UGA-Innovation-Factory/athenix
3
1
Fork 0
Code Issues Pull Requests Actions Projects Releases Activity

chore: Update ci

Browse Source
This commit is contained in:
Hunter Halloran
2025-12-17 11:42:17 -05:00
parent 9514fe2868
commit f98aa0b19b
3 changed files with 28 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
.github/workflows/ci.yml vendored
View File

@@ -38,9 +38,10 @@ jobs:
exit 1 exit 1
fi fi
build-configs: eval-configs:
name: Build Key Configurations name: Evaluate Key Configurations
runs-on: [self-hosted, nix-builder] runs-on: [self-hosted, nix-builder]
needs: [flake-check, format-check]
strategy: strategy:
matrix: matrix:
config: config:
@@ -52,16 +53,16 @@ jobs:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Build configuration - name: Evaluate configuration
run: | run: |
echo "Building configuration for ${{ matrix.config }}" echo "Evaluating configuration for ${{ matrix.config }}"
nix build .#nixosConfigurations.${{ matrix.config }}.config.system.build.toplevel \ nix eval .#nixosConfigurations.${{ matrix.config }}.config.system.build.toplevel.drvPath \
--print-build-logs \
--show-trace --show-trace
build-artifacts: build-artifacts:
name: Build Artifacts name: Build Artifacts
runs-on: [self-hosted, nix-builder] runs-on: [self-hosted, nix-builder]
needs: [flake-check, format-check]
strategy: strategy:
matrix: matrix:
artifact: artifact:

7
hosts/default.nix
View File

@@ -73,7 +73,12 @@ let
# Each wrapper checks if the user is enabled before applying the module content # Each wrapper checks if the user is enabled before applying the module content
userNixosModules = lib.mapAttrsToList ( userNixosModules = lib.mapAttrsToList (
name: modulePath: name: modulePath:
{ config, lib, pkgs, ... }@args: {
config,
lib,
pkgs,
...
}@args:
let let
# Import the user's nixos module - it returns a function or attrset # Import the user's nixos module - it returns a function or attrset
importedModuleFunc = import modulePath { inherit inputs; }; importedModuleFunc = import modulePath { inherit inputs; };

28
sw/builders/services.nix
View File

@@ -34,7 +34,7 @@ mkIf builderCfg.githubRunner.enable {
TimeoutStopSec = 60; TimeoutStopSec = 60;
# Restart on failure, but not immediately # Restart on failure, but not immediately
RestartSec = 10; RestartSec = 10;
# Disable all namespace isolation features that don't work in LXC containers # Disable all namespace isolation features that don't work in LXC containers
PrivateMounts = mkForce false; PrivateMounts = mkForce false;
MountAPIVFS = mkForce false; MountAPIVFS = mkForce false;
@@ -50,26 +50,26 @@ mkIf builderCfg.githubRunner.enable {
ProtectKernelTunables = mkForce false; ProtectKernelTunables = mkForce false;
ProtectKernelModules = mkForce false; ProtectKernelModules = mkForce false;
ProtectControlGroups = mkForce false; ProtectControlGroups = mkForce false;
# Use LoadCredential to securely pass the token file to the service # Use LoadCredential to securely pass the token file to the service
# This allows the service to read the token even when running as non-root # This allows the service to read the token even when running as non-root
LoadCredential = "token:${builderCfg.githubRunner.tokenFile}"; LoadCredential = "token:${builderCfg.githubRunner.tokenFile}";
# Don't override ExecStartPre - let the default module handle configuration # Don't override ExecStartPre - let the default module handle configuration
# Just make the cleanup more tolerant by wrapping the original script # Just make the cleanup more tolerant by wrapping the original script
ExecStartPre = mkForce ( ExecStartPre = mkForce (
let let
# Get the runner package and scripts # Get the runner package and scripts
runnerPkg = pkgs.github-runner; runnerPkg = pkgs.github-runner;
# Create wrapper scripts that are failure-tolerant # Create wrapper scripts that are failure-tolerant
unconfigureWrapper = pkgs.writeShellScript "github-runner-unconfigure-wrapper.sh" '' unconfigureWrapper = pkgs.writeShellScript "github-runner-unconfigure-wrapper.sh" ''
set +e # Don't fail on errors set +e # Don't fail on errors
runnerDir="$1" runnerDir="$1"
stateDir="$2" stateDir="$2"
logDir="$3" logDir="$3"
# If directory is busy, just skip cleanup with a warning # If directory is busy, just skip cleanup with a warning
if [ -d "$runnerDir" ]; then if [ -d "$runnerDir" ]; then
echo "Attempting cleanup of $runnerDir..." echo "Attempting cleanup of $runnerDir..."
@@ -77,15 +77,15 @@ mkIf builderCfg.githubRunner.enable {
echo "Warning: Cleanup had issues (directory may be in use), continuing anyway..." echo "Warning: Cleanup had issues (directory may be in use), continuing anyway..."
} }
fi fi
exit 0 exit 0
''; '';
configureScript = pkgs.writeShellScript "github-runner-configure.sh" '' configureScript = pkgs.writeShellScript "github-runner-configure.sh" ''
set -e set -e
runnerDir="${builderCfg.githubRunner.workDir}/${builderCfg.githubRunner.name}" runnerDir="${builderCfg.githubRunner.workDir}/${builderCfg.githubRunner.name}"
# Read token from systemd credential (passed via LoadCredential) # Read token from systemd credential (passed via LoadCredential)
if [ -n "''${CREDENTIALS_DIRECTORY:-}" ] && [ -f "''${CREDENTIALS_DIRECTORY}/token" ]; then if [ -n "''${CREDENTIALS_DIRECTORY:-}" ] && [ -f "''${CREDENTIALS_DIRECTORY}/token" ]; then
token=$(cat "''${CREDENTIALS_DIRECTORY}/token") token=$(cat "''${CREDENTIALS_DIRECTORY}/token")
@@ -93,11 +93,13 @@ mkIf builderCfg.githubRunner.enable {
echo "Error: Token credential not available" echo "Error: Token credential not available"
exit 1 exit 1
fi fi
cd "$runnerDir" cd "$runnerDir"
# Configure the runner, optionally replacing existing registration # Configure the runner, optionally replacing existing registration
if [ ! -f ".runner" ] || [ "${if builderCfg.githubRunner.replace then "true" else "false"}" = "true" ]; then if [ ! -f ".runner" ] || [ "${
if builderCfg.githubRunner.replace then "true" else "false"
}" = "true" ]; then
echo "Configuring GitHub Actions runner..." echo "Configuring GitHub Actions runner..."
${runnerPkg}/bin/Runner.Listener configure \ ${runnerPkg}/bin/Runner.Listener configure \
--unattended \ --unattended \