xin/bin/ci

66 lines
1.1 KiB
Plaintext
Raw Normal View History

2023-01-29 06:11:36 -07:00
#!/usr/bin/env sh
. ./common.sh
2023-02-03 06:13:54 -07:00
direnv allow
2023-01-29 08:58:35 -07:00
CMD=${1:-""}
eval $(keychain --eval --agents ssh --inherit any)
2023-01-31 14:26:29 -07:00
start_ci
2023-01-29 08:29:43 -07:00
2023-01-31 05:23:20 -07:00
trap ci_error INT TERM
2023-01-29 10:01:15 -07:00
2023-01-31 05:23:20 -07:00
ci_branch=$(date +"%Y%m%dT%H%M%S%z")
can_sign=0
2023-01-29 06:11:36 -07:00
2023-01-31 05:23:20 -07:00
for i in $(ssh-add -L | awk '{print $NF}'); do
grep -q $i .allowed_signers && can_sign=1
done
2023-01-29 06:11:36 -07:00
2023-01-31 05:23:20 -07:00
if [ $can_sign != 1 ]; then
echo "Can't find signing key."
exit 1
2023-01-29 08:52:54 -07:00
fi
2023-01-31 05:23:20 -07:00
2023-01-31 16:28:08 -07:00
git pull || handle_pull_fail
if [ "${1}" = "update" ]; then
2023-02-27 07:14:00 -07:00
if ! git checkout -b "${ci_branch}"; then
handle_co_fail
exit 1
fi
if ! nix flake update --commit-lock-file; then
handle_update_fail
exit 1
fi
if ! nix flake check; then
2023-03-27 06:09:11 -06:00
handle_update_check_fail
2023-02-27 07:14:00 -07:00
exit 1
fi
if ! git checkout main; then
handle_co_fail
exit 1
fi
if ! git merge "${ci_branch}"; then
handle_merge_fail
exit 1
fi
# Agent is configured to forget keys after X, if that happens we need to re-add before push
agentHasKey "$(cat /run/secrets/ci_ed25519_pub | awk '{print $2}')" ||
ssh-add /run/secrets/ci_ed25519_key
2023-02-27 07:14:00 -07:00
if ! git push; then
handle_push_fail
exit 1
fi
else
2023-03-27 06:09:11 -06:00
if ! nix flake check; then
handle_check_fail
exit 1
fi
fi
finish