Buildkite: Difference between revisions

← Older edit

VisualWikitext

@@ Line 1: / Line 1: @@
-NixOS comes with a module to run [https://buildkite.com build-kite] agents:
+NixOS comes with a module to run [https://buildkite.com buildkite] agents:
 <syntaxHighlight lang=nix>
@@ Line 8: / Line 8: @@
      tokenPath = "/path/to/token";
      privateSshKeyPath = "/path/to/ssh/key";
-  };
-  # tools needed for basic nix-build
+    # tools needed for basic nix-build
-  runtimePackages = [
+    runtimePackages = [
        pkgs.gnutar
        pkgs.bash
@@ Line 16: / Line 16: @@
        pkgs.gzip
        pkgs.git
-   ];
+    ];
+   };
 }
 </syntaxHighlight>
-[https://nixos.org/nixos/options.html#services.buildkite Further NixOS options]
+[https://search.nixos.org/options/?query=services.buildkite Further NixOS options]
 == Using buildkite for public repository ==
@@ Line 31: / Line 32: @@
 Make sure that you don't add secrets to your nix store!
-```nix
+<syntaxHighlight lang=nix>
 { pkgs, config, ... }:
 {
@@ Line 54: / Line 55: @@
    };
 }
-```
+</syntaxHighlight>
+Since pull requests can modify  the build instructions it is recommend to move <code>.buildkite/pipeline.yml</code> from the repository itself and only provide it via the web interface. Also consider using <code>restrict-eval</code> options to prevent leaking the buildkite's ssh key and api token, since those are still mounted into the chroot.
+== See also ==
+* [[Continuous Integration (CI)]]
-Since pull requests can modify  the build instructions it is recommend to move <code>.buildkite/pipeline.yml</code> from the repository itself and only provide it via the web interface. Also consider using <code>restrict-eval</code> options to prevent leaking the buildkite's ssh key and api token, since those are still mounte into the chroot.
+[[Category:Applications]]