ci-actions

Author	SHA1	Message	Date
Christopher Mühl	bc2885c5c7	feat: pin server image to digest at deploy time	2026-02-18 13:23:18 +01:00
Christopher Mühl	af9a4e3e29	feat: auto-create static-sites namespace on deploy	2026-02-18 13:19:44 +01:00
Christopher Mühl	4b1bbce9af	feat: make NIX_SIGNING_KEY optional, skip Nix cache push if unset	2026-02-18 13:18:11 +01:00
Christopher Mühl	4af132296e	refactor: replace generate-job.py with nomad-job.nix, add flake-output input Use nix eval --raw --impure + builtins.getEnv instead of Python for Nomad job JSON generation. Add flake-output input (default: default) so projects can build non-default outputs like docs. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-02-18 13:16:08 +01:00
Christopher Mühl	95bf5517f7	fix: allow unfree for nomad install (BSL license)	2026-02-18 13:11:52 +01:00
Christopher Mühl	644dfc4978	refactor: s3 endpoint+bucket as action inputs, secrets stay in env S3_BUCKET and S3_ENDPOINT are config, not secrets. Move them to inputs with defaults (s3.toph.so / nix-cache). Calling workflows only need to supply AWS credentials, NIX_SIGNING_KEY, NOMAD_TOKEN. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-02-18 13:09:47 +01:00
Christopher Mühl	55652569b2	feat: add deploy-static-site action, site-lib, images; remove deploy-oci-site Content now served from S3 at runtime via shared static-server image. - deploy-static-site: reads creds from Nomad vars, builds site, pushes tarball to S3, generates per-domain Nomad job JSON, deploys - generate-job.py: emits Nomad job JSON for a static site deployment - site-lib/flake.nix: mkSite helper, packages.default + devShells only - images/flake.nix: shared static-server OCI image (sws + awscli2 + tools) - images CI: builds and pushes static-server on images/flake.nix changes - deploy-oci-site: removed (superseded by deploy-static-site) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-02-18 11:27:27 +01:00

7 commits