tweag/nickel
1
1
Fork 0
mirror of https://github.com/tweag/nickel.git synced 2024-10-06 08:07:37 +03:00
Code Issues Projects Releases Wiki Activity
924959742d
nickel/infra
History
Viktor Kleen be9269a443
Fix the release artifacts workflow (#1573) 
* Fix a typo in the release workflow

This changes `os.matrix` into the correct `matrix.os`.

* Use `nodeRuntimes` as required by nixpkgs master, now

* Add nix settings to github-runner.nix

* Disable diffutils tests on arm64 musl

* Add dependencies on `start-runner` in `release-artifacts.yaml`

* Use `--log-format raw-with-logs` like in the CI workflow

* Use the correct cargo package for `nickel-static`

* Adjust linker flags on arm64 musl

* Add github cli and docker to `github-runner.nix`

* Combine static binary and docker image building jobs for caching

* Allow docker access for github jobs

* Use `docker buildx` to assemble the multiplatform image
2023-09-06 09:14:59 +00:00
..
spot_lambdas Add infrastructure for on-demand ARM64 runners on AWS (#1569) 2023-09-04 15:41:23 +00:00
.gitignore Add infrastructure for on-demand ARM64 runners on AWS (#1569) 2023-09-04 15:41:23 +00:00
github-oidc.ncl Add infrastructure for on-demand ARM64 runners on AWS (#1569) 2023-09-04 15:41:23 +00:00
github-runner.nix Fix the release artifacts workflow (#1573) 2023-09-06 09:14:59 +00:00
github-variables.ncl Add infrastructure for on-demand ARM64 runners on AWS (#1569) 2023-09-04 15:41:23 +00:00
lambdas.ncl Add infrastructure for on-demand ARM64 runners on AWS (#1569) 2023-09-04 15:41:23 +00:00
main.ncl Add infrastructure for on-demand ARM64 runners on AWS (#1569) 2023-09-04 15:41:23 +00:00
README.md Add a note about an AWS provider bug into infra/README.md (#1570) 2023-09-04 16:46:00 +00:00
runner.ncl Add infrastructure for on-demand ARM64 runners on AWS (#1569) 2023-09-04 15:41:23 +00:00
state.ncl Add infrastructure for on-demand ARM64 runners on AWS (#1569) 2023-09-04 15:41:23 +00:00
vpc.ncl Add infrastructure for on-demand ARM64 runners on AWS (#1569) 2023-09-04 15:41:23 +00:00

README.md

GitHub Runner Infrastructure

If you make any changes to the infrastructure code in this directory, you will have to redeploy it. Do the following:

  1. Make sure you're logged into AWS. You can check using awscli2:

     nix run nixpkgs#awscli2 -- sts get-caller-identity
{
  # CENSORED
}

    If this fails, log in with AWS SSO credentials, following their guide. You will likely hit a bug in the AWS provider. Apply the workaround mentioned in a comment and log in again using aws sso login to resolve this.

  2. Make sure you're logged into GitHub. You can check using gh:

     nix run github:nixos/nixpkgs#gh -- auth status
github.com
  # CENSORED
  ✓ Token scopes: gist, read:org, repo

    If this fails, log in using nix run nixpkgs#gh -- auth login and follow the instructions.

  3. Update the infrastructure using

    nix develop ..#infra -c update-infra

Architecture

The code in this subdirectory provisions AWS infrastucture for starting an ARM64 GitHub Actions runner on demand. The workflow for producing ARM64 release artifacts is as follows:

  • the release workflow is triggered automatically when a release is created or manually for testing
  • the workflow requests a runner registration token $TOKEN from the GitHub API. For this, it needs a personal access token with repo scope for the Nickel repository.
  • the workflow invokes the $EC2_START AWS Lambda and provides $TOKEN as input
  • the AWS Lambda stores $TOKEN as a parameter in the AWS SSM and requests an appropriate EC2 spot instance
  • the spot instance boots up, retrieves $TOKEN from AWS SSM and starts a GitHub Actions runner
  • GitHub Actions schedules the ARM64 jobs on the spot instance
  • when the jobs building the release artifact have finished, the workflow invokes the $EC2_STOP AWS Lambda which terminates the EC2 instance