If you make any changes to the infrastructure code in this directory, you will have to redeploy it. Do the following:
-
Make sure you're logged into AWS. You can check using
awscli2:❯ nix run nixpkgs#awscli2 -- sts get-caller-identity { # CENSORED }
If this fails, log in with AWS SSO credentials, following their guide. You will likely hit a bug in the AWS provider. Apply the workaround mentioned in a comment and log in again using
aws sso loginto resolve this. -
Make sure you're logged into GitHub. You can check using
gh:❯ nix run github:nixos/nixpkgs#gh -- auth status github.com # CENSORED ✓ Token scopes: gist, read:org, repo
If this fails, log in using
nix run nixpkgs#gh -- auth loginand follow the instructions. -
Update the infrastructure using
nix develop ..#infra -c update-infra
The code in this subdirectory provisions AWS infrastucture for starting an ARM64 GitHub Actions runner on demand. The workflow for producing ARM64 release artifacts is as follows:
- the release workflow is triggered automatically when a release is created or manually for testing
- the workflow requests a runner registration token
$TOKENfrom the GitHub API. For this, it needs a personal access token withreposcope for the Nickel repository. - the workflow invokes the
$EC2_STARTAWS Lambda and provides$TOKENas input - the AWS Lambda stores
$TOKENas a parameter in the AWS SSM and requests an appropriate EC2 spot instance - the spot instance boots up, retrieves
$TOKENfrom AWS SSM and starts a GitHub Actions runner - GitHub Actions schedules the ARM64 jobs on the spot instance
- when the jobs building the release artifact have finished, the workflow
invokes the
$EC2_STOPAWS Lambda which terminates the EC2 instance