mirror of
https://github.com/nmasur/dotfiles
synced 2024-11-26 15:25:37 +00:00
fixup updates to ami workflow
This commit is contained in:
parent
7a74f0a504
commit
46e633c8b9
@ -1,7 +1,6 @@
|
|||||||
name: 'Terraform'
|
name: 'Terraform'
|
||||||
env:
|
env:
|
||||||
|
|
||||||
|
|
||||||
AWS_ACCOUNT_NUMBER: ''
|
AWS_ACCOUNT_NUMBER: ''
|
||||||
AWS_PLAN_ROLE_NAME: github_actions_plan
|
AWS_PLAN_ROLE_NAME: github_actions_plan
|
||||||
AWS_APPLY_ROLE_NAME: github_actions_admin
|
AWS_APPLY_ROLE_NAME: github_actions_admin
|
||||||
@ -82,15 +81,14 @@ jobs:
|
|||||||
|
|
||||||
# Downloads the current repo code to the runner.
|
# Downloads the current repo code to the runner.
|
||||||
- name: Checkout Repo Code
|
- name: Checkout Repo Code
|
||||||
uses: actions/checkout@v2
|
uses: actions/checkout@v3
|
||||||
|
|
||||||
# Install Nix
|
# Enable access to KVM, required to build an image
|
||||||
- name: Install Nix
|
- name: Enable KVM group perms
|
||||||
uses: cachix/install-nix-action@v17
|
run: |
|
||||||
|
echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules
|
||||||
# Build the image
|
sudo udevadm control --reload-rules
|
||||||
- name: Build Image
|
sudo udevadm trigger --name-match=kvm
|
||||||
run: nix build .#aws
|
|
||||||
|
|
||||||
# Login to AWS
|
# Login to AWS
|
||||||
- name: AWS Assume Role
|
- name: AWS Assume Role
|
||||||
@ -99,6 +97,28 @@ jobs:
|
|||||||
role-to-assume: ${{ env.AWS_ROLE_ARN }}
|
role-to-assume: ${{ env.AWS_ROLE_ARN }}
|
||||||
aws-region: ${{ env.AWS_REGION }}
|
aws-region: ${{ env.AWS_REGION }}
|
||||||
|
|
||||||
|
# Install Nix
|
||||||
|
- name: Install Nix
|
||||||
|
uses: cachix/install-nix-action@v17
|
||||||
|
with:
|
||||||
|
extra_nix_config: |
|
||||||
|
substituters = s3://insert-cache-bucket https://cache.nixos.org/
|
||||||
|
trusted-public-keys = insert-cache-bucket:M6PsZjHXcLvbQyPUBLICKEYGVoNwI84g1FBQzouRU= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
|
||||||
|
|
||||||
|
# Build the image
|
||||||
|
- name: Build Image
|
||||||
|
run: nix build .#aws
|
||||||
|
|
||||||
|
# Copy the image to S3
|
||||||
|
- name: Upload Image to Cache
|
||||||
|
env:
|
||||||
|
NIX_CACHE_PRIVATE_KEY: ${{ secrets.NIX_CACHE_PRIVATE_KEY }}
|
||||||
|
run: |
|
||||||
|
echo "$NIX_CACHE_PRIVATE_KEY" > cache.key
|
||||||
|
nix store sign --key-file cache.key $(readlink result)
|
||||||
|
nix copy --to s3://t2-aws-nixos-test $(readlink result)
|
||||||
|
rm cache.key
|
||||||
|
|
||||||
# Exports all GitHub Secrets as environment variables prefixed by
|
# Exports all GitHub Secrets as environment variables prefixed by
|
||||||
# "TF_VAR_", which exposes them to Terraform. The name of each GitHub
|
# "TF_VAR_", which exposes them to Terraform. The name of each GitHub
|
||||||
# Secret must match its Terraform variable name exactly.
|
# Secret must match its Terraform variable name exactly.
|
||||||
|
Loading…
Reference in New Issue
Block a user