Simon Gardling
bedc94cbc0
- enable gitea actions - add native host runner (nix:host label, capacity 1) - add gitea-runner system user with persisted state - add agenix-encrypted CI secrets (deploy key, git-crypt key, runner token) - authorize CI deploy key for root SSH - add build-and-deploy workflow triggered on push to main
49 lines
1.5 KiB
YAML
49 lines
1.5 KiB
YAML
name: Build and Deploy
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
|
|
jobs:
|
|
deploy:
|
|
runs-on: nix
|
|
steps:
|
|
- uses: https://github.com/actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Build NixOS configuration
|
|
run: |
|
|
nix build .#nixosConfigurations.muffin.config.system.build.toplevel -L
|
|
|
|
- name: Deploy via deploy-rs
|
|
run: |
|
|
eval $(ssh-agent -s)
|
|
ssh-add /run/agenix/ci-deploy-key
|
|
nix run github:serokell/deploy-rs -- .#muffin --ssh-opts="-o StrictHostKeyChecking=no"
|
|
|
|
- name: Health check
|
|
run: |
|
|
sleep 10
|
|
ssh -i /run/agenix/ci-deploy-key -o StrictHostKeyChecking=no root@server-public \
|
|
"systemctl is-active gitea && systemctl is-active caddy && systemctl is-active continuwuity && systemctl is-active coturn"
|
|
|
|
- name: Notify success
|
|
if: success()
|
|
run: |
|
|
curl -sf -X POST \
|
|
"https://ntfy.sigkill.computer/deployments" \
|
|
-H "Title: [muffin] Deploy succeeded" \
|
|
-H "Priority: default" \
|
|
-H "Tags: white_check_mark" \
|
|
-d "server-config deployed from commit ${GITHUB_SHA::8}"
|
|
|
|
- name: Notify failure
|
|
if: failure()
|
|
run: |
|
|
curl -sf -X POST \
|
|
"https://ntfy.sigkill.computer/deployments" \
|
|
-H "Title: [muffin] Deploy FAILED" \
|
|
-H "Priority: urgent" \
|
|
-H "Tags: rotating_light" \
|
|
-d "server-config deploy failed at commit ${GITHUB_SHA::8}"
|