fix: correct nomad job run flags and JSON format in deploy-nix-site

- Add -json flag to nomad job run (API JSON uses PascalCase, not HCL2) - Quote heredoc to prevent shell from mangling Nomad interpolations - Use Forgejo template expressions for S3 creds in fetch task env - Fix Volumes to map format (Nomad API JSON, not array) - Remove unused shell variable assignments Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-17 11:03:05 +01:00 · 2026-02-17 11:03:05 +01:00 · 22ad13e061
commit 22ad13e061
parent a8e0e936fc
1 changed files with 94 additions and 95 deletions
--- a/deploy-nix-site/action.yaml
+++ b/deploy-nix-site/action.yaml
@ -78,11 +78,7 @@ runs:
    - name: Deploy via Nomad
      shell: bash
      run: |
-        # Get S3 credentials for the fetch task
-        S3_ACCESS_KEY="${{ env.S3_ACCESS_KEY }}"
-        S3_SECRET_KEY="${{ env.S3_SECRET_KEY }}"
-
-        cat > /tmp/deploy-${{ inputs.site-name }}.nomad.json <<NOMAD_EOF
+        cat > /tmp/deploy-${{ inputs.site-name }}.nomad.json <<'NOMAD_EOF'
 {
  "Job": {
    "ID": "${{ inputs.site-name }}",
@ -90,7 +86,7 @@ runs:
    "Type": "service",
    "Datacenters": ["contabo"],
    "Constraints": [{
-              "LTarget": "\${node.unique.name}",
+      "LTarget": "${node.unique.name}",
      "RTarget": "alvin",
      "Operand": "="
    }],
@ -115,11 +111,13 @@ runs:
          "traefik.http.routers.${{ inputs.site-name }}.tls.certresolver=letsencrypt"
        ]
      }],
-              "Volumes": [{
-                "Name": "site-data",
+      "Volumes": {
+        "site-data": {
          "Type": "host",
-                "Source": "site-data"
-              }],
+          "Source": "site-data",
+          "ReadOnly": false
+        }
+      },
      "Tasks": [
        {
          "Name": "fetch",
@ -133,12 +131,13 @@ runs:
            "command": "/bin/sh",
            "args": [
              "-c",
-                      "nix copy --from 's3://nix-cache?endpoint=${{ inputs.s3-endpoint }}&scheme=https' '$STORE_PATH' && cp -r $STORE_PATH/* /alloc/data/"
+              "nix copy --from 's3://nix-cache?endpoint=${{ inputs.s3-endpoint }}&scheme=https' '${STORE_PATH}' && cp -r ${STORE_PATH}/* /alloc/data/"
            ]
          },
          "Env": {
-                    "AWS_ACCESS_KEY_ID": "$S3_ACCESS_KEY",
-                    "AWS_SECRET_ACCESS_KEY": "$S3_SECRET_KEY"
+            "AWS_ACCESS_KEY_ID": "${{ env.S3_ACCESS_KEY }}",
+            "AWS_SECRET_ACCESS_KEY": "${{ env.S3_SECRET_KEY }}",
+            "STORE_PATH": "${{ env.STORE_PATH }}"
          },
          "VolumeMounts": [{
            "Volume": "site-data",
@ -176,7 +175,7 @@ runs:
 }
 NOMAD_EOF

-        nomad job run /tmp/deploy-${{ inputs.site-name }}.nomad.json
+        nomad job run -json /tmp/deploy-${{ inputs.site-name }}.nomad.json

    - name: Deployment summary
      shell: bash