mirror of
https://mau.dev/andreijiroh-dev/website.git
synced 2024-11-10 03:39:38 +00:00
Update scripts to hell and back
Signed-off-by: Andrei Jiroh Halili <ajhalili2006@gmail.com>
This commit is contained in:
parent
f57b1b1670
commit
8b77e1e70f
6 changed files with 61 additions and 86 deletions
32
.build.yml
32
.build.yml
|
@ -27,40 +27,14 @@ tasks:
|
|||
# in case of triggered from hottub
|
||||
- repo-sync: |
|
||||
cd tildeweb
|
||||
env # for debugging purposes only
|
||||
|
||||
git remote add hub https://github.com/ajhalili2006/tildeverse-web && git pull hub main
|
||||
git remote add lab https://mau.dev/ajhalili2006/tildeverse-web && git pull lab main
|
||||
|
||||
if [ "$BUILD_REASON" != "patchset" ] && [ "$BUILD_SUBMITTER" != "hub.sr.ht" ]; then
|
||||
git remote set-url origin ssh://git@git.sr.ht/~ajhalili2006/tildeweb
|
||||
fi
|
||||
- build: |
|
||||
cd tildeweb && pip3 install -r requirements.txt --user
|
||||
export PATH="$PATH:$HOME/.local/bin"
|
||||
|
||||
mkdocs build -d public -f mkdocs.yml
|
||||
bash ./build.sh
|
||||
- generate-archive: |
|
||||
cd tildeweb
|
||||
tar cvzf tildeweb-prod-build.tar.gz public
|
||||
tar -C public -cvz . -f tildeweb-prod-build.tar.gz
|
||||
- deploy: |
|
||||
if [ "$BUILD_REASON" == "patchset" ] && [ "$BUILD_SUBMITTER" == "hub.sr.ht" ]; then
|
||||
complete-build
|
||||
exit 0
|
||||
elif [ ! -f "$HOME/.ssh/passowrdless-auth-sshfs" ]; then
|
||||
complete-build
|
||||
exit 0
|
||||
fi
|
||||
|
||||
cd tildeweb
|
||||
echo "StrictHostKeyChecking=no" >> ~/.ssh/config
|
||||
eval $(ssh-agent) && ssh-add ~/.ssh/passwordless-auth-sshfs
|
||||
rsync -rP public ajhalili2006@vern.cc:/home/ajhalili2006/public_html/ || true
|
||||
rsync -rP public ajhalili2006@ctrl-c.club:/home/ajhalili2006/public_html/ || true
|
||||
#rsync -rP gmi ajhalili2006@vern.cc:/home/ajhalili2006/public_gemini/
|
||||
#rsync -rP gmi ajhalili2006@ctrl-c.club:/home/ajhalili2006/public_gemini/
|
||||
|
||||
git push origin -o skip-ci
|
||||
git remote set-url lab ssh://git@mau.dev/ajhalili2006/tildeverse-web && git push lab main
|
||||
echo done
|
||||
artifacts:
|
||||
- tildeweb/tildeweb-prod-build.tar.gz
|
67
.github/workflows/docker.yml
vendored
67
.github/workflows/docker.yml
vendored
|
@ -32,17 +32,11 @@ jobs:
|
|||
- name: Checkout repository
|
||||
uses: actions/checkout@v3
|
||||
|
||||
# Install the cosign tool except on PR
|
||||
# https://github.com/sigstore/cosign-installer
|
||||
- name: Install cosign
|
||||
if: github.event_name != 'pull_request'
|
||||
uses: sigstore/cosign-installer@f3c664df7af409cb4873aa5068053ba9d61a57b6 #v2.6.0
|
||||
with:
|
||||
cosign-release: 'v1.13.1'
|
||||
|
||||
# Workaround: https://github.com/docker/build-push-action/issues/461
|
||||
- name: Setup Docker buildx
|
||||
uses: docker/setup-buildx-action@v2
|
||||
with:
|
||||
buildkitd-flags: --debug
|
||||
|
||||
# Login against a Docker registry except on PR
|
||||
# https://github.com/docker/login-action
|
||||
|
@ -74,7 +68,7 @@ jobs:
|
|||
type=raw,value=latest,enable={{is_default_branch}}
|
||||
type=sha,enable=true,priority=100,prefix=commit-,suffix=,format=long
|
||||
type=schedule,pattern=nightly
|
||||
|
||||
type=raw,prefix=branch-,value={{branch}}
|
||||
- uses: actions/checkout@v3
|
||||
- uses: hadolint/hadolint-action@v3.1.0
|
||||
with:
|
||||
|
@ -93,24 +87,14 @@ jobs:
|
|||
load: true
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
cache-from: type=gha
|
||||
cache-to: type=gha,mode=max
|
||||
cache-from: |
|
||||
type=registry,ref=quay.io/ajhalili2006/mkdocs-material-build-ci:buildkit-cache-web
|
||||
type=registry,ref=quay.io/ajhalili2006/mkdocs-material-build-ci:branch-main
|
||||
type=registry,ref=quay.io/ajhalili2006/mkdocs-material-build-ci:latest
|
||||
cache-to: type=registry,ref=quay.io/ajhalili2006/mkdocs-material-build-ci:buildkit-cache-web
|
||||
- name: Workaround pushbot for misbehaving reverse proxies
|
||||
if: ${{ github.event_name != 'pull_request' }}
|
||||
run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} docker push {}
|
||||
|
||||
# Sign the resulting Docker image digest except on PRs.
|
||||
# This will only write to the public Rekor transparency log when the Docker
|
||||
# repository is public to avoid leaking data. If you would like to publish
|
||||
# transparency data even for private images, pass --force to cosign below.
|
||||
# https://github.com/sigstore/cosign
|
||||
- name: Sign the published Docker image
|
||||
if: ${{ github.event_name != 'pull_request' }}
|
||||
env:
|
||||
COSIGN_EXPERIMENTAL: "true"
|
||||
# This step uses the identity token to provision an ephemeral certificate
|
||||
# against the sigstore community Fulcio instance.
|
||||
run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }}
|
||||
devenv:
|
||||
name: Generate Gitpod workspace image snapshot
|
||||
runs-on: ubuntu-latest
|
||||
|
@ -124,17 +108,11 @@ jobs:
|
|||
- name: Checkout repository
|
||||
uses: actions/checkout@v3
|
||||
|
||||
# Install the cosign tool except on PR
|
||||
# https://github.com/sigstore/cosign-installer
|
||||
- name: Install cosign
|
||||
if: github.event_name != 'pull_request'
|
||||
uses: sigstore/cosign-installer@f3c664df7af409cb4873aa5068053ba9d61a57b6 #v2.6.0
|
||||
with:
|
||||
cosign-release: 'v1.13.1'
|
||||
|
||||
# Workaround: https://github.com/docker/build-push-action/issues/461
|
||||
- name: Setup Docker buildx
|
||||
uses: docker/setup-buildx-action@v2
|
||||
uses: docker/setup-buildx-action@
|
||||
with:
|
||||
buildkitd-flags: --debug
|
||||
|
||||
# Login against a Docker registry except on PR
|
||||
# https://github.com/docker/login-action
|
||||
|
@ -165,11 +143,12 @@ jobs:
|
|||
type=raw,value=latest,enable={{is_default_branch}}
|
||||
type=sha,enable=true,priority=100,prefix=commit-,suffix=,format=long
|
||||
type=schedule,pattern=nightly
|
||||
type=raw,prefix=branch-,value={{branch}}
|
||||
|
||||
- uses: actions/checkout@v3
|
||||
- uses: hadolint/hadolint-action@v3.1.0
|
||||
with:
|
||||
dockerfile: docker/Dockerfile
|
||||
dockerfile: .gitpod.Dockerfile
|
||||
|
||||
# Build and push Docker image with Buildx (don't push on PR)
|
||||
# https://github.com/docker/build-push-action
|
||||
|
@ -184,21 +163,11 @@ jobs:
|
|||
load: true
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
cache-from: type=gha
|
||||
cache-to: type=gha,mode=max
|
||||
cache-from: |
|
||||
type=registry,ref=quay.io/ajhalili2006/gitpod-workspace:buildkit-cache-web
|
||||
type=registry,ref=ghcr.io/ajhalili2006/ajhalili2006.github.io/devenv:nightly
|
||||
type=registry,ref=cr.io/ajhalili2006/ajhalili2006.github.io/devenv:branch-main
|
||||
cache-to: type=registry,ref=quay.io/ajhalili2006/gitpod-workspace:buildkit-cache-web
|
||||
- name: Workaround pushbot for misbehaving reverse proxies
|
||||
if: ${{ github.event_name != 'pull_request' }}
|
||||
run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} docker push {}
|
||||
|
||||
# Sign the resulting Docker image digest except on PRs.
|
||||
# This will only write to the public Rekor transparency log when the Docker
|
||||
# repository is public to avoid leaking data. If you would like to publish
|
||||
# transparency data even for private images, pass --force to cosign below.
|
||||
# https://github.com/sigstore/cosign
|
||||
- name: Sign the published Docker image
|
||||
if: ${{ github.event_name != 'pull_request' }}
|
||||
env:
|
||||
COSIGN_EXPERIMENTAL: "true"
|
||||
# This step uses the identity token to provision an ephemeral certificate
|
||||
# against the sigstore community Fulcio instance.
|
||||
run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }}
|
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -7,3 +7,4 @@ venv
|
|||
.cache
|
||||
node_modules
|
||||
.env
|
||||
*.tar.gz
|
|
@ -1,13 +1,19 @@
|
|||
# The Docker image that will be used to build your app
|
||||
image: quay.io/ajhalili2006/mkdocs-material-build-ci:nightly
|
||||
|
||||
# Functions that should be executed before the build script is run
|
||||
before_script:
|
||||
- pip3 install -r requirements.txt
|
||||
- npm ci
|
||||
- curl --silent "https://gitlab.com/gitlab-org/incubation-engineering/mobile-devops/download-secure-files/-/raw/main/installer" | bash
|
||||
- (curl -Ls --tlsv1.2 --proto "=https" --retry 3 https://cli.doppler.com/install.sh || wget -t 3 -qO- https://cli.doppler.com/install.sh) | sh
|
||||
stages:
|
||||
- build
|
||||
|
||||
default:
|
||||
tags:
|
||||
- amd64 # currently, we only the image in amd64 right now.
|
||||
# Functions that should be executed before the build script is run
|
||||
before_script:
|
||||
- pip3 install -r requirements.txt
|
||||
- npm ci
|
||||
- curl --silent "https://gitlab.com/gitlab-org/incubation-engineering/mobile-devops/download-secure-files/-/raw/main/installer" | bash
|
||||
- (curl -Ls --tlsv1.2 --proto "=https" --retry 3 https://cli.doppler.com/install.sh || wget -t 3 -qO- https://cli.doppler.com/install.sh) | sh
|
||||
# Global builds and stuff
|
||||
variables:
|
||||
DEBUG: "1"
|
||||
FF_ENABLE_COMMIT_DATA: "true"
|
||||
|
@ -15,6 +21,7 @@ variables:
|
|||
SECURE_FILES_DOWNLOAD_PATH: /run/secrets
|
||||
|
||||
pages:
|
||||
stage: build
|
||||
script:
|
||||
- bash ./build.sh
|
||||
- doppler run -- ./bin/deploykit-pages.sh
|
||||
|
@ -28,3 +35,12 @@ pages:
|
|||
# This ensures that only pushes to the default branch will trigger
|
||||
# a pages deploy
|
||||
- if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
|
||||
pages:srht:
|
||||
stage: build
|
||||
needs:
|
||||
- pages
|
||||
script:
|
||||
- tar -C gmi -cvz . -f site.tar.gz
|
||||
- doppler run -- ./bin/deploykit-srht.site.sh
|
||||
rules:
|
||||
- if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
|
11
bin/deploykit-srht.site.sh
Executable file
11
bin/deploykit-srht.site.sh
Executable file
|
@ -0,0 +1,11 @@
|
|||
#!/bin/env bash
|
||||
|
||||
if [[ $SOURCEHUT_PAGES_TOKEN == "" ]]; then
|
||||
echo "missing SOURCEHUT_PAGES_TOKEN variable"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
curl --oauth2-bearer "$SOURCEHUT_PAGES_TOKEN" \
|
||||
-Fcontent=@site.tar.gz \
|
||||
-Fprotocol=GEMINI \
|
||||
https://pages.sr.ht/publish/username.srht.site
|
4
docker/build.sh
Normal file → Executable file
4
docker/build.sh
Normal file → Executable file
|
@ -11,3 +11,7 @@ DOCKER_BUILDKIT=${DOCKER_BUILDKIT:-"0"} \
|
|||
-t $TAG \
|
||||
-f "$DOCKERFILE" \
|
||||
"$CONTEXT"
|
||||
|
||||
if [[ $DEPLOY != "" ]]; then
|
||||
docker push "$TAG"
|
||||
fi
|
Loading…
Reference in a new issue