Buildkite: Difference between revisions

(5 intermediate revisions by 3 users not shown)

Line 1:

NixOS comes with a module to run [https://buildkite.com ~~build-kite~~] agents:

NixOS comes with a module to run [https://buildkite.com buildkite] agents:

Line 8:

tokenPath = "/path/to/token";

privateSshKeyPath = "/path/to/ssh/key";

};

# tools needed for basic nix-build

runtimePackages = [

pkgs.gnutar

pkgs.bash

Line 16:

pkgs.gzip

pkgs.git

];

};

}

</syntaxHighlight>

[https://nixos.org/~~nixos~~/~~options.html#~~services.buildkite Further NixOS options]

[https://search.nixos.org/options/?query=services.buildkite Further NixOS options]

== Using buildkite for public repository ==

Line 56:

Line 57:

</syntaxHighlight>

Since pull requests can modify the build instructions it is recommend to move <code>.buildkite/pipeline.yml</code> from the repository itself and only provide it via the web interface. Also consider using <code>restrict-eval</code> options to prevent leaking the buildkite's ssh key and api token, since those are still ~~mounte~~ into the chroot.

Since pull requests can modify the build instructions it is recommend to move <code>.buildkite/pipeline.yml</code> from the repository itself and only provide it via the web interface. Also consider using <code>restrict-eval</code> options to prevent leaking the buildkite's ssh key and api token, since those are still mounted into the chroot.

== See also ==

* [[Continuous Integration (CI)]]

[[Category:Applications]]

@@ Line 1: / Line 1: @@
-NixOS comes with a module to run [https://buildkite.com build-kite] agents:
+NixOS comes with a module to run [https://buildkite.com buildkite] agents:
 <syntaxHighlight lang=nix>
@@ Line 8: / Line 8: @@
      tokenPath = "/path/to/token";
      privateSshKeyPath = "/path/to/ssh/key";
-  };
-  # tools needed for basic nix-build
+    # tools needed for basic nix-build
-  runtimePackages = [
+    runtimePackages = [
        pkgs.gnutar
        pkgs.bash
@@ Line 16: / Line 16: @@
        pkgs.gzip
        pkgs.git
-   ];
+    ];
+   };
 }
 </syntaxHighlight>
-[https://nixos.org/nixos/options.html#services.buildkite Further NixOS options]
+[https://search.nixos.org/options/?query=services.buildkite Further NixOS options]
 == Using buildkite for public repository ==
@@ Line 56: / Line 57: @@
 </syntaxHighlight>
-Since pull requests can modify  the build instructions it is recommend to move <code>.buildkite/pipeline.yml</code> from the repository itself and only provide it via the web interface. Also consider using <code>restrict-eval</code> options to prevent leaking the buildkite's ssh key and api token, since those are still mounte into the chroot.
+Since pull requests can modify  the build instructions it is recommend to move <code>.buildkite/pipeline.yml</code> from the repository itself and only provide it via the web interface. Also consider using <code>restrict-eval</code> options to prevent leaking the buildkite's ssh key and api token, since those are still mounted into the chroot.
+== See also ==
+* [[Continuous Integration (CI)]]
+[[Category:Applications]]