From 6b517528ee0fae25857d29bded532834eb485fcf Mon Sep 17 00:00:00 2001 From: zimbatm Date: Wed, 6 Feb 2019 11:56:31 +0100 Subject: [PATCH] prepare for multi-CI split things out so more can be shared between CIs --- .gitlab-ci.sh | 14 ++++++++++++++ .gitlab-ci.yml | 26 ++++++-------------------- .gitlab/docker-login | 13 ------------- .gitlab/push-master | 6 ------ build | 6 ++++-- docker-login | 22 ++++++++++++++++++++++ push-all | 11 +++++++---- 7 files changed, 53 insertions(+), 45 deletions(-) create mode 100755 .gitlab-ci.sh delete mode 100755 .gitlab/docker-login delete mode 100755 .gitlab/push-master create mode 100755 docker-login diff --git a/.gitlab-ci.sh b/.gitlab-ci.sh new file mode 100755 index 0000000..cd3101d --- /dev/null +++ b/.gitlab-ci.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env bash +# +# Gitlab CI specific build script. +# +set -euo pipefail + +./build + +if [[ "$CI_COMMIT_REF_NAME" = master ]]; then + ./docker-login "$CI_REGISTRY" "$CI_REGISTRY_USER" "$CI_REGISTRY_PASSWORD" + ./push-all "$CI_REGISTRY_IMAGE" "$IMAGE_TAG" +else + echo "=== not pushing on non-master ===" +fi diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e92d700..f112da4 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -2,31 +2,17 @@ image: nixos/nix:latest stages: - build - - publish - -before_script: - - nix-shell --run .gitlab/docker-login nixos-unstable: - extends: .build + stage: build + script: nix-shell --run ./.gitlab-ci.sh variables: - NIXPKGS_CHANNEL: nixos-unstable + NIX_PATH: nixpkgs=channel:nixos-unstable IMAGE_TAG: latest nixos-18.09: - extends: .build - variables: - NIXPKGS_CHANNEL: nixos-18.09 - IMAGE_TAG: nixos-18.09 - -# ---- templates --- - -.build: stage: build - script: - - nix-shell --run ./build - - nix-shell --run .gitlab/push-master + script: nix-shell --run ./.gitlab-ci.sh variables: - NIX_PATH: "nixpkgs=channel:${NIXPKGS_CHANNEL}" - REGISTRY_URL: "${CI_REGISTRY_IMAGE}" - + NIX_PATH: nixpkgs=channel:nixos-18.09 + IMAGE_TAG: nixos-18.09 diff --git a/.gitlab/docker-login b/.gitlab/docker-login deleted file mode 100755 index 9fe8249..0000000 --- a/.gitlab/docker-login +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh -eu - -mkdir ~/.docker - -cat < ~/.docker/config.json -{ - "auths": { - "$CI_REGISTRY": { - "auth": "$(printf "%s:%s" "$CI_REGISTRY_USER" "$CI_REGISTRY_PASSWORD" | base64)" - } - } -} -DOCKER_CONF diff --git a/.gitlab/push-master b/.gitlab/push-master deleted file mode 100755 index 4163d98..0000000 --- a/.gitlab/push-master +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh -eu -if [ "$CI_COMMIT_REF_NAME" = master ]; then - exec ./push-all -else - echo "=== not pushing on non-master ===" -fi diff --git a/build b/build index d466d81..a061aa0 100755 --- a/build +++ b/build @@ -1,6 +1,8 @@ -#!/bin/sh -eu +#!/usr/bin/env bash +set -euo pipefail # build *all* the docker images -nix-build release.nix \ +exec nix-build release.nix \ --no-out-link \ + --option sandbox true \ "$@" diff --git a/docker-login b/docker-login new file mode 100755 index 0000000..eec3eba --- /dev/null +++ b/docker-login @@ -0,0 +1,22 @@ +#!/usr/bin/env bash +# +# A simplified docker login approach that doesn't depends on the docker binary +# +# Usage: ./docker-login +set -euo pipefail + +registry=$1 +username=$2 +password=$3 + +mkdir ~/.docker + +cat < ~/.docker/config.json +{ + "auths": { + "$CI_REGISTRY": { + "auth": "$(printf "%s:%s" "$CI_REGISTRY_USER" "$CI_REGISTRY_PASSWORD" | base64)" + } + } +} +DOCKER_CONF diff --git a/push-all b/push-all index 11c1dda..20ed89d 100755 --- a/push-all +++ b/push-all @@ -1,12 +1,15 @@ -#!/bin/sh -eu +#!/usr/bin/env bash +# +# Usage: ./push-all +set -euo pipefail -: "${REGISTRY_URL:=nixpkgs}" -: "${IMAGE_TAG:=latest}" +registry_prefix=${1:-nixpkgs} +image_tag=${2:-latest} releases_json=$(nix-instantiate ./release.nix --strict --eval --json) for attr in $(echo "$releases_json" | jq -r "keys[]") ; do file=$(echo "$releases_json" | jq -r ".\"$attr\"") echo "--- $attr -> $file" - skopeo copy "docker-archive://$file" "docker://$REGISTRY_URL/$attr:$IMAGE_TAG" + skopeo copy "docker-archive://$file" "docker://$registry_prefix/$attr:$image_tag" done