expand on CI/CD
Signed-off-by: cinereal <cinereal@riseup.net>
This commit is contained in:
parent
42739bb6f5
commit
4cf1ac286e
SSH key fingerprint:
SHA256:COspvLoLJ5WC5rFb9ZDe5urVCkK4LJZOsjfF4duRJFU
1 changed files with 41 additions and 2 deletions
|
|
@ -173,5 +173,44 @@ Whereas the core abstraction in Fediversity is a NixOS configuration module, a m
|
|||
|
||||
### CI / CD
|
||||
|
||||
In our simplest set-up, continuous integration and continuous deployment pipelines are handled using Forgejo's [built-in runner](https://code.forgejo.org/forgejo/runner), with relevant secrets handled using [Forgejo secrets](https://forgejo.org/docs/latest/developer/secrets/). Jobs we handle using CI include linting, formatting, testing, and a periodic life-cycle management job to keep our dependencies up-to-date.
|
||||
In a future iteration, we may make use of [Gerrit](https://gerrit.googlesource.com/) to better manage our review process for incoming merge requests.
|
||||
In our present set-up, continuous integration and continuous deployment pipelines are handled using Forgejo's [built-in runner](https://code.forgejo.org/forgejo/runner), with relevant secrets handled using [Forgejo secrets](https://forgejo.org/docs/latest/developer/secrets/). Our CI jobs use Nix flakes to ensure tests results remain cached in case new commits do not materially affect our tests.
|
||||
A CD pipeline helps us automate our deployment by using NixOps4 to sync the latest code on our main branch to our live environment.
|
||||
Tests created so far cover:
|
||||
|
||||
- pre-commit checks, including:
|
||||
- formatting
|
||||
- dead code detection
|
||||
- trailing whitespace detection
|
||||
- linting of shell scripts
|
||||
- our data model
|
||||
- building our front-end
|
||||
- services we offer to our operators, so far covering:
|
||||
- mastodon
|
||||
- peertube
|
||||
- pixelfed
|
||||
- builds for test machines covering our applications and ancilliary services (Garage)
|
||||
- deployments of the above applications using:
|
||||
- NixOps4 through Nix
|
||||
- NixOps4 through CLI
|
||||
- NixOps4 through our front-end
|
||||
- provisioning virtual machines on ProxmoX
|
||||
- deployments using our data model by:
|
||||
- SSH
|
||||
- NixOps4
|
||||
- OpenTofu as a wrapper around SSH
|
||||
- OpenTofu provisioning a virtual machine on ProxmoX
|
||||
- builds for the (virtual) machines making up our internal infrastructure
|
||||
- ensuring any checks exposed by our Nix flake have been exposed in CI
|
||||
|
||||
The latest info on these may be found at:
|
||||
|
||||
- CI/CD runner set-up: <https://git.fediversity.eu/Fediversity/Fediversity/src/branch/main/machines/dev/forgejo-ci>
|
||||
- workflow definitions: <https://git.fediversity.eu/Fediversity/Fediversity/src/branch/main/.forgejo/workflows>
|
||||
- CI/CD runs: <https://git.fediversity.eu/Fediversity/Fediversity/actions>
|
||||
|
||||
Expanding test coverage aside as our functionality increases, considerations for future iterations of this infrastructure include:
|
||||
|
||||
- separating demo versus production environments
|
||||
- switching to e.g. Woodpecker CI for its features around secret scoping
|
||||
- a periodic life-cycle management job to keep our dependencies up-to-date
|
||||
- using [Gerrit](https://gerrit.googlesource.com/) to better manage our review process for incoming merge requests
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue