toph/ci-actions
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

fix: correct nomad job run flags and JSON format in deploy-nix-site

Browse source 
- Add -json flag to nomad job run (API JSON uses PascalCase, not HCL2)
- Quote heredoc to prevent shell from mangling Nomad interpolations
- Use Forgejo template expressions for S3 creds in fetch task env
- Fix Volumes to map format (Nomad API JSON, not array)
- Remove unused shell variable assignments

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
Christopher Mühl 2026-02-17 11:03:05 +01:00
parent a8e0e936fc
commit 22ad13e061
No known key found for this signature in database
GPG key ID: 925AC7D69955293F
1 changed files with 94 additions and 95 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
deploy-nix-site/action.yaml
View file

@ -78,19 +78,15 @@ runs:
- name: Deploy via Nomad - name: Deploy via Nomad
shell: bash shell: bash
run: | run: |
# Get S3 credentials for the fetch task cat > /tmp/deploy-${{ inputs.site-name }}.nomad.json <<'NOMAD_EOF'
S3_ACCESS_KEY="${{ env.S3_ACCESS_KEY }}" {
S3_SECRET_KEY="${{ env.S3_SECRET_KEY }}"
cat > /tmp/deploy-${{ inputs.site-name }}.nomad.json <<NOMAD_EOF
{
"Job": { "Job": {
"ID": "${{ inputs.site-name }}", "ID": "${{ inputs.site-name }}",
"Name": "${{ inputs.site-name }}", "Name": "${{ inputs.site-name }}",
"Type": "service", "Type": "service",
"Datacenters": ["contabo"], "Datacenters": ["contabo"],
"Constraints": [{ "Constraints": [{
"LTarget": "\${node.unique.name}", "LTarget": "${node.unique.name}",
"RTarget": "alvin", "RTarget": "alvin",
"Operand": "=" "Operand": "="
}], }],
@ -115,11 +111,13 @@ runs:
"traefik.http.routers.${{ inputs.site-name }}.tls.certresolver=letsencrypt" "traefik.http.routers.${{ inputs.site-name }}.tls.certresolver=letsencrypt"
] ]
}], }],
"Volumes": [{ "Volumes": {
"Name": "site-data", "site-data": {
"Type": "host", "Type": "host",
"Source": "site-data" "Source": "site-data",
}], "ReadOnly": false
}
},
"Tasks": [ "Tasks": [
{ {
"Name": "fetch", "Name": "fetch",
@ -133,12 +131,13 @@ runs:
"command": "/bin/sh", "command": "/bin/sh",
"args": [ "args": [
"-c", "-c",
"nix copy --from 's3://nix-cache?endpoint=${{ inputs.s3-endpoint }}&scheme=https' '$STORE_PATH' && cp -r $STORE_PATH/* /alloc/data/" "nix copy --from 's3://nix-cache?endpoint=${{ inputs.s3-endpoint }}&scheme=https' '${STORE_PATH}' && cp -r ${STORE_PATH}/* /alloc/data/"
] ]
}, },
"Env": { "Env": {
"AWS_ACCESS_KEY_ID": "$S3_ACCESS_KEY", "AWS_ACCESS_KEY_ID": "${{ env.S3_ACCESS_KEY }}",
"AWS_SECRET_ACCESS_KEY": "$S3_SECRET_KEY" "AWS_SECRET_ACCESS_KEY": "${{ env.S3_SECRET_KEY }}",
"STORE_PATH": "${{ env.STORE_PATH }}"
}, },
"VolumeMounts": [{ "VolumeMounts": [{
"Volume": "site-data", "Volume": "site-data",
@ -173,10 +172,10 @@ runs:
] ]
}] }]
} }
} }
NOMAD_EOF NOMAD_EOF
nomad job run /tmp/deploy-${{ inputs.site-name }}.nomad.json nomad job run -json /tmp/deploy-${{ inputs.site-name }}.nomad.json
- name: Deployment summary - name: Deployment summary
shell: bash shell: bash