mirror of
https://mau.dev/andreijiroh-dev/website.git
synced 2024-11-22 08:23:40 +00:00
Update scripts to hell and back
Signed-off-by: Andrei Jiroh Halili <ajhalili2006@gmail.com>
This commit is contained in:
parent
f57b1b1670
commit
8b77e1e70f
6 changed files with 61 additions and 86 deletions
32
.build.yml
32
.build.yml
|
@ -27,40 +27,14 @@ tasks:
|
||||||
# in case of triggered from hottub
|
# in case of triggered from hottub
|
||||||
- repo-sync: |
|
- repo-sync: |
|
||||||
cd tildeweb
|
cd tildeweb
|
||||||
env # for debugging purposes only
|
|
||||||
|
|
||||||
git remote add hub https://github.com/ajhalili2006/tildeverse-web && git pull hub main
|
|
||||||
git remote add lab https://mau.dev/ajhalili2006/tildeverse-web && git pull lab main
|
|
||||||
|
|
||||||
if [ "$BUILD_REASON" != "patchset" ] && [ "$BUILD_SUBMITTER" != "hub.sr.ht" ]; then
|
|
||||||
git remote set-url origin ssh://git@git.sr.ht/~ajhalili2006/tildeweb
|
|
||||||
fi
|
|
||||||
- build: |
|
- build: |
|
||||||
cd tildeweb && pip3 install -r requirements.txt --user
|
cd tildeweb && pip3 install -r requirements.txt --user
|
||||||
export PATH="$PATH:$HOME/.local/bin"
|
export PATH="$PATH:$HOME/.local/bin"
|
||||||
|
bash ./build.sh
|
||||||
mkdocs build -d public -f mkdocs.yml
|
|
||||||
- generate-archive: |
|
- generate-archive: |
|
||||||
cd tildeweb
|
cd tildeweb
|
||||||
tar cvzf tildeweb-prod-build.tar.gz public
|
tar -C public -cvz . -f tildeweb-prod-build.tar.gz
|
||||||
- deploy: |
|
- deploy: |
|
||||||
if [ "$BUILD_REASON" == "patchset" ] && [ "$BUILD_SUBMITTER" == "hub.sr.ht" ]; then
|
echo done
|
||||||
complete-build
|
|
||||||
exit 0
|
|
||||||
elif [ ! -f "$HOME/.ssh/passowrdless-auth-sshfs" ]; then
|
|
||||||
complete-build
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
cd tildeweb
|
|
||||||
echo "StrictHostKeyChecking=no" >> ~/.ssh/config
|
|
||||||
eval $(ssh-agent) && ssh-add ~/.ssh/passwordless-auth-sshfs
|
|
||||||
rsync -rP public ajhalili2006@vern.cc:/home/ajhalili2006/public_html/ || true
|
|
||||||
rsync -rP public ajhalili2006@ctrl-c.club:/home/ajhalili2006/public_html/ || true
|
|
||||||
#rsync -rP gmi ajhalili2006@vern.cc:/home/ajhalili2006/public_gemini/
|
|
||||||
#rsync -rP gmi ajhalili2006@ctrl-c.club:/home/ajhalili2006/public_gemini/
|
|
||||||
|
|
||||||
git push origin -o skip-ci
|
|
||||||
git remote set-url lab ssh://git@mau.dev/ajhalili2006/tildeverse-web && git push lab main
|
|
||||||
artifacts:
|
artifacts:
|
||||||
- tildeweb/tildeweb-prod-build.tar.gz
|
- tildeweb/tildeweb-prod-build.tar.gz
|
67
.github/workflows/docker.yml
vendored
67
.github/workflows/docker.yml
vendored
|
@ -32,17 +32,11 @@ jobs:
|
||||||
- name: Checkout repository
|
- name: Checkout repository
|
||||||
uses: actions/checkout@v3
|
uses: actions/checkout@v3
|
||||||
|
|
||||||
# Install the cosign tool except on PR
|
|
||||||
# https://github.com/sigstore/cosign-installer
|
|
||||||
- name: Install cosign
|
|
||||||
if: github.event_name != 'pull_request'
|
|
||||||
uses: sigstore/cosign-installer@f3c664df7af409cb4873aa5068053ba9d61a57b6 #v2.6.0
|
|
||||||
with:
|
|
||||||
cosign-release: 'v1.13.1'
|
|
||||||
|
|
||||||
# Workaround: https://github.com/docker/build-push-action/issues/461
|
# Workaround: https://github.com/docker/build-push-action/issues/461
|
||||||
- name: Setup Docker buildx
|
- name: Setup Docker buildx
|
||||||
uses: docker/setup-buildx-action@v2
|
uses: docker/setup-buildx-action@v2
|
||||||
|
with:
|
||||||
|
buildkitd-flags: --debug
|
||||||
|
|
||||||
# Login against a Docker registry except on PR
|
# Login against a Docker registry except on PR
|
||||||
# https://github.com/docker/login-action
|
# https://github.com/docker/login-action
|
||||||
|
@ -74,7 +68,7 @@ jobs:
|
||||||
type=raw,value=latest,enable={{is_default_branch}}
|
type=raw,value=latest,enable={{is_default_branch}}
|
||||||
type=sha,enable=true,priority=100,prefix=commit-,suffix=,format=long
|
type=sha,enable=true,priority=100,prefix=commit-,suffix=,format=long
|
||||||
type=schedule,pattern=nightly
|
type=schedule,pattern=nightly
|
||||||
|
type=raw,prefix=branch-,value={{branch}}
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
- uses: hadolint/hadolint-action@v3.1.0
|
- uses: hadolint/hadolint-action@v3.1.0
|
||||||
with:
|
with:
|
||||||
|
@ -93,24 +87,14 @@ jobs:
|
||||||
load: true
|
load: true
|
||||||
tags: ${{ steps.meta.outputs.tags }}
|
tags: ${{ steps.meta.outputs.tags }}
|
||||||
labels: ${{ steps.meta.outputs.labels }}
|
labels: ${{ steps.meta.outputs.labels }}
|
||||||
cache-from: type=gha
|
cache-from: |
|
||||||
cache-to: type=gha,mode=max
|
type=registry,ref=quay.io/ajhalili2006/mkdocs-material-build-ci:buildkit-cache-web
|
||||||
|
type=registry,ref=quay.io/ajhalili2006/mkdocs-material-build-ci:branch-main
|
||||||
|
type=registry,ref=quay.io/ajhalili2006/mkdocs-material-build-ci:latest
|
||||||
|
cache-to: type=registry,ref=quay.io/ajhalili2006/mkdocs-material-build-ci:buildkit-cache-web
|
||||||
- name: Workaround pushbot for misbehaving reverse proxies
|
- name: Workaround pushbot for misbehaving reverse proxies
|
||||||
if: ${{ github.event_name != 'pull_request' }}
|
if: ${{ github.event_name != 'pull_request' }}
|
||||||
run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} docker push {}
|
run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} docker push {}
|
||||||
|
|
||||||
# Sign the resulting Docker image digest except on PRs.
|
|
||||||
# This will only write to the public Rekor transparency log when the Docker
|
|
||||||
# repository is public to avoid leaking data. If you would like to publish
|
|
||||||
# transparency data even for private images, pass --force to cosign below.
|
|
||||||
# https://github.com/sigstore/cosign
|
|
||||||
- name: Sign the published Docker image
|
|
||||||
if: ${{ github.event_name != 'pull_request' }}
|
|
||||||
env:
|
|
||||||
COSIGN_EXPERIMENTAL: "true"
|
|
||||||
# This step uses the identity token to provision an ephemeral certificate
|
|
||||||
# against the sigstore community Fulcio instance.
|
|
||||||
run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }}
|
|
||||||
devenv:
|
devenv:
|
||||||
name: Generate Gitpod workspace image snapshot
|
name: Generate Gitpod workspace image snapshot
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
@ -124,17 +108,11 @@ jobs:
|
||||||
- name: Checkout repository
|
- name: Checkout repository
|
||||||
uses: actions/checkout@v3
|
uses: actions/checkout@v3
|
||||||
|
|
||||||
# Install the cosign tool except on PR
|
|
||||||
# https://github.com/sigstore/cosign-installer
|
|
||||||
- name: Install cosign
|
|
||||||
if: github.event_name != 'pull_request'
|
|
||||||
uses: sigstore/cosign-installer@f3c664df7af409cb4873aa5068053ba9d61a57b6 #v2.6.0
|
|
||||||
with:
|
|
||||||
cosign-release: 'v1.13.1'
|
|
||||||
|
|
||||||
# Workaround: https://github.com/docker/build-push-action/issues/461
|
# Workaround: https://github.com/docker/build-push-action/issues/461
|
||||||
- name: Setup Docker buildx
|
- name: Setup Docker buildx
|
||||||
uses: docker/setup-buildx-action@v2
|
uses: docker/setup-buildx-action@
|
||||||
|
with:
|
||||||
|
buildkitd-flags: --debug
|
||||||
|
|
||||||
# Login against a Docker registry except on PR
|
# Login against a Docker registry except on PR
|
||||||
# https://github.com/docker/login-action
|
# https://github.com/docker/login-action
|
||||||
|
@ -165,11 +143,12 @@ jobs:
|
||||||
type=raw,value=latest,enable={{is_default_branch}}
|
type=raw,value=latest,enable={{is_default_branch}}
|
||||||
type=sha,enable=true,priority=100,prefix=commit-,suffix=,format=long
|
type=sha,enable=true,priority=100,prefix=commit-,suffix=,format=long
|
||||||
type=schedule,pattern=nightly
|
type=schedule,pattern=nightly
|
||||||
|
type=raw,prefix=branch-,value={{branch}}
|
||||||
|
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
- uses: hadolint/hadolint-action@v3.1.0
|
- uses: hadolint/hadolint-action@v3.1.0
|
||||||
with:
|
with:
|
||||||
dockerfile: docker/Dockerfile
|
dockerfile: .gitpod.Dockerfile
|
||||||
|
|
||||||
# Build and push Docker image with Buildx (don't push on PR)
|
# Build and push Docker image with Buildx (don't push on PR)
|
||||||
# https://github.com/docker/build-push-action
|
# https://github.com/docker/build-push-action
|
||||||
|
@ -184,21 +163,11 @@ jobs:
|
||||||
load: true
|
load: true
|
||||||
tags: ${{ steps.meta.outputs.tags }}
|
tags: ${{ steps.meta.outputs.tags }}
|
||||||
labels: ${{ steps.meta.outputs.labels }}
|
labels: ${{ steps.meta.outputs.labels }}
|
||||||
cache-from: type=gha
|
cache-from: |
|
||||||
cache-to: type=gha,mode=max
|
type=registry,ref=quay.io/ajhalili2006/gitpod-workspace:buildkit-cache-web
|
||||||
|
type=registry,ref=ghcr.io/ajhalili2006/ajhalili2006.github.io/devenv:nightly
|
||||||
|
type=registry,ref=cr.io/ajhalili2006/ajhalili2006.github.io/devenv:branch-main
|
||||||
|
cache-to: type=registry,ref=quay.io/ajhalili2006/gitpod-workspace:buildkit-cache-web
|
||||||
- name: Workaround pushbot for misbehaving reverse proxies
|
- name: Workaround pushbot for misbehaving reverse proxies
|
||||||
if: ${{ github.event_name != 'pull_request' }}
|
if: ${{ github.event_name != 'pull_request' }}
|
||||||
run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} docker push {}
|
run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} docker push {}
|
||||||
|
|
||||||
# Sign the resulting Docker image digest except on PRs.
|
|
||||||
# This will only write to the public Rekor transparency log when the Docker
|
|
||||||
# repository is public to avoid leaking data. If you would like to publish
|
|
||||||
# transparency data even for private images, pass --force to cosign below.
|
|
||||||
# https://github.com/sigstore/cosign
|
|
||||||
- name: Sign the published Docker image
|
|
||||||
if: ${{ github.event_name != 'pull_request' }}
|
|
||||||
env:
|
|
||||||
COSIGN_EXPERIMENTAL: "true"
|
|
||||||
# This step uses the identity token to provision an ephemeral certificate
|
|
||||||
# against the sigstore community Fulcio instance.
|
|
||||||
run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }}
|
|
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -7,3 +7,4 @@ venv
|
||||||
.cache
|
.cache
|
||||||
node_modules
|
node_modules
|
||||||
.env
|
.env
|
||||||
|
*.tar.gz
|
|
@ -1,13 +1,19 @@
|
||||||
# The Docker image that will be used to build your app
|
# The Docker image that will be used to build your app
|
||||||
image: quay.io/ajhalili2006/mkdocs-material-build-ci:nightly
|
image: quay.io/ajhalili2006/mkdocs-material-build-ci:nightly
|
||||||
|
|
||||||
|
stages:
|
||||||
|
- build
|
||||||
|
|
||||||
|
default:
|
||||||
|
tags:
|
||||||
|
- amd64 # currently, we only the image in amd64 right now.
|
||||||
# Functions that should be executed before the build script is run
|
# Functions that should be executed before the build script is run
|
||||||
before_script:
|
before_script:
|
||||||
- pip3 install -r requirements.txt
|
- pip3 install -r requirements.txt
|
||||||
- npm ci
|
- npm ci
|
||||||
- curl --silent "https://gitlab.com/gitlab-org/incubation-engineering/mobile-devops/download-secure-files/-/raw/main/installer" | bash
|
- curl --silent "https://gitlab.com/gitlab-org/incubation-engineering/mobile-devops/download-secure-files/-/raw/main/installer" | bash
|
||||||
- (curl -Ls --tlsv1.2 --proto "=https" --retry 3 https://cli.doppler.com/install.sh || wget -t 3 -qO- https://cli.doppler.com/install.sh) | sh
|
- (curl -Ls --tlsv1.2 --proto "=https" --retry 3 https://cli.doppler.com/install.sh || wget -t 3 -qO- https://cli.doppler.com/install.sh) | sh
|
||||||
|
# Global builds and stuff
|
||||||
variables:
|
variables:
|
||||||
DEBUG: "1"
|
DEBUG: "1"
|
||||||
FF_ENABLE_COMMIT_DATA: "true"
|
FF_ENABLE_COMMIT_DATA: "true"
|
||||||
|
@ -15,6 +21,7 @@ variables:
|
||||||
SECURE_FILES_DOWNLOAD_PATH: /run/secrets
|
SECURE_FILES_DOWNLOAD_PATH: /run/secrets
|
||||||
|
|
||||||
pages:
|
pages:
|
||||||
|
stage: build
|
||||||
script:
|
script:
|
||||||
- bash ./build.sh
|
- bash ./build.sh
|
||||||
- doppler run -- ./bin/deploykit-pages.sh
|
- doppler run -- ./bin/deploykit-pages.sh
|
||||||
|
@ -28,3 +35,12 @@ pages:
|
||||||
# This ensures that only pushes to the default branch will trigger
|
# This ensures that only pushes to the default branch will trigger
|
||||||
# a pages deploy
|
# a pages deploy
|
||||||
- if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
|
- if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
|
||||||
|
pages:srht:
|
||||||
|
stage: build
|
||||||
|
needs:
|
||||||
|
- pages
|
||||||
|
script:
|
||||||
|
- tar -C gmi -cvz . -f site.tar.gz
|
||||||
|
- doppler run -- ./bin/deploykit-srht.site.sh
|
||||||
|
rules:
|
||||||
|
- if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
|
11
bin/deploykit-srht.site.sh
Executable file
11
bin/deploykit-srht.site.sh
Executable file
|
@ -0,0 +1,11 @@
|
||||||
|
#!/bin/env bash
|
||||||
|
|
||||||
|
if [[ $SOURCEHUT_PAGES_TOKEN == "" ]]; then
|
||||||
|
echo "missing SOURCEHUT_PAGES_TOKEN variable"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
curl --oauth2-bearer "$SOURCEHUT_PAGES_TOKEN" \
|
||||||
|
-Fcontent=@site.tar.gz \
|
||||||
|
-Fprotocol=GEMINI \
|
||||||
|
https://pages.sr.ht/publish/username.srht.site
|
4
docker/build.sh
Normal file → Executable file
4
docker/build.sh
Normal file → Executable file
|
@ -11,3 +11,7 @@ DOCKER_BUILDKIT=${DOCKER_BUILDKIT:-"0"} \
|
||||||
-t $TAG \
|
-t $TAG \
|
||||||
-f "$DOCKERFILE" \
|
-f "$DOCKERFILE" \
|
||||||
"$CONTEXT"
|
"$CONTEXT"
|
||||||
|
|
||||||
|
if [[ $DEPLOY != "" ]]; then
|
||||||
|
docker push "$TAG"
|
||||||
|
fi
|
Loading…
Reference in a new issue