-
Notifications
You must be signed in to change notification settings - Fork 0
111 lines (108 loc) · 3.99 KB
/
runner_rebuild.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
##
## Copyright (c) 2019 Matthias Tafelmeier.
##
## This file is part of godon
##
## godon is free software: you can redistribute it and/or modify
## it under the terms of the GNU Affero General Public License as
## published by the Free Software Foundation, either version 3 of the
## License, or (at your option) any later version.
##
## godon is distributed in the hope that it will be useful,
## but WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
## GNU Affero General Public License for more details.
##
## You should have received a copy of the GNU Affero General Public License
## along with this godon. If not, see <http://www.gnu.org/licenses/>.
##
on:
pull_request:
types: [ labeled ready_for_review ]
branches:
- master
env:
RUNNER_BASE_IMAGE: "Fedora 30"
INSTANCE_NAME: "ci_runner"
OS_AUTH_URL: https://oprod-controller1.osuosl.org:5000/v3
OS_PROJECT_NAME: "godon"
OS_USER_DOMAIN_NAME: "Default"
OS_PROJECT_DOMAIN_ID: "default"
OS_REGION_NAME: "RegionOne"
OS_IDENTITY_API_VERSION: 3
OS_INTERFACE: public
OS_USERNAME: ${{ secrets.osuosl_openstack_user }}
OS_PASSWORD: ${{ secrets.osuosl_openstack_pw }}
GH_ACTIONS_TOKEN: ${{ secrets.gh_runner_token }}
jobs:
ci_runner_rebuild_nixos:
if: ${{ github.event.label.name == 'ci_runner' && github.event.label.name == 'rebuild' }}
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
- name: install os client
run: >
sudo apt-get update;
sudo apt-get install
ansible
python3-openstackclient
jq;
- name: stage private access key
run: >
echo "${access_key}" > ./access_key_file;
chmod 0600 ./access_key_file;
env:
access_key: ${{ secrets.osuosl_openstack_instance_key }}
- name: improvise inventory
# since openstack_inventory.py appears broken
run: >
openstack server show -f json "${INSTANCE_NAME}" |
jq -r '.addresses' |
awk -F= '{ print $2 }' > ./instance_address
- name: start runner
run: >
openstack server list -f yaml | grep -q "Status: ACTIVE" ||
openstack server start "${INSTANCE_NAME}";
- name: cleanup nixos generations
run: >
sleep 20;
ansible "$(cat ./instance_address)"
-i "$(cat ./instance_address),"
--private-key ./access_key_file
--ssh-extra-args="-o StrictHostKeyChecking=accept-new"
-u godon
--become
-T 120
-m raw -a "nix-collect-garbage -d";
- name: rebuild with latest runner config
run: >
sleep 10;
ansible "$(cat ./instance_address)"
-i "$(cat ./instance_address),"
--private-key ./access_key_file
--ssh-extra-args="-o StrictHostKeyChecking=accept-new"
-u godon
--become
-T 120
-m copy -a "src=.github/nix_config/ci-runner/configuration.nix dest=/etc/nixos/configuration.nix owner=root mode=0600";
sleep 10;
ansible "$(cat ./instance_address)"
-i "$(cat ./instance_address),"
--private-key ./access_key_file
--ssh-extra-args="-o StrictHostKeyChecking=accept-new"
-u godon
--become
-T 120
-m copy -a "content="${GH_ACTIONS_TOKEN}" dest="/srv/gh_runner.token" owner=github-runner mode=0600";
sleep 10;
ansible "$(cat ./instance_address)"
-i "$(cat ./instance_address),"
--private-key ./access_key_file
--ssh-extra-args="-o StrictHostKeyChecking=accept-new"
-u godon
--become
-T 120
-m raw -a "nixos-rebuild build; nixos-rebuild boot;";
- name: reboot runner
run: >
openstack server reboot "${INSTANCE_NAME}"