Move dyndns into separate module #290
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: deploy | |
| on: | |
| push: | |
| branches: | |
| - "main" | |
| permissions: read-all | |
| jobs: | |
| Check: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out repository code | |
| uses: actions/checkout@v4 | |
| - name: Setup Nix | |
| uses: DeterminateSystems/nix-installer-action@main | |
| with: | |
| diagnostic-endpoint: "" | |
| - name: "Run flake checks" | |
| run: nix flake check --all-systems | |
| Lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out repository code | |
| uses: actions/checkout@v4 | |
| - name: Setup Nix | |
| uses: DeterminateSystems/nix-installer-action@main | |
| with: | |
| diagnostic-endpoint: "" | |
| - name: Check format | |
| run: nix fmt -- --check . | |
| - name: Lint using Statix | |
| run: nix run nixpkgs#statix -- check . | |
| Deploy: | |
| needs: [Check, Lint] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Tailscale | |
| uses: tailscale/github-action@v3 | |
| with: | |
| oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }} | |
| oauth-secret: ${{ secrets.TS_OAUTH_SECRET }} | |
| tags: tag:gh-actions | |
| - name: Initialize SSH-Key | |
| uses: webfactory/[email protected] | |
| with: | |
| ssh-private-key: ${{ secrets.DEPLOY_KEY }} | |
| - name: Check out repository code | |
| uses: actions/checkout@v4 | |
| - name: Setup Nix | |
| uses: DeterminateSystems/nix-installer-action@main | |
| with: | |
| diagnostic-endpoint: "" | |
| - name: Setup NIX Cache | |
| uses: zombiezen/[email protected] | |
| with: | |
| substituters: s3://nix-cache?endpoint=https://nbg1.your-objectstorage.com | |
| secret_keys: ${{ secrets.NIX_PRIVATE_KEY }} | |
| aws_access_key_id: ${{ secrets.CACHE_ACCESS_KEY_ID }} | |
| aws_secret_access_key: ${{ secrets.CACHE_SECRET_ACCESS_KEY }} | |
| - name: Build config | |
| run: nix develop --command bash -c 'colmena apply push' | |
| - name: Build DNS config | |
| run: nix build .#dns | |
| - name: Deploy DNS config | |
| run: nix develop --command bash -c 'octodns-sync --config-file result --doit' | |
| env: | |
| HETZNER_DNS_API: ${{ secrets.HETZNER_DNS_API }} | |
| - name: Activate config | |
| run: nix develop --command bash -c 'colmena apply' |