2023-01-29 06:11:36 -07:00
|
|
|
#!/usr/bin/env sh
|
|
|
|
|
|
|
|
. ./common.sh
|
|
|
|
|
2023-07-18 20:28:18 -06:00
|
|
|
if [ -f ./lock ]; then
|
|
|
|
msg "${SCRIPT_NAME} locked..."
|
|
|
|
exit 0
|
|
|
|
fi
|
|
|
|
|
2023-02-03 06:13:54 -07:00
|
|
|
direnv allow
|
2023-02-03 06:05:43 -07:00
|
|
|
|
2023-01-29 08:58:35 -07:00
|
|
|
CMD=${1:-""}
|
|
|
|
|
2023-03-03 07:48:42 -07:00
|
|
|
eval $(keychain --eval --agents ssh --inherit any)
|
|
|
|
|
2023-06-14 12:10:02 -06:00
|
|
|
git config user.signingkey /run/secrets/ci_signing_ed25519_key
|
2023-06-14 08:07:04 -06:00
|
|
|
git config commit.gpgsign true
|
|
|
|
git config gpg.ssh.allowedSignersFile .allowed_signers
|
2023-06-13 15:36:47 -06:00
|
|
|
|
2023-01-31 14:26:29 -07:00
|
|
|
start_ci
|
2023-01-29 08:29:43 -07:00
|
|
|
|
2023-01-31 05:23:20 -07:00
|
|
|
trap ci_error INT TERM
|
2023-01-29 10:01:15 -07:00
|
|
|
|
2023-01-31 05:23:20 -07:00
|
|
|
ci_branch=$(date +"%Y%m%dT%H%M%S%z")
|
|
|
|
can_sign=0
|
2023-01-29 06:11:36 -07:00
|
|
|
|
2023-01-31 05:23:20 -07:00
|
|
|
for i in $(ssh-add -L | awk '{print $NF}'); do
|
|
|
|
grep -q $i .allowed_signers && can_sign=1
|
|
|
|
done
|
2023-01-29 06:11:36 -07:00
|
|
|
|
2023-01-31 05:23:20 -07:00
|
|
|
if [ $can_sign != 1 ]; then
|
|
|
|
echo "Can't find signing key."
|
|
|
|
exit 1
|
2023-01-29 08:52:54 -07:00
|
|
|
fi
|
2023-01-31 05:23:20 -07:00
|
|
|
|
2023-05-24 06:04:58 -06:00
|
|
|
git checkout main || handle_co_fail "main"
|
2023-01-31 16:28:08 -07:00
|
|
|
git pull || handle_pull_fail
|
2023-02-02 10:38:40 -07:00
|
|
|
|
|
|
|
if [ "${1}" = "update" ]; then
|
2023-02-27 07:14:00 -07:00
|
|
|
if ! git checkout -b "${ci_branch}"; then
|
2023-05-09 19:02:59 -06:00
|
|
|
handle_co_fail "${ci_branch}"
|
2023-02-27 07:14:00 -07:00
|
|
|
exit 1
|
|
|
|
fi
|
2023-05-23 14:56:12 -06:00
|
|
|
|
2023-05-23 20:48:53 -06:00
|
|
|
bin/deploy watch update
|
2023-05-23 14:56:12 -06:00
|
|
|
if ! git diff --exit-code >/dev/null; then
|
|
|
|
git add pull_requests
|
|
|
|
git commit -m 'watched: update watched pull requests'
|
|
|
|
fi
|
2024-06-28 09:37:50 -06:00
|
|
|
|
2023-05-09 18:31:04 -06:00
|
|
|
for inp in $(nix flake metadata --json | jq -r '.locks.nodes.root.inputs | keys[] as $k | $k'); do
|
2023-05-09 19:02:59 -06:00
|
|
|
if ! git checkout -b "${ci_branch}_${inp}"; then
|
|
|
|
handle_co_fail "${ci_branch}_${inp}"
|
|
|
|
continue
|
|
|
|
fi
|
|
|
|
|
2023-07-17 06:22:16 -06:00
|
|
|
current_hash="$(git rev-parse HEAD)"
|
|
|
|
|
2024-05-13 05:45:05 -06:00
|
|
|
if ! nix flake update --commit-lock-file "$inp"; then
|
2023-05-09 19:02:59 -06:00
|
|
|
handle_update_fail "$inp"
|
|
|
|
continue
|
|
|
|
fi
|
|
|
|
|
2023-07-17 06:22:16 -06:00
|
|
|
maybe_new_hash="$(git rev-parse HEAD)"
|
|
|
|
|
|
|
|
if [ "${current_hash}" != "${maybe_new_hash}" ]; then
|
2024-05-20 06:56:47 -06:00
|
|
|
if ! nix flake check --print-build-logs; then
|
|
|
|
handle_update_check_fail "$inp"
|
2023-07-17 06:22:16 -06:00
|
|
|
continue
|
|
|
|
fi
|
|
|
|
else
|
|
|
|
msg "No change in input, skipping checks."
|
2023-05-09 19:02:59 -06:00
|
|
|
fi
|
|
|
|
|
|
|
|
if ! git checkout "${ci_branch}"; then
|
|
|
|
handle_co_fail "${ci_branch}"
|
|
|
|
continue
|
|
|
|
fi
|
|
|
|
|
|
|
|
if ! git merge "${ci_branch}_${inp}"; then
|
|
|
|
handle_merge_fail "${ci_branch}_${inp}" "${ci_branch}"
|
|
|
|
continue
|
2023-05-09 18:31:04 -06:00
|
|
|
fi
|
|
|
|
done
|
2023-05-09 19:02:59 -06:00
|
|
|
|
2024-05-20 06:56:47 -06:00
|
|
|
if ! nix flake check --print-build-logs; then
|
|
|
|
handle_update_check_fail "$ci_branch"
|
2023-02-27 07:14:00 -07:00
|
|
|
exit 1
|
|
|
|
fi
|
2023-05-09 19:02:59 -06:00
|
|
|
|
2023-02-27 07:14:00 -07:00
|
|
|
if ! git checkout main; then
|
|
|
|
handle_co_fail
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
if ! git merge "${ci_branch}"; then
|
2023-05-09 19:02:59 -06:00
|
|
|
handle_merge_fail "${ci_branch}" "main"
|
2023-02-27 07:14:00 -07:00
|
|
|
exit 1
|
|
|
|
fi
|
2023-02-18 06:45:53 -07:00
|
|
|
|
|
|
|
# Agent is configured to forget keys after X, if that happens we need to re-add before push
|
|
|
|
agentHasKey "$(cat /run/secrets/ci_ed25519_pub | awk '{print $2}')" ||
|
|
|
|
ssh-add /run/secrets/ci_ed25519_key
|
2023-02-27 07:14:00 -07:00
|
|
|
if ! git push; then
|
|
|
|
handle_push_fail
|
|
|
|
exit 1
|
|
|
|
fi
|
2023-02-02 10:38:40 -07:00
|
|
|
else
|
2024-05-20 06:56:47 -06:00
|
|
|
if ! nix flake check --print-build-logs; then
|
|
|
|
handle_check_fail
|
2023-03-27 06:09:11 -06:00
|
|
|
exit 1
|
|
|
|
fi
|
2023-02-02 10:38:40 -07:00
|
|
|
fi
|
|
|
|
|
2023-06-16 09:28:51 -06:00
|
|
|
finish_ci
|