Test terraform

nix-pizza · Apr 27, 2024 · 9714e93 · 9714e93
1 parent 570d7c7
commit 9714e93
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 11 deletions.
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -21,6 +21,8 @@ jobs:
         github_access_token: ${{ secrets.GITHUB_TOKEN }}
         extra_nix_config: | 
           system = ${{ matrix.system }}
+          trusted-public-keys = nix-pizza.cachix.org-1:TQe66aP2buN2KXWrZqpdko7GAL0WtbPA40d+wlnEiyo= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
+          substituters = https://nix-pizza.cachix.org https://cache.nixos.org/
     - id: retrieve-cachix-auth-token
       run: |
         source "$(nix build .#inject-secrets --no-link --print-out-paths)"/bin/install-agenix-shell
@@ -30,7 +32,3 @@ jobs:
         name: nix-pizza
         authToken: ${{ steps.retrieve-cachix-auth-token.outputs.CACHIX_AUTH_TOKEN }}
     - run: nix flake check -L
-    # - run: |
-        # source "$(nix build .#inject-secrets --no-link --print-out-paths)"/bin/install-agenix-shell
-        # nix run .#opentofu -- init
-        # nix run .#opentofu -- apply --auto-approve
diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
@@ -0,0 +1,20 @@
+name: "Deploy"
+on:
+  push:
+    # branches:
+      # - main
+jobs:
+  deploy:
+    strategy:
+      matrix:
+        system: ["aarch64-linux", "x86_64-linux"]
+    runs-on: ubuntu-latest
+    name: Deploy
+    steps:
+    - uses: nix-pizza/infra/.github/workflows/build.yaml@aciceri/ci
+    - run: |
+        [ '${{ matrix.system }}' != 'aarch64-linux' ] && exit 0
+        source "$(nix build .#inject-secrets --no-link --print-out-paths)"/bin/install-agenix-shell
+        export TF_VAR_ssh_public_keys="$(nix build .#ssh-public-keys --no-link --print-out-paths)"
+        nix run .#opentofu -- init
+        nix run .#opentofu -- apply --auto-approve
diff --git a/keys/module.nix b/keys/module.nix
@@ -1,4 +1,4 @@
-{ config, lib, ... }: {
+topArgs@{ lib, ... }: {
   options.infra.sshKeys = lib.mkOption {
     type = lib.types.attrsOf (lib.types.submodule ({ config, ... }: {
       options = {
@@ -27,14 +27,15 @@
     description = "SSH keys";
   };
 
-  config.perSystem = { pkgs, ... }: {
+  config.perSystem = { config, pkgs, ... }: {
+    packages.ssh-public-keys =
+      let
+        keys = lib.filterAttrs (_: key: key.terraform) topArgs.config.infra.sshKeys;
+      in
+      pkgs.writers.writeJSON "ssh_public_keys.json" keys;
     devshells.default.env = [{
       name = "TF_VAR_ssh_public_keys";
-      value =
-        let
-          keys = lib.filterAttrs (_: key: key.terraform) config.infra.sshKeys;
-        in
-        pkgs.writers.writeJSON "ssh_public_keys.json" keys;
+      value = config.packages.ssh-public-keys;
     }];
   };