Compare commits
2 Commits
publish/gr
...
55f18b1439
| Author | SHA1 | Date | |
|---|---|---|---|
| 55f18b1439 | |||
| 91fe154ad1 |
@@ -10,8 +10,6 @@ jobs:
|
|||||||
runs-on: self-hosted
|
runs-on: self-hosted
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
with:
|
|
||||||
fetch-depth: 0 # need full history for `git diff base...HEAD`
|
|
||||||
|
|
||||||
# 1. Identify which recipes the PR touches.
|
# 1. Identify which recipes the PR touches.
|
||||||
- name: detect changed packages
|
- name: detect changed packages
|
||||||
@@ -19,10 +17,6 @@ jobs:
|
|||||||
run: |
|
run: |
|
||||||
set -e
|
set -e
|
||||||
base="${{ github.event.pull_request.base.sha }}"
|
base="${{ github.event.pull_request.base.sha }}"
|
||||||
# act's actions/checkout@v4 doesn't reliably pull the base SHA
|
|
||||||
# into the local history even with fetch-depth: 0. Fetch it
|
|
||||||
# explicitly so the three-dot diff resolves.
|
|
||||||
git fetch --depth=1 origin "$base" || git fetch --depth=1 origin
|
|
||||||
changed=$(git diff --name-only "$base"...HEAD -- 'recipes/' \
|
changed=$(git diff --name-only "$base"...HEAD -- 'recipes/' \
|
||||||
| awk -F/ '{print $2}' | sort -u)
|
| awk -F/ '{print $2}' | sort -u)
|
||||||
if [[ -z "$changed" ]]; then
|
if [[ -z "$changed" ]]; then
|
||||||
@@ -68,7 +62,9 @@ jobs:
|
|||||||
done
|
done
|
||||||
done
|
done
|
||||||
|
|
||||||
# 4. Build smoke — every changed package must build.
|
# 4. Build smoke — every changed package must build. Cache push
|
||||||
|
# is intentionally absent for now (no shared binary cache);
|
||||||
|
# add a step here once cache infra is decided.
|
||||||
- name: build smoke
|
- name: build smoke
|
||||||
if: steps.changed.outputs.packages != ''
|
if: steps.changed.outputs.packages != ''
|
||||||
run: |
|
run: |
|
||||||
@@ -77,18 +73,6 @@ jobs:
|
|||||||
.#${pkg} --no-link --print-out-paths
|
.#${pkg} --no-link --print-out-paths
|
||||||
done
|
done
|
||||||
|
|
||||||
# 4b. Push the validated outputs to the binary cache. The runner's
|
|
||||||
# config.yaml bind-mounts /srv/cargoxx-cache and the signing
|
|
||||||
# key into every job container.
|
|
||||||
- name: push to binary cache
|
|
||||||
if: steps.changed.outputs.packages != ''
|
|
||||||
run: |
|
|
||||||
for pkg in ${{ steps.changed.outputs.packages }}; do
|
|
||||||
nix copy --extra-experimental-features 'nix-command flakes' \
|
|
||||||
--to "file:///srv/cargoxx-cache/store?secret-key=/srv/cargoxx-cache/keys/cache.sec" \
|
|
||||||
.#${pkg}
|
|
||||||
done
|
|
||||||
|
|
||||||
# 5. Maintainer check — PR must come from someone listed in
|
# 5. Maintainer check — PR must come from someone listed in
|
||||||
# recipes/<pkg>/maintainers.txt (auto-pass for new packages,
|
# recipes/<pkg>/maintainers.txt (auto-pass for new packages,
|
||||||
# since the PR introduces the file in the same commit).
|
# since the PR introduces the file in the same commit).
|
||||||
|
|||||||
1
.gitignore
vendored
1
.gitignore
vendored
@@ -1,2 +1,3 @@
|
|||||||
/result
|
/result
|
||||||
/result-*
|
/result-*
|
||||||
|
flake.lock
|
||||||
|
|||||||
333
flake.lock
generated
333
flake.lock
generated
@@ -1,333 +0,0 @@
|
|||||||
{
|
|
||||||
"nodes": {
|
|
||||||
"bundlers": {
|
|
||||||
"inputs": {
|
|
||||||
"nix-appimage": "nix-appimage",
|
|
||||||
"nix-bundle": "nix-bundle",
|
|
||||||
"nix-utils": "nix-utils",
|
|
||||||
"nixpkgs": [
|
|
||||||
"cargoxx",
|
|
||||||
"nixpkgs"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1777842037,
|
|
||||||
"narHash": "sha256-E6kwkFsKnU5k/QAX1aNOPfh69G6Im8/EwdRcZR4J0QE=",
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "bundlers",
|
|
||||||
"rev": "7bb70086c2dad3eecae4805f4d758c80e3cba960",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "bundlers",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"cargoxx": {
|
|
||||||
"inputs": {
|
|
||||||
"bundlers": "bundlers",
|
|
||||||
"flake-utils": "flake-utils_3",
|
|
||||||
"nixpkgs": "nixpkgs_2"
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1779130481,
|
|
||||||
"narHash": "sha256-RLeNukl/4X828SipqJib9sNJhSvcSy8Cck4TVZDgIkY=",
|
|
||||||
"ref": "refs/heads/master",
|
|
||||||
"rev": "f9932a3ad9ecdcdf5ea2906f1d8698b02b8b3e30",
|
|
||||||
"revCount": 65,
|
|
||||||
"type": "git",
|
|
||||||
"url": "https://git.amadey.xyz/mozart/cargoxx"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"type": "git",
|
|
||||||
"url": "https://git.amadey.xyz/mozart/cargoxx"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"flake-compat": {
|
|
||||||
"flake": false,
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1733328505,
|
|
||||||
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
|
|
||||||
"owner": "edolstra",
|
|
||||||
"repo": "flake-compat",
|
|
||||||
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "edolstra",
|
|
||||||
"repo": "flake-compat",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"flake-utils": {
|
|
||||||
"inputs": {
|
|
||||||
"systems": "systems"
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1731533236,
|
|
||||||
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"flake-utils_2": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1623875721,
|
|
||||||
"narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=",
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"rev": "f7e004a55b120c02ecb6219596820fcd32ca8772",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"flake-utils_3": {
|
|
||||||
"inputs": {
|
|
||||||
"systems": "systems_3"
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1731533236,
|
|
||||||
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"flake-utils_4": {
|
|
||||||
"inputs": {
|
|
||||||
"systems": "systems_4"
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1731533236,
|
|
||||||
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nix-appimage": {
|
|
||||||
"inputs": {
|
|
||||||
"flake-compat": "flake-compat",
|
|
||||||
"flake-utils": "flake-utils",
|
|
||||||
"nixpkgs": [
|
|
||||||
"cargoxx",
|
|
||||||
"bundlers",
|
|
||||||
"nixpkgs"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1757920913,
|
|
||||||
"narHash": "sha256-jd0QwCVz4O1sHHkeaZILD/7D6oyalceEJ4EFnWCgm0k=",
|
|
||||||
"owner": "ralismark",
|
|
||||||
"repo": "nix-appimage",
|
|
||||||
"rev": "7946addbc0d97e358a6d7aefe5e82310f0fe6b18",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "ralismark",
|
|
||||||
"repo": "nix-appimage",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nix-bundle": {
|
|
||||||
"inputs": {
|
|
||||||
"nixpkgs": [
|
|
||||||
"cargoxx",
|
|
||||||
"bundlers",
|
|
||||||
"nixpkgs"
|
|
||||||
],
|
|
||||||
"utils": "utils"
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1756736056,
|
|
||||||
"narHash": "sha256-8YFhvulVX3iS4TYnKisA9zSImJeFN21G75HOUUFjzuE=",
|
|
||||||
"owner": "nix-community",
|
|
||||||
"repo": "nix-bundle",
|
|
||||||
"rev": "eff01593f62794d458ec714090091419194ab64d",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nix-community",
|
|
||||||
"repo": "nix-bundle",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nix-utils": {
|
|
||||||
"inputs": {
|
|
||||||
"flake-utils": "flake-utils_2",
|
|
||||||
"nixpkgs": "nixpkgs"
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1744222205,
|
|
||||||
"narHash": "sha256-di1eNHQdpvvyXv6i7Z+S79KF7cQyhTs7AdFHp7q1e3Q=",
|
|
||||||
"owner": "juliosueiras-nix",
|
|
||||||
"repo": "nix-utils",
|
|
||||||
"rev": "53282197ad090c8cf47c96e99bf6c6c3b2cdc7c0",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "juliosueiras-nix",
|
|
||||||
"repo": "nix-utils",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixpkgs": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1629252929,
|
|
||||||
"narHash": "sha256-Aj20gmGBs8TG7pyaQqgbsqAQ6cB+TVuL18Pk3DPBxcQ=",
|
|
||||||
"owner": "nixos",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "3788c68def67ca7949e0864c27638d484389363d",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nixos",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixpkgs_2": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1777954456,
|
|
||||||
"narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=",
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "NixOS",
|
|
||||||
"ref": "nixos-unstable",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixpkgs_3": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1778869304,
|
|
||||||
"narHash": "sha256-30sZNZoA1cqF5JNO9fVX+wgiQYjB7HJqqJ4ztCDeBZE=",
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "d233902339c02a9c334e7e593de68855ad26c4cb",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "NixOS",
|
|
||||||
"ref": "nixos-unstable",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"root": {
|
|
||||||
"inputs": {
|
|
||||||
"cargoxx": "cargoxx",
|
|
||||||
"flake-utils": "flake-utils_4",
|
|
||||||
"nixpkgs": "nixpkgs_3"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"systems": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1681028828,
|
|
||||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
|
||||||
"owner": "nix-systems",
|
|
||||||
"repo": "default",
|
|
||||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nix-systems",
|
|
||||||
"repo": "default",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"systems_2": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1681028828,
|
|
||||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
|
||||||
"owner": "nix-systems",
|
|
||||||
"repo": "default",
|
|
||||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nix-systems",
|
|
||||||
"repo": "default",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"systems_3": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1681028828,
|
|
||||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
|
||||||
"owner": "nix-systems",
|
|
||||||
"repo": "default",
|
|
||||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nix-systems",
|
|
||||||
"repo": "default",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"systems_4": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1681028828,
|
|
||||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
|
||||||
"owner": "nix-systems",
|
|
||||||
"repo": "default",
|
|
||||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nix-systems",
|
|
||||||
"repo": "default",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"utils": {
|
|
||||||
"inputs": {
|
|
||||||
"systems": "systems_2"
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1731533236,
|
|
||||||
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"root": "root",
|
|
||||||
"version": 7
|
|
||||||
}
|
|
||||||
11
flake.nix
11
flake.nix
@@ -5,10 +5,13 @@
|
|||||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||||
flake-utils.url = "github:numtide/flake-utils";
|
flake-utils.url = "github:numtide/flake-utils";
|
||||||
|
|
||||||
# Gitea-hosted cargoxx. flake.lock pins the exact rev — bump it
|
# During local development we point at the sibling cargoxx checkout
|
||||||
# explicitly via `nix flake update cargoxx` when the registry should
|
# via an absolute `git+file://` URL. Once the registry lives on Gitea
|
||||||
# adopt a newer cargoxx codegen.
|
# this becomes a Gitea URL pinned to a specific cargoxx revision —
|
||||||
cargoxx.url = "git+https://git.amadey.xyz/mozart/cargoxx";
|
# that pin, alongside `lock.cargoxx_rev` in each recipe, is what
|
||||||
|
# makes registry derivations deterministic across consumers (see
|
||||||
|
# docs/library-reuse-and-publish.md in the cargoxx repo).
|
||||||
|
cargoxx.url = "git+file:///home/mozart/cargoxx";
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = { self, nixpkgs, flake-utils, cargoxx }:
|
outputs = { self, nixpkgs, flake-utils, cargoxx }:
|
||||||
|
|||||||
@@ -1,17 +0,0 @@
|
|||||||
schema = 1
|
|
||||||
name = "greeter"
|
|
||||||
version = "0.1.1"
|
|
||||||
|
|
||||||
[source]
|
|
||||||
type = "git"
|
|
||||||
url = "https://git.amadey.xyz/mozart/greeter"
|
|
||||||
commit = "d79a99468a158e2b37739404073dcfaab8c12308"
|
|
||||||
sha256 = "sha256-1IV9HrdYoQOFcI3bP280/CYsdmuYvuMFK9hvjdanNto="
|
|
||||||
|
|
||||||
[lock]
|
|
||||||
nixpkgs_rev = "d233902339c02a9c334e7e593de68855ad26c4cb"
|
|
||||||
flake_utils_rev = "11707dc2f618dd54ca8739b309ec4fc024de578b"
|
|
||||||
|
|
||||||
[meta]
|
|
||||||
description = "minimal cargoxx demo library — greets you"
|
|
||||||
license = "MIT"
|
|
||||||
6
runner/.gitignore
vendored
6
runner/.gitignore
vendored
@@ -1,8 +1,4 @@
|
|||||||
.env
|
.env
|
||||||
data/
|
data/
|
||||||
|
flake.lock
|
||||||
result
|
result
|
||||||
|
|
||||||
# Binary cache state + signing keys. The cache.sec must never be
|
|
||||||
# committed; the public key is regenerated per deployment too
|
|
||||||
# (`nix-store --generate-binary-cache-key`).
|
|
||||||
cache/
|
|
||||||
|
|||||||
@@ -46,39 +46,7 @@ Self-hosted Gitea Actions runner that validates package PRs.
|
|||||||
GITEA_RUNNER_LABELS=self-hosted
|
GITEA_RUNNER_LABELS=self-hosted
|
||||||
```
|
```
|
||||||
|
|
||||||
4. **Generate the binary-cache signing key** + cache directory. The
|
4. **Start the runner**:
|
||||||
workflow's "push to binary cache" step writes here; nginx (or
|
|
||||||
anything you point at it) serves it back over HTTPS to consumers.
|
|
||||||
|
|
||||||
```sh
|
|
||||||
mkdir -p cache/store
|
|
||||||
nix-store --generate-binary-cache-key \
|
|
||||||
cache.cargoxx.<your-domain> \
|
|
||||||
cache/cache.sec cache/cache.pub
|
|
||||||
chmod 600 cache/cache.sec
|
|
||||||
```
|
|
||||||
|
|
||||||
The `cache/` directory is gitignored. Both keys live alongside
|
|
||||||
`compose.yml`; the named volume binds use `${PWD}/cache/...`.
|
|
||||||
|
|
||||||
5. **(optional) Front the store with nginx** so substituters can read it:
|
|
||||||
|
|
||||||
```nginx
|
|
||||||
# /etc/nginx/sites-available/cargoxx-cache
|
|
||||||
server {
|
|
||||||
listen 443 ssl;
|
|
||||||
server_name cache.cargoxx.<your-domain>;
|
|
||||||
root /path/to/cargoxx-pkgs/runner/cache/store;
|
|
||||||
autoindex off;
|
|
||||||
location / { try_files $uri =404; }
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
Consumers later need `substituters = https://cache.cargoxx.<your-domain>`
|
|
||||||
and `trusted-public-keys = <contents of cache.pub>` in their nix
|
|
||||||
config (bake this into the cargoxx wrapper once ready).
|
|
||||||
|
|
||||||
6. **Start the runner**:
|
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
docker compose up -d
|
docker compose up -d
|
||||||
|
|||||||
@@ -18,29 +18,3 @@ services:
|
|||||||
- ./config.yaml:/config.yaml:ro
|
- ./config.yaml:/config.yaml:ro
|
||||||
- ./data:/data
|
- ./data:/data
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
# Binary cache — `validate-pr.yml`'s push step writes `$out` NAR
|
|
||||||
# archives here. Named volumes (defined below) make the same
|
|
||||||
# storage reachable from both this runner container AND every
|
|
||||||
# job container act_runner spawns. nginx (on the host) serves
|
|
||||||
# ./cache/store over HTTPS for consumers' substituter config.
|
|
||||||
- cargoxx-cache-store:/srv/cargoxx-cache/store
|
|
||||||
- cargoxx-cache-keys:/srv/cargoxx-cache/keys:ro
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
cargoxx-cache-store:
|
|
||||||
# Explicit name disables compose's project-prefix so spawned job
|
|
||||||
# containers (which don't know about compose) can reference the
|
|
||||||
# same volume by the same name.
|
|
||||||
name: cargoxx-cache-store
|
|
||||||
driver: local
|
|
||||||
driver_opts:
|
|
||||||
type: none
|
|
||||||
o: bind
|
|
||||||
device: "${PWD}/cache/store"
|
|
||||||
cargoxx-cache-keys:
|
|
||||||
name: cargoxx-cache-keys
|
|
||||||
driver: local
|
|
||||||
driver_opts:
|
|
||||||
type: none
|
|
||||||
o: bind
|
|
||||||
device: "${PWD}/cache/keys"
|
|
||||||
|
|||||||
@@ -18,19 +18,9 @@ cache:
|
|||||||
container:
|
container:
|
||||||
network: bridge
|
network: bridge
|
||||||
privileged: false
|
privileged: false
|
||||||
# Bind the binary cache into every job container by referencing the
|
options: ""
|
||||||
# named volumes defined in compose.yml — those, in turn, are bound
|
|
||||||
# to ./cache/{store,cache.sec} via `${PWD}` so the path is
|
|
||||||
# deployment-relative, not absolute.
|
|
||||||
options: "-v cargoxx-cache-store:/srv/cargoxx-cache/store
|
|
||||||
-v cargoxx-cache-keys:/srv/cargoxx-cache/keys:ro"
|
|
||||||
workdir_parent: /workspace
|
workdir_parent: /workspace
|
||||||
# Whitelist regex of bind specs act_runner forwards to spawned job
|
valid_volumes: []
|
||||||
# containers. The regex matches the full `source:target[:opts]`
|
|
||||||
# string, so a permissive prefix is enough.
|
|
||||||
valid_volumes:
|
|
||||||
- "cargoxx-cache-store"
|
|
||||||
- "cargoxx-cache-keys"
|
|
||||||
docker_host: "unix:///var/run/docker.sock"
|
docker_host: "unix:///var/run/docker.sock"
|
||||||
force_pull: false
|
force_pull: false
|
||||||
|
|
||||||
|
|||||||
61
runner/flake.lock
generated
61
runner/flake.lock
generated
@@ -1,61 +0,0 @@
|
|||||||
{
|
|
||||||
"nodes": {
|
|
||||||
"flake-utils": {
|
|
||||||
"inputs": {
|
|
||||||
"systems": "systems"
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1731533236,
|
|
||||||
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixpkgs": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1778869304,
|
|
||||||
"narHash": "sha256-30sZNZoA1cqF5JNO9fVX+wgiQYjB7HJqqJ4ztCDeBZE=",
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "d233902339c02a9c334e7e593de68855ad26c4cb",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "NixOS",
|
|
||||||
"ref": "nixos-unstable",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"root": {
|
|
||||||
"inputs": {
|
|
||||||
"flake-utils": "flake-utils",
|
|
||||||
"nixpkgs": "nixpkgs"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"systems": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1681028828,
|
|
||||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
|
||||||
"owner": "nix-systems",
|
|
||||||
"repo": "default",
|
|
||||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nix-systems",
|
|
||||||
"repo": "default",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"root": "root",
|
|
||||||
"version": 7
|
|
||||||
}
|
|
||||||
@@ -42,7 +42,6 @@
|
|||||||
curl
|
curl
|
||||||
jq
|
jq
|
||||||
tea
|
tea
|
||||||
nodejs_20 # JS-based actions/checkout@v4 etc. need `node` on PATH
|
|
||||||
|
|
||||||
cacert
|
cacert
|
||||||
iana-etc
|
iana-etc
|
||||||
@@ -51,7 +50,7 @@
|
|||||||
# Skeleton filesystem layout: /tmp, /etc/passwd for nix,
|
# Skeleton filesystem layout: /tmp, /etc/passwd for nix,
|
||||||
# writable nix store, cacert pointer.
|
# writable nix store, cacert pointer.
|
||||||
extraCommands = ''
|
extraCommands = ''
|
||||||
mkdir -p tmp etc/nix nix/var/{nix,log/nix} root
|
mkdir -p tmp etc nix/var/{nix,log/nix} root
|
||||||
chmod 1777 tmp
|
chmod 1777 tmp
|
||||||
|
|
||||||
cat > etc/passwd <<'EOF'
|
cat > etc/passwd <<'EOF'
|
||||||
|
|||||||
Reference in New Issue
Block a user