chore(ci): modernize release/container push
This commit is contained in:
parent
5480cee564
commit
fb0a3cdaff
127
.gitlab-ci.yml
127
.gitlab-ci.yml
@ -4,9 +4,9 @@
|
||||
|
||||
workflow:
|
||||
rules:
|
||||
- if: '$CI_PIPELINE_SOURCE == "push"'
|
||||
when: always
|
||||
- when: never
|
||||
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
|
||||
- if: $CI_MERGE_REQUEST_ID
|
||||
- if: $CI_COMMIT_TAG =~ /^v/
|
||||
|
||||
default:
|
||||
image:
|
||||
@ -26,7 +26,7 @@ stages:
|
||||
- frontend:build
|
||||
- backend:build
|
||||
- test
|
||||
- docker
|
||||
- container:build
|
||||
- prepare release
|
||||
- release
|
||||
|
||||
@ -43,11 +43,6 @@ node dependencies:
|
||||
- install -v -T -m 0400 "${SSH_DEPLOY_KEY}" ~/.ssh/deploy && echo "IdentityFile ~/.ssh/deploy" >> ~/.ssh/config;
|
||||
- install -v -T -m 0644 "${FONTAWESOME_NPM_AUTH_FILE}" /etc/fontawesome-token
|
||||
- install -v -T -m 0644 "${NIX_NETRC}" /etc/nix/netrc
|
||||
- |
|
||||
if [ -n "${REGISTRY_AUTHFILE}" ]; then
|
||||
mkdir -p ~/.docker
|
||||
install -v -T -m 0400 "${REGISTRY_AUTHFILE}" ~/.docker/config.json
|
||||
fi
|
||||
artifacts:
|
||||
paths:
|
||||
- node-dependencies.nar.xz
|
||||
@ -215,49 +210,12 @@ check:
|
||||
retry: 2
|
||||
interruptible: true
|
||||
|
||||
# demo docker:
|
||||
# stage: docker
|
||||
# script:
|
||||
# - xzcat uniworx:exe:uniworx.nar.xz | nix-store --import
|
||||
# - xzcat uniworx:exe:uniworxdb.nar.xz | nix-store --import
|
||||
# - source .gitlab-ci/construct-flake-url.sh
|
||||
# - nix -L build -o result "${FLAKE}#uniworxDemoDocker"
|
||||
# - cp -pr --reflink=auto -L result uniworx-demo.tar.gz
|
||||
# before_script: *nix-before
|
||||
# needs:
|
||||
# - job: node dependencies # transitive
|
||||
# artifacts: false
|
||||
# - job: well known # transitive
|
||||
# artifacts: false
|
||||
# - job: frontend # tranitive
|
||||
# artifacts: false
|
||||
# - job: uniworx:lib:uniworx # transitive
|
||||
# artifacts: false
|
||||
# - job: uniworx:exe:uniworx
|
||||
# artifacts: true
|
||||
# - job: uniworx:exe:uniworxdb
|
||||
# artifacts: true
|
||||
# - job: check # sanity
|
||||
# artifacts: false
|
||||
# artifacts:
|
||||
# paths:
|
||||
# - uniworx-demo.tar.gz
|
||||
# name: "${CI_JOB_NAME}-${CI_COMMIT_SHORT_SHA}"
|
||||
# expire_in: "1 day"
|
||||
# retry: 2
|
||||
# interruptible: true
|
||||
# rules:
|
||||
# - if: $CI_COMMIT_REF_NAME =~ /^v[0-9].*/
|
||||
# when: manual
|
||||
# allow_failure: true
|
||||
|
||||
docker:
|
||||
stage: docker
|
||||
container:
|
||||
stage: container:build
|
||||
script:
|
||||
- xzcat uniworx:exe:uniworx.nar.xz | nix-store --import
|
||||
- source .gitlab-ci/construct-flake-url.sh
|
||||
- nix -L build -o result "${FLAKE}#uniworxDocker"
|
||||
- cp -pr --reflink=auto -L result uniworx.tar.gz
|
||||
- cp -pr --reflink=auto -L $(nix build --print-out-paths "${FLAKE}#uniworxDocker") uniworx.tar.gz
|
||||
before_script: *nix-before
|
||||
needs:
|
||||
- job: node dependencies # transitive
|
||||
@ -279,19 +237,15 @@ docker:
|
||||
expire_in: "1 day"
|
||||
retry: 2
|
||||
interruptible: true
|
||||
rules:
|
||||
- if: $CI_COMMIT_REF_NAME =~ /^v[0-9].*/
|
||||
when: manual
|
||||
allow_failure: true
|
||||
rules: &release-rules
|
||||
- if: $CI_COMMIT_TAG =~ /^v/
|
||||
|
||||
parse changelog:
|
||||
stage: prepare release
|
||||
needs:
|
||||
- job: node dependencies
|
||||
artifacts: true
|
||||
rules:
|
||||
- if: $CI_COMMIT_REF_NAME =~ /^v[0-9].*/
|
||||
when: on_success
|
||||
rules: *release-rules
|
||||
before_script: *nix-before
|
||||
script:
|
||||
- xzcat node-dependencies.nar.xz | nix-store --import
|
||||
@ -310,13 +264,14 @@ parse changelog:
|
||||
retry: 2
|
||||
interruptible: true
|
||||
|
||||
upload docker:
|
||||
stage: docker
|
||||
upload container:
|
||||
variables:
|
||||
GIT_STRATEGY: none
|
||||
stage: release
|
||||
image: quay.io/skopeo/stable:latest
|
||||
script:
|
||||
- xzcat uniworx:exe:uniworx.nar.xz | nix-store --import
|
||||
- source .gitlab-ci/construct-flake-url.sh
|
||||
- nix -L run "${FLAKE}#pushUniworxDocker"
|
||||
before_script: *nix-before
|
||||
- skopeo --insecure-policy copy --dest-creds "${CI_REGISTRY_USER}:${CI_JOB_TOKEN}" docker-archive://$(pwd)/uniworx.tar.gz docker://${CI_REGISTRY_IMAGE}:${VERSION}
|
||||
- skopeo --insecure-policy copy --src-creds "${CI_REGISTRY_USER}:${CI_JOB_TOKEN}" --dest-creds "${CI_REGISTRY_USER}:${CI_JOB_TOKEN}" docker://${CI_REGISTRY_IMAGE}:${VERSION} docker://${CI_REGISTRY_IMAGE}:latest
|
||||
needs:
|
||||
- job: node dependencies # transitive
|
||||
artifacts: false
|
||||
@ -326,51 +281,29 @@ upload docker:
|
||||
artifacts: false
|
||||
- job: uniworx:lib:uniworx # transitive
|
||||
artifacts: false
|
||||
- job: uniworx:exe:uniworx
|
||||
- job: uniworx:exe:uniworx # transitive
|
||||
artifacts: false
|
||||
- job: container
|
||||
artifacts: true
|
||||
- job: parse changelog
|
||||
artifacts: true
|
||||
- job: check # sanity
|
||||
artifacts: false
|
||||
rules:
|
||||
- if: $CI_COMMIT_REF_NAME =~ /^v[0-9].*/
|
||||
when: on_success
|
||||
|
||||
# upload demo docker:
|
||||
# stage: docker
|
||||
# script:
|
||||
# - xzcat uniworx:exe:uniworx.nar.xz | nix-store --import
|
||||
# - xzcat uniworx:exe:uniworxdb.nar.xz | nix-store --import
|
||||
# - source .gitlab-ci/construct-flake-url.sh
|
||||
# - nix -L run "${FLAKE}#pushUniworxDemoDocker"
|
||||
# before_script: *nix-before
|
||||
# needs:
|
||||
# - job: node dependencies # transitive
|
||||
# artifacts: false
|
||||
# - job: well known # transitive
|
||||
# artifacts: false
|
||||
# - job: frontend # tranitive
|
||||
# artifacts: false
|
||||
# - job: uniworx:lib:uniworx # transitive
|
||||
# artifacts: false
|
||||
# - job: uniworx:exe:uniworx
|
||||
# artifacts: true
|
||||
# - job: uniworx:exe:uniworxdb
|
||||
# artifacts: true
|
||||
# - job: check # sanity
|
||||
# artifacts: false
|
||||
# rules:
|
||||
# - if: $CI_COMMIT_REF_NAME =~ /^v[0-9].*/
|
||||
# when: on_success
|
||||
rules: *release-rules
|
||||
retry: 2
|
||||
|
||||
release:
|
||||
variables:
|
||||
GIT_STRATEGY: none
|
||||
stage: release
|
||||
image: registry.gitlab.com/gitlab-org/release-cli:latest
|
||||
rules:
|
||||
- if: $CI_COMMIT_REF_NAME =~ /^v[0-9].*/
|
||||
when: on_success
|
||||
rules: *release-rules
|
||||
script:
|
||||
- release-cli create --name "${VERSION}" --tag-name $CI_COMMIT_TAG --description .current-changelog.md
|
||||
- echo "Will create release ${VERSION}..."
|
||||
release:
|
||||
name: '$VERSION'
|
||||
tag_name: '$CI_COMMIT_TAG'
|
||||
description: .current-changelog.md
|
||||
needs:
|
||||
- job: check # sanity
|
||||
artifacts: false
|
||||
|
||||
10
flake.nix
10
flake.nix
@ -124,14 +124,6 @@
|
||||
|
||||
haskellFlake = pkgs.uniworx.flake {};
|
||||
|
||||
mkPushDocker = { imageName, dockerImage, defaultRegistry ? "docker://registry.uniworx.de/fradrive/fradrive" }: pkgs.writeScriptBin "push-${dockerImage.imageName}" ''
|
||||
#!${pkgs.zsh}/bin/zsh -xe
|
||||
|
||||
target=''${1:-${defaultRegistry}/${imageName}:${dockerImage.imageTag}}
|
||||
[[ -n "''${1}" ]] && shift
|
||||
${pkgs.skopeo}/bin/skopeo --tmpdir ''${TMPDIR:-/var/tmp} ''${@} --insecure-policy copy docker-archive://${dockerImage} ''${target}
|
||||
'';
|
||||
|
||||
inherit (pkgs.lib) recursiveUpdate;
|
||||
in {
|
||||
packages = haskellFlake.packages // {
|
||||
@ -139,8 +131,6 @@
|
||||
};
|
||||
|
||||
apps = haskellFlake.apps // {
|
||||
pushUniworxDemoDocker = flake-utils.lib.mkApp { drv = mkPushDocker { imageName = "uniworx-demo"; dockerImage = pkgs.uniworxDemoDocker; }; };
|
||||
pushUniworxDocker = flake-utils.lib.mkApp { drv = mkPushDocker { imageName = "uniworx"; dockerImage = pkgs.uniworxDocker; }; };
|
||||
calculateMaterializedSha = flake-utils.lib.mkApp { drv = pkgs.uniworx.stack-nix.passthru.calculateMaterializedSha; exePath = ""; };
|
||||
jqChangelogJson = flake-utils.lib.mkApp { drv = pkgs.jqChangelogJson; };
|
||||
};
|
||||
|
||||
Loading…
Reference in New Issue
Block a user