Buildkite: Difference between revisions
imported>Mic92 No edit summary |
imported>Fufexan m Fix position of runtimePackages |
||
| (4 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
NixOS comes with a module to run [https://buildkite.com | NixOS comes with a module to run [https://buildkite.com buildkite] agents: | ||
<syntaxHighlight lang=nix> | <syntaxHighlight lang=nix> | ||
| Line 8: | Line 8: | ||
tokenPath = "/path/to/token"; | tokenPath = "/path/to/token"; | ||
privateSshKeyPath = "/path/to/ssh/key"; | privateSshKeyPath = "/path/to/ssh/key"; | ||
# tools needed for basic nix-build | |||
runtimePackages = [ | |||
pkgs.gnutar | pkgs.gnutar | ||
pkgs.bash | pkgs.bash | ||
| Line 16: | Line 16: | ||
pkgs.gzip | pkgs.gzip | ||
pkgs.git | pkgs.git | ||
]; | |||
}; | |||
} | } | ||
</syntaxHighlight> | </syntaxHighlight> | ||
[https://nixos.org/ | [https://search.nixos.org/options/?query=services.buildkite Further NixOS options] | ||
== Using buildkite for public repository == | == Using buildkite for public repository == | ||
| Line 57: | Line 58: | ||
Since pull requests can modify the build instructions it is recommend to move <code>.buildkite/pipeline.yml</code> from the repository itself and only provide it via the web interface. Also consider using <code>restrict-eval</code> options to prevent leaking the buildkite's ssh key and api token, since those are still mounted into the chroot. | Since pull requests can modify the build instructions it is recommend to move <code>.buildkite/pipeline.yml</code> from the repository itself and only provide it via the web interface. Also consider using <code>restrict-eval</code> options to prevent leaking the buildkite's ssh key and api token, since those are still mounted into the chroot. | ||
== See also == | |||
* [[Continuous Integration (CI)]] | |||
[[Category:Applications]] | |||