Aaron Bieber
29be69632a
When a CI job runs long the agent might have removed the key, so add it back in.
43 lines
893 B
Bash
Executable File
43 lines
893 B
Bash
Executable File
#!/usr/bin/env sh
|
|
|
|
. ./common.sh
|
|
|
|
direnv allow
|
|
|
|
CMD=${1:-""}
|
|
|
|
start_ci
|
|
|
|
trap ci_error INT TERM
|
|
|
|
ci_branch=$(date +"%Y%m%dT%H%M%S%z")
|
|
can_sign=0
|
|
|
|
for i in $(ssh-add -L | awk '{print $NF}'); do
|
|
grep -q $i .allowed_signers && can_sign=1
|
|
done
|
|
|
|
if [ $can_sign != 1 ]; then
|
|
echo "Can't find signing key."
|
|
exit 1
|
|
fi
|
|
|
|
git pull || handle_pull_fail
|
|
|
|
if [ "${1}" = "update" ]; then
|
|
git checkout -b "${ci_branch}" || handle_co_fail
|
|
nix flake update --commit-lock-file || handle_update_fail
|
|
nix flake check || handle_check_fail
|
|
git checkout main || handle_co_fail
|
|
git merge "${ci_branch}" || handle_merge_fail
|
|
|
|
# Agent is configured to forget keys after X, if that happens we need to re-add before push
|
|
agentHasKey "$(cat /run/secrets/ci_ed25519_pub | awk '{print $2}')" ||
|
|
ssh-add /run/secrets/ci_ed25519_key
|
|
git push || handle_push_fail
|
|
else
|
|
nix flake check || handle_check_fail
|
|
fi
|
|
|
|
finish
|