toph/ci-actions
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

feat: add NOMAD_TOKEN support and static-sites namespace

Browse source 
Jobs now target the static-sites namespace (required by the CI ACL
policy) and docs include NOMAD_TOKEN in all workflow examples.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Christopher Mühl 2026-02-18 00:18:34 +01:00
parent 76c0b483c8
commit ee3dfcb19a
No known key found for this signature in database
GPG key ID: 925AC7D69955293F
3 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
README.md
View file

@ -34,6 +34,7 @@ jobs:
S3_ACCESS_KEY: ${{ secrets.S3_ACCESS_KEY }} S3_ACCESS_KEY: ${{ secrets.S3_ACCESS_KEY }}
S3_SECRET_KEY: ${{ secrets.S3_SECRET_KEY }} S3_SECRET_KEY: ${{ secrets.S3_SECRET_KEY }}
NIX_SIGNING_KEY: ${{ secrets.NIX_SIGNING_KEY }} NIX_SIGNING_KEY: ${{ secrets.NIX_SIGNING_KEY }}
NOMAD_TOKEN: ${{ secrets.NOMAD_TOKEN }}
``` ```
**Inputs:** **Inputs:**
@ -111,6 +112,7 @@ jobs:
env: env:
S3_ACCESS_KEY: ${{ secrets.S3_ACCESS_KEY }} S3_ACCESS_KEY: ${{ secrets.S3_ACCESS_KEY }}
S3_SECRET_KEY: ${{ secrets.S3_SECRET_KEY }} S3_SECRET_KEY: ${{ secrets.S3_SECRET_KEY }}
NOMAD_TOKEN: ${{ secrets.NOMAD_TOKEN }}
``` ```
**Inputs:** **Inputs:**
@ -122,6 +124,7 @@ jobs:
**Environment variables:** **Environment variables:**
- `S3_ACCESS_KEY`: S3 access key (set via Forgejo secrets) - `S3_ACCESS_KEY`: S3 access key (set via Forgejo secrets)
- `S3_SECRET_KEY`: S3 secret key (set via Forgejo secrets) - `S3_SECRET_KEY`: S3 secret key (set via Forgejo secrets)
- `NOMAD_TOKEN`: Nomad ACL token for the `static-sites` namespace (set via Forgejo secrets, auto-synced by `nomad-acl-forgejo-sync`)
**What it does:** **What it does:**
1. Packages the site directory as a tarball 1. Packages the site directory as a tarball
@ -228,6 +231,7 @@ In your repository settings (or organization settings for global secrets):
- `S3_ACCESS_KEY`: S3 access key - `S3_ACCESS_KEY`: S3 access key
- `S3_SECRET_KEY`: S3 secret key - `S3_SECRET_KEY`: S3 secret key
- `NIX_SIGNING_KEY`: Contents of `cache-priv-key.pem` - `NIX_SIGNING_KEY`: Contents of `cache-priv-key.pem`
- `NOMAD_TOKEN`: Auto-synced by `nomad-acl-forgejo-sync` on alvin (or set manually from `cat /var/lib/nomad-acl/ci.token`)
### 6. Configure SSH access from runner to alvin ### 6. Configure SSH access from runner to alvin
@ -257,6 +261,7 @@ jobs:
env: env:
S3_ACCESS_KEY: ${{ secrets.S3_ACCESS_KEY }} S3_ACCESS_KEY: ${{ secrets.S3_ACCESS_KEY }}
S3_SECRET_KEY: ${{ secrets.S3_SECRET_KEY }} S3_SECRET_KEY: ${{ secrets.S3_SECRET_KEY }}
NOMAD_TOKEN: ${{ secrets.NOMAD_TOKEN }}
``` ```
### Node.js/Vite site with custom domain ### Node.js/Vite site with custom domain
@ -291,6 +296,7 @@ jobs:
env: env:
S3_ACCESS_KEY: ${{ secrets.S3_ACCESS_KEY }} S3_ACCESS_KEY: ${{ secrets.S3_ACCESS_KEY }}
S3_SECRET_KEY: ${{ secrets.S3_SECRET_KEY }} S3_SECRET_KEY: ${{ secrets.S3_SECRET_KEY }}
NOMAD_TOKEN: ${{ secrets.NOMAD_TOKEN }}
``` ```
### Hugo site ### Hugo site
@ -326,6 +332,7 @@ jobs:
env: env:
S3_ACCESS_KEY: ${{ secrets.S3_ACCESS_KEY }} S3_ACCESS_KEY: ${{ secrets.S3_ACCESS_KEY }}
S3_SECRET_KEY: ${{ secrets.S3_SECRET_KEY }} S3_SECRET_KEY: ${{ secrets.S3_SECRET_KEY }}
NOMAD_TOKEN: ${{ secrets.NOMAD_TOKEN }}
``` ```
## S3 Access ## S3 Access

1
deploy-nix-site/action.yaml
View file

@ -83,6 +83,7 @@ runs:
"Job": { "Job": {
"ID": "${{ inputs.site-name }}", "ID": "${{ inputs.site-name }}",
"Name": "${{ inputs.site-name }}", "Name": "${{ inputs.site-name }}",
"Namespace": "static-sites",
"Type": "service", "Type": "service",
"Datacenters": ["contabo"], "Datacenters": ["contabo"],
"Constraints": [{ "Constraints": [{

1
deploy-site/action.yaml
View file

@ -77,6 +77,7 @@ runs:
"Job": { "Job": {
"ID": "${{ inputs.site-name }}", "ID": "${{ inputs.site-name }}",
"Name": "${{ inputs.site-name }}", "Name": "${{ inputs.site-name }}",
"Namespace": "static-sites",
"Type": "service", "Type": "service",
"Datacenters": ["contabo"], "Datacenters": ["contabo"],
"Constraints": [{ "Constraints": [{