ci(gitlab-ci): update deploy scripts and add .env.ci managed by dotenvx

Signed-off-by: Andrei Jiroh Halili <ajhalili2006@andreijiroh.xyz>
This commit is contained in:
Andrei Jiroh Halili 2024-10-12 19:10:03 +00:00
parent e954a7fa74
commit cc340223f9
No known key found for this signature in database
GPG key ID: 67BFC91B3DA12BE8
4 changed files with 45 additions and 26 deletions

11
.env.ci Normal file
View file

@ -0,0 +1,11 @@
#/-------------------[DOTENV_PUBLIC_KEY]--------------------/
#/ public-key encryption for .env files /
#/ [how it works](https://dotenvx.com/encryption) /
#/----------------------------------------------------------/
DOTENV_PUBLIC_KEY_CI="0229743ae8682e55160d2176b2d17e5fc9e7ce7779fda3597fb8f4701c61615381"
DOTENVX=1
# .env.ci
SOURCEHUT_PAGES_TOKEN="encrypted:BNHzZMqMJw9wodfYI5x4kWO1OwYjUWHOwoqTYX10K5Z1jaaE4HuiG5g9KhoSo0vl/fN120WW+uVcP+uwHRJdPADLecM8SjmxOwF1LDDqiDYXnpUS3KqOdVcOtvV3xHYITVd0q9ds2SFue/1HOnzToCD7fC3PoAV+FmYGKF+NFK+c01ws7yI7TGJ7tGOIDTq9jdUbtZ/Mo2o5xx/85zbjmGHGRlIOHlM5pmg1CBhOfRvZdla9Ay/gkJ6Yrm5h0+ULZZUTt4lyKWYYwvVWTeaOngOOmAOps18BvvwSsHoN4QK5IrvVZEbhLqOAZdMcLYlKWViFA559IKx1vky3ddSS6S+lOIn9kGFAwNSu41jH+SFMFtK0QH64"
CLOUDFLARE_ACCOUNT_ID="encrypted:BB7kta9zZf3Y02HZtxI2/o6vTCvTWYJhOBI4ajDgimbqS1dsdc+Zf6Qcch+gg8LM8UTDDu/8p2K511oyEOa3Xqo/IoX+7NvKu9qZlb2Y38Y44SuP7hSGVcRpfZ5PuzCtFBHAez1OtpWAcdGOmBU8l6bZro3AsBXvpLfLPD/ocspf"
CLOUDFLARE_API_TOKEN="encrypted:BHr81tc2ka99Yd2+rkxhGjqBlYthCUpVWIrJVLNdqKzC8skKWeY+okX7LlEnrYuN8hdAC5HP2tj4e5KHnaPq2ShTfKN5VSAxhZDNQKEmsOiVrh11nuGw4Bc94/0mwJHMvyqVFsWmfir2mQkY6llw4bu/NNPk12BRfXKSRIwyc28qGMxwnoYPbvI="

View file

@ -15,6 +15,7 @@ default:
- pipenv install --ignore-pipfile --deploy
- npm ci
- curl --silent "https://gitlab.com/gitlab-org/incubation-engineering/mobile-devops/download-secure-files/-/raw/main/installer" | bash
- ssh-agent > /tmp/.ssh-agent.env
# Global builds and stuff
variables:
@ -23,11 +24,15 @@ variables:
FF_GENERATE_SOCIAL_CARDS: "true"
SECURE_FILES_DOWNLOAD_PATH: .secretskit
GIT_DEPTH: "0"
DOTENV_PRIVATE_KEY: $DOTENV_PRIVATE_KEY_CI
pages:
stage: build
script:
- doppler run -- ./bin/deploykit-pages.sh
- |
source /tmp/.ssh-agent.env
./bin/build.sh
./bin/deploy.sh
artifacts:
paths:
# The folder that contains the files to be exposed at the Page URL

View file

@ -1,28 +1,7 @@
#!/usr/bin/env bash
set -xe
set -e
TARGET_DIR=${TARGET_DIR:-"$PWD/public"}
FF_OFFLINE_MKDOCS_PLUGIN=${FF_OFFLINE_MKDOCS_PLUGIN:-"false"}
FF_ENABLE_COMMIT_DATA=${FF_ENABLE_COMMIT_DATA:-"true"}
FF_GENERATE_SOCIAL_CARDS=${FF_GENERATE_SOCIAL_CARDS:-"true"}
TARGET_BUILD_CONFIG=${1:-"mkdocs.yml"}
if [[ ! -d "$TARGET_DIR" ]]; then
mkdir "$TARGET_DIR" -pv
fi
if [[ $SKIP_VENV_SETUP == "" ]] || [[ $CI == "" ]]; then
pipenv install --ignore-pipfile --deploy --verbose
pipenv run mkdocs build -d "$TARGET_DIR" -f ${TARGET_BUILD_CONFIG}
else
pip3 install -r requirements.txt --upgrade --user
mkdocs build -d "$TARGET_DIR" -f ${TARGET_BUILD_CONFIG}
fi
mkdir "$TARGET_DIR/api"
git rev-parse HEAD > "$TARGET_DIR/api/commit"
TARGET_DIR="${PWD}/public"
pipenv run build
cp "$TARGET_DIR/assets/images/favicon.png" "$TARGET_DIR/favicon.ico"
cp markdown/.well-known "$TARGET_DIR/.well-known" -rv
cp markdown/humans.txt "$TARGET_DIR/humans.txt" -v
set +xe
cp markdown/.well-known markdown/humans.txt "$TARGET_DIR/" -rv

24
bin/deploy.sh Executable file
View file

@ -0,0 +1,24 @@
#!/usr/bin/env bash
set -ea
if [[ $DEBUG != "" ]]; then
set -x
fi
_root_directory_git=$(git rev-parse --show-toplevel)
warn() {
echo "warning: $*"
}
error() {
echo "error: $*"
}
info() {
echo "info: $*"
}
if [[ $CI == "true" ]] && [[ $CI_PIPELINE_SOURCE == "push" || $CI_PIPELINE_SOURCE == "web" ]]
&& [[ $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH ]]; then
npx wrangler pages publish ${_root_directory_git}/public --project-name ${CF_PAGES_PROJECT_NAME} --branch main
fi