name: Arrow env: TERRAFORM_DIRECTORY: hosts/arrow DEPLOY_IDENTITY_BASE64: ${{ secrets.DEPLOY_IDENTITY_BASE64 }} ARROW_IDENTITY_BASE64: ${{ secrets.ARROW_IDENTITY_BASE64 }} CLOUDFLARE_R2_ENDPOINT: "${{ secrets.CLOUDFLARE_ACCOUNT_ID }}.r2.cloudflarestorage.com" AWS_ACCESS_KEY_ID: ${{ secrets.CLOUDFLARE_R2_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY: ${{ secrets.CLOUDFLARE_R2_SECRET_KEY }} TF_VAR_vultr_api_key: ${{ secrets.VULTR_API_KEY }} TF_VAR_cloudflare_r2_endpoint: "${{ secrets.CLOUDFLARE_ACCOUNT_ID }}.r2.cloudflarestorage.com" on: workflow_dispatch: inputs: rebuild: type: boolean default: false action: type: choice required: true default: create options: - create - destroy jobs: build-deploy: name: Build and Deploy runs-on: ubuntu-latest steps: - name: Checkout Repo Code uses: actions/checkout@v4 # Enable access to KVM, required to build an image - name: Enable KVM group perms if: inputs.rebuild && inputs.action != 'destroy' run: | echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules sudo udevadm control --reload-rules sudo udevadm trigger --name-match=kvm # Install Nix - name: Install Nix if: inputs.rebuild && inputs.action != 'destroy' uses: cachix/install-nix-action@v17 # Build the image - name: Build Image if: inputs.rebuild && inputs.action != 'destroy' run: nix build .#image.arrow - name: Upload Image to S3 if: inputs.rebuild && inputs.action != 'destroy' run: | aws s3 cp \ result/iso/nixos.iso \ s3://noahmasur-arrow-images/arrow.iso \ --endpoint-url "https://${{ env.CLOUDFLARE_R2_ENDPOINT }}" # # Copy the image to S3 # - name: Upload Image to Cache # env: # NIX_CACHE_PRIVATE_KEY: ${{ secrets.NIX_CACHE_PRIVATE_KEY }} # run: | # echo "$NIX_CACHE_PRIVATE_KEY" > cache.key # nix store sign --key-file cache.key $(readlink result) # nix copy --to s3://t2-aws-nixos-test $(readlink result) # rm cache.key # Installs the Terraform binary and some other accessory functions. - name: Setup Terraform uses: hashicorp/setup-terraform@v2 # Checks whether Terraform is formatted properly. If this fails, you # should install the pre-commit hook. - name: Check Formatting working-directory: ${{ env.TERRAFORM_DIRECTORY }} run: | terraform fmt -no-color -check -diff -recursive # Connects to remote state backend and download providers. - name: Terraform Init working-directory: ${{ env.TERRAFORM_DIRECTORY }} run: | terraform init \ -backend-config="endpoint=${{ env.CLOUDFLARE_R2_ENDPOINT }}" \ -backend-config="workspace_key_prefix=${{ github.repository }}/arrow" \ -backend-config="key=state.tfstate" \ -backend-config="skip_credentials_validation=true" \ -backend-config="skip_region_validation=true" \ -backend-config="skip_requesting_account_id=true" \ -backend-config="region=anything" \ -backend-config="bucket=noahmasur-terraform" # Deploys infrastructure or changes to infrastructure. - name: Terraform Apply if: inputs.action == 'create' working-directory: ${{ env.TERRAFORM_DIRECTORY }} run: | terraform apply \ -auto-approve \ -input=false # Removes infrastructure. - name: Terraform Destroy if: inputs.action == 'destroy' working-directory: ${{ env.TERRAFORM_DIRECTORY }} run: | terraform destroy \ -auto-approve \ -input=false - name: Get Host IP if: inputs.action == 'create' id: host working-directory: ${{ env.TERRAFORM_DIRECTORY }} run: terraform output host_ip - name: Wait on SSH uses: iFaxity/wait-on-action@v1.1.0 with: resource: tcp ${{ steps.host.outputs.stdout }}:22 interval: 5000 - name: Write Identity Keys to Files if: inputs.action == 'create' run: | echo "${{ env.DEPLOY_IDENTITY_BASE64 }}" | base64 -d > deploy_ed25519 echo "${{ env.ARROW_IDENTITY_BASE64 }}" | base64 -d > arrow_ed25519 - name: Copy Identity File to Host if: inputs.action == 'create' run: scp -i deploy_ed25519 arrow_ed25519 noah@${{ steps.host.outputs.stdout }}:~/.ssh/id_ed25519