.github: Only do disk-cleaning step for workflow jobs that need a lot… #330
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: deploy | |
| on: | |
| push: | |
| branches: [ main ] | |
| workflow_dispatch: | |
| jobs: | |
| bootstrap: | |
| name: Bootstrap nix.conf options | |
| runs-on: ubuntu-latest | |
| outputs: | |
| substituters: ${{ steps.getconf.outputs.substituters }} | |
| trustedPublicKeys: ${{ steps.getconf.outputs.trustedPublicKeys }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: DeterminateSystems/nix-installer-action@main | |
| - id: getconf | |
| name: Get nix.conf configuration options | |
| run: | | |
| nix eval '.#extra.substituters' --apply 'builtins.toString' | awk '{print "substituters="$0}' | tee -a "$GITHUB_OUTPUT" | |
| nix eval '.#extra.trusted-public-keys' --apply 'builtins.toString' | awk '{print "trustedPublicKeys="$0}' | tee -a "$GITHUB_OUTPUT" | |
| deploy-fermi: | |
| name: Deploy fermi NixOS server | |
| runs-on: ubuntu-latest | |
| if: ${{ github.event_name == 'workflow_dispatch' || !github.event.forced }} | |
| needs: bootstrap | |
| concurrency: | |
| group: deploy-fermi | |
| cancel-in-progress: true | |
| steps: | |
| # Taken from https://github.com/lilyinstarlight/foosteros/blob/aa611d0cf03bd82f6c1c701e73f86f27abb8d8e4/.github/workflows/installer.yml | |
| # MIT licensed | |
| - name: Free up runner disk space | |
| run: | | |
| # Large docker images | |
| sudo docker image prune --all --force | |
| # Large packages | |
| sudo apt-get purge -y '^llvm-.*' 'php.*' '^mongodb-.*' '^mysql-.*' azure-cli google-cloud-cli google-chrome-stable firefox powershell microsoft-edge-stable | |
| sudo apt-get autoremove -y | |
| sudo apt-get clean | |
| # Large folders | |
| sudo rm -rf /var/lib/apt/lists/* /opt/hostedtoolcache /usr/local/games /usr/local/sqlpackage /usr/local/.ghcup /usr/local/share/powershell /usr/local/share/edge_driver | |
| sudo rm -rf /usr/local/share/gecko_driver /usr/local/share/chromium /usr/local/share/chromedriver-linux64 /usr/local/share/vcpkg /usr/local/lib/python* | |
| sudo rm -rf /usr/local/lib/node_modules /usr/local/julia* /opt/mssql-tools /etc/skel /usr/share/vim /usr/share/postgresql /usr/share/man /usr/share/apache-maven-* | |
| sudo rm -rf /usr/share/R /usr/share/alsa /usr/share/miniconda /usr/share/grub /usr/share/gradle-* /usr/share/locale /usr/share/texinfo /usr/share/kotlinc /usr/share/swift | |
| sudo rm -rf /usr/share/doc /usr/share/az_9.3.0 /usr/share/sbt /usr/share/ri /usr/share/icons /usr/share/java /usr/share/fonts /usr/lib/google-cloud-sdk /usr/lib/jvm | |
| sudo rm -rf /usr/lib/mono /usr/lib/R /usr/lib/postgresql /usr/lib/heroku /usr/lib/gcc | |
| - uses: actions/checkout@v4 | |
| - uses: DeterminateSystems/nix-installer-action@main | |
| with: | |
| extra-conf: | | |
| extra-substituters = ${{ needs.bootstrap.outputs.substituters }} | |
| extra-trusted-public-keys = ${{ needs.bootstrap.outputs.trustedPublicKeys }} | |
| - uses: DeterminateSystems/magic-nix-cache-action@main | |
| - name: Install and configure attic | |
| timeout-minutes: 60 | |
| continue-on-error: true | |
| run: | | |
| echo ATTIC_CACHE=$ATTIC_CACHE >>$GITHUB_ENV | |
| nix profile install '.#attic-client' | |
| export PATH=$HOME/.nix-profile/bin:$PATH | |
| attic login --set-default ci "$ATTIC_SERVER" "$ATTIC_TOKEN" | |
| attic use "$ATTIC_CACHE" | |
| env: | |
| ATTIC_SERVER: ${{ secrets.ATTIC_SERVER }} | |
| ATTIC_CACHE: ${{ secrets.ATTIC_CACHE }} | |
| ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} | |
| - name: Create ssh key from repository secrets | |
| run: | | |
| install -m 600 -D /dev/stdin ~/.ssh/id_ed25519 <<< "${{ secrets.PRIVATE_KEY }}" | |
| - name: Add VPS fingerprint to known ssh hosts | |
| run: ssh-keyscan -H 170.130.165.174 > ~/.ssh/known_hosts | |
| - name: Deploy fermi | |
| run: | | |
| export PATH=$HOME/.nix-profile/bin:$PATH | |
| attic watch-store "ci:$ATTIC_CACHE" & | |
| nix run 'github:serokell/deploy-rs' '.#fermi' -- --ssh-user aftix -- --impure | |
| kill %1 | |
| ssh [email protected] 'sh -ls' <<< "$SCRIPT" | |
| env: | |
| SCRIPT: >- | |
| cd $HOME/cfg ; | |
| git pull --rebase |