Move website builds to GitLab CI

Repo cloning will go by next week.

Signed-off-by: Andrei Jiroh Halili <ajhalili2006@gmail.com>
This commit is contained in:
Andrei Jiroh Halili 2023-07-13 18:13:07 +00:00
parent 4ae868cf37
commit 9e61cf7e65
6 changed files with 88 additions and 222 deletions

View file

@ -1,108 +0,0 @@
# Simple workflow for deploying static content to GitHub Pages
name: deploybaut
on:
# Runs on pushes targeting the default branch
push:
branches: ["main"]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
schedule:
- cron: "*/30 */6 * * *"
# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
permissions:
contents: read
pages: write
id-token: write
# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
concurrency:
group: "pages"
cancel-in-progress: false
jobs:
gh-pages:
if: contains(fromJSON('["push", "workflow_dispatch"]'), github.event_name)
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup Python
uses: actions/setup-python@v4.6.0
with:
python-version: 3.10
cache: pip
- name: Setup Pages
uses: actions/configure-pages@v3
- name: Build
run: |
sudo apt-get install \
libcairo2-dev libfreetype6-dev libffi-dev libjpeg-dev libpng-dev libz-dev \
--yes
FF_ENABLE_COMMIT_DATA=true FF_GENERATE_SOCIAL_CARDS=true bash ./build.sh
- name: Upload artifact
uses: actions/upload-pages-artifact@v1
with:
path: './public'
- name: Deploy to GitHub Pages
id: gh-pages
uses: actions/deploy-pages@v2
- name: Deploy to pages.dev
uses: cloudflare/pages-action@v1
with:
apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
accountId: cf0bd808c6a294fd8c4d8f6d2cdeca05
projectName: ajhalili2006
directory: public
# Optional: Enable this if you want to have GitHub Deployments triggered
gitHubToken: ${{ secrets.GITHUB_TOKEN }}
# Optional: Switch what branch you are publishing to.
# By default this will be the branch which triggered this workflow
branch: main
repo-sync:
name: Repository sync
runs-on: ubuntu-latest
if: contains(fromJSON('["push", "workflow_dispatch"]'), github.event_name)
steps:
- name: Checkout repository with full history
uses: actions/checkout@v3
with:
fetch-depth: 0
ssh-key: ${{secrets.MIRRORBOT_CI_SSH_KEY}}
ssh-known-host: |
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
mau.dev ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJNV/VLejsM22QLGaE0IFvLAKgBzmv+KZH0YXUwakDwlkLEzqCS3vIEU7hYK6LN9//O56tY/peGsfey5jQIIJ6WFuyezNdpLpScprLukBb7baKlb5Sei5S5Gn4LdLu2927HnbK6bcCRN52DfVmrLDvfc4m9tsV9Uz/aCwGaFU7UYJUJrYsd/+o0yR6FOeZLXWyQhhJKC9e5ueI8mQEUn3h5hhU12AQuvI7c7GPpsq3zK0n1iHbmtAK+o1iuQEP7ynWkh9/9gUYJy5PufIQQYWLesR6CEC47zgBiYtCJkPLzbavrkPhb77v/5Q52hFhsla5fszXyjXG4SPnRZ+7yvlEKDrqh0kFIT5g9WSDGjiho6DrIqNYrlbHWhpfUx/g8YXsTgHqfE44LrqVyWdhpsVeW4q+kfhd7yse/QnWoc0zSrdFmqVHQlBbEQxiwslrENfXuTVpHlUGMO0OvlSPezYknjRklYkA3nFUX6Zj9LjvrgUobtbKi2w/gO+t+qZOOD8=
mau.dev ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMLxa34Hhx89dTu4blnP+mA5AeWNTMqRyFYrCcJIKop6FtZ571Xyt4ign4zg7QFRQ5CciO783fMPK+K/gDXXAf8=
mau.dev ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICO76F2Bj2b1O3Q7Ln2x94kq6Ai2ev2aOyXur9XgSsM0
git.sr.ht ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ+l/lvYmaeOAPeijHL8d4794Am0MOvmXPyvHTtrqvgmvCJB8pen/qkQX2S1fgl9VkMGSNxbp7NF7HmKgs5ajTGV9mB5A5zq+161lcp5+f1qmn3Dp1MWKp/AzejWXKW+dwPBd3kkudDBA1fa3uK6g1gK5nLw3qcuv/V4emX9zv3P2ZNlq9XRvBxGY2KzaCyCXVkL48RVTTJJnYbVdRuq8/jQkDRA8lHvGvKI+jqnljmZi2aIrK9OGT2gkCtfyTw2GvNDV6aZ0bEza7nDLU/I+xmByAOO79R1Uk4EYCvSc1WXDZqhiuO2sZRmVxa0pQSBDn1DB3rpvqPYW+UvKB3SOz
git.sr.ht ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCj6y+cJlqK3BHZRLZuM+KP2zGPrh4H66DacfliU1E2DHAd1GGwF4g1jwu3L8gOZUTIvUptqWTkmglpYhFp4Iy4=
git.sr.ht ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZvRd4EtM7R+IHVMWmDkVU3VLQTSwQDSAvW0t2Tkj60
- name: Setup Git user details
run: |
git config --global user.name "Recap Time Bot"
git config --global user.email "gitops@recaptime.eu.org"
git remote add lab ssh://git@mau.dev/ajhalili2006/tildeverse-web
git remote add hut ssh://git@git.sr.ht/~ajhalili2006/tildeweb
- name: configure ssh
run: |
echo ${{secrets.MIRRORBOT_CI_SSH_KEY}} >> ~/.ssh/ci-passwordless-key
chmod 600 ~/.ssh/ci-passwordless-key
eval $(ssh-agent) && ssh-add ~/.ssh/ci-passwordless-key
- name: sync against github mirror first
run: |
git merge lab/main --ff-only || git rebase lab/main || echo "bailed out due to merge conflicts" && exit 1
git push origin main
- name: mirror
run: |
# only mirror main branch in meanwhile
git push lab main --verbose -o ci.skip
git push hut main --verbose -o skip-ci

View file

@ -9,21 +9,16 @@ on:
schedule:
- cron: '30 22 * * *'
push:
branches: [ "main" ]
# Publish semver tags as releases.
tags: [ 'v*.*.*' ]
pull_request:
branches: [ "main" ]
env:
# Use docker.io for Docker Hub if empty
REGISTRY: ghcr.io
# github.repository as <account>/<repo>
IMAGE_NAME: ${{ github.repository }}
jobs:
build-devenv:
build-ci:
name: Build development environment
runs-on: ubuntu-latest
permissions:
@ -47,39 +42,52 @@ jobs:
# Workaround: https://github.com/docker/build-push-action/issues/461
- name: Setup Docker buildx
uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
uses: docker/setup-buildx-action@v2
# Login against a Docker registry except on PR
# https://github.com/docker/login-action
- name: Log into registry ${{ env.REGISTRY }}
- name: Log into GHCR
if: github.event_name != 'pull_request'
uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
uses: docker/login-action@v2
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
registry: ghcr.io
username: ${{ secrets.HUB_USERNAME }}
password: ${{ secrets.HUB_TOKEN }}
- name: Log into RHQCR
if: github.event_name != 'pull_request'
uses: docker/login-action@v2
with:
registry: quay.io
username: ${{ secrets.RHQCR_BOT_USERNAME }}
password: ${{ secrets.RHQCR_BOT_TOKEN }}
# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
uses: docker/metadata-action@v4
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
images: |
ghcr.io/${{ env.IMAGE_NAME }}/build-ci
quay.io/ajhalili2006/mkdocs-material-build-ci
tags: |
type=raw,value=latest,enable={{is_default_branch}}
type=sha,enable=true,priority=100,prefix=commit-,suffix=,format=short
type=schedule,pattern=nightly
- uses: actions/checkout@v3
- uses: hadolint/hadolint-action@v3.1.0
with:
dockerfile: .gitpod.Dockerfile
dockerfile: docker/Dockerfile
# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
- name: Build and push Docker image
id: build-and-push
uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a
uses: docker/build-push-action@v4.1.1
with:
context: .
file: .gitpod.Dockerfile
context: docker
file: Dockerfile
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}

View file

@ -1,7 +1,12 @@
image:
name: dock.mau.dev/ajhalili2006/tildeverse-web/build-ci:commit-a9761cf4f2f1b8298f69aaaa07e0a577329a17d6
entrypoint:
- /bin/bash
# The Docker image that will be used to build your app
image: quay.io/ajhalili2006/mkdocs-material-build-ci
# Functions that should be executed before the build script is run
before_script:
- pip3 install -r requirements.txt
- npm ci
- curl --silent "https://gitlab.com/gitlab-org/incubation-engineering/mobile-devops/download-secure-files/-/raw/main/installer" | bash
- (curl -Ls --tlsv1.2 --proto "=https" --retry 3 https://cli.doppler.com/install.sh || wget -t 3 -qO- https://cli.doppler.com/install.sh) | sh
variables:
DEBUG: "1"
@ -9,93 +14,14 @@ variables:
FF_GENERATE_SOCIAL_CARDS: "true"
SECURE_FILES_DOWNLOAD_PATH: /run/secrets
.setupkit:
before_script:
- apk add curl gnupg bash coreutils && mkdir /run/secrets
- curl --silent "https://gitlab.com/gitlab-org/incubation-engineering/mobile-devops/download-secure-files/-/raw/main/installer" | bash
- (curl -Ls --tlsv1.2 --proto "=https" --retry 3 https://cli.doppler.com/install.sh || wget -t 3 -qO- https://cli.doppler.com/install.sh) | sh
tags:
- amd64
stages:
- build
- lint
- deploy
build:mr:
extends: [ .setupkit ]
stage: build
script:
- bash ./bin/build.sh
artifacts:
paths:
- public
untracked: false
when: on_success
expire_in: "21 days"
cache:
paths:
- .cache
- .venv
key: pages-build-main
rules:
- if: $CI_COMMIT_BRANCH != 'main' && $CI_PIPELINE_SOURCE == "merge_request"
changes:
- mkdocs.yml
- markdown/*
- markdown/**/*
- .gitlab-ci.yml
- docker/Dockerfile
- package*.json
- .trigger-deploy
build:main:
extends: [ .setupkit ]
stage: build
pages:
script:
- bash ./build.sh
artifacts:
paths:
# The folder that contains the files to be exposed at the Page URL
- public
untracked: false
when: on_success
expire_in: "21 days"
cache:
paths:
- .cache
- .venv
key: pages-build-main
rules:
- if: $CI_COMMIT_BRANCH == 'main'
changes:
- mkdocs.yml
- markdown/*
- markdown/**/*
- .gitlab-ci.yml
- docker/Dockerfile
- package*.json
- .trigger-deploy
deploy:main:
stage: deploy
extends: [ .setupkit ]
needs:
- build:main
script:
- apk add nodejs-lts npm && npm i
- ls -Al
- doppler run -- echo hi
cache:
paths:
- node_modules
key: deploykit-main
rules:
- if: $CI_COMMIT_BRANCH == 'main'
changes:
- mkdocs.yml
- markdown/*
- markdown/**/*
- .gitlab-ci.yml
- docker/Dockerfile
- package*.json
- .trigger-deploy
# This ensures that only pushes to the default branch will trigger
# a pages deploy
- if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH

View file

@ -1,11 +1,16 @@
# Since hadolint isn't in the package repos for Alpineyet, we'll copying from the offical
# Docker image instead.
# syntax=docker/dockerfile:1
FROM ghcr.io/hadolint/hadolint:latest-alpine AS hadolint-binary
# Since we're building against edge at risk
# Since we're building against edge at risk, it is important to note
# that anything might go wrong.
FROM alpine:edge AS buildkit
COPY --stage=hadolint-binary /bin/hadolint /usr/bin/hadolint
# Since hadolint isn't in the package repos for Alpineyet, we'll copying from the offical
# Docker image instead.
COPY --from=hadolint-binary /bin/hadolint /usr/bin/hadolint
ENV PACKAGES=/usr/local/lib/python3.11/site-packages
ENV PYTHONDONTWRITEBYTECODE=1
# https://squidfunk.github.io/mkdocs-material/setup/setting-up-social-cards/#linux but for Alpine
# hadolint ignore=DL3018,DL3013
@ -22,9 +27,30 @@ RUN apk add --no-cache \
py3-pip \
py3-wheel \
shellcheck \
&& pip3 install --no-cache \
gcc \
libffi-dev \
musl-dev \
nodejs \
npm \
yarn \
git \
git-fast-import \
openssh \
&& pip3 install --no-cache-dir \
mkdocs-material \
mkdocs-redirects \
mkdocs-git-revision-date-localized-plugin \
pillow \
cairosvg
# Trust directory, required for git >= 2.35.2
# Follows the docs for the Docker-based site build setup
RUN git config --global --add safe.directory /docs &&\
git config --global --add safe.directory /site
# Expose MkDocs development server port
EXPOSE 8000
COPY entrypoint.sh /usr/local/bin/entrypoint
ENTRYPOINT [ "/usr/local/bin/entrypoint" ]
CMD [ "serve", "--dev-addr=0.0.0.0:8000" ]

13
docker/build.sh Normal file
View file

@ -0,0 +1,13 @@
#!/usr/bin/env bash
set -xe
ROOTDIR=$(git rev-parse --show-toplevel)
CONTEXT=$ROOTDIR/docker
DOCKERFILE=$CONTEXT/Dockerfile
TAG=${IMAGE_TAG:-"quay.io/ajhalili2006/mkdocs-material-build-ci:localdev"}
DOCKER_BUILDKIT=${DOCKER_BUILDKIT:-"0"} \
docker build \
-t $TAG \
-f "$DOCKERFILE" \
"$CONTEXT"

View file

@ -3,9 +3,10 @@
if [[ $DEBUG != "" ]]; then
set -x
fi
COMMAND=$*
if [[ $1 = "serve" ]] || [[ $1 == "build" ]] | [[ $1 == "gh-deploy" ]] || [[ $1 == "new" ]]; then
exec mkdocs $@
if [[ $1 = "serve" ]] || [[ $1 == "build" ]] || [[ $1 == "gh-deploy" ]] || [[ $1 == "new" ]] || [[ $1 == "--help" ]]; then
exec "mkdocs $COMMAND"
else
$@
exec "$COMMAND"
fi