Skip to content

Commit

Permalink
Initial commit
Browse files Browse the repository at this point in the history
  • Loading branch information
@garbas
garbas committed Oct 9, 2024
0 parents commit dac8194
Show file tree
Hide file tree
Showing 172 changed files with 14,063 additions and 0 deletions.
17 changes: 17 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
version: 2
updates:

- package-ecosystem: github-actions
directory: "/"
schedule:
interval: weekly
labels:
- "team-developer-support"
open-pull-requests-limit: 1
commit-message:
prefix: "chore"
include: "scope"
groups:
all:
patterns:
- "*"
19 changes: 19 additions & 0 deletions .github/workflows/auto-label.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
name: Apply label to new issues and PRs

on:
issues:
types: [opened]
pull_request:
types: [opened]

jobs:
add-label:
runs-on: ubuntu-latest
steps:
- name: Add team label automatically to new issues and PRs
uses: actions-ecosystem/action-add-labels@v1
with:
github_token: "${{ secrets.MANAGED_FLOXBOT_GITHUB_ACCESS_TOKEN_REPO_SCOPE }}"
labels: "team-content"


220 changes: 220 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,220 @@
name: "CI"

on:
workflow_dispatch:
push:
branches:
- "main"
pull_request:
schedule:
- cron: "0 0 * * *"


jobs:

envs:
name: "Find environments"
runs-on: "ubuntu-latest"

outputs:
envs_test: "${{ steps.envs.outputs.envs_test }}"
envs_push: "${{ steps.envs.outputs.envs_push }}"

steps:
- name: "Checkout"
uses: "actions/checkout@v4"
with:
fetch-depth: 5

- name: "Find environment"
id: "envs"
run: |
envs_test="["
envs_push="["
update_all=
git diff
git diff --name-only HEAD~1 HEAD --
if git diff --name-only HEAD~1 HEAD -- | grep -E "flake.nix|flake.lock|.github" ; then
echo detected major change
update_all=true
fi
while IFS= read path; do
rel_env_path=$(realpath $(dirname $path)/../..)
env_path=$(realpath -s $(dirname $path)/../..)
if [ -f "$env_path/test.sh" ]; then
name=$(basename $env_path)
if [ "$update_all" != "true" ] && ( git diff --name-only HEAD~1 HEAD | grep -v "$rel_env_path" ; ) ; then
continue
fi
num_of_services=$(yq -oy '.services | length' $path)
start_services="true"
if [ "$num_of_services" -eq 0 ]; then
start_services="false"
fi
readarray systems < <(yq e -o=j -I=0 '.options.systems[]' $path)
comma_test=""
if [ "$envs_test" != "[" ]; then comma_test=","; fi
for system in "${systems[@]}"; do
system=$(echo $system | xargs)
envs_test="$envs_test$comma_test{\"example\":\"$name\",\"system\":\"$system\",\"start_services\":$start_services}"
comma_test=","
done
comma_push=""
if [ "$envs_push" != "[" ]; then comma_push=","; fi
envs_push="$envs_push$comma_push{\"example\":\"$name\"}"
fi
done <<< "$(find ./ -name manifest.toml)"
envs_test="$envs_test]"
envs_push="$envs_push]"
echo "-- ENVS_TEST ---------------"
echo "$envs_test" | jq
echo "----------------------------"
echo "-- ENVS_PUSH ---------------"
echo "$envs_push" | jq
echo "----------------------------"
echo "envs_test=$envs_test" >> "$GITHUB_OUTPUT"
echo "envs_push=$envs_push" >> "$GITHUB_OUTPUT"
test:
name: "Test '${{ matrix.example }}' example on '${{ matrix.system }}'"
runs-on: "ubuntu-latest"

needs:
- "envs"

strategy:
fail-fast: false
matrix:
include: ${{ fromJSON(needs.envs.outputs.envs_test ) }}

steps:
- name: "Setup SSH"
uses: "webfactory/ssh-agent@v0.9.0"
with:
ssh-private-key: "${{ secrets.MANAGED_FLOXBOT_SSH_KEY }}"

- name: "Setup Tailscale"
uses: "tailscale/github-action@v2"
with:
args: "--timeout 30s --login-server ${{ vars.MANAGED_TAILSCALE_URL }}"
tags: "tag:ci"
authkey: "${{ secrets.MANAGED_TAILSCALE_AUTH_KEY }}"

- name: "Find remote server to run tests on"
run: |
set -eo pipefail
echo "${{ vars.MANAGED_REMOTE_BUILDERS }}" > machines
export REMOTE_SERVER=$(cat machines | grep ${{ matrix.system }} | cut -f1 -d' ' | cut -f3 -d'/' | head -1 | sed 's/nixbld@//' ; )
export REMOTE_SERVER_USER_KNOWN_HOSTS_FILE=$(mktemp)
export REMOTE_PUBLIC_HOST_KEY=$(cat machines | grep ${{ matrix.system }} | tr -s ' ' | cut -f8 -d' ' | base64 -d ; )
printf "%s %s\n" "$REMOTE_SERVER" "$REMOTE_PUBLIC_HOST_KEY" > "$REMOTE_SERVER_USER_KNOWN_HOSTS_FILE"
echo "REMOTE_SERVER: $REMOTE_SERVER"
echo "REMOTE_SERVER_USER_KNOWN_HOSTS_FILE: $REMOTE_SERVER_USER_KNOWN_HOSTS_FILE"
cat $REMOTE_SERVER_USER_KNOWN_HOSTS_FILE
echo "REMOTE_SERVER=$REMOTE_SERVER" >> $GITHUB_ENV
echo "REMOTE_SERVER_USER_KNOWN_HOSTS_FILE=$REMOTE_SERVER_USER_KNOWN_HOSTS_FILE" >> $GITHUB_ENV
- name: "Test environment"
run: |
ssh github@$REMOTE_SERVER \
-oUserKnownHostsFile=$REMOTE_SERVER_USER_KNOWN_HOSTS_FILE \
nix run \
--accept-flake-config \
--extra-experimental-features '"nix-command flakes"' \
--option access-tokens "github.com=${{ secrets.MANAGED_FLOXBOT_GITHUB_ACCESS_TOKEN_REPO_SCOPE }}" \
github:flox/floxenvs/${{ github.sha }}#apps.${{ matrix.system }}.test-${{ matrix.example }} -- ${{ matrix.start_services }}
push:
name: "Sync '${{ matrix.example }}' manifest"
runs-on: "ubuntu-latest"

if: (github.event_name == 'push' && github.ref_name == 'main') || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule'

needs:
- "envs"
- "test"

env:
FLOX_BIN: "flox -vvv"
FLOX_REMOTE_OWNER: "flox"
FLOX_AUTH0_URL: "https://auth.flox.dev"

strategy:
matrix:
include: ${{ fromJSON(needs.envs.outputs.envs_push ) }}

steps:
- name: "Checkout"
uses: "actions/checkout@v4"

- name: "Install flox"
uses: "flox/install-flox-action@main"

- name: "Get FloxHub token"
run: |
echo "FLOX_FLOXHUB_TOKEN=$(
curl --request POST \
--url $FLOX_AUTH0_URL/oauth/token \
--header 'content-type: application/x-www-form-urlencoded' \
--data "client_id=${{ secrets.MANAGED_FLOXENVS_AUTH0_CLIENT_ID }}" \
--data "audience=https://hub.flox.dev/api" \
--data "grant_type=client_credentials" \
--data "client_secret=${{ secrets.MANAGED_FLOXENVS_AUTH0_CLIENT_SECRET }}" \
| jq .access_token -r)" >> $GITHUB_ENV
- name: "Pull or Create remote environment"
run: |
pushd ./${{ matrix.example }}
if flox list --config --remote "$FLOX_REMOTE_OWNER/${{ matrix.example }}" >/dev/null; then
$FLOX_BIN pull --remote "$FLOX_REMOTE_OWNER/${{ matrix.example }}" --dir "remote"
else
echo "WARN: No environment $FLOX_REMOTE_OWNER/${{ matrix.example }} found on FloxHub"
echo "WARN: Creating a new environment ${{ matrix.example }}"
$FLOX_BIN init --name ${{ matrix.example }} --dir "remote"
$FLOX_BIN push --dir "remote"
fi
popd
- name: "Sync to remote environment"
run: |
pushd ./${{ matrix.example }}
cp -rf .flox/env/* remote/.flox/env/
$FLOX_BIN edit --sync --dir "remote"
popd
- name: "Push to remote environment"
run: |
pushd ./${{ matrix.example }}
$FLOX_BIN push --dir "remote"
popd
report-failure:
name: "Report Failure"
runs-on: "ubuntu-latest"

if: ${{ failure() && github.ref == 'refs/heads/main' && (github.event_name == 'push' || github.event_name == 'schedule') }}

needs:
- "test"
- "push"

steps:
- name: "Slack Notification"
uses: "rtCamp/action-slack-notify@v2"
env:
SLACK_TITLE: "Something broke CI for floxenvs"
SLACK_FOOTER: "Thank you for caring"
SLACK_WEBHOOK: "${{ secrets.MANAGED_SLACK_WEBHOOK }}"
SLACK_USERNAME: "GitHub"
SLACK_ICON_EMOJI: ":poop:"
SLACK_COLOR: "#ff2800" # ferrari red -> https://encycolorpedia.com/ff2800
SLACK_LINK_NAMES: true
85 changes: 85 additions & 0 deletions .github/workflows/update.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
name: "Update flox environments manifests"

on:
workflow_dispatch:
schedule:
- cron: "30 0 * * 1"

jobs:

envs:
name: "Find environments"
runs-on: "ubuntu-latest"

outputs:
envs: "${{ steps.envs.outputs.envs }}"

steps:
- name: "Checkout"
uses: "actions/checkout@v4"

- name: "Find environment"
id: "envs"
run: |
set -x
envs="["
while IFS= read path; do
env_path=$(realpath -s $(dirname $path)/../..)
if [ -f "$env_path/test.sh" ]; then
name=$(basename $env_path)
num_of_services=$(yq -oy '.services | length' $path)
start_services="true"
if [ "$num_of_services" -eq 0 ]; then
start_services="false"
fi
comma=""
if [ "$envs" != "[" ]; then comma=","; fi
envs="$envs$comma{\"example\":\"$name\"}"
fi
done <<< "$(find ./ -name manifest.toml)"
envs="$envs]"
echo "-- ENVS --------------------"
echo "$envs " | jq
echo "----------------------------"
echo "envs=$envs" >> "$GITHUB_OUTPUT"
upgrade:
name: "Upgrade '${{ matrix.example }}' manifest"
runs-on: "ubuntu-latest"

needs:
- "envs"

strategy:
matrix:
include: ${{ fromJSON(needs.envs.outputs.envs) }}

steps:
- name: "Checkout"
uses: "actions/checkout@v4"

- name: "Install flox"
uses: "flox/install-flox-action@main"

- name: "Run upgrade"
run: |
pushd ./${{ matrix.example }}
flox -vvv upgrade
popd
- name: "Create Pull Request"
uses: "peter-evans/create-pull-request@v7"
with:
token: "${{ secrets.MANAGED_FLOXBOT_GITHUB_ACCESS_TOKEN_REPO_SCOPE }}"
add-paths: "${{ matrix.example }}/.flox"
commit-message: "chore: Update manifest of `${{ matrix.example }}` environment"
commiter: "FloxBot <bot@flox.dev>"
author: "FloxBot <bot@flox.dev>"
branch: "chore-update-${{ matrix.example }}-environment"
delete-branch: true
title: "chore: Update manifest of `${{ matrix.example }}` flox environment"
body: "This PR was automatically created by [Update workflow](https://github.com/flox/floxenvs/actions/workflows/update.yml)."
labels: "team-developer-support"
6 changes: 6 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
.DS_Store
/.direnv/
/result
/*/.flox/cache
/*/.flox/log
/*/.flox/run
3 changes: 3 additions & 0 deletions 1password/.flox/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
run/
cache/
lib/
4 changes: 4 additions & 0 deletions 1password/.flox/env.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
{
"name": "op-inject-manifest",
"version": 1
}
Loading

0 comments on commit dac8194

Please sign in to comment.