NexVeridian/nexveridian-web
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

feat: forgejo
Some checks failed
docker / build (push) Failing after 1m42s
Details

Browse source
This commit is contained in:
Elijah McMorris 2025-08-27 19:32:29 -07:00
parent b3573bb36a
commit 73aa883d18
Signed by: NexVeridian
SSH key fingerprint: SHA256:bsA1SKZxuEcEVHAy3gY1HUeM5ykRJl0U0kQHQn0hMg8
6 changed files with 827 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

265
content/blog/attic-compose.md
View file

@ -4,7 +4,7 @@ date = 2025-05-06
# description = "Deploying Attic Nix Binary Cache With Docker Compose."
[taxonomies]
tags = ["nix", "docker", "CI", "cache", "github-actions"]
tags = ["nix", "docker", "CI", "actions", "cache", "github-actions"]
+++
## Server Install
@ -22,34 +22,38 @@ services:
- 8080:8080
networks:
attic:
db:
pgattic:
volumes:
- ./server.toml:/attic/server.toml
- attic-data:/attic/storage
env_file:
- prod.env
depends_on:
db:
condition: service_healthy
pgattic:
condition: service_healthy
healthcheck:
test:
[
"CMD-SHELL",
"wget --no-verbose --tries=1 --spider http://attic:8080 || exit 1",
]
interval: 30s
timeout: 10s
retries: 5
start_period: 60s
test:
[
"CMD-SHELL",
"wget --no-verbose --tries=1 --spider http://attic:8080 || exit 1",
]
interval: 15s
timeout: 10s
retries: 10
start_period: 15s
deploy:
resources:
reservations:
cpus: 1.0
db:
container_name: db
image: postgres:17.2-alpine
pgattic:
container_name: pgattic
image: postgres:17.6-alpine
restart: unless-stopped
ports:
- 5432:5432
networks:
db:
pgattic:
volumes:
- postgres-data:/var/lib/postgresql/data
env_file:
@ -66,7 +70,7 @@ volumes:
networks:
attic:
db:
pgattic:
```
### Example `server.toml`
@ -74,7 +78,7 @@ networks:
listen = "[::]:8080"
[database]
url = "postgres://attic:attic@db:5432/attic_prod"
url = "postgres://attic:attic@pgattic:5432/attic_prod"
[storage]
type = "local"
@ -117,8 +121,12 @@ attic:
- "traefik.http.routers.attic.rule=Host(`nix.example.com`)"
- "traefik.http.routers.attic.entrypoints=websecure"
- "traefik.http.routers.attic.tls.certresolver=myhttpchallenge"
- "traefik.http.routers.attic-http.rule=Host(`nix.example.com`)"
- "traefik.http.routers.attic-http.entrypoints=web"
- "traefik.http.routers.attic-http.service=attic"
- "traefik.http.services.attic.loadbalancer.server.port=8080"
- "traefik.http.routers.attic-http.middlewares=redirect-to-https"
- "traefik.docker.network=<network name>"
```
@ -165,6 +173,22 @@ attic push <cache name> /nix/store/*/
## Github Actions Install
Add the token named from `just create_token`, named ATTIC_TOKEN, to your repository secrets `https://github.com/<username>/<repo>/settings/secrets/actions`
```yaml
name: nix
on:
pull_request:
branches: [main]
push:
schedule:
- cron: 0 0 * * 1
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref && github.ref || github.run_id }}
cancel-in-progress: true
env:
CARGO_TERM_COLOR: always
steps:
- uses: actions/checkout@v3
- uses: nixbuild/nix-quick-install-action@v32
@ -183,6 +207,7 @@ steps:
- run: nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client login <pick a name for server> https://nix.example.com ${{ secrets.ATTIC_TOKEN }} || true
- run: nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client cache create <cache name> || true
- run: nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client cache configure <cache name> -- --priority 30 || true
- run: nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client use <cache name> || true
# For cacheing the attic package in github actions storage
@ -200,13 +225,203 @@ steps:
purge-primary-key: never
# `nix-fast-build` is faster then `nix flake check` in my testing
# - run: nix flake check --all-systems
# - name: check
# run: |
# nix flake check --all-systems
# `--attic-cache` will fail if the cache is down
# - run: nix run -I nixpkgs=channel:nixos-unstable nixpkgs#nix-fast-build -- --attic-cache <cache name> --no-nom --skip-cached
- run: nix run -I nixpkgs=channel:nixos-unstable nixpkgs#nix-fast-build -- --no-nom --skip-cached
- name: check
run: |
nix run -I nixpkgs=channel:nixos-unstable nixpkgs#nix-fast-build -- --no-nom --skip-cached
- run: |
for i in {1..10}; do
nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client push <cache name> /nix/store/*/ && break || [ $i -eq 5 ] || sleep 5
# Paths will be invalid if tests fail, need to push all other paths
- name: Push to attic
if: always()
run: |
valid_paths=""
for path in /nix/store/*/; do
if nix path-info "$path" >/dev/null 2>&1; then
valid_paths="$valid_paths $path"
fi
done
if [ -n "$valid_paths" ]; then
for i in {1..10}; do
nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client push <cache name> $valid_paths && break || [ $i -eq 5 ] || sleep 5
done
fi
```
## Github Action Install, with matrix for each derivation
```yaml
name: crane
on:
pull_request:
branches: [main]
push:
branches: [main]
schedule:
- cron: 0 0 * * 1
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref && github.ref || github.run_id }}
cancel-in-progress: true
env:
CARGO_TERM_COLOR: always
jobs:
check-dependencies:
name: check-dependencies
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
actions: write
strategy:
matrix:
system: [x86_64-linux]
check-type: [my-server, my-crate-fmt, my-crate-toml-fmt]
steps:
- uses: actions/checkout@v5
- uses: nixbuild/nix-quick-install-action@v32
with:
nix_conf: |
keep-env-derivations = true
keep-outputs = true
- run: nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client login nex https://nix.example.com ${{ secrets.ATTIC_TOKEN }} || true
- run: nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client cache create <cache name> || true
- run: nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client cache configure <cache name> -- --priority 30 || true
- run: nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client use <cache name> || true
- run: nix build -I nixpkgs=channel:nixos-unstable nixpkgs#nix-fast-build
- name: check
run: |
nix run -I nixpkgs=channel:nixos-unstable nixpkgs#nix-fast-build -- --flake ".#checks.$(nix eval --raw --impure --expr builtins.currentSystem).${{ matrix.check-type }}" --no-nom --skip-cached
- name: Push to attic
if: always()
run: |
for i in {1..10}; do
nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client push <cache name> /nix/store/*/ && break || [ $i -eq 5 ] || sleep 5
done
check-matrix:
name: check-matrix
needs: check-dependencies
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
actions: write
strategy:
fail-fast: false
matrix:
system: [x86_64-linux]
check-type: [my-crate-clippy, my-crate-nextest]
steps:
- uses: actions/checkout@v5
- uses: nixbuild/nix-quick-install-action@v32
with:
nix_conf: |
keep-env-derivations = true
keep-outputs = true
- run: nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client login nex https://nix.example.com ${{ secrets.ATTIC_TOKEN }} || true
- run: nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client cache create <cache name> || true
- run: nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client cache configure <cache name> -- --priority 30 || true
- run: nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client use <cache name> || true
- name: check
run: |
nix run -I nixpkgs=channel:nixos-unstable nixpkgs#nix-fast-build -- --flake ".#checks.$(nix eval --raw --impure --expr builtins.currentSystem).${{ matrix.check-type }}" --no-nom --skip-cached
- name: Push to attic
if: always()
run: |
valid_paths=""
for path in /nix/store/*/; do
if nix path-info "$path" >/dev/null 2>&1; then
valid_paths="$valid_paths $path"
fi
done
if [ -n "$valid_paths" ]; then
for i in {1..10}; do
nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client push <cache name> $valid_paths && break || [ $i -eq 5 ] || sleep 5
done
fi
```
## Forgejo Actions Install
See [Available runner images](../forgejo-github-to-forgejo-actions) for the `runs-on` image
```yaml
name: nix
on:
pull_request:
branches: [main]
push:
schedule:
- cron: 0 0 * * 1
env:
CARGO_TERM_COLOR: always
NIX_CONFIG: "experimental-features = nix-command flakes"
jobs:
check-dependencies:
name: check-dependencies
runs-on: nix
permissions:
contents: read
id-token: write
actions: write
steps:
# Add secrets.ATTIC_TOKEN here https://forgejo.example.com/user/settings/actions/secrets
- run: nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client login nex https://nix.example.com ${{ secrets.ATTIC_TOKEN }} || true
- run: nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client cache create <cache name> || true
- run: nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client cache configure <cache name> -- --priority 30 || true
- run: nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client use <cache name> || true
- name: Install Node.js
run: |
mkdir -p ~/.local/bin
nix build -I nixpkgs=channel:nixos-unstable nixpkgs#nodejs_24 -o ~/.local/nodejs
ln -sf ~/.local/nodejs/bin/node ~/.local/bin/node
ln -sf ~/.local/nodejs/bin/npm ~/.local/bin/npm
echo "$HOME/.local/bin" >> $GITHUB_PATH
- uses: actions/checkout@v5
- run: nix build -I nixpkgs=channel:nixos-unstable nixpkgs#nix-fast-build
- name: check
run: |
nix run -I nixpkgs=channel:nixos-unstable nixpkgs#nix-fast-build -- --no-nom --skip-cached
- name: Push to attic
if: always()
run: |
valid_paths=""
for path in /nix/store/*/; do
if nix path-info "$path" >/dev/null 2>&1; then
valid_paths="$valid_paths $path"
fi
done
if [ -n "$valid_paths" ]; then
for i in {1..10}; do
nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client push <cache name> $valid_paths && break || [ $i -eq 5 ] || sleep 5
done
fi
```