/dev/null; then
|
||||||
|
nix run github:serokell/deploy-rs -- .#yarn --ssh-opts="-o StrictHostKeyChecking=no"
|
||||||
|
echo "Deploy to desktop succeeded"
|
||||||
|
else
|
||||||
|
echo "Desktop unreachable - skipping deploy. Build succeeded."
|
||||||
|
fi
|
||||||
|
|
||||||
|
- name: Notify success
|
||||||
|
if: success()
|
||||||
|
run: |
|
||||||
|
curl -sf -X POST \
|
||||||
|
"https://ntfy.sigkill.computer/deployments" \
|
||||||
|
-H "Title: [yarn] Build succeeded" \
|
||||||
|
-H "Priority: default" \
|
||||||
|
-H "Tags: white_check_mark" \
|
||||||
|
-d "dotfiles built from commit ${GITHUB_SHA::8}"
|
||||||
|
|
||||||
|
- name: Notify failure
|
||||||
|
if: failure()
|
||||||
|
run: |
|
||||||
|
curl -sf -X POST \
|
||||||
|
"https://ntfy.sigkill.computer/deployments" \
|
||||||
|
-H "Title: [yarn] Build FAILED" \
|
||||||
|
-H "Priority: urgent" \
|
||||||
|
-H "Tags: rotating_light" \
|
||||||
|
-d "dotfiles build failed at commit ${GITHUB_SHA::8}"
|
||||||
@@ -64,6 +64,7 @@
|
|||||||
|
|
||||||
users.users.root.openssh.authorizedKeys.keys = [
|
users.users.root.openssh.authorizedKeys.keys = [
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4jL6gYOunUlUtPvGdML0cpbKSsPNqQ1jit4E7U1RyH" # laptop
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4jL6gYOunUlUtPvGdML0cpbKSsPNqQ1jit4E7U1RyH" # laptop
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC5ZYN6idL/w/mUIfPOH1i+Q/SQXuzAMQUEuWpipx1Pc ci-deploy@muffin"
|
||||||
];
|
];
|
||||||
|
|
||||||
programs.steam = {
|
programs.steam = {
|
||||||
|
|||||||
Reference in New Issue
Block a user