singularity/singularity-forge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

ci: build sf server image with nix
Some checks are pending
sf self-deploy / build, test, and publish server image (push) Waiting to run
Details
sf self-deploy / deploy test and probe (push) Blocked by required conditions
Details
sf self-deploy / promote prod (push) Blocked by required conditions
Details

Browse source
This commit is contained in:
Mikael Hugo 2026-05-18 03:43:59 +02:00
parent 36a2abee0f
commit d8999588bc
1 changed files with 12 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
.forgejo/workflows/self-deploy.yml
View file

@ -68,7 +68,7 @@ jobs:
# precompiled, so every test that uses the native parser/text path
# falls back to JS and is slow. Tests still run in:
# - dev machines (`npm run test:unit`)
# - the docker image build itself (Dockerfile runs them)
# - targeted pre-push verification before landing deploy changes
# Re-enable here when prebuilt @singularity-forge/engine-linux-x64-*
# ships in the npm tarball.
@ -86,10 +86,9 @@ jobs:
- name: Generate release manifest
run: npm run release:manifest -- --out dist/sf-release-manifest.json
# The forgejo-runner pod has /var/run/docker.sock mounted from the
# vega host (via the runner deployment in /srv/infra). docker CLI
# is on PATH via nixpkgs#docker-client. So: plain `docker build` and
# `docker push` against the host's docker daemon.
# The forgejo-runner pod has Nix plus /var/run/docker.sock from vega.
# Build the same flake image that k3s runs, load it into the host
# Docker daemon, then tag it to the pushed commit SHA.
- name: Login to registry
if: env.SF_REGISTRY_USER != '' && env.SF_REGISTRY_PASSWORD != ''
run: |
@ -97,17 +96,16 @@ jobs:
"${SF_REGISTRY:-registry.infra.centralcloud.com}" \
--username "$SF_REGISTRY_USER" --password-stdin
- name: Build server image
- name: Build server image with Nix
run: |
set -euo pipefail
docker build \
-f docker/Dockerfile.sf-server \
--build-arg "SF_GIT_SHA=${GITHUB_SHA:-$(git rev-parse HEAD)}" \
--build-arg "SF_GIT_REF=${GITHUB_REF_NAME:-$(git rev-parse --abbrev-ref HEAD)}" \
--build-arg "SF_RELEASE_IMAGE=${{ steps.image.outputs.image }}" \
--build-arg "SF_IMAGE_REPOSITORY=${SF_IMAGE_REPOSITORY:-${SF_REGISTRY:-registry.infra.centralcloud.com}/singularity/sf-server}" \
-t "${{ steps.image.outputs.image }}" \
.
image_stream="$(nix build --no-link --print-out-paths .#sf-server-image)"
loaded_image="$("$image_stream" | docker load | awk -F': ' '/Loaded image:/ { print $2 }')"
if [ -z "$loaded_image" ]; then
echo "docker load did not report a loaded image" >&2
exit 1
fi
docker tag "$loaded_image" "${{ steps.image.outputs.image }}"
- name: Push server image
if: env.SF_PUSH_IMAGE != '0'