Move website builds to GitLab CI

Repo cloning will go by next week.

Signed-off-by: Andrei Jiroh Halili <ajhalili2006@gmail.com>

.github/workflows/deploybot.yml

@@ -1,108 +0,0 @@
-# Simple workflow for deploying static content to GitHub Pages
-name: deploybaut
-
-on:
-  # Runs on pushes targeting the default branch
-  push:
-    branches: ["main"]
-
-  # Allows you to run this workflow manually from the Actions tab
-  workflow_dispatch:
-
-  schedule:
-    - cron: "*/30 */6 * * *"
-
-# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
-permissions:
-  contents: read
-  pages: write
-  id-token: write
-
-# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
-# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
-concurrency:
-  group: "pages"
-  cancel-in-progress: false
-
-jobs:
-  gh-pages:
-    if: contains(fromJSON('["push", "workflow_dispatch"]'), github.event_name)
-    environment:
-      name: github-pages
-      url: ${{ steps.deployment.outputs.page_url }}
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-      - name: Setup Python
-        uses: actions/setup-python@v4.6.0
-        with:
-          python-version: 3.10
-          cache: pip
-      - name: Setup Pages
-        uses: actions/configure-pages@v3
-      - name: Build
-        run: |
-          sudo apt-get install \
-            libcairo2-dev libfreetype6-dev libffi-dev libjpeg-dev libpng-dev libz-dev \
-            --yes
-          FF_ENABLE_COMMIT_DATA=true FF_GENERATE_SOCIAL_CARDS=true bash ./build.sh
-      - name: Upload artifact
-        uses: actions/upload-pages-artifact@v1
-        with:
-          path: './public'
-      - name: Deploy to GitHub Pages
-        id: gh-pages
-        uses: actions/deploy-pages@v2
-      - name: Deploy to pages.dev
-        uses: cloudflare/pages-action@v1
-        with:
-          apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
-          accountId: cf0bd808c6a294fd8c4d8f6d2cdeca05
-          projectName: ajhalili2006
-          directory: public
-          # Optional: Enable this if you want to have GitHub Deployments triggered
-          gitHubToken: ${{ secrets.GITHUB_TOKEN }}
-          # Optional: Switch what branch you are publishing to.
-          # By default this will be the branch which triggered this workflow
-          branch: main
-  repo-sync:
-    name: Repository sync
-    runs-on: ubuntu-latest
-    if: contains(fromJSON('["push", "workflow_dispatch"]'), github.event_name)
-    steps:
-      - name: Checkout repository with full history
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-          ssh-key: ${{secrets.MIRRORBOT_CI_SSH_KEY}}
-          ssh-known-host: |
-            github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
-            github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
-            github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
-            mau.dev ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJNV/VLejsM22QLGaE0IFvLAKgBzmv+KZH0YXUwakDwlkLEzqCS3vIEU7hYK6LN9//O56tY/peGsfey5jQIIJ6WFuyezNdpLpScprLukBb7baKlb5Sei5S5Gn4LdLu2927HnbK6bcCRN52DfVmrLDvfc4m9tsV9Uz/aCwGaFU7UYJUJrYsd/+o0yR6FOeZLXWyQhhJKC9e5ueI8mQEUn3h5hhU12AQuvI7c7GPpsq3zK0n1iHbmtAK+o1iuQEP7ynWkh9/9gUYJy5PufIQQYWLesR6CEC47zgBiYtCJkPLzbavrkPhb77v/5Q52hFhsla5fszXyjXG4SPnRZ+7yvlEKDrqh0kFIT5g9WSDGjiho6DrIqNYrlbHWhpfUx/g8YXsTgHqfE44LrqVyWdhpsVeW4q+kfhd7yse/QnWoc0zSrdFmqVHQlBbEQxiwslrENfXuTVpHlUGMO0OvlSPezYknjRklYkA3nFUX6Zj9LjvrgUobtbKi2w/gO+t+qZOOD8=
-            mau.dev ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMLxa34Hhx89dTu4blnP+mA5AeWNTMqRyFYrCcJIKop6FtZ571Xyt4ign4zg7QFRQ5CciO783fMPK+K/gDXXAf8=
-            mau.dev ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICO76F2Bj2b1O3Q7Ln2x94kq6Ai2ev2aOyXur9XgSsM0
-            git.sr.ht ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ+l/lvYmaeOAPeijHL8d4794Am0MOvmXPyvHTtrqvgmvCJB8pen/qkQX2S1fgl9VkMGSNxbp7NF7HmKgs5ajTGV9mB5A5zq+161lcp5+f1qmn3Dp1MWKp/AzejWXKW+dwPBd3kkudDBA1fa3uK6g1gK5nLw3qcuv/V4emX9zv3P2ZNlq9XRvBxGY2KzaCyCXVkL48RVTTJJnYbVdRuq8/jQkDRA8lHvGvKI+jqnljmZi2aIrK9OGT2gkCtfyTw2GvNDV6aZ0bEza7nDLU/I+xmByAOO79R1Uk4EYCvSc1WXDZqhiuO2sZRmVxa0pQSBDn1DB3rpvqPYW+UvKB3SOz
-            git.sr.ht ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCj6y+cJlqK3BHZRLZuM+KP2zGPrh4H66DacfliU1E2DHAd1GGwF4g1jwu3L8gOZUTIvUptqWTkmglpYhFp4Iy4=
-            git.sr.ht ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZvRd4EtM7R+IHVMWmDkVU3VLQTSwQDSAvW0t2Tkj60
-      - name: Setup Git user details
-        run: |
-          git config --global user.name "Recap Time Bot"
-          git config --global user.email "gitops@recaptime.eu.org"
-          git remote add lab ssh://git@mau.dev/ajhalili2006/tildeverse-web
-          git remote add hut ssh://git@git.sr.ht/~ajhalili2006/tildeweb
-      - name: configure ssh
-        run: |
-          echo ${{secrets.MIRRORBOT_CI_SSH_KEY}} >> ~/.ssh/ci-passwordless-key
-          chmod 600 ~/.ssh/ci-passwordless-key
-          eval $(ssh-agent) && ssh-add ~/.ssh/ci-passwordless-key
-      - name: sync against github mirror first
-        run: |
-          git merge lab/main --ff-only || git rebase lab/main || echo "bailed out due to merge conflicts" && exit 1
-          git push origin main
-      - name: mirror
-        run: |
-          # only mirror main branch in meanwhile
-          git push lab main --verbose -o ci.skip
-          git push hut main --verbose -o skip-ci

.github/workflows/docker.yml

@@ -9,21 +9,16 @@ on:
   schedule:
     - cron: '30 22 * * *'
   push:
-    branches: [ "main" ]
-    # Publish semver tags as releases.
-    tags: [ 'v*.*.*' ]
   pull_request:
     branches: [ "main" ]
 
 env:
-  # Use docker.io for Docker Hub if empty
-  REGISTRY: ghcr.io
   # github.repository as <account>/<repo>
   IMAGE_NAME: ${{ github.repository }}
 
 
 jobs:
-  build-devenv:
+  build-ci:
     name: Build development environment
     runs-on: ubuntu-latest
     permissions:
@@ -47,39 +42,52 @@ jobs:
 
       # Workaround: https://github.com/docker/build-push-action/issues/461
       - name: Setup Docker buildx
-        uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
+        uses: docker/setup-buildx-action@v2
 
       # Login against a Docker registry except on PR
       # https://github.com/docker/login-action
-      - name: Log into registry ${{ env.REGISTRY }}
+      - name: Log into GHCR
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
+        uses: docker/login-action@v2
         with:
-          registry: ${{ env.REGISTRY }}
+          registry: ghcr.io
-          username: ${{ github.actor }}
+          username: ${{ secrets.HUB_USERNAME }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+          password: ${{ secrets.HUB_TOKEN }}
+      - name: Log into RHQCR
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v2
+        with:
+          registry: quay.io
+          username: ${{ secrets.RHQCR_BOT_USERNAME }}
+          password: ${{ secrets.RHQCR_BOT_TOKEN }}
 
       # Extract metadata (tags, labels) for Docker
       # https://github.com/docker/metadata-action
       - name: Extract Docker metadata
         id: meta
-        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        uses: docker/metadata-action@v4
         with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          images: |
+            ghcr.io/${{ env.IMAGE_NAME }}/build-ci
+            quay.io/ajhalili2006/mkdocs-material-build-ci
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=sha,enable=true,priority=100,prefix=commit-,suffix=,format=short
+            type=schedule,pattern=nightly
 
       - uses: actions/checkout@v3
       - uses: hadolint/hadolint-action@v3.1.0
         with:
-          dockerfile: .gitpod.Dockerfile
+          dockerfile: docker/Dockerfile
 
       # Build and push Docker image with Buildx (don't push on PR)
       # https://github.com/docker/build-push-action
       - name: Build and push Docker image
         id: build-and-push
-        uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a
+        uses: docker/build-push-action@v4.1.1
         with:
-          context: .
+          context: docker
-          file: .gitpod.Dockerfile
+          file: Dockerfile
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}

.gitlab-ci.yml

@@ -1,7 +1,12 @@
-image:
+# The Docker image that will be used to build your app
-  name: dock.mau.dev/ajhalili2006/tildeverse-web/build-ci:commit-a9761cf4f2f1b8298f69aaaa07e0a577329a17d6
+image: quay.io/ajhalili2006/mkdocs-material-build-ci
-  entrypoint:
+
-    - /bin/bash
+# Functions that should be executed before the build script is run
+before_script:
+  - pip3 install -r requirements.txt
+  - npm ci
+  - curl --silent "https://gitlab.com/gitlab-org/incubation-engineering/mobile-devops/download-secure-files/-/raw/main/installer" | bash
+  - (curl -Ls --tlsv1.2 --proto "=https" --retry 3 https://cli.doppler.com/install.sh || wget -t 3 -qO- https://cli.doppler.com/install.sh) | sh
 
 variables:
   DEBUG: "1"
@@ -9,93 +14,14 @@ variables:
   FF_GENERATE_SOCIAL_CARDS: "true"
   SECURE_FILES_DOWNLOAD_PATH: /run/secrets
 
-.setupkit:
+pages:
-  before_script:
-    - apk add curl gnupg bash coreutils && mkdir /run/secrets
-    - curl --silent "https://gitlab.com/gitlab-org/incubation-engineering/mobile-devops/download-secure-files/-/raw/main/installer" | bash
-    - (curl -Ls --tlsv1.2 --proto "=https" --retry 3 https://cli.doppler.com/install.sh || wget -t 3 -qO- https://cli.doppler.com/install.sh) | sh
-  tags:
-    - amd64
-
-stages:
-  - build
-  - lint
-  - deploy
-
-build:mr:
-  extends: [ .setupkit ]
-  stage: build
-  script:
-    - bash ./bin/build.sh
-  artifacts:
-    paths:
-      - public
-    untracked: false
-    when: on_success
-    expire_in: "21 days"
-  cache:
-    paths:
-      - .cache
-      - .venv
-    key: pages-build-main
-  rules:
-    - if: $CI_COMMIT_BRANCH != 'main' && $CI_PIPELINE_SOURCE == "merge_request"
-      changes:
-        - mkdocs.yml
-        - markdown/*
-        - markdown/**/*
-        - .gitlab-ci.yml
-        - docker/Dockerfile
-        - package*.json
-        - .trigger-deploy
-
-build:main:
-  extends: [ .setupkit ]
-  stage: build
   script:
     - bash ./build.sh
   artifacts:
     paths:
+      # The folder that contains the files to be exposed at the Page URL
       - public
-    untracked: false
-    when: on_success
-    expire_in: "21 days"
-  cache:
-    paths:
-      - .cache
-      - .venv
-    key: pages-build-main
   rules:
-    - if: $CI_COMMIT_BRANCH == 'main'
+    # This ensures that only pushes to the default branch will trigger
-      changes:
+    # a pages deploy
-        - mkdocs.yml
+    - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
-        - markdown/*
-        - markdown/**/*
-        - .gitlab-ci.yml
-        - docker/Dockerfile
-        - package*.json
-        - .trigger-deploy
-
-deploy:main:
-  stage: deploy
-  extends: [ .setupkit ]
-  needs:
-    - build:main
-  script:
-    - apk add nodejs-lts npm && npm i
-    - ls -Al
-    - doppler run -- echo hi
-  cache:
-    paths:
-      - node_modules
-    key: deploykit-main
-  rules:
-    - if: $CI_COMMIT_BRANCH == 'main'
-      changes:
-        - mkdocs.yml
-        - markdown/*
-        - markdown/**/*
-        - .gitlab-ci.yml
-        - docker/Dockerfile
-        - package*.json
-        - .trigger-deploy

docker/Dockerfile

@@ -1,11 +1,16 @@
-# Since hadolint isn't in the package repos for Alpineyet, we'll copying from the offical
+# syntax=docker/dockerfile:1
-# Docker image instead.
 FROM ghcr.io/hadolint/hadolint:latest-alpine AS hadolint-binary
 
-# Since we're building against edge at risk
+# Since we're building against edge at risk, it is important to note
+# that anything might go wrong.
 FROM alpine:edge AS buildkit
 
-COPY --stage=hadolint-binary /bin/hadolint /usr/bin/hadolint
+# Since hadolint isn't in the package repos for Alpineyet, we'll copying from the offical
+# Docker image instead.
+COPY --from=hadolint-binary /bin/hadolint /usr/bin/hadolint
+
+ENV PACKAGES=/usr/local/lib/python3.11/site-packages
+ENV PYTHONDONTWRITEBYTECODE=1
 
 # https://squidfunk.github.io/mkdocs-material/setup/setting-up-social-cards/#linux but for Alpine
 # hadolint ignore=DL3018,DL3013
@@ -22,9 +27,30 @@ RUN apk add --no-cache \
      py3-pip \
      py3-wheel \
      shellcheck \
-  && pip3 install --no-cache \
+     gcc \
+     libffi-dev \
+     musl-dev \
+     nodejs \
+     npm \
+     yarn \
+     git \
+     git-fast-import \
+     openssh \
+  && pip3 install --no-cache-dir \
       mkdocs-material \ 
       mkdocs-redirects \
       mkdocs-git-revision-date-localized-plugin \
       pillow \
       cairosvg
+
+# Trust directory, required for git >= 2.35.2
+# Follows the docs for the Docker-based site build setup
+RUN git config --global --add safe.directory /docs &&\
+    git config --global --add safe.directory /site
+
+# Expose MkDocs development server port
+EXPOSE 8000
+
+COPY entrypoint.sh /usr/local/bin/entrypoint
+ENTRYPOINT [ "/usr/local/bin/entrypoint" ]
+CMD [ "serve", "--dev-addr=0.0.0.0:8000" ]

docker/build.sh

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+set -xe
+
+ROOTDIR=$(git rev-parse --show-toplevel)
+CONTEXT=$ROOTDIR/docker
+DOCKERFILE=$CONTEXT/Dockerfile
+TAG=${IMAGE_TAG:-"quay.io/ajhalili2006/mkdocs-material-build-ci:localdev"}
+
+DOCKER_BUILDKIT=${DOCKER_BUILDKIT:-"0"} \
+  docker build \
+  -t $TAG \
+  -f "$DOCKERFILE" \
+  "$CONTEXT"

docker/entrypoint.sh

@@ -3,9 +3,10 @@
 if [[ $DEBUG != "" ]]; then
   set -x
 fi
+COMMAND=$*
 
-if [[ $1 = "serve" ]] || [[ $1 == "build" ]] | [[ $1 == "gh-deploy" ]] || [[ $1 == "new" ]]; then
+if [[ $1 = "serve" ]] || [[ $1 == "build" ]] || [[ $1 == "gh-deploy" ]] || [[ $1 == "new" ]] || [[ $1 == "--help" ]]; then
-  exec mkdocs $@
+  exec "mkdocs $COMMAND"
 else
-  $@
+  exec "$COMMAND"
 fi