toph/ci-actions
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
43 commits 1 branch 0 tags 212 KiB
Commit graph

15 commits

Author SHA1 Message Date
Christopher Mühl
b7ba4c1c0a
fix(deploy-static-site): inject NOMAD_ADDR via runner, use shared nomad/jobs var 
Remove hardcoded nomad-addr input — NOMAD_ADDR is now injected by the
Forgejo runner via container.options using host.docker.internal.

Switch Nomad Variable path from static-sites/s3 to nomad/jobs so all
jobs in the namespace can read it without explicit ACL policies.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-19 01:15:08 +01:00
Christopher Mühl
bcca32baae
fix(deploy-static-site): remove nix profile install, tools provided by runner image 2026-02-19 00:24:36 +01:00
Christopher Mühl
3f27f6b84f
fix(deploy-static-site): inline tool cache push to fix HOME expansion in with block 2026-02-18 22:25:06 +01:00
Christopher Mühl
cc2f605905
fix(deploy-static-site): quote action_path in nix eval expr to handle @ in path 2026-02-18 22:03:55 +01:00
Christopher Mühl
8edf272e90
fix(deploy-static-site): cache installed tools to S3 after first build 2026-02-18 22:02:29 +01:00
Christopher Mühl
ae48e175e2
fix(deploy-static-site): remove namespace apply (pre-created in infra setup) 2026-02-18 21:52:45 +01:00
Christopher Mühl
c0ba8096ba
fix(deploy-static-site): add nix profile bin to PATH after install 2026-02-18 18:23:51 +01:00
Christopher Mühl
b094952455
feat: add push-nix-cache action, wire into deploy-static-site and build-static-server
Some checks failed
Build and Push static-server Image / build (push) Failing after 1m45s
Details 
Extracts sign+push logic into a reusable push-nix-cache action.
Both the site deploy and the image build now use it.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-18 13:38:06 +01:00
Christopher Mühl
bc2885c5c7
feat: pin server image to digest at deploy time 2026-02-18 13:23:18 +01:00
Christopher Mühl
af9a4e3e29
feat: auto-create static-sites namespace on deploy 2026-02-18 13:19:44 +01:00
Christopher Mühl
4b1bbce9af
feat: make NIX_SIGNING_KEY optional, skip Nix cache push if unset 2026-02-18 13:18:11 +01:00
Christopher Mühl
4af132296e
refactor: replace generate-job.py with nomad-job.nix, add flake-output input 
Use nix eval --raw --impure + builtins.getEnv instead of Python for
Nomad job JSON generation. Add flake-output input (default: default)
so projects can build non-default outputs like docs.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-18 13:16:08 +01:00
Christopher Mühl
95bf5517f7
fix: allow unfree for nomad install (BSL license) 2026-02-18 13:11:52 +01:00
Christopher Mühl
644dfc4978
refactor: s3 endpoint+bucket as action inputs, secrets stay in env 
S3_BUCKET and S3_ENDPOINT are config, not secrets. Move them to
inputs with defaults (s3.toph.so / nix-cache). Calling workflows
only need to supply AWS credentials, NIX_SIGNING_KEY, NOMAD_TOKEN.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-18 13:09:47 +01:00
Christopher Mühl
55652569b2
feat: add deploy-static-site action, site-lib, images; remove deploy-oci-site 
Content now served from S3 at runtime via shared static-server image.
- deploy-static-site: reads creds from Nomad vars, builds site, pushes
  tarball to S3, generates per-domain Nomad job JSON, deploys
- generate-job.py: emits Nomad job JSON for a static site deployment
- site-lib/flake.nix: mkSite helper, packages.default + devShells only
- images/flake.nix: shared static-server OCI image (sws + awscli2 + tools)
- images CI: builds and pushes static-server on images/flake.nix changes
- deploy-oci-site: removed (superseded by deploy-static-site)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-18 11:27:27 +01:00