aboutsummaryrefslogtreecommitdiff
path: root/.build.yml (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Output all generated files on ./generated/, refactor .envrc variablesEuAndreh2019-06-101-1/+1
|
* Remove CI dbg codeEuAndreh2019-06-091-2/+0
|
* ci dbgEuAndreh2019-06-091-0/+2
|
* cd into ./vps/ before running CI commandsEuAndreh2019-06-051-3/+6
|
* Revert "Use =nix build= instead of =nix-build="EuAndreh2019-06-051-1/+1
| | | | | | | This reverts commit c835e5ed00690d5dc05f4073ad2f7d52e56fe502. The =nix build= command isn't CI friendly: it prints many empty lines instead of the build progress.
* Use =nix build= instead of =nix-build=EuAndreh2019-06-041-1/+1
|
* Rotate SSH key and use correct VPS_COMMIT_SHA on provisioningEuAndreh2019-05-281-1/+1
|
* Rotate SSH key secretEuAndreh2019-05-281-1/+1
|
* Configure git for vps-state repo in ./scripts/ci/setup.shEuAndreh2019-05-281-1/+1
|
* Use SSH to fetch vps-state so we can push to it laterEuAndreh2019-05-281-1/+1
|
* Fix script references in .build.ymlEuAndreh2019-05-281-6/+3
|
* Fix call to ./provision.sh in .build.ymlEuAndreh2019-05-261-1/+1
|
* Run CI scripts from ./vps/ folderEuAndreh2019-05-261-2/+5
|
* Use nix-shell shebang to run CI scriptsEuAndreh2019-05-261-6/+3
|
* Use nix-shell --pure to run scriptsEuAndreh2019-05-261-2/+3
| | | | Instead of adding them to the =packages= section of .build.yml.
* Prepare builds.sr.ht CI environment before running build tasksEuAndreh2019-05-261-5/+2
| | | | Make content of .envrc available to subsequent build jobs.
* Unlock with git-crypt in setup phaseEuAndreh2019-05-261-1/+3
|
* Revert back from Debian to NixOSEuAndreh2019-05-261-5/+3
|
* Perform single-user installation of NixEuAndreh2019-05-261-3/+1
|
* Change ownership to build instead of root of /nixEuAndreh2019-05-261-1/+2
|
* Create Nix store with sudo before installing NixEuAndreh2019-05-261-1/+2
|
* Create Nix store with sudoEuAndreh2019-05-261-1/+1
|
* Change GPG secret referenceEuAndreh2019-05-261-1/+1
|
* Run shellcheck on Bash files stored in git-cryptEuAndreh2019-05-261-0/+2
|
* Change GPG secret referenceEuAndreh2019-05-261-2/+1
|
* Test using Debian to correctly import GPG secretEuAndreh2019-05-261-4/+6
| | | | | Right now the NixOS image tries to import the GPG before installing GPG. Adding it as a package doesn't solve it.
* Add gnupg to allow pipeline to import GPG keysEuAndreh2019-05-261-0/+2
|
* Automate provisioning and deployment of VPSEuAndreh2019-05-261-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | In order to perform that I had to remove Terraform's =.tfstate= files from the repository. Terraform does support "backends" for storing the state files, but I settled for storing it on a separate repo (vps-state). For now it solves the state management problem: - it has history of states; - all state files are GPG encrypted; - there's no coordination however, but only the CI should perform a deploy in order to avoid race conditions. I had to add GPG and SSH keys to sr.ht to achieve that: - SSH public key to my profile to authorize it to push to vps-state repo; - SSH private key to the secret builds.sr.ht environment to enable push to the repository from the pipeline; - GPG public key to git-crypt to make it possible for the pipeline to unlock the encrypted content; - GPG private key to the secret builds.sr.ht environment to enable decrypting git-crypt content from the pipeline. In order to avoid divergent environment from local and CI, the ./provision.sh script is ran through nix-shell.
* Add lint checks and a pipeline to check using NixEuAndreh2019-05-251-0/+13
generated by cgit v1.2.3 (git 2.50.1) at 2025-12-13 13:49:55 +0000