From 9e61cf7e657264e2a6d63027fdf66666e40024b3 Mon Sep 17 00:00:00 2001 From: Andrei Jiroh Halili Date: Thu, 13 Jul 2023 18:13:07 +0000 Subject: [PATCH] Move website builds to GitLab CI Repo cloning will go by next week. Signed-off-by: Andrei Jiroh Halili --- .github/workflows/deploybot.yml | 108 -------------------------------- .github/workflows/docker.yml | 44 +++++++------ .gitlab-ci.yml | 102 +++++------------------------- docker/Dockerfile | 36 +++++++++-- docker/build.sh | 13 ++++ docker/entrypoint.sh | 7 ++- 6 files changed, 88 insertions(+), 222 deletions(-) delete mode 100644 .github/workflows/deploybot.yml create mode 100644 docker/build.sh diff --git a/.github/workflows/deploybot.yml b/.github/workflows/deploybot.yml deleted file mode 100644 index 42193f1..0000000 --- a/.github/workflows/deploybot.yml +++ /dev/null @@ -1,108 +0,0 @@ -# Simple workflow for deploying static content to GitHub Pages -name: deploybaut - -on: - # Runs on pushes targeting the default branch - push: - branches: ["main"] - - # Allows you to run this workflow manually from the Actions tab - workflow_dispatch: - - schedule: - - cron: "*/30 */6 * * *" - -# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages -permissions: - contents: read - pages: write - id-token: write - -# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. -# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. -concurrency: - group: "pages" - cancel-in-progress: false - -jobs: - gh-pages: - if: contains(fromJSON('["push", "workflow_dispatch"]'), github.event_name) - environment: - name: github-pages - url: ${{ steps.deployment.outputs.page_url }} - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Setup Python - uses: actions/setup-python@v4.6.0 - with: - python-version: 3.10 - cache: pip - - name: Setup Pages - uses: actions/configure-pages@v3 - - name: Build - run: | - sudo apt-get install \ - libcairo2-dev libfreetype6-dev libffi-dev libjpeg-dev libpng-dev libz-dev \ - --yes - FF_ENABLE_COMMIT_DATA=true FF_GENERATE_SOCIAL_CARDS=true bash ./build.sh - - name: Upload artifact - uses: actions/upload-pages-artifact@v1 - with: - path: './public' - - name: Deploy to GitHub Pages - id: gh-pages - uses: actions/deploy-pages@v2 - - name: Deploy to pages.dev - uses: cloudflare/pages-action@v1 - with: - apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} - accountId: cf0bd808c6a294fd8c4d8f6d2cdeca05 - projectName: ajhalili2006 - directory: public - # Optional: Enable this if you want to have GitHub Deployments triggered - gitHubToken: ${{ secrets.GITHUB_TOKEN }} - # Optional: Switch what branch you are publishing to. - # By default this will be the branch which triggered this workflow - branch: main - repo-sync: - name: Repository sync - runs-on: ubuntu-latest - if: contains(fromJSON('["push", "workflow_dispatch"]'), github.event_name) - steps: - - name: Checkout repository with full history - uses: actions/checkout@v3 - with: - fetch-depth: 0 - ssh-key: ${{secrets.MIRRORBOT_CI_SSH_KEY}} - ssh-known-host: | - github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= - github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= - github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl - mau.dev ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJNV/VLejsM22QLGaE0IFvLAKgBzmv+KZH0YXUwakDwlkLEzqCS3vIEU7hYK6LN9//O56tY/peGsfey5jQIIJ6WFuyezNdpLpScprLukBb7baKlb5Sei5S5Gn4LdLu2927HnbK6bcCRN52DfVmrLDvfc4m9tsV9Uz/aCwGaFU7UYJUJrYsd/+o0yR6FOeZLXWyQhhJKC9e5ueI8mQEUn3h5hhU12AQuvI7c7GPpsq3zK0n1iHbmtAK+o1iuQEP7ynWkh9/9gUYJy5PufIQQYWLesR6CEC47zgBiYtCJkPLzbavrkPhb77v/5Q52hFhsla5fszXyjXG4SPnRZ+7yvlEKDrqh0kFIT5g9WSDGjiho6DrIqNYrlbHWhpfUx/g8YXsTgHqfE44LrqVyWdhpsVeW4q+kfhd7yse/QnWoc0zSrdFmqVHQlBbEQxiwslrENfXuTVpHlUGMO0OvlSPezYknjRklYkA3nFUX6Zj9LjvrgUobtbKi2w/gO+t+qZOOD8= - mau.dev ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMLxa34Hhx89dTu4blnP+mA5AeWNTMqRyFYrCcJIKop6FtZ571Xyt4ign4zg7QFRQ5CciO783fMPK+K/gDXXAf8= - mau.dev ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICO76F2Bj2b1O3Q7Ln2x94kq6Ai2ev2aOyXur9XgSsM0 - git.sr.ht ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ+l/lvYmaeOAPeijHL8d4794Am0MOvmXPyvHTtrqvgmvCJB8pen/qkQX2S1fgl9VkMGSNxbp7NF7HmKgs5ajTGV9mB5A5zq+161lcp5+f1qmn3Dp1MWKp/AzejWXKW+dwPBd3kkudDBA1fa3uK6g1gK5nLw3qcuv/V4emX9zv3P2ZNlq9XRvBxGY2KzaCyCXVkL48RVTTJJnYbVdRuq8/jQkDRA8lHvGvKI+jqnljmZi2aIrK9OGT2gkCtfyTw2GvNDV6aZ0bEza7nDLU/I+xmByAOO79R1Uk4EYCvSc1WXDZqhiuO2sZRmVxa0pQSBDn1DB3rpvqPYW+UvKB3SOz - git.sr.ht ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCj6y+cJlqK3BHZRLZuM+KP2zGPrh4H66DacfliU1E2DHAd1GGwF4g1jwu3L8gOZUTIvUptqWTkmglpYhFp4Iy4= - git.sr.ht ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZvRd4EtM7R+IHVMWmDkVU3VLQTSwQDSAvW0t2Tkj60 - - name: Setup Git user details - run: | - git config --global user.name "Recap Time Bot" - git config --global user.email "gitops@recaptime.eu.org" - git remote add lab ssh://git@mau.dev/ajhalili2006/tildeverse-web - git remote add hut ssh://git@git.sr.ht/~ajhalili2006/tildeweb - - name: configure ssh - run: | - echo ${{secrets.MIRRORBOT_CI_SSH_KEY}} >> ~/.ssh/ci-passwordless-key - chmod 600 ~/.ssh/ci-passwordless-key - eval $(ssh-agent) && ssh-add ~/.ssh/ci-passwordless-key - - name: sync against github mirror first - run: | - git merge lab/main --ff-only || git rebase lab/main || echo "bailed out due to merge conflicts" && exit 1 - git push origin main - - name: mirror - run: | - # only mirror main branch in meanwhile - git push lab main --verbose -o ci.skip - git push hut main --verbose -o skip-ci diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 42f9a7d..709afa9 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -9,21 +9,16 @@ on: schedule: - cron: '30 22 * * *' push: - branches: [ "main" ] - # Publish semver tags as releases. - tags: [ 'v*.*.*' ] pull_request: branches: [ "main" ] env: - # Use docker.io for Docker Hub if empty - REGISTRY: ghcr.io # github.repository as / IMAGE_NAME: ${{ github.repository }} jobs: - build-devenv: + build-ci: name: Build development environment runs-on: ubuntu-latest permissions: @@ -47,39 +42,52 @@ jobs: # Workaround: https://github.com/docker/build-push-action/issues/461 - name: Setup Docker buildx - uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf + uses: docker/setup-buildx-action@v2 # Login against a Docker registry except on PR # https://github.com/docker/login-action - - name: Log into registry ${{ env.REGISTRY }} + - name: Log into GHCR if: github.event_name != 'pull_request' - uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c + uses: docker/login-action@v2 with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} + registry: ghcr.io + username: ${{ secrets.HUB_USERNAME }} + password: ${{ secrets.HUB_TOKEN }} + - name: Log into RHQCR + if: github.event_name != 'pull_request' + uses: docker/login-action@v2 + with: + registry: quay.io + username: ${{ secrets.RHQCR_BOT_USERNAME }} + password: ${{ secrets.RHQCR_BOT_TOKEN }} # Extract metadata (tags, labels) for Docker # https://github.com/docker/metadata-action - name: Extract Docker metadata id: meta - uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 + uses: docker/metadata-action@v4 with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + images: | + ghcr.io/${{ env.IMAGE_NAME }}/build-ci + quay.io/ajhalili2006/mkdocs-material-build-ci + tags: | + type=raw,value=latest,enable={{is_default_branch}} + type=sha,enable=true,priority=100,prefix=commit-,suffix=,format=short + type=schedule,pattern=nightly - uses: actions/checkout@v3 - uses: hadolint/hadolint-action@v3.1.0 with: - dockerfile: .gitpod.Dockerfile + dockerfile: docker/Dockerfile # Build and push Docker image with Buildx (don't push on PR) # https://github.com/docker/build-push-action - name: Build and push Docker image id: build-and-push - uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a + uses: docker/build-push-action@v4.1.1 with: - context: . - file: .gitpod.Dockerfile + context: docker + file: Dockerfile push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f095947..9626b2f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,7 +1,12 @@ -image: - name: dock.mau.dev/ajhalili2006/tildeverse-web/build-ci:commit-a9761cf4f2f1b8298f69aaaa07e0a577329a17d6 - entrypoint: - - /bin/bash +# The Docker image that will be used to build your app +image: quay.io/ajhalili2006/mkdocs-material-build-ci + +# Functions that should be executed before the build script is run +before_script: + - pip3 install -r requirements.txt + - npm ci + - curl --silent "https://gitlab.com/gitlab-org/incubation-engineering/mobile-devops/download-secure-files/-/raw/main/installer" | bash + - (curl -Ls --tlsv1.2 --proto "=https" --retry 3 https://cli.doppler.com/install.sh || wget -t 3 -qO- https://cli.doppler.com/install.sh) | sh variables: DEBUG: "1" @@ -9,93 +14,14 @@ variables: FF_GENERATE_SOCIAL_CARDS: "true" SECURE_FILES_DOWNLOAD_PATH: /run/secrets -.setupkit: - before_script: - - apk add curl gnupg bash coreutils && mkdir /run/secrets - - curl --silent "https://gitlab.com/gitlab-org/incubation-engineering/mobile-devops/download-secure-files/-/raw/main/installer" | bash - - (curl -Ls --tlsv1.2 --proto "=https" --retry 3 https://cli.doppler.com/install.sh || wget -t 3 -qO- https://cli.doppler.com/install.sh) | sh - tags: - - amd64 - -stages: - - build - - lint - - deploy - -build:mr: - extends: [ .setupkit ] - stage: build - script: - - bash ./bin/build.sh - artifacts: - paths: - - public - untracked: false - when: on_success - expire_in: "21 days" - cache: - paths: - - .cache - - .venv - key: pages-build-main - rules: - - if: $CI_COMMIT_BRANCH != 'main' && $CI_PIPELINE_SOURCE == "merge_request" - changes: - - mkdocs.yml - - markdown/* - - markdown/**/* - - .gitlab-ci.yml - - docker/Dockerfile - - package*.json - - .trigger-deploy - -build:main: - extends: [ .setupkit ] - stage: build +pages: script: - bash ./build.sh artifacts: paths: + # The folder that contains the files to be exposed at the Page URL - public - untracked: false - when: on_success - expire_in: "21 days" - cache: - paths: - - .cache - - .venv - key: pages-build-main rules: - - if: $CI_COMMIT_BRANCH == 'main' - changes: - - mkdocs.yml - - markdown/* - - markdown/**/* - - .gitlab-ci.yml - - docker/Dockerfile - - package*.json - - .trigger-deploy - -deploy:main: - stage: deploy - extends: [ .setupkit ] - needs: - - build:main - script: - - apk add nodejs-lts npm && npm i - - ls -Al - - doppler run -- echo hi - cache: - paths: - - node_modules - key: deploykit-main - rules: - - if: $CI_COMMIT_BRANCH == 'main' - changes: - - mkdocs.yml - - markdown/* - - markdown/**/* - - .gitlab-ci.yml - - docker/Dockerfile - - package*.json - - .trigger-deploy + # This ensures that only pushes to the default branch will trigger + # a pages deploy + - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH diff --git a/docker/Dockerfile b/docker/Dockerfile index 8fdcc61..a87e628 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,11 +1,16 @@ -# Since hadolint isn't in the package repos for Alpineyet, we'll copying from the offical -# Docker image instead. +# syntax=docker/dockerfile:1 FROM ghcr.io/hadolint/hadolint:latest-alpine AS hadolint-binary -# Since we're building against edge at risk +# Since we're building against edge at risk, it is important to note +# that anything might go wrong. FROM alpine:edge AS buildkit -COPY --stage=hadolint-binary /bin/hadolint /usr/bin/hadolint +# Since hadolint isn't in the package repos for Alpineyet, we'll copying from the offical +# Docker image instead. +COPY --from=hadolint-binary /bin/hadolint /usr/bin/hadolint + +ENV PACKAGES=/usr/local/lib/python3.11/site-packages +ENV PYTHONDONTWRITEBYTECODE=1 # https://squidfunk.github.io/mkdocs-material/setup/setting-up-social-cards/#linux but for Alpine # hadolint ignore=DL3018,DL3013 @@ -22,9 +27,30 @@ RUN apk add --no-cache \ py3-pip \ py3-wheel \ shellcheck \ - && pip3 install --no-cache \ + gcc \ + libffi-dev \ + musl-dev \ + nodejs \ + npm \ + yarn \ + git \ + git-fast-import \ + openssh \ + && pip3 install --no-cache-dir \ mkdocs-material \ mkdocs-redirects \ mkdocs-git-revision-date-localized-plugin \ pillow \ cairosvg + +# Trust directory, required for git >= 2.35.2 +# Follows the docs for the Docker-based site build setup +RUN git config --global --add safe.directory /docs &&\ + git config --global --add safe.directory /site + +# Expose MkDocs development server port +EXPOSE 8000 + +COPY entrypoint.sh /usr/local/bin/entrypoint +ENTRYPOINT [ "/usr/local/bin/entrypoint" ] +CMD [ "serve", "--dev-addr=0.0.0.0:8000" ] \ No newline at end of file diff --git a/docker/build.sh b/docker/build.sh new file mode 100644 index 0000000..dd9dfbe --- /dev/null +++ b/docker/build.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env bash +set -xe + +ROOTDIR=$(git rev-parse --show-toplevel) +CONTEXT=$ROOTDIR/docker +DOCKERFILE=$CONTEXT/Dockerfile +TAG=${IMAGE_TAG:-"quay.io/ajhalili2006/mkdocs-material-build-ci:localdev"} + +DOCKER_BUILDKIT=${DOCKER_BUILDKIT:-"0"} \ + docker build \ + -t $TAG \ + -f "$DOCKERFILE" \ + "$CONTEXT" \ No newline at end of file diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index d421cea..93053a7 100755 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -3,9 +3,10 @@ if [[ $DEBUG != "" ]]; then set -x fi +COMMAND=$* -if [[ $1 = "serve" ]] || [[ $1 == "build" ]] | [[ $1 == "gh-deploy" ]] || [[ $1 == "new" ]]; then - exec mkdocs $@ +if [[ $1 = "serve" ]] || [[ $1 == "build" ]] || [[ $1 == "gh-deploy" ]] || [[ $1 == "new" ]] || [[ $1 == "--help" ]]; then + exec "mkdocs $COMMAND" else - $@ + exec "$COMMAND" fi