Prepare builds.sr.ht CI environment before running build tasks

Make content of .envrc available to subsequent build jobs.

5 files changed, 21 insertions, 13 deletions

diff --git a/.build.yml b/.build.yml
index e3106ec..28c79e4 100644
--- a/.build.yml
+++ b/.build.yml
@@ -12,11 +12,8 @@ secrets:
   - d587955c-03fb-42ba-9e01-68ca8ed89f99
   - 7084b7c7-12be-4509-8927-81ba6eeb1fc0
 tasks:
-  - git-crypt-unlock: |
-      cd vps/
-      git crypt unlock
-      cd ../vps-state/
-      git crypt unlock
+  - setup: |
+      ./vps/ci-setup.sh
   - tests: |
       cd vps/
       nix-build -A test
diff --git a/ci-setup.sh b/ci-setup.sh
new file mode 100755
index 0000000..b6af3c7
--- /dev/null
+++ b/ci-setup.sh
@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+cd "${BASH_SOURCE%/*}/"
+
+echo "Unlocking git-crypt repos..."
+git crypt unlock
+# Assumes vps-state was already cloned
+pushd ../vps-state/
+git crypt unlock
+popd
+echo "Done."
+
+cat .envrc >> ~/.buildenv
+
+source .envrc
+envsubst < ./ssh.conf >> ~/.ssh/config
diff --git a/deploy.sh b/deploy.sh
index 3381116..036fd6e 100755
--- a/deploy.sh
+++ b/deploy.sh
@@ -2,9 +2,6 @@
 set -Eeuo pipefail
 cd "${BASH_SOURCE%/*}/"
 
-# shellcheck disable=SC2139
-alias ssh="ssh -i secrets/id_rsa root@$TLD"
-
 apt_wait() {
   local i=0
   tput sc
diff --git a/provision.sh b/provision.sh
index 79358af..6ea8f4e 100644
--- a/provision.sh
+++ b/provision.sh
@@ -2,11 +2,6 @@
 set -Eeuo pipefail
 cd "${BASH_SOURCE%/*}/"
 
-# shellcheck disable=SC2139
-alias ssh="ssh -i secrets/id_rsa root@$TLD"
-
-source .envrc
-
 echo "Shutting down running containers..."
 ssh "cd /home/vps/ && docker-compose down"
 echo "Done."
diff --git a/ssh.conf b/ssh.conf
new file mode 100644
index 0000000..763925d
--- /dev/null
+++ b/ssh.conf
@@ -0,0 +1,3 @@
+Host $TLD
+  User root
+  IdentityFile $PWD/secrets/id_rsa