61 lines
1.7 KiB
YAML
61 lines
1.7 KiB
YAML
name: CI
|
|
|
|
on:
|
|
pull_request:
|
|
push:
|
|
branches: [main]
|
|
|
|
jobs:
|
|
check:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: DeterminateSystems/nix-installer-action@main
|
|
- uses: cachix/cachix-action@v15
|
|
with:
|
|
name: noisebridge-wiki
|
|
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
|
|
|
|
- name: nix flake check
|
|
run: nix flake check
|
|
|
|
- name: Build wiki
|
|
run: nix build .#nixosConfigurations.wiki.config.system.build.toplevel
|
|
|
|
- name: Build wiki-replica
|
|
run: nix build .#nixosConfigurations.wiki-replica.config.system.build.toplevel
|
|
|
|
deploy:
|
|
needs: check
|
|
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
|
|
runs-on: ubuntu-latest
|
|
concurrency:
|
|
group: deploy
|
|
cancel-in-progress: false
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: DeterminateSystems/nix-installer-action@main
|
|
- uses: cachix/cachix-action@v15
|
|
with:
|
|
name: noisebridge-wiki
|
|
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
|
|
|
|
- name: Connect to Tailscale
|
|
uses: tailscale/github-action@v2
|
|
with:
|
|
oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
|
|
oauth-secret: ${{ secrets.TS_OAUTH_SECRET }}
|
|
tags: tag:ci
|
|
|
|
- name: Configure SSH
|
|
run: |
|
|
mkdir -p ~/.ssh
|
|
echo "${{ secrets.DEPLOY_SSH_KEY }}" > ~/.ssh/id_ed25519
|
|
chmod 600 ~/.ssh/id_ed25519
|
|
ssh-keyscan -t ed25519 wiki wiki-replica >> ~/.ssh/known_hosts 2>/dev/null
|
|
|
|
- name: Deploy wiki
|
|
run: nix run .#deploy -- .#wiki -- --ssh-opts="-o ConnectTimeout=30"
|
|
|
|
- name: Deploy wiki-replica
|
|
run: nix run .#deploy -- .#wiki-replica -- --ssh-opts="-o ConnectTimeout=30"
|