From ac5b817a853eadaaf4dce07502e5bdb60b2786c1 Mon Sep 17 00:00:00 2001 From: plasmagoat Date: Mon, 9 Jun 2025 13:05:52 +0200 Subject: [PATCH] single flow --- .forgejo/workflows/single-flow.yml | 149 +++++++++++++++++++++++++++++ 1 file changed, 149 insertions(+) create mode 100644 .forgejo/workflows/single-flow.yml diff --git a/.forgejo/workflows/single-flow.yml b/.forgejo/workflows/single-flow.yml new file mode 100644 index 0000000..c4cf510 --- /dev/null +++ b/.forgejo/workflows/single-flow.yml @@ -0,0 +1,149 @@ +name: "Build & Upload NixOS Proxmox Image" + +on: + push: + tags: + - "v*" # triggers on v1.0.0, v1.2.3, etc. + workflow_dispatch: + +jobs: + build: + name: Build NixOS Base Image + # Ensure 'nixos-latest' runner has Docker, SSH client, and basic Nix tools installed. + # It seems it already does. + runs-on: nixos-latest + env: + NIXOS_BUILER_HOST: nixos-builder.lab + NIXOS_BUILER_USER: runner + PROXMOX_HOST: 192.168.1.205 + PROXMOX_USER: plasmagoat + + # VM Template IDs for your Ansible playbook + # These are now passed to the playbook via --extra-vars, not directly as env vars for qm. + # They are defined in group_vars/all.yml, but can be overridden from here if needed. + # TEMPLATE_VMID: 9001 # Removed from direct env for explicit passing to Ansible + # LATEST_TEMPLATE_VMID: 9000 # Removed from direct env for explicit passing to Ansible + + steps: + # Use nix-env for setup (as you prefer and it works well for ephemeral environments) + - name: Install dependencies via nix-env + run: | + nix-env -iA nixpkgs.nodejs + nix-env -iA nixpkgs.ansible + nix-env -iA nixpkgs.jq + nix-env -iA nixpkgs.openssh + nix-env -iA cachix -f https://cachix.org/api/v1/install + cachix use plasmagoat + cachix authtoken ${{ secrets.CACHIX_AUTH_TOKEN }} + + - name: Checkout repo + uses: actions/checkout@v4 + + - name: Enable experimental features + run: | + mkdir -p ~/.config/nix + echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf + + - name: Prepare SSH keys and known_hosts for builder and Proxmox + run: | + mkdir -p ~/.ssh + # Ensure this key corresponds to PROXMOX_USER + echo "${{ secrets.RUNNER_SSH_KEY }}" > ~/.ssh/id_rsa + chmod 600 ~/.ssh/id_rsa + # Add builder and Proxmox host keys to known_hosts + ssh-keyscan -H "$NIXOS_BUILER_HOST" >> ~/.ssh/known_hosts + ssh-keyscan -H "$PROXMOX_HOST" >> ~/.ssh/known_hosts + chmod 600 ~/.ssh/known_hosts + + - name: Test SSH connection to NixOS Builder + run: | + echo "Testing SSH connection to $NIXOS_BUILER_HOST..." + ssh -o StrictHostKeyChecking=yes "$NIXOS_BUILER_USER"@"$NIXOS_BUILER_HOST" "echo 'SSH success. Hostname:' && hostname" + + - name: Test SSH connection to Proxmox Host + run: | + echo "Testing SSH connection to $PROXMOX_HOST..." + ssh -o StrictHostKeyChecking=yes "$PROXMOX_USER"@"$PROXMOX_HOST" "echo 'SSH success. Hostname:' && hostname" + + - name: Build NixOS image + id: build_image + run: | + nix build .#base \ + --builders "ssh://$NIXOS_BUILER_USER@$NIXOS_BUILER_HOST x86_64-linux ~/.ssh/id_rsa 1 1 kvm" \ + --max-jobs 0 \ + --print-out-paths \ + | cachix push plasmagoat + + # Capture the actual image path from the result symlink for Ansible + IMAGE_PATH=$(find result/ -name "*.vma.zst" | head -n 1) + if [ -z "$IMAGE_PATH" ]; then + echo "Error: No .vma.zst image found after build." + exit 1 + fi + echo "image_path_from_build=${IMAGE_PATH}" >> "$GITHUB_OUTPUT" + + - name: Run Proxmox Image Deployment + run: | + chmod +x ./scripts/run_ansible_ci.sh + # Execute the script, passing necessary environment variables + bash scripts/run_ansible_ci.sh + env: + # These are passed directly to the `run_ansible_ci.sh` script, + # which then uses them to construct Ansible's --extra-vars. + # Match these variable names with what `run_ansible_ci.sh` expects. + # Note: The `image_path_from_build` comes from the previous step's output. + PROXMOX_LOCAL_IMAGE_PATH_FROM_BUILD: ${{ steps.build_image.outputs.image_path_from_build }} + + # Provide VMIDs and names, overriding group_vars if desired. + # These will be passed as `--extra-vars` to Ansible. + ANSIBLE_EXTRA_VARS: >- + backup_template_vmid={{ env.TEMPLATE_VMID | default('9001') }} + latest_template_vmid={{ env.LATEST_TEMPLATE_VMID | default('9000') }} + proxmox_host={{ env.PROXMOX_HOST }} + proxmox_user={{ env.PROXMOX_USER }} + remote_image_path_ci={{ steps.build_image.outputs.image_path_from_build }} + + - name: Set VERSION from tag or fallback + id: version + run: | + if [[ "${{ github.ref_type }}" == "tag" ]]; then + echo "tag_name=${{ github.ref_name }}" >> "$GITHUB_OUTPUT" + else + echo "tag_name=dev-$(date +%Y%m%d)" >> "$GITHUB_OUTPUT" + echo "tag_name=$TAG_NAME" >> "$GITHUB_OUTPUT" + + # - name: Parse image filename + # id: image + # run: | + # IMAGE=$(basename ${{ steps.artifact.outputs.download-path }}/*.vma.zst) + # echo "Image filename: $IMAGE" + # echo "filename=$IMAGE" >> "$GITHUB_OUTPUT" + + # - name: Extract flake metadata + # id: meta + # run: | + # META=$(nix flake metadata --json | jq -r '.locks.nodes.root.inputs | to_entries[] | "* \(.key): \(.value.locked.url) @ \(.value.locked.rev)"') + # echo "metadata<> $GITHUB_OUTPUT + # echo "$META" >> $GITHUB_OUTPUT + # echo "EOF" >> $GITHUB_OUTPUT + + - name: Create Forgejo Release + uses: https://code.forgejo.org/sheik/forgejo-release@v2.6.0 + with: + title: "NixOS Base Image ${{ steps.version.outputs.tag }}" + prerelease: ${{ github.ref_type != 'tag' }} + tag: ${{ steps.version.outputs.tag_name }} + direction: upload + release-notes: | + ✅ **Base NixOS image uploaded** + + **🧱 Image File:** + `/var/lib/vz/dump/${{ steps.image.outputs.filename }}` + + **🔗 Build Logs:** + [View Actions Run](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) + + **🔐 Flake Revision:** + `${{ github.sha }}` + + release-dir: "result/nix-support"