ci(gitlab-ci): update deploy scripts and add .env.ci managed by dotenvx

Signed-off-by: Andrei Jiroh Halili <ajhalili2006@andreijiroh.xyz>

.env.ci

@@ -0,0 +1,11 @@
+#/-------------------[DOTENV_PUBLIC_KEY]--------------------/
+#/            public-key encryption for .env files          /
+#/       [how it works](https://dotenvx.com/encryption)     /
+#/----------------------------------------------------------/
+DOTENV_PUBLIC_KEY_CI="0229743ae8682e55160d2176b2d17e5fc9e7ce7779fda3597fb8f4701c61615381"
+DOTENVX=1
+
+# .env.ci
+SOURCEHUT_PAGES_TOKEN="encrypted:BNHzZMqMJw9wodfYI5x4kWO1OwYjUWHOwoqTYX10K5Z1jaaE4HuiG5g9KhoSo0vl/fN120WW+uVcP+uwHRJdPADLecM8SjmxOwF1LDDqiDYXnpUS3KqOdVcOtvV3xHYITVd0q9ds2SFue/1HOnzToCD7fC3PoAV+FmYGKF+NFK+c01ws7yI7TGJ7tGOIDTq9jdUbtZ/Mo2o5xx/85zbjmGHGRlIOHlM5pmg1CBhOfRvZdla9Ay/gkJ6Yrm5h0+ULZZUTt4lyKWYYwvVWTeaOngOOmAOps18BvvwSsHoN4QK5IrvVZEbhLqOAZdMcLYlKWViFA559IKx1vky3ddSS6S+lOIn9kGFAwNSu41jH+SFMFtK0QH64"
+CLOUDFLARE_ACCOUNT_ID="encrypted:BB7kta9zZf3Y02HZtxI2/o6vTCvTWYJhOBI4ajDgimbqS1dsdc+Zf6Qcch+gg8LM8UTDDu/8p2K511oyEOa3Xqo/IoX+7NvKu9qZlb2Y38Y44SuP7hSGVcRpfZ5PuzCtFBHAez1OtpWAcdGOmBU8l6bZro3AsBXvpLfLPD/ocspf"
+CLOUDFLARE_API_TOKEN="encrypted:BHr81tc2ka99Yd2+rkxhGjqBlYthCUpVWIrJVLNdqKzC8skKWeY+okX7LlEnrYuN8hdAC5HP2tj4e5KHnaPq2ShTfKN5VSAxhZDNQKEmsOiVrh11nuGw4Bc94/0mwJHMvyqVFsWmfir2mQkY6llw4bu/NNPk12BRfXKSRIwyc28qGMxwnoYPbvI="

.gitlab-ci.yml

@@ -15,6 +15,7 @@ default:
     - pipenv install --ignore-pipfile --deploy
     - npm ci
     - curl --silent "https://gitlab.com/gitlab-org/incubation-engineering/mobile-devops/download-secure-files/-/raw/main/installer" | bash
+    - ssh-agent > /tmp/.ssh-agent.env
 
 # Global builds and stuff
 variables:
@@ -23,11 +24,15 @@ variables:
   FF_GENERATE_SOCIAL_CARDS: "true"
   SECURE_FILES_DOWNLOAD_PATH: .secretskit
   GIT_DEPTH: "0"
+  DOTENV_PRIVATE_KEY: $DOTENV_PRIVATE_KEY_CI
 
 pages:
   stage: build
   script:
-    - doppler run -- ./bin/deploykit-pages.sh
+    - |
+      source /tmp/.ssh-agent.env
+      ./bin/build.sh
+      ./bin/deploy.sh
   artifacts:
     paths:
       # The folder that contains the files to be exposed at the Page URL

bin/build.sh

@@ -1,28 +1,7 @@
 #!/usr/bin/env bash
-set -xe
+set -e
 
-TARGET_DIR=${TARGET_DIR:-"$PWD/public"}
-FF_OFFLINE_MKDOCS_PLUGIN=${FF_OFFLINE_MKDOCS_PLUGIN:-"false"}
-FF_ENABLE_COMMIT_DATA=${FF_ENABLE_COMMIT_DATA:-"true"}
-FF_GENERATE_SOCIAL_CARDS=${FF_GENERATE_SOCIAL_CARDS:-"true"}
-TARGET_BUILD_CONFIG=${1:-"mkdocs.yml"}
-
-if [[ ! -d "$TARGET_DIR" ]]; then
-  mkdir "$TARGET_DIR" -pv
-fi
-
-if [[ $SKIP_VENV_SETUP == "" ]] || [[ $CI == "" ]]; then
-  pipenv install --ignore-pipfile --deploy --verbose
-  pipenv run mkdocs build -d "$TARGET_DIR" -f ${TARGET_BUILD_CONFIG}
-else
-  pip3 install -r requirements.txt --upgrade --user
-  mkdocs build -d "$TARGET_DIR" -f ${TARGET_BUILD_CONFIG}
-fi
-
-mkdir "$TARGET_DIR/api"
-git rev-parse HEAD > "$TARGET_DIR/api/commit"
+TARGET_DIR="${PWD}/public"
+pipenv run build
 cp "$TARGET_DIR/assets/images/favicon.png" "$TARGET_DIR/favicon.ico"
-cp markdown/.well-known "$TARGET_DIR/.well-known" -rv
-cp markdown/humans.txt "$TARGET_DIR/humans.txt" -v
-
-set +xe
+cp markdown/.well-known markdown/humans.txt "$TARGET_DIR/" -rv

bin/deploy.sh

@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+set -ea
+if [[ $DEBUG != "" ]]; then
+  set -x
+fi
+
+_root_directory_git=$(git rev-parse --show-toplevel)
+
+warn() {
+    echo "warning: $*"
+}
+
+error() {
+    echo "error: $*"
+}
+
+info() {
+  echo "info: $*"
+}
+
+if [[ $CI == "true" ]] && [[ $CI_PIPELINE_SOURCE == "push" || $CI_PIPELINE_SOURCE == "web" ]]
+  && [[ $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH ]]; then
+  npx wrangler pages publish ${_root_directory_git}/public --project-name ${CF_PAGES_PROJECT_NAME} --branch main
+fi