Our main job we run every week to ensure the upstream of our application is able to deploy onto a clean server completely. We'd like to build everyday, but for now we need to solve acme problem, since it rejects our requests if we do it every 24 hours...
Create infect.sh script and send it with a POST request to the clean server to deploy our testing environment
Create DNS entries for subdomains to ensure networking and certificates for properly
Wait for the environment to build (it takes a while...)
Request for overall status, do basic checks on the server
Destroy the environment and all DNS entries, tests are over!
Update upstream NixOS channel at selfprivacy.org
It is ensured that teardown step must happen whether the pipeline fails or succeeds, because we need the server to be clean before every new job. It is done by forcing the step to be called with status trigger: