feat: add azure psql backups #121
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build & Deploy tikpannu | |
| on: | |
| pull_request: | |
| paths: | |
| - "flake.*" | |
| - tikpannu-nixos-config/**/* | |
| - .github/workflows/deploy-pannu.yml | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - "flake.*" | |
| - tikpannu-nixos-config/**/* | |
| - .github/workflows/deploy-pannu.yml | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| if: github.ref != 'refs/heads/main' | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| - name: Install Nix | |
| uses: cachix/install-nix-action@v31 | |
| - name: Restore and save /nix/store | |
| uses: nix-community/cache-nix-action@v7 | |
| with: | |
| primary-key: nix-${{ runner.os }}-${{ hashFiles('**/*.nix', '**/flake.lock') }} | |
| restore-prefixes-first-match: nix-${{ runner.os }} | |
| purge: true | |
| - name: Run flake checks | |
| run: | | |
| nix flake check -L | |
| # Add GC roots | |
| nix flake show --json | jq ".checks.\"$(uname -m)-linux\" | keys[]" | \ | |
| xargs -I{} nix build .#checks.x86_64-linux."{}" --out-link "{}" | |
| - name: Build NixOS Configuration | |
| run: | | |
| nix build .#nixosConfigurations.tikpannu.config.system.build.toplevel -L --out-link tikpannu-config | |
| - name: Nix GC | |
| run: | | |
| nix-collect-garbage | |
| deploy: | |
| runs-on: ubuntu-latest | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| - name: Install Nix | |
| uses: cachix/install-nix-action@v31 | |
| - name: Restore and save /nix/store | |
| uses: nix-community/cache-nix-action@v7 | |
| with: | |
| primary-key: nix-${{ runner.os }}-${{ hashFiles('**/*.nix', '**/flake.lock') }} | |
| restore-prefixes-first-match: nix-${{ runner.os }} | |
| gc-max-store-size-linux: 9G | |
| purge: true | |
| - name: Configure SSH | |
| env: | |
| SSH_PRIVATE_KEY: ${{ secrets.DEPLOY_SSH_KEY }} | |
| SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }} | |
| run: | | |
| mkdir -p ~/.ssh | |
| echo "$SSH_PRIVATE_KEY" > ~/.ssh/deploy_key | |
| chmod 600 ~/.ssh/deploy_key | |
| echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts | |
| chmod 600 ~/.ssh/known_hosts | |
| cat >> ~/.ssh/config <<EOF | |
| Host pannu.tietokilta.fi | |
| IdentityFile ~/.ssh/deploy_key | |
| User deploy | |
| EOF | |
| - name: Run flake checks | |
| run: | | |
| nix flake check -L | |
| # Add GC roots | |
| nix flake show --json | jq ".checks.\"$(uname -m)-linux\" | keys[]" | \ | |
| xargs -I{} nix build .#checks.x86_64-linux."{}" --out-link "{}" | |
| - name: Build and Deploy NixOS Configuration | |
| run: | | |
| nix build .#nixosConfigurations.tikpannu.config.system.build.toplevel -L --out-link tikpannu-config | |
| nix copy .#nixosConfigurations.tikpannu.config.system.build.toplevel -L \ | |
| --to ssh://pannu.tietokilta.fi | |
| ssh pannu.tietokilta.fi 'sudo $(realpath $(which rebuild-from-infra))' | |
| - name: Nix GC | |
| run: | | |
| nix-collect-garbage | |
| - name: Cleanup | |
| if: always() | |
| run: | | |
| rm -f ~/.ssh/deploy_key |