name: CI on: pull_request: push: branches: - main jobs: terraform-validate: name: Terraform fmt + validate runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: hashicorp/setup-terraform@v3 - name: fmt check — 1-nixos-node run: terraform fmt -check -recursive working-directory: 1-nixos-node - name: fmt check — 2-nomad-config run: terraform fmt -check -recursive working-directory: 2-nomad-config - name: validate — 2-nomad-config (no backend) run: | terraform init -backend=false terraform validate working-directory: 2-nomad-config nomad-validate: name: Nomad job spec validate runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Install Nomad CLI run: | curl -fsSL https://apt.releases.hashicorp.com/gpg | gpg --dearmor -o /usr/share/keyrings/hashicorp.gpg . /etc/os-release echo "deb [signed-by=/usr/share/keyrings/hashicorp.gpg] https://apt.releases.hashicorp.com ${VERSION_CODENAME} main" | tee /etc/apt/sources.list.d/hashicorp.list apt-get update && apt-get install -y nomad - name: Validate all job specs env: NOMAD_ADDR: http://jaglan-beta-m20.lan:4646 run: | find 2-nomad-config -name '*.nomad.hcl' | while read f; do echo "==> $f" nomad job validate "$f" done image-pull: name: Docker image pull validation runs-on: ubuntu-latest # Only run on PRs that touch nomad job specs if: github.event_name == 'pull_request' steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Pull changed images run: | git fetch origin ${{ github.base_ref }} IMAGES=$(git diff origin/${{ github.base_ref }}...HEAD -- '*.nomad.hcl' \ | grep '^+\s*image\s*=' \ | grep -oP '"[^"]+:[^"]+"' \ | tr -d '"' \ | sort -u) if [ -z "$IMAGES" ]; then echo "No image changes detected, skipping pull." exit 0 fi FAILED=0 while IFS= read -r image; do echo "==> Pulling $image" if ! docker pull "$image"; then echo "ERROR: Failed to pull $image" FAILED=1 fi done <<< "$IMAGES" exit $FAILED