UGA-Innovation-Factory/athenix
3
1
Fork 0
Code Issues Pull Requests Actions Projects Releases Activity

chore: Update ci

Browse Source
This commit is contained in:
Hunter Halloran
2025-12-17 11:42:17 -05:00
parent 9514fe2868
commit f98aa0b19b
3 changed files with 28 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
.github/workflows/ci.yml vendored
View File

@@ -38,9 +38,10 @@ jobs:
exit 1
fi
build-configs:
name: Build Key Configurations
eval-configs:
name: Evaluate Key Configurations
runs-on: [self-hosted, nix-builder]
needs: [flake-check, format-check]
strategy:
matrix:
config:
@@ -52,16 +53,16 @@ jobs:
- name: Checkout repository
uses: actions/checkout@v4
- name: Build configuration
- name: Evaluate configuration
run: |
echo "Building configuration for ${{ matrix.config }}"
nix build .#nixosConfigurations.${{ matrix.config }}.config.system.build.toplevel \
--print-build-logs \
echo "Evaluating configuration for ${{ matrix.config }}"
nix eval .#nixosConfigurations.${{ matrix.config }}.config.system.build.toplevel.drvPath \
--show-trace
build-artifacts:
name: Build Artifacts
runs-on: [self-hosted, nix-builder]
needs: [flake-check, format-check]
strategy:
matrix:
artifact:

7
hosts/default.nix
View File

@@ -73,7 +73,12 @@ let
# Each wrapper checks if the user is enabled before applying the module content
userNixosModules = lib.mapAttrsToList (
name: modulePath:
{ config, lib, pkgs, ... }@args:
{
config,
lib,
pkgs,
...
}@args:
let
# Import the user's nixos module - it returns a function or attrset
importedModuleFunc = import modulePath { inherit inputs; };

28
sw/builders/services.nix
View File

@@ -34,7 +34,7 @@ mkIf builderCfg.githubRunner.enable {
TimeoutStopSec = 60;
# Restart on failure, but not immediately
RestartSec = 10;
# Disable all namespace isolation features that don't work in LXC containers
PrivateMounts = mkForce false;
MountAPIVFS = mkForce false;
@@ -50,26 +50,26 @@ mkIf builderCfg.githubRunner.enable {
ProtectKernelTunables = mkForce false;
ProtectKernelModules = mkForce false;
ProtectControlGroups = mkForce false;
# Use LoadCredential to securely pass the token file to the service
# This allows the service to read the token even when running as non-root
LoadCredential = "token:${builderCfg.githubRunner.tokenFile}";
# Don't override ExecStartPre - let the default module handle configuration
# Just make the cleanup more tolerant by wrapping the original script
ExecStartPre = mkForce (
let
# Get the runner package and scripts
runnerPkg = pkgs.github-runner;
# Create wrapper scripts that are failure-tolerant
unconfigureWrapper = pkgs.writeShellScript "github-runner-unconfigure-wrapper.sh" ''
set +e # Don't fail on errors
runnerDir="$1"
stateDir="$2"
logDir="$3"
# If directory is busy, just skip cleanup with a warning
if [ -d "$runnerDir" ]; then
echo "Attempting cleanup of $runnerDir..."
@@ -77,15 +77,15 @@ mkIf builderCfg.githubRunner.enable {
echo "Warning: Cleanup had issues (directory may be in use), continuing anyway..."
}
fi
exit 0
'';
configureScript = pkgs.writeShellScript "github-runner-configure.sh" ''
set -e
runnerDir="${builderCfg.githubRunner.workDir}/${builderCfg.githubRunner.name}"
# Read token from systemd credential (passed via LoadCredential)
if [ -n "''${CREDENTIALS_DIRECTORY:-}" ] && [ -f "''${CREDENTIALS_DIRECTORY}/token" ]; then
token=$(cat "''${CREDENTIALS_DIRECTORY}/token")
@@ -93,11 +93,13 @@ mkIf builderCfg.githubRunner.enable {
echo "Error: Token credential not available"
exit 1
fi
cd "$runnerDir"
# Configure the runner, optionally replacing existing registration
if [ ! -f ".runner" ] || [ "${if builderCfg.githubRunner.replace then "true" else "false"}" = "true" ]; then
if [ ! -f ".runner" ] || [ "${
if builderCfg.githubRunner.replace then "true" else "false"
}" = "true" ]; then
echo "Configuring GitHub Actions runner..."
${runnerPkg}/bin/Runner.Listener configure \
--unattended \