mirror of
https://mau.dev/andreijiroh-dev/website.git
synced 2024-11-21 16:13:38 +00:00
Move website builds to GitLab CI
Repo cloning will go by next week. Signed-off-by: Andrei Jiroh Halili <ajhalili2006@gmail.com>
This commit is contained in:
parent
4ae868cf37
commit
9e61cf7e65
6 changed files with 88 additions and 222 deletions
108
.github/workflows/deploybot.yml
vendored
108
.github/workflows/deploybot.yml
vendored
|
@ -1,108 +0,0 @@
|
|||
# Simple workflow for deploying static content to GitHub Pages
|
||||
name: deploybaut
|
||||
|
||||
on:
|
||||
# Runs on pushes targeting the default branch
|
||||
push:
|
||||
branches: ["main"]
|
||||
|
||||
# Allows you to run this workflow manually from the Actions tab
|
||||
workflow_dispatch:
|
||||
|
||||
schedule:
|
||||
- cron: "*/30 */6 * * *"
|
||||
|
||||
# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
|
||||
permissions:
|
||||
contents: read
|
||||
pages: write
|
||||
id-token: write
|
||||
|
||||
# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
|
||||
# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
|
||||
concurrency:
|
||||
group: "pages"
|
||||
cancel-in-progress: false
|
||||
|
||||
jobs:
|
||||
gh-pages:
|
||||
if: contains(fromJSON('["push", "workflow_dispatch"]'), github.event_name)
|
||||
environment:
|
||||
name: github-pages
|
||||
url: ${{ steps.deployment.outputs.page_url }}
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v3
|
||||
- name: Setup Python
|
||||
uses: actions/setup-python@v4.6.0
|
||||
with:
|
||||
python-version: 3.10
|
||||
cache: pip
|
||||
- name: Setup Pages
|
||||
uses: actions/configure-pages@v3
|
||||
- name: Build
|
||||
run: |
|
||||
sudo apt-get install \
|
||||
libcairo2-dev libfreetype6-dev libffi-dev libjpeg-dev libpng-dev libz-dev \
|
||||
--yes
|
||||
FF_ENABLE_COMMIT_DATA=true FF_GENERATE_SOCIAL_CARDS=true bash ./build.sh
|
||||
- name: Upload artifact
|
||||
uses: actions/upload-pages-artifact@v1
|
||||
with:
|
||||
path: './public'
|
||||
- name: Deploy to GitHub Pages
|
||||
id: gh-pages
|
||||
uses: actions/deploy-pages@v2
|
||||
- name: Deploy to pages.dev
|
||||
uses: cloudflare/pages-action@v1
|
||||
with:
|
||||
apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
|
||||
accountId: cf0bd808c6a294fd8c4d8f6d2cdeca05
|
||||
projectName: ajhalili2006
|
||||
directory: public
|
||||
# Optional: Enable this if you want to have GitHub Deployments triggered
|
||||
gitHubToken: ${{ secrets.GITHUB_TOKEN }}
|
||||
# Optional: Switch what branch you are publishing to.
|
||||
# By default this will be the branch which triggered this workflow
|
||||
branch: main
|
||||
repo-sync:
|
||||
name: Repository sync
|
||||
runs-on: ubuntu-latest
|
||||
if: contains(fromJSON('["push", "workflow_dispatch"]'), github.event_name)
|
||||
steps:
|
||||
- name: Checkout repository with full history
|
||||
uses: actions/checkout@v3
|
||||
with:
|
||||
fetch-depth: 0
|
||||
ssh-key: ${{secrets.MIRRORBOT_CI_SSH_KEY}}
|
||||
ssh-known-host: |
|
||||
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
|
||||
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
|
||||
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
|
||||
mau.dev ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJNV/VLejsM22QLGaE0IFvLAKgBzmv+KZH0YXUwakDwlkLEzqCS3vIEU7hYK6LN9//O56tY/peGsfey5jQIIJ6WFuyezNdpLpScprLukBb7baKlb5Sei5S5Gn4LdLu2927HnbK6bcCRN52DfVmrLDvfc4m9tsV9Uz/aCwGaFU7UYJUJrYsd/+o0yR6FOeZLXWyQhhJKC9e5ueI8mQEUn3h5hhU12AQuvI7c7GPpsq3zK0n1iHbmtAK+o1iuQEP7ynWkh9/9gUYJy5PufIQQYWLesR6CEC47zgBiYtCJkPLzbavrkPhb77v/5Q52hFhsla5fszXyjXG4SPnRZ+7yvlEKDrqh0kFIT5g9WSDGjiho6DrIqNYrlbHWhpfUx/g8YXsTgHqfE44LrqVyWdhpsVeW4q+kfhd7yse/QnWoc0zSrdFmqVHQlBbEQxiwslrENfXuTVpHlUGMO0OvlSPezYknjRklYkA3nFUX6Zj9LjvrgUobtbKi2w/gO+t+qZOOD8=
|
||||
mau.dev ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMLxa34Hhx89dTu4blnP+mA5AeWNTMqRyFYrCcJIKop6FtZ571Xyt4ign4zg7QFRQ5CciO783fMPK+K/gDXXAf8=
|
||||
mau.dev ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICO76F2Bj2b1O3Q7Ln2x94kq6Ai2ev2aOyXur9XgSsM0
|
||||
git.sr.ht ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ+l/lvYmaeOAPeijHL8d4794Am0MOvmXPyvHTtrqvgmvCJB8pen/qkQX2S1fgl9VkMGSNxbp7NF7HmKgs5ajTGV9mB5A5zq+161lcp5+f1qmn3Dp1MWKp/AzejWXKW+dwPBd3kkudDBA1fa3uK6g1gK5nLw3qcuv/V4emX9zv3P2ZNlq9XRvBxGY2KzaCyCXVkL48RVTTJJnYbVdRuq8/jQkDRA8lHvGvKI+jqnljmZi2aIrK9OGT2gkCtfyTw2GvNDV6aZ0bEza7nDLU/I+xmByAOO79R1Uk4EYCvSc1WXDZqhiuO2sZRmVxa0pQSBDn1DB3rpvqPYW+UvKB3SOz
|
||||
git.sr.ht ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCj6y+cJlqK3BHZRLZuM+KP2zGPrh4H66DacfliU1E2DHAd1GGwF4g1jwu3L8gOZUTIvUptqWTkmglpYhFp4Iy4=
|
||||
git.sr.ht ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZvRd4EtM7R+IHVMWmDkVU3VLQTSwQDSAvW0t2Tkj60
|
||||
- name: Setup Git user details
|
||||
run: |
|
||||
git config --global user.name "Recap Time Bot"
|
||||
git config --global user.email "gitops@recaptime.eu.org"
|
||||
git remote add lab ssh://git@mau.dev/ajhalili2006/tildeverse-web
|
||||
git remote add hut ssh://git@git.sr.ht/~ajhalili2006/tildeweb
|
||||
- name: configure ssh
|
||||
run: |
|
||||
echo ${{secrets.MIRRORBOT_CI_SSH_KEY}} >> ~/.ssh/ci-passwordless-key
|
||||
chmod 600 ~/.ssh/ci-passwordless-key
|
||||
eval $(ssh-agent) && ssh-add ~/.ssh/ci-passwordless-key
|
||||
- name: sync against github mirror first
|
||||
run: |
|
||||
git merge lab/main --ff-only || git rebase lab/main || echo "bailed out due to merge conflicts" && exit 1
|
||||
git push origin main
|
||||
- name: mirror
|
||||
run: |
|
||||
# only mirror main branch in meanwhile
|
||||
git push lab main --verbose -o ci.skip
|
||||
git push hut main --verbose -o skip-ci
|
44
.github/workflows/docker.yml
vendored
44
.github/workflows/docker.yml
vendored
|
@ -9,21 +9,16 @@ on:
|
|||
schedule:
|
||||
- cron: '30 22 * * *'
|
||||
push:
|
||||
branches: [ "main" ]
|
||||
# Publish semver tags as releases.
|
||||
tags: [ 'v*.*.*' ]
|
||||
pull_request:
|
||||
branches: [ "main" ]
|
||||
|
||||
env:
|
||||
# Use docker.io for Docker Hub if empty
|
||||
REGISTRY: ghcr.io
|
||||
# github.repository as <account>/<repo>
|
||||
IMAGE_NAME: ${{ github.repository }}
|
||||
|
||||
|
||||
jobs:
|
||||
build-devenv:
|
||||
build-ci:
|
||||
name: Build development environment
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
|
@ -47,39 +42,52 @@ jobs:
|
|||
|
||||
# Workaround: https://github.com/docker/build-push-action/issues/461
|
||||
- name: Setup Docker buildx
|
||||
uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
|
||||
uses: docker/setup-buildx-action@v2
|
||||
|
||||
# Login against a Docker registry except on PR
|
||||
# https://github.com/docker/login-action
|
||||
- name: Log into registry ${{ env.REGISTRY }}
|
||||
- name: Log into GHCR
|
||||
if: github.event_name != 'pull_request'
|
||||
uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
registry: ${{ env.REGISTRY }}
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
registry: ghcr.io
|
||||
username: ${{ secrets.HUB_USERNAME }}
|
||||
password: ${{ secrets.HUB_TOKEN }}
|
||||
- name: Log into RHQCR
|
||||
if: github.event_name != 'pull_request'
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
registry: quay.io
|
||||
username: ${{ secrets.RHQCR_BOT_USERNAME }}
|
||||
password: ${{ secrets.RHQCR_BOT_TOKEN }}
|
||||
|
||||
# Extract metadata (tags, labels) for Docker
|
||||
# https://github.com/docker/metadata-action
|
||||
- name: Extract Docker metadata
|
||||
id: meta
|
||||
uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
|
||||
uses: docker/metadata-action@v4
|
||||
with:
|
||||
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
|
||||
images: |
|
||||
ghcr.io/${{ env.IMAGE_NAME }}/build-ci
|
||||
quay.io/ajhalili2006/mkdocs-material-build-ci
|
||||
tags: |
|
||||
type=raw,value=latest,enable={{is_default_branch}}
|
||||
type=sha,enable=true,priority=100,prefix=commit-,suffix=,format=short
|
||||
type=schedule,pattern=nightly
|
||||
|
||||
- uses: actions/checkout@v3
|
||||
- uses: hadolint/hadolint-action@v3.1.0
|
||||
with:
|
||||
dockerfile: .gitpod.Dockerfile
|
||||
dockerfile: docker/Dockerfile
|
||||
|
||||
# Build and push Docker image with Buildx (don't push on PR)
|
||||
# https://github.com/docker/build-push-action
|
||||
- name: Build and push Docker image
|
||||
id: build-and-push
|
||||
uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a
|
||||
uses: docker/build-push-action@v4.1.1
|
||||
with:
|
||||
context: .
|
||||
file: .gitpod.Dockerfile
|
||||
context: docker
|
||||
file: Dockerfile
|
||||
push: ${{ github.event_name != 'pull_request' }}
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
|
|
102
.gitlab-ci.yml
102
.gitlab-ci.yml
|
@ -1,7 +1,12 @@
|
|||
image:
|
||||
name: dock.mau.dev/ajhalili2006/tildeverse-web/build-ci:commit-a9761cf4f2f1b8298f69aaaa07e0a577329a17d6
|
||||
entrypoint:
|
||||
- /bin/bash
|
||||
# The Docker image that will be used to build your app
|
||||
image: quay.io/ajhalili2006/mkdocs-material-build-ci
|
||||
|
||||
# Functions that should be executed before the build script is run
|
||||
before_script:
|
||||
- pip3 install -r requirements.txt
|
||||
- npm ci
|
||||
- curl --silent "https://gitlab.com/gitlab-org/incubation-engineering/mobile-devops/download-secure-files/-/raw/main/installer" | bash
|
||||
- (curl -Ls --tlsv1.2 --proto "=https" --retry 3 https://cli.doppler.com/install.sh || wget -t 3 -qO- https://cli.doppler.com/install.sh) | sh
|
||||
|
||||
variables:
|
||||
DEBUG: "1"
|
||||
|
@ -9,93 +14,14 @@ variables:
|
|||
FF_GENERATE_SOCIAL_CARDS: "true"
|
||||
SECURE_FILES_DOWNLOAD_PATH: /run/secrets
|
||||
|
||||
.setupkit:
|
||||
before_script:
|
||||
- apk add curl gnupg bash coreutils && mkdir /run/secrets
|
||||
- curl --silent "https://gitlab.com/gitlab-org/incubation-engineering/mobile-devops/download-secure-files/-/raw/main/installer" | bash
|
||||
- (curl -Ls --tlsv1.2 --proto "=https" --retry 3 https://cli.doppler.com/install.sh || wget -t 3 -qO- https://cli.doppler.com/install.sh) | sh
|
||||
tags:
|
||||
- amd64
|
||||
|
||||
stages:
|
||||
- build
|
||||
- lint
|
||||
- deploy
|
||||
|
||||
build:mr:
|
||||
extends: [ .setupkit ]
|
||||
stage: build
|
||||
script:
|
||||
- bash ./bin/build.sh
|
||||
artifacts:
|
||||
paths:
|
||||
- public
|
||||
untracked: false
|
||||
when: on_success
|
||||
expire_in: "21 days"
|
||||
cache:
|
||||
paths:
|
||||
- .cache
|
||||
- .venv
|
||||
key: pages-build-main
|
||||
rules:
|
||||
- if: $CI_COMMIT_BRANCH != 'main' && $CI_PIPELINE_SOURCE == "merge_request"
|
||||
changes:
|
||||
- mkdocs.yml
|
||||
- markdown/*
|
||||
- markdown/**/*
|
||||
- .gitlab-ci.yml
|
||||
- docker/Dockerfile
|
||||
- package*.json
|
||||
- .trigger-deploy
|
||||
|
||||
build:main:
|
||||
extends: [ .setupkit ]
|
||||
stage: build
|
||||
pages:
|
||||
script:
|
||||
- bash ./build.sh
|
||||
artifacts:
|
||||
paths:
|
||||
# The folder that contains the files to be exposed at the Page URL
|
||||
- public
|
||||
untracked: false
|
||||
when: on_success
|
||||
expire_in: "21 days"
|
||||
cache:
|
||||
paths:
|
||||
- .cache
|
||||
- .venv
|
||||
key: pages-build-main
|
||||
rules:
|
||||
- if: $CI_COMMIT_BRANCH == 'main'
|
||||
changes:
|
||||
- mkdocs.yml
|
||||
- markdown/*
|
||||
- markdown/**/*
|
||||
- .gitlab-ci.yml
|
||||
- docker/Dockerfile
|
||||
- package*.json
|
||||
- .trigger-deploy
|
||||
|
||||
deploy:main:
|
||||
stage: deploy
|
||||
extends: [ .setupkit ]
|
||||
needs:
|
||||
- build:main
|
||||
script:
|
||||
- apk add nodejs-lts npm && npm i
|
||||
- ls -Al
|
||||
- doppler run -- echo hi
|
||||
cache:
|
||||
paths:
|
||||
- node_modules
|
||||
key: deploykit-main
|
||||
rules:
|
||||
- if: $CI_COMMIT_BRANCH == 'main'
|
||||
changes:
|
||||
- mkdocs.yml
|
||||
- markdown/*
|
||||
- markdown/**/*
|
||||
- .gitlab-ci.yml
|
||||
- docker/Dockerfile
|
||||
- package*.json
|
||||
- .trigger-deploy
|
||||
# This ensures that only pushes to the default branch will trigger
|
||||
# a pages deploy
|
||||
- if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
|
||||
|
|
|
@ -1,11 +1,16 @@
|
|||
# Since hadolint isn't in the package repos for Alpineyet, we'll copying from the offical
|
||||
# Docker image instead.
|
||||
# syntax=docker/dockerfile:1
|
||||
FROM ghcr.io/hadolint/hadolint:latest-alpine AS hadolint-binary
|
||||
|
||||
# Since we're building against edge at risk
|
||||
# Since we're building against edge at risk, it is important to note
|
||||
# that anything might go wrong.
|
||||
FROM alpine:edge AS buildkit
|
||||
|
||||
COPY --stage=hadolint-binary /bin/hadolint /usr/bin/hadolint
|
||||
# Since hadolint isn't in the package repos for Alpineyet, we'll copying from the offical
|
||||
# Docker image instead.
|
||||
COPY --from=hadolint-binary /bin/hadolint /usr/bin/hadolint
|
||||
|
||||
ENV PACKAGES=/usr/local/lib/python3.11/site-packages
|
||||
ENV PYTHONDONTWRITEBYTECODE=1
|
||||
|
||||
# https://squidfunk.github.io/mkdocs-material/setup/setting-up-social-cards/#linux but for Alpine
|
||||
# hadolint ignore=DL3018,DL3013
|
||||
|
@ -22,9 +27,30 @@ RUN apk add --no-cache \
|
|||
py3-pip \
|
||||
py3-wheel \
|
||||
shellcheck \
|
||||
&& pip3 install --no-cache \
|
||||
gcc \
|
||||
libffi-dev \
|
||||
musl-dev \
|
||||
nodejs \
|
||||
npm \
|
||||
yarn \
|
||||
git \
|
||||
git-fast-import \
|
||||
openssh \
|
||||
&& pip3 install --no-cache-dir \
|
||||
mkdocs-material \
|
||||
mkdocs-redirects \
|
||||
mkdocs-git-revision-date-localized-plugin \
|
||||
pillow \
|
||||
cairosvg
|
||||
|
||||
# Trust directory, required for git >= 2.35.2
|
||||
# Follows the docs for the Docker-based site build setup
|
||||
RUN git config --global --add safe.directory /docs &&\
|
||||
git config --global --add safe.directory /site
|
||||
|
||||
# Expose MkDocs development server port
|
||||
EXPOSE 8000
|
||||
|
||||
COPY entrypoint.sh /usr/local/bin/entrypoint
|
||||
ENTRYPOINT [ "/usr/local/bin/entrypoint" ]
|
||||
CMD [ "serve", "--dev-addr=0.0.0.0:8000" ]
|
13
docker/build.sh
Normal file
13
docker/build.sh
Normal file
|
@ -0,0 +1,13 @@
|
|||
#!/usr/bin/env bash
|
||||
set -xe
|
||||
|
||||
ROOTDIR=$(git rev-parse --show-toplevel)
|
||||
CONTEXT=$ROOTDIR/docker
|
||||
DOCKERFILE=$CONTEXT/Dockerfile
|
||||
TAG=${IMAGE_TAG:-"quay.io/ajhalili2006/mkdocs-material-build-ci:localdev"}
|
||||
|
||||
DOCKER_BUILDKIT=${DOCKER_BUILDKIT:-"0"} \
|
||||
docker build \
|
||||
-t $TAG \
|
||||
-f "$DOCKERFILE" \
|
||||
"$CONTEXT"
|
|
@ -3,9 +3,10 @@
|
|||
if [[ $DEBUG != "" ]]; then
|
||||
set -x
|
||||
fi
|
||||
COMMAND=$*
|
||||
|
||||
if [[ $1 = "serve" ]] || [[ $1 == "build" ]] | [[ $1 == "gh-deploy" ]] || [[ $1 == "new" ]]; then
|
||||
exec mkdocs $@
|
||||
if [[ $1 = "serve" ]] || [[ $1 == "build" ]] || [[ $1 == "gh-deploy" ]] || [[ $1 == "new" ]] || [[ $1 == "--help" ]]; then
|
||||
exec "mkdocs $COMMAND"
|
||||
else
|
||||
$@
|
||||
exec "$COMMAND"
|
||||
fi
|
||||
|
|
Loading…
Reference in a new issue