From 1b73fda11f244434be4a23cf40ef39e96b8fb9b8 Mon Sep 17 00:00:00 2001 From: Adrian Cowan Date: Sun, 19 Apr 2026 14:52:02 +1000 Subject: [PATCH] ci: add nomad job validate step (Phase 1c) --- .gitea/workflows/ci.yml | 23 +++++++++++++++++++++++ cicd-plan.md | 2 +- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index b6f319f..97fe3d0 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -29,3 +29,26 @@ jobs: terraform init -backend=false terraform validate working-directory: 2-nomad-config + + nomad-validate: + name: Nomad job spec validate + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - name: Install Nomad CLI + run: | + curl -fsSL https://apt.releases.hashicorp.com/gpg | gpg --dearmor -o /usr/share/keyrings/hashicorp.gpg + . /etc/os-release + echo "deb [signed-by=/usr/share/keyrings/hashicorp.gpg] https://apt.releases.hashicorp.com ${VERSION_CODENAME} main" | tee /etc/apt/sources.list.d/hashicorp.list + apt-get update && apt-get install -y nomad + + - name: Validate all job specs + env: + NOMAD_ADDR: http://jaglan-beta-m20.lan:4646 + run: | + find 2-nomad-config -name '*.nomad.hcl' | while read f; do + echo "==> $f" + nomad job validate "$f" + done diff --git a/cicd-plan.md b/cicd-plan.md index 28fd129..059d15f 100644 --- a/cicd-plan.md +++ b/cicd-plan.md @@ -295,7 +295,7 @@ exit 1 - [x] **Phase 1a**: Create `act-runner.nomad.hcl` + Terraform wrapper, register runner token in Gitea, get a hello-world workflow green - [x] **Phase 1b**: Add `terraform fmt` + `terraform validate -backend=false` workflow — no secrets needed -- [ ] **Phase 1c**: Add Nomad validate step — add `NOMAD_ADDR` + read-only `NOMAD_TOKEN` to Gitea secrets +- [x] **Phase 1c**: Add Nomad validate step — add `NOMAD_ADDR` + read-only `NOMAD_TOKEN` to Gitea secrets - [ ] **Phase 2**: Add image pull validation step to the workflow - [ ] **Phase 3a**: Add `update` stanzas to ntfy and glance (simplest, no volume conflict) - [ ] **Phase 3b**: Add rolling `update` stanzas to remaining service jobs (jellyfin, sonarr, etc.)