toph/ci-actions
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

fix: correct nomad job run flags and JSON format in deploy-nix-site

Browse source 
- Add -json flag to nomad job run (API JSON uses PascalCase, not HCL2)
- Quote heredoc to prevent shell from mangling Nomad interpolations
- Use Forgejo template expressions for S3 creds in fetch task env
- Fix Volumes to map format (Nomad API JSON, not array)
- Remove unused shell variable assignments

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
Christopher Mühl 2026-02-17 11:03:05 +01:00
parent a8e0e936fc
commit 22ad13e061
No known key found for this signature in database
GPG key ID: 925AC7D69955293F
1 changed files with 94 additions and 95 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

189
deploy-nix-site/action.yaml
View file

@ -78,105 +78,104 @@ runs:
- name: Deploy via Nomad
shell: bash
run: |
# Get S3 credentials for the fetch task
S3_ACCESS_KEY="${{ env.S3_ACCESS_KEY }}"
S3_SECRET_KEY="${{ env.S3_SECRET_KEY }}"
cat > /tmp/deploy-${{ inputs.site-name }}.nomad.json <<NOMAD_EOF
cat > /tmp/deploy-${{ inputs.site-name }}.nomad.json <<'NOMAD_EOF'
{
"Job": {
"ID": "${{ inputs.site-name }}",
"Name": "${{ inputs.site-name }}",
"Type": "service",
"Datacenters": ["contabo"],
"Constraints": [{
"LTarget": "${node.unique.name}",
"RTarget": "alvin",
"Operand": "="
}],
"TaskGroups": [{
"Name": "web",
"Count": 1,
"Networks": [{
"Mode": "bridge",
"DynamicPorts": [{
"Label": "http",
"To": 8080
}]
}],
"Services": [{
"Name": "${{ inputs.site-name }}",
"PortLabel": "http",
"Provider": "nomad",
"Tags": [
"traefik.enable=true",
"traefik.http.routers.${{ inputs.site-name }}.rule=${{ inputs.traefik-rule }}",
"traefik.http.routers.${{ inputs.site-name }}.entrypoints=websecure",
"traefik.http.routers.${{ inputs.site-name }}.tls.certresolver=letsencrypt"
]
}],
"Volumes": {
"site-data": {
"Type": "host",
"Source": "site-data",
"ReadOnly": false
}
},
"Tasks": [
{
"Job": {
"ID": "${{ inputs.site-name }}",
"Name": "${{ inputs.site-name }}",
"Type": "service",
"Datacenters": ["contabo"],
"Constraints": [{
"LTarget": "\${node.unique.name}",
"RTarget": "alvin",
"Operand": "="
}],
"TaskGroups": [{
"Name": "web",
"Count": 1,
"Networks": [{
"Mode": "bridge",
"DynamicPorts": [{
"Label": "http",
"To": 8080
}]
}],
"Services": [{
"Name": "${{ inputs.site-name }}",
"PortLabel": "http",
"Provider": "nomad",
"Tags": [
"traefik.enable=true",
"traefik.http.routers.${{ inputs.site-name }}.rule=${{ inputs.traefik-rule }}",
"traefik.http.routers.${{ inputs.site-name }}.entrypoints=websecure",
"traefik.http.routers.${{ inputs.site-name }}.tls.certresolver=letsencrypt"
]
}],
"Volumes": [{
"Name": "site-data",
"Type": "host",
"Source": "site-data"
}],
"Tasks": [
{
"Name": "fetch",
"Driver": "docker",
"Lifecycle": {
"Hook": "prestart",
"Sidecar": false
},
"Config": {
"image": "nixos/nix:latest",
"command": "/bin/sh",
"args": [
"-c",
"nix copy --from 's3://nix-cache?endpoint=${{ inputs.s3-endpoint }}&scheme=https' '$STORE_PATH' && cp -r $STORE_PATH/* /alloc/data/"
]
},
"Env": {
"AWS_ACCESS_KEY_ID": "$S3_ACCESS_KEY",
"AWS_SECRET_ACCESS_KEY": "$S3_SECRET_KEY"
},
"VolumeMounts": [{
"Volume": "site-data",
"Destination": "/alloc/data"
}],
"Resources": {
"CPU": 200,
"MemoryMB": 256
}
},
{
"Name": "server",
"Driver": "docker",
"Config": {
"image": "joseluisq/static-web-server:2",
"ports": ["http"]
},
"Env": {
"SERVER_ROOT": "/var/www",
"SERVER_LOG_LEVEL": "info"
},
"VolumeMounts": [{
"Volume": "site-data",
"Destination": "/var/www",
"ReadOnly": true
}],
"Resources": {
"CPU": 100,
"MemoryMB": 64
}
}
]
}]
"Name": "fetch",
"Driver": "docker",
"Lifecycle": {
"Hook": "prestart",
"Sidecar": false
},
"Config": {
"image": "nixos/nix:latest",
"command": "/bin/sh",
"args": [
"-c",
"nix copy --from 's3://nix-cache?endpoint=${{ inputs.s3-endpoint }}&scheme=https' '${STORE_PATH}' && cp -r ${STORE_PATH}/* /alloc/data/"
]
},
"Env": {
"AWS_ACCESS_KEY_ID": "${{ env.S3_ACCESS_KEY }}",
"AWS_SECRET_ACCESS_KEY": "${{ env.S3_SECRET_KEY }}",
"STORE_PATH": "${{ env.STORE_PATH }}"
},
"VolumeMounts": [{
"Volume": "site-data",
"Destination": "/alloc/data"
}],
"Resources": {
"CPU": 200,
"MemoryMB": 256
}
},
{
"Name": "server",
"Driver": "docker",
"Config": {
"image": "joseluisq/static-web-server:2",
"ports": ["http"]
},
"Env": {
"SERVER_ROOT": "/var/www",
"SERVER_LOG_LEVEL": "info"
},
"VolumeMounts": [{
"Volume": "site-data",
"Destination": "/var/www",
"ReadOnly": true
}],
"Resources": {
"CPU": 100,
"MemoryMB": 64
}
}
NOMAD_EOF
]
}]
}
}
NOMAD_EOF
nomad job run /tmp/deploy-${{ inputs.site-name }}.nomad.json
nomad job run -json /tmp/deploy-${{ inputs.site-name }}.nomad.json
- name: Deployment summary
shell: bash