colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

scripts/deploy: implement a dry-run mode

Browse Source
This commit is contained in:
Colin
2024-06-19 11:24:33 +00:00
parent 294f0061bd
commit afea7fe5e7
1 changed files with 18 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
scripts/deploy
View File

@@ -9,6 +9,7 @@ usage() {
echo "usage: deploy [options] [host] [host2 ...]" echo "usage: deploy [options] [host] [host2 ...]"
echo "options:" echo "options:"
echo "- --action copy|switch|test (default: 'switch')" echo "- --action copy|switch|test (default: 'switch')"
echo "- --dry-run: show what would be done without actually doing it"
echo "- --variant light|min|''|all (default: '')" echo "- --variant light|min|''|all (default: '')"
echo "- --pre: alias for --action copy --variant all all" echo "- --pre: alias for --action copy --variant all all"
echo "" echo ""
@@ -30,6 +31,7 @@ defaultHost="$SELF"
variants=() variants=()
defaultVariant= defaultVariant=
nixArgs=() nixArgs=()
dryRun=
addHost() { addHost() {
if [ "$1" = all ]; then if [ "$1" = all ]; then
# order matters: # order matters:
@@ -72,6 +74,9 @@ parseArgs() {
defaultVariant=all defaultVariant=all
defaultHost=all defaultHost=all
;; ;;
(--dry-run)
dryRun=1
;;
(*) (*)
nixArgs+=("$arg") nixArgs+=("$arg")
;; ;;
@@ -86,6 +91,14 @@ parseArgs() {
fi fi
} }
destructive() {
if [ -z "$dryRun" ]; then
"$@"
else
echo "dry-run: $@"
fi
}
runOnTarget() { runOnTarget() {
# run the command ($@) on the machine we're deploying to. # run the command ($@) on the machine we're deploying to.
# if that's a remote machine, then do it via ssh, else local shell. # if that's a remote machine, then do it via ssh, else local shell.
@@ -104,7 +117,7 @@ deployOneHost() {
local variant="$2" local variant="$2"
info "building $host$variant ..." info "building $host$variant ..."
nix-build -A "hosts.$host$variant.toplevel" --out-link "./build/result-$host$variant" "${nixArgs[@]}" || return 1 destructive nix-build -A "hosts.$host$variant.toplevel" --out-link "./build/result-$host$variant" "${nixArgs[@]}" || return 1
storePath="$(readlink ./build/result-$host$variant)" storePath="$(readlink ./build/result-$host$variant)"
info "build $host$variant -> $storePath" info "build $host$variant -> $storePath"
@@ -120,20 +133,20 @@ deployOneHost() {
if [ -n "$host" ] && [ "$host" != "$SELF" ]; then if [ -n "$host" ] && [ "$host" != "$SELF" ]; then
if [ -e /run/secrets/nix_signing_key ]; then if [ -e /run/secrets/nix_signing_key ]; then
info "signing store paths ..." info "signing store paths ..."
sudo nix store sign -r -k /run/secrets/nix_signing_key "$storePath" destructive sudo nix store sign -r -k /run/secrets/nix_signing_key "$storePath"
else else
info "not signing store paths: /run/secrets/nix_signing_key does not exist" info "not signing store paths: /run/secrets/nix_signing_key does not exist"
fi fi
# add more `-v` for more verbosity (up to 5). # add more `-v` for more verbosity (up to 5).
# builders-use-substitutes false: optimizes so that the remote machine doesn't try to get paths from its substituters. # builders-use-substitutes false: optimizes so that the remote machine doesn't try to get paths from its substituters.
# we already have all paths here, and the remote substitution is slow to check and SERIOUSLY flaky on moby in particular. # we already have all paths here, and the remote substitution is slow to check and SERIOUSLY flaky on moby in particular.
nix copy -vv --option builders-use-substitutes false --to "ssh-ng://$host" "$storePath" || return 1 destructive nix copy -vv --option builders-use-substitutes false --to "ssh-ng://$host" "$storePath" || return 1
fi fi
if [ -n "$action" ] && [ "$action" != "copy" ]; then if [ -n "$action" ] && [ "$action" != "copy" ]; then
info "activating profile... " info "activating profile... "
runOnTarget sudo nix-env -p /nix/var/nix/profiles/system --set "$storePath" || return 1 destructive runOnTarget sudo nix-env -p /nix/var/nix/profiles/system --set "$storePath" || return 1
runOnTarget sudo "$storePath/bin/switch-to-configuration" "$action" || return 1 destructive runOnTarget sudo "$storePath/bin/switch-to-configuration" "$action" || return 1
fi fi
} }