diff --git a/.forgejo/workflows/build-image.yml b/.forgejo/workflows/build-image.yml deleted file mode 100644 index df3ad8c..0000000 --- a/.forgejo/workflows/build-image.yml +++ /dev/null @@ -1,193 +0,0 @@ -name: "Build & Upload NixOS Proxmox Image" - -on: - push: - tags: - - "v*" # triggers on v1.0.0, v1.2.3, etc. - workflow_dispatch: - -jobs: - build: - name: Build NixOS Base Image - # Ensure 'nixos-latest' runner has Docker, SSH client, and basic Nix tools installed. - # It seems it already does. - runs-on: nixos-latest - env: - NIXOS_BUILER_HOST: nixos-builder.lab - NIXOS_BUILER_USER: runner - PROXMOX_HOST: 192.168.1.205 - PROXMOX_USER: plasmagoat - - # VM Template IDs for your Ansible playbook - # These are now passed to the playbook via --extra-vars, not directly as env vars for qm. - # They are defined in group_vars/all.yml, but can be overridden from here if needed. - # TEMPLATE_VMID: 9001 # Removed from direct env for explicit passing to Ansible - # LATEST_TEMPLATE_VMID: 9000 # Removed from direct env for explicit passing to Ansible - outputs: - image-name: ${{ steps.build_image.outputs.image_name_from_build }} - flake-metadata: ${{ steps.meta.outputs.metadata }} - image-url: ${{ steps.image-artifact.outputs.artifact-url }} - steps: - # Use nix-env for setup (as you prefer and it works well for ephemeral environments) - - name: Install dependencies via nix-env - run: | - nix-env -iA nixpkgs.nodejs - nix-env -iA nixpkgs.ansible - nix-env -iA nixpkgs.jq - nix-env -iA nixpkgs.gnused - nix-env -iA nixpkgs.coreutils - nix-env -iA nixpkgs.openssh - nix-env -iA cachix -f https://cachix.org/api/v1/install - cachix use plasmagoat - cachix authtoken ${{ secrets.CACHIX_AUTH_TOKEN }} - - - name: Checkout repo - uses: actions/checkout@v4 - - - name: Enable experimental features - run: | - mkdir -p ~/.config/nix - echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf - - - name: Prepare SSH keys and known_hosts for builder and Proxmox - run: | - mkdir -p ~/.ssh - # Ensure this key corresponds to PROXMOX_USER - echo "${{ secrets.RUNNER_SSH_KEY }}" > ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa - # Add builder and Proxmox host keys to known_hosts - ssh-keyscan -H "$NIXOS_BUILER_HOST" >> ~/.ssh/known_hosts - ssh-keyscan -H "$PROXMOX_HOST" >> ~/.ssh/known_hosts - chmod 600 ~/.ssh/known_hosts - - - name: Test SSH connection to NixOS Builder - run: | - echo "Testing SSH connection to $NIXOS_BUILER_HOST..." - ssh -o StrictHostKeyChecking=yes "$NIXOS_BUILER_USER"@"$NIXOS_BUILER_HOST" "echo 'SSH success. Hostname:' && hostname" - - - name: Test SSH connection to Proxmox Host - run: | - echo "Testing SSH connection to $PROXMOX_HOST..." - ssh -o StrictHostKeyChecking=yes "$PROXMOX_USER"@"$PROXMOX_HOST" "echo 'SSH success. Hostname:' && hostname" - - - name: Build NixOS image - id: build_image - run: | - nix build .#base \ - --builders "ssh://$NIXOS_BUILER_USER@$NIXOS_BUILER_HOST x86_64-linux ~/.ssh/id_rsa 1 1 kvm" \ - --max-jobs 0 \ - --print-out-paths \ - | cachix push plasmagoat - - # Capture the actual image path from the result symlink for Ansible - IMAGE_PATH=$(find result/ -name "*.vma.zst" | head -n 1) - IMAGE_NAME=$(basename "$IMAGE_PATH") - if [ -z "$IMAGE_PATH" ]; then - echo "Error: No .vma.zst image found after build." - exit 1 - fi - echo "image_path_from_build=${IMAGE_PATH}" >> "$GITHUB_OUTPUT" - echo "image_name_from_build=${IMAGE_NAME}" >> "$GITHUB_OUTPUT" - - - name: Run Proxmox Image Deployment - run: | - chmod +x ./scripts/run_ansible_ci.sh - # Execute the script, passing necessary environment variables - bash scripts/run_ansible_ci.sh - env: - # These are passed directly to the `run_ansible_ci.sh` script, - # which then uses them to construct Ansible's --extra-vars. - # Match these variable names with what `run_ansible_ci.sh` expects. - # Note: The `image_path_from_build` comes from the previous step's output. - PROXMOX_LOCAL_IMAGE_PATH_FROM_BUILD: ${{ steps.build_image.outputs.image_path_from_build }} - - # Provide VMIDs and names, overriding group_vars if desired. - # These will be passed as `--extra-vars` to Ansible. - ANSIBLE_EXTRA_VARS: >- - backup_template_vmid={{ env.TEMPLATE_VMID | default('9001') }} - latest_template_vmid={{ env.LATEST_TEMPLATE_VMID | default('9000') }} - proxmox_host={{ env.PROXMOX_HOST }} - proxmox_user={{ env.PROXMOX_USER }} - remote_image_path_ci={{ steps.build_image.outputs.image_path_from_build }} - - - name: Extract flake metadata - id: meta - run: | - nix flake metadata --json > metadata.json - META=$(jq -r ' - .locks.nodes - | to_entries[] - | select(.key != "root") - | "* \(.key): \(.value.locked.url // ("github:\(.value.locked.owner)/\(.value.locked.repo)")) @ \(.value.locked.rev)" - ' <<< "$(nix flake metadata --json)") - - echo "metadata<> "$GITHUB_OUTPUT" - echo "$META" >> "$GITHUB_OUTPUT" - echo "EOF" >> "$GITHUB_OUTPUT" - - - name: Upload Release Artifact - id: release-artifact - uses: forgejo/upload-artifact@v4 - if: ${{ steps.build_image.outputs.image_path_from_build }} - with: - name: release-artifact - path: metadata.json - - - name: Upload Image Artifact - id: image-artifact - uses: forgejo/upload-artifact@v4 - if: ${{ steps.build_image.outputs.image_path_from_build }} - with: - name: image-artifact - path: ${{ steps.build_image.outputs.image_path_from_build }} - - release: - name: Release Image - needs: build - runs-on: ubuntu-latest - if: success() - steps: - - name: Download Release Artifact - id: release-artifact - uses: forgejo/download-artifact@v4 - with: - name: release-artifact - - - name: Set version - id: version - run: | - if [[ "${{ github.ref_type }}" == "tag" ]]; then - TAG_NAME="${{ github.ref_name }}" - else - TAG_NAME="dev-$(date +%Y%m%d)-${GITHUB_SHA::7}" - fi - echo "Ref Type: ${{ github.ref_type }}" - echo "Ref Name: ${{ github.ref_name }}" - echo "Version: $TAG_NAME" - echo "tag_name=$TAG_NAME" >> "$GITHUB_OUTPUT" - - - name: Create Forgejo Release - uses: https://code.forgejo.org/sheik/forgejo-release@v2.6.0 - with: - title: "NixOS Base Image ${{ steps.version.outputs.tag_name }}" - prerelease: ${{ github.ref_type != 'tag' }} - tag: ${{ steps.version.outputs.tag_name }} - direction: upload - release-notes: | - ✅ **Base NixOS image uploaded** - - **🧱 Image File:** - `/var/lib/vz/dump/${{ needs.build.outputs.image-name }}` - - **🔗 Build Results:** - [View Build Logs](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_number }}) - [Download Image](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_number }}/artifacts/image-artifact) - [Download Image (action generated url)](${{ needs.build.outputs.image-url }}) - - **🔐 Flake Revision:** - `${{ github.sha }}` - - **📦 Flake Inputs:** - ${{ needs.build.outputs.flake-metadata }} - - release-dir: "${{ steps.release-artifact.outputs.download-path }}" diff --git a/.forgejo/workflows/full-single.yml b/.forgejo/workflows/full-single.yml deleted file mode 100644 index e6fd8a8..0000000 --- a/.forgejo/workflows/full-single.yml +++ /dev/null @@ -1,174 +0,0 @@ -name: "Build & Upload NixOS Proxmox Image" - -on: - push: - tags: - - "v*" # triggers on v1.0.0, v1.2.3, etc. - workflow_dispatch: - -jobs: - build: - name: Build NixOS Base Image - # Ensure 'nixos-latest' runner has Docker, SSH client, and basic Nix tools installed. - # It seems it already does. - runs-on: nixos-latest - env: - NIXOS_BUILER_HOST: nixos-builder.lab - NIXOS_BUILER_USER: runner - PROXMOX_HOST: 192.168.1.205 - PROXMOX_USER: plasmagoat - - # VM Template IDs for your Ansible playbook - # These are now passed to the playbook via --extra-vars, not directly as env vars for qm. - # They are defined in group_vars/all.yml, but can be overridden from here if needed. - # TEMPLATE_VMID: 9001 # Removed from direct env for explicit passing to Ansible - # LATEST_TEMPLATE_VMID: 9000 # Removed from direct env for explicit passing to Ansible - - steps: - # Use nix-env for setup (as you prefer and it works well for ephemeral environments) - - name: Install dependencies via nix-env - run: | - nix-env -iA nixpkgs.nodejs - nix-env -iA nixpkgs.ansible - nix-env -iA nixpkgs.jq - nix-env -iA nixpkgs.curl - nix-env -iA nixpkgs.openssh - nix-env -iA cachix -f https://cachix.org/api/v1/install - cachix use plasmagoat - cachix authtoken ${{ secrets.CACHIX_AUTH_TOKEN }} - - - name: Checkout repo - uses: actions/checkout@v4 - - - name: Enable experimental features - run: | - mkdir -p ~/.config/nix - echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf - - - name: Prepare SSH keys and known_hosts for builder and Proxmox - run: | - mkdir -p ~/.ssh - # Ensure this key corresponds to PROXMOX_USER - echo "${{ secrets.RUNNER_SSH_KEY }}" > ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa - # Add builder and Proxmox host keys to known_hosts - ssh-keyscan -H "$NIXOS_BUILER_HOST" >> ~/.ssh/known_hosts - ssh-keyscan -H "$PROXMOX_HOST" >> ~/.ssh/known_hosts - chmod 600 ~/.ssh/known_hosts - - - name: Test SSH connection to NixOS Builder - run: | - echo "Testing SSH connection to $NIXOS_BUILER_HOST..." - ssh -o StrictHostKeyChecking=yes "$NIXOS_BUILER_USER"@"$NIXOS_BUILER_HOST" "echo 'SSH success. Hostname:' && hostname" - - - name: Test SSH connection to Proxmox Host - run: | - echo "Testing SSH connection to $PROXMOX_HOST..." - ssh -o StrictHostKeyChecking=yes "$PROXMOX_USER"@"$PROXMOX_HOST" "echo 'SSH success. Hostname:' && hostname" - - - name: Build NixOS image - id: build_image - run: | - nix build .#base \ - --builders "ssh://$NIXOS_BUILER_USER@$NIXOS_BUILER_HOST x86_64-linux ~/.ssh/id_rsa 1 1 kvm" \ - --max-jobs 0 \ - --print-out-paths \ - | cachix push plasmagoat - - # Capture the actual image path from the result symlink for Ansible - IMAGE_PATH=$(find result/ -name "*.vma.zst" | head -n 1) - if [ -z "$IMAGE_PATH" ]; then - echo "Error: No .vma.zst image found after build." - exit 1 - fi - echo "image_path_from_build=${IMAGE_PATH}" >> "$GITHUB_OUTPUT" - - # - name: Run Proxmox Image Deployment - # run: | - # chmod +x ./scripts/run_ansible_ci.sh - # # Execute the script, passing necessary environment variables - # bash scripts/run_ansible_ci.sh - # env: - # # These are passed directly to the `run_ansible_ci.sh` script, - # # which then uses them to construct Ansible's --extra-vars. - # # Match these variable names with what `run_ansible_ci.sh` expects. - # # Note: The `image_path_from_build` comes from the previous step's output. - # PROXMOX_LOCAL_IMAGE_PATH_FROM_BUILD: ${{ steps.build_image.outputs.image_path_from_build }} - - # # Provide VMIDs and names, overriding group_vars if desired. - # # These will be passed as `--extra-vars` to Ansible. - # ANSIBLE_EXTRA_VARS: >- - # backup_template_vmid={{ env.TEMPLATE_VMID | default('9001') }} - # latest_template_vmid={{ env.LATEST_TEMPLATE_VMID | default('9000') }} - # proxmox_host={{ env.PROXMOX_HOST }} - # proxmox_user={{ env.PROXMOX_USER }} - # remote_image_path_ci={{ steps.build_image.outputs.image_path_from_build }} - - # - name: Upload Artifact - # uses: actions/upload-artifact@v3 - # if: ${{ steps.build_image.outputs.image_path_from_build }} - # with: - # name: nixos-base-image - # path: result - - # release: - # name: Release Image - # needs: build - # runs-on: ubuntu-latest - # if: success() - # steps: - # - name: Download Artifact - # id: artifact - # uses: actions/download-artifact@v3 - # with: - # name: nixos-base-image - - - name: Set VERSION from tag or fallback - id: version - run: | - if [[ "${{ github.ref_type }}" == "tag" ]]; then - TAG_NAME="${{ github.ref_name }}" - else - TAG_NAME="dev-$(date +%Y%m%d)-${GITHUB_SHA::7}" - fi - echo "tag_name=$TAG_NAME" >> "$GITHUB_OUTPUT" - - - name: Parse image filename - id: image - run: | - IMAGE=$(basename ${{ steps.artifact.outputs.download-path }}/*.vma.zst) - echo "Image filename: $IMAGE" - echo "filename=$IMAGE" >> "$GITHUB_OUTPUT" - - # - name: Extract flake metadata - # id: meta - # run: | - # META=$(nix flake metadata --json | jq -r '.locks.nodes.root.inputs | to_entries[] | "* \(.key): \(.value.locked.url) @ \(.value.locked.rev)"') - # echo "metadata<> $GITHUB_OUTPUT - # echo "$META" >> $GITHUB_OUTPUT - # echo "EOF" >> $GITHUB_OUTPUT - - - name: Debug Environment - run: | - echo "PATH: $PATH" - which bash - which curl - which git - which jq - ls -l /var/run/act/actions/ - # ls -l /var/run/act/actions/https---code.forgejo.org-sheik-forgejo-release@v2.6.0/forgejo-release.sh - echo "--- Running forgejo-release.sh with bash -x for more verbose output ---" - # /bin/bash -x /var/run/act/actions/https---code.forgejo.org-sheik-forgejo-release@v2.6.0/forgejo-release.sh || true - # The '|| true' allows the workflow to continue even if this fails - shell: bash - - - name: Create Forgejo Release - uses: https://git.procopius.dk/plasmagoat/forgejo-release@d62f1bf34a1cce3b4f871223747654ba63227cca - with: - title: "NixOS Base Image ${{ steps.version.outputs.tag }}" - prerelease: ${{ github.ref_type != 'tag' }} - tag: ${{ steps.version.outputs.tag_name }} - direction: upload - release-notes: | - test - release-dir: "result/nix-support" diff --git a/.forgejo/workflows/single-flow.yml b/.forgejo/workflows/single-flow.yml deleted file mode 100644 index f234248..0000000 --- a/.forgejo/workflows/single-flow.yml +++ /dev/null @@ -1,81 +0,0 @@ -name: "Build & Upload NixOS Proxmox Image" - -on: - push: - tags: - - "v*" # triggers on v1.0.0, v1.2.3, etc. - workflow_dispatch: - -jobs: - build: - name: Build NixOS Base Image - # Ensure 'nixos-latest' runner has Docker, SSH client, and basic Nix tools installed. - # It seems it already does. - runs-on: nixos-latest - env: - NIXOS_BUILER_HOST: nixos-builder.lab - NIXOS_BUILER_USER: runner - PROXMOX_HOST: 192.168.1.205 - PROXMOX_USER: plasmagoat - - # VM Template IDs for your Ansible playbook - # These are now passed to the playbook via --extra-vars, not directly as env vars for qm. - # They are defined in group_vars/all.yml, but can be overridden from here if needed. - # TEMPLATE_VMID: 9001 # Removed from direct env for explicit passing to Ansible - # LATEST_TEMPLATE_VMID: 9000 # Removed from direct env for explicit passing to Ansible - - steps: - # Use nix-env for setup (as you prefer and it works well for ephemeral environments) - - name: Install dependencies via nix-env - run: | - nix-env -iA nixpkgs.nodejs - nix-env -iA nixpkgs.ansible - nix-env -iA nixpkgs.jq - nix-env -iA nixpkgs.curl - nix-env -iA nixpkgs.openssh - nix-env -iA cachix -f https://cachix.org/api/v1/install - cachix use plasmagoat - cachix authtoken ${{ secrets.CACHIX_AUTH_TOKEN }} - - - name: Checkout repo - uses: actions/checkout@v4 - - - name: Enable experimental features - run: | - mkdir -p ~/.config/nix - echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf - - - name: Debug Environment - run: | - echo "PATH: $PATH" - which bash - which curl - which git - which jq - ls -l /var/run/act/actions/ - # ls -l /var/run/act/actions/https---code.forgejo.org-sheik-forgejo-release@v2.6.0/forgejo-release.sh - echo "--- Running forgejo-release.sh with bash -x for more verbose output ---" - # /bin/bash -x /var/run/act/actions/https---code.forgejo.org-sheik-forgejo-release@v2.6.0/forgejo-release.sh || true - # The '|| true' allows the workflow to continue even if this fails - shell: bash - - - name: Create Forgejo Release - uses: actions/forgejo-release@v2 - with: - title: "NixOS Base Image ${{ steps.version.outputs.tag }}" - prerelease: ${{ github.ref_type != 'tag' }} - tag: ${{ steps.version.outputs.tag_name }} - direction: upload - release-notes: | - ✅ **Base NixOS image uploaded** - - **🧱 Image File:** - `/var/lib/vz/dump/${{ steps.image.outputs.filename }}` - - **🔗 Build Logs:** - [View Actions Run](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) - - **🔐 Flake Revision:** - `${{ github.sha }}` - - release-dir: "result/nix-support"