toph/ci-actions
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

fix: correct nomad job run flags and JSON format in deploy-nix-site

Browse source 
- Add -json flag to nomad job run (API JSON uses PascalCase, not HCL2)
- Quote heredoc to prevent shell from mangling Nomad interpolations
- Use Forgejo template expressions for S3 creds in fetch task env
- Fix Volumes to map format (Nomad API JSON, not array)
- Remove unused shell variable assignments

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
Christopher Mühl 2026-02-17 11:03:05 +01:00
parent a8e0e936fc
commit 22ad13e061
No known key found for this signature in database
GPG key ID: 925AC7D69955293F
1 changed files with 94 additions and 95 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

189
deploy-nix-site/action.yaml
View file

@ -78,105 +78,104 @@ runs:
- name: Deploy via Nomad - name: Deploy via Nomad
shell: bash shell: bash
run: | run: |
# Get S3 credentials for the fetch task cat > /tmp/deploy-${{ inputs.site-name }}.nomad.json <<'NOMAD_EOF'
S3_ACCESS_KEY="${{ env.S3_ACCESS_KEY }}" {
S3_SECRET_KEY="${{ env.S3_SECRET_KEY }}" "Job": {
"ID": "${{ inputs.site-name }}",
cat > /tmp/deploy-${{ inputs.site-name }}.nomad.json <<NOMAD_EOF "Name": "${{ inputs.site-name }}",
"Type": "service",
"Datacenters": ["contabo"],
"Constraints": [{
"LTarget": "${node.unique.name}",
"RTarget": "alvin",
"Operand": "="
}],
"TaskGroups": [{
"Name": "web",
"Count": 1,
"Networks": [{
"Mode": "bridge",
"DynamicPorts": [{
"Label": "http",
"To": 8080
}]
}],
"Services": [{
"Name": "${{ inputs.site-name }}",
"PortLabel": "http",
"Provider": "nomad",
"Tags": [
"traefik.enable=true",
"traefik.http.routers.${{ inputs.site-name }}.rule=${{ inputs.traefik-rule }}",
"traefik.http.routers.${{ inputs.site-name }}.entrypoints=websecure",
"traefik.http.routers.${{ inputs.site-name }}.tls.certresolver=letsencrypt"
]
}],
"Volumes": {
"site-data": {
"Type": "host",
"Source": "site-data",
"ReadOnly": false
}
},
"Tasks": [
{ {
"Job": { "Name": "fetch",
"ID": "${{ inputs.site-name }}", "Driver": "docker",
"Name": "${{ inputs.site-name }}", "Lifecycle": {
"Type": "service", "Hook": "prestart",
"Datacenters": ["contabo"], "Sidecar": false
"Constraints": [{ },
"LTarget": "\${node.unique.name}", "Config": {
"RTarget": "alvin", "image": "nixos/nix:latest",
"Operand": "=" "command": "/bin/sh",
}], "args": [
"TaskGroups": [{ "-c",
"Name": "web", "nix copy --from 's3://nix-cache?endpoint=${{ inputs.s3-endpoint }}&scheme=https' '${STORE_PATH}' && cp -r ${STORE_PATH}/* /alloc/data/"
"Count": 1, ]
"Networks": [{ },
"Mode": "bridge", "Env": {
"DynamicPorts": [{ "AWS_ACCESS_KEY_ID": "${{ env.S3_ACCESS_KEY }}",
"Label": "http", "AWS_SECRET_ACCESS_KEY": "${{ env.S3_SECRET_KEY }}",
"To": 8080 "STORE_PATH": "${{ env.STORE_PATH }}"
}] },
}], "VolumeMounts": [{
"Services": [{ "Volume": "site-data",
"Name": "${{ inputs.site-name }}", "Destination": "/alloc/data"
"PortLabel": "http", }],
"Provider": "nomad", "Resources": {
"Tags": [ "CPU": 200,
"traefik.enable=true", "MemoryMB": 256
"traefik.http.routers.${{ inputs.site-name }}.rule=${{ inputs.traefik-rule }}", }
"traefik.http.routers.${{ inputs.site-name }}.entrypoints=websecure", },
"traefik.http.routers.${{ inputs.site-name }}.tls.certresolver=letsencrypt" {
] "Name": "server",
}], "Driver": "docker",
"Volumes": [{ "Config": {
"Name": "site-data", "image": "joseluisq/static-web-server:2",
"Type": "host", "ports": ["http"]
"Source": "site-data" },
}], "Env": {
"Tasks": [ "SERVER_ROOT": "/var/www",
{ "SERVER_LOG_LEVEL": "info"
"Name": "fetch", },
"Driver": "docker", "VolumeMounts": [{
"Lifecycle": { "Volume": "site-data",
"Hook": "prestart", "Destination": "/var/www",
"Sidecar": false "ReadOnly": true
}, }],
"Config": { "Resources": {
"image": "nixos/nix:latest", "CPU": 100,
"command": "/bin/sh", "MemoryMB": 64
"args": [
"-c",
"nix copy --from 's3://nix-cache?endpoint=${{ inputs.s3-endpoint }}&scheme=https' '$STORE_PATH' && cp -r $STORE_PATH/* /alloc/data/"
]
},
"Env": {
"AWS_ACCESS_KEY_ID": "$S3_ACCESS_KEY",
"AWS_SECRET_ACCESS_KEY": "$S3_SECRET_KEY"
},
"VolumeMounts": [{
"Volume": "site-data",
"Destination": "/alloc/data"
}],
"Resources": {
"CPU": 200,
"MemoryMB": 256
}
},
{
"Name": "server",
"Driver": "docker",
"Config": {
"image": "joseluisq/static-web-server:2",
"ports": ["http"]
},
"Env": {
"SERVER_ROOT": "/var/www",
"SERVER_LOG_LEVEL": "info"
},
"VolumeMounts": [{
"Volume": "site-data",
"Destination": "/var/www",
"ReadOnly": true
}],
"Resources": {
"CPU": 100,
"MemoryMB": 64
}
}
]
}]
} }
} }
NOMAD_EOF ]
}]
}
}
NOMAD_EOF
nomad job run /tmp/deploy-${{ inputs.site-name }}.nomad.json nomad job run -json /tmp/deploy-${{ inputs.site-name }}.nomad.json
- name: Deployment summary - name: Deployment summary
shell: bash shell: bash