macos/ci: push something that works

2026-01-01 03:55:26 +08:00 · 2024-02-23 10:11:57 -05:00 · 2024-02-23 10:11:57 -05:00 · 19d7522ff7
commit 19d7522ff7
parent 6c0b333cdb
3 changed files with 49 additions and 10 deletions
--- a/flake.lock
+++ b/flake.lock
@ -130,15 +130,16 @@
    "devour-flake": {
      "flake": false,
      "locked": {
-        "lastModified": 1708523776,
-        "narHash": "sha256-7m7FriwgnWncJA1ZJzPnreNqAXUw8FYpda5113CTokU=",
+        "lastModified": 1708698505,
+        "narHash": "sha256-UYva75UjgL2izR5tVzgTBBvtYyCPiKTtn1UjCZyR3Zw=",
        "owner": "srid",
        "repo": "devour-flake",
-        "rev": "222d10660d28843a4c8b47032bc51af2ab2ce5ed",
+        "rev": "552e88feab693689e90572dbeb0c626e18e04554",
        "type": "github"
      },
      "original": {
        "owner": "srid",
+        "ref": "build-systems",
        "repo": "devour-flake",
        "type": "github"
      }
@ -1065,15 +1066,16 @@
        "treefmt-nix": "treefmt-nix_3"
      },
      "locked": {
-        "lastModified": 1708523859,
-        "narHash": "sha256-X32S5PAlxscCKIJtybJAcG+Ci8BDvMonMUSDO0CP14Y=",
+        "lastModified": 1708699635,
+        "narHash": "sha256-wt91WSA+LChqDWJYpvlZUAr6WwOk9N5gTXuV0cjYgHk=",
        "owner": "srid",
        "repo": "nixci",
-        "rev": "c5049bcc9b4bcfc603b7341ad106a53ab5ca136d",
+        "rev": "f3e5261a74bf0187f97dd30f81e323a4cd9248cf",
        "type": "github"
      },
      "original": {
        "owner": "srid",
+        "ref": "build-systems",
        "repo": "nixci",
        "type": "github"
      }
--- a/flake.nix
+++ b/flake.nix
@ -28,7 +28,7 @@
    nixpkgs-match.url = "github:srid/nixpkgs-match";
    nuenv.url = "github:DeterminateSystems/nuenv";
    nixd.url = "github:nix-community/nixd";
-    nixci.url = "github:srid/nixci";
+    nixci.url = "github:srid/nixci/build-systems";
    nix-browser.url = "github:juspay/nix-browser";
    actual.url = "github:srid/actual";
    actual.inputs.nixpkgs.follows = "nixpkgs";
@ -87,7 +87,7 @@
            services.tailscale.enable = true;
            services.easy-github-runners = {
              "srid/ema" = { };
-              "srid/emanote" = { };
+              # "srid/emanote" = { }; -- running on macOS
              "srid/nixos-config" = { };
              "srid/nixos-flake" = { };
              "srid/haskell-flake" = { };
--- a/systems/darwin/ci.nix
+++ b/systems/darwin/ci.nix
@ -1,7 +1,44 @@
-{ ... }:
+{ pkgs, lib, ... }:

 {
-  # TODO: GitHub Runners
+  # TODO: Refactor this into a module, like easy-github-runners.nix
+  services.github-runners =
+    let
+      srid = {
+        common = {
+          enable = true;
+          # TODO: Document instructions
+          # - chmod og-rwx; chown github-runner
+          # TODO: Use a secret manager. 1Password?
+          tokenFile = "/run/mykeys/gh-token-runner";
+          extraPackages = with pkgs; [
+            nixci
+            cachix
+            which
+            coreutils
+          ];
+        };
+        repos = {
+          emanote = {
+            url = "https://github.com/srid/emanote";
+            num = 2;
+          };
+        };
+      };
+    in
+    lib.listToAttrs (lib.concatLists (lib.flip lib.mapAttrsToList srid.repos
+      (k: { url, num }:
+        lib.flip builtins.map (lib.range 1 num) (idx:
+          let
+            name = "${k}-${builtins.toString idx}";
+            value = srid.common // {
+              inherit url;
+            };
+          in
+          lib.nameValuePair (builtins.trace name name) value)
+      )));
+  users.knownGroups = [ "github-runner" ];
+  users.knownUsers = [ "github-runner" ];

  # To build Linux derivations whilst on macOS.
  #