diff options
Diffstat (limited to 'scripts/ci')
| -rwxr-xr-x | scripts/ci/deploy.sh | 105 | ||||
| -rwxr-xr-x | scripts/ci/mail.sh | 51 | ||||
| -rwxr-xr-x | scripts/ci/setup.sh | 26 |
3 files changed, 0 insertions, 182 deletions
diff --git a/scripts/ci/deploy.sh b/scripts/ci/deploy.sh deleted file mode 100755 index 9be5758..0000000 --- a/scripts/ci/deploy.sh +++ /dev/null @@ -1,105 +0,0 @@ -#!/usr/bin/env nix-shell -#!nix-shell -i bash ../../shell.nix -# shellcheck shell=bash -set -Eeuo pipefail -cd "$(dirname "${BASH_SOURCE[0]}")" -cd ../../ -PROJECT_ROOT="${PWD}" - -finish-phase() { - local -r exit_code="${?}" - - cd "${PROJECT_ROOT}" - - if [[ "${exit_code}" = 0 ]]; then - echo "Finished successfully." - else - echo "TRAPPED ERROR!" - fi - echo "Running final steps..." - - echo "Sending logs via email..." - ./scripts/ci/mail.sh "${exit_code}" - echo "Done." - - echo "Storing file changes to '.tfstate' files..." - pushd ../vps-state/ - git add . - git commit -m "CI: fallback add all after deploy.sh failure for CI run $VPS_COMMIT_SHA" ||: - git push origin master - popd - echo "Done." - - echo "Locking git-crypt repositories back..." - git crypt lock - pushd ../vps-state/ - git crypt lock - popd - echo "Done." - - echo "Finished cleanup." -} -trap finish-phase EXIT - -create-known-hosts-file() { - echo "${TLD},$(terraform output public_floating_ip) ssh-rsa $(awk '{print $2}' < ./secrets/ssh/vps-box-server.pub)" > ./generated/generated-known-hosts.txt -} - -echo "Interpolating files with envsubst..." -envsubst < ./ssh.env.conf >> ~/.ssh/config -envsubst < ./hosts.env > ./generated/hosts -envsubst < ./docker-compose.env.yaml > ./generated/docker-compose.yaml -envsubst < ./provision.env.yaml > ./generated/provision.yaml -envsubst < ./scripts/box/user-data.env.sh > ./generated/user-data.sh -envsubst < ./scripts/box/create-backup.env.sh > ./generated/create-backup.sh -envsubst < ./scripts/box/restore-backup.env.sh > ./generated/restore-backup.sh -echo "Done." - -echo "Running the Ansible shutdown.yaml playbook..." -create-known-hosts-file -ansible-playbook -v shutdown.yaml > ./logs/ansible-shutdown.txt -echo "Done." - -echo "Initializing Terraform..." -terraform --version -terraform init -echo "Done." - -if [[ "${DESTROY_VPS:-}" != "" ]]; then - echo "Destroying existing infrastructure..." - terraform destroy -input=false -auto-approve > ./logs/terraform-destroy.txt 2>&1 -else - echo 'Refreshing view on existing infrastructure...' - terraform refresh > ./logs/terraform-refresh.txt 2>&1 -fi -echo "Done." - -echo "Running 'terraform plan' and storing the planfile..." -mkdir -p "../vps-state/secrets/plan-files/" -PLAN_FILE_NAME="$(date -Iseconds)-${VPS_COMMIT_SHA}.tfplan" -PLAN_FILE_PATH="../vps-state/secrets/plan-files/${PLAN_FILE_NAME}" -terraform plan -input=false -out="${PLAN_FILE_PATH}" > ./logs/terraform-plan.txt 2>&1 -pushd ../vps-state/ -git add "secrets/plan-files/${PLAN_FILE_NAME}" -git commit -m "CI: add .tfplan plan file for CI run ${VPS_COMMIT_SHA}" -git push origin master -popd -echo "Done." - -echo "Running 'terraform apply'..." -terraform apply -input=false -auto-approve "${PLAN_FILE_PATH}" > ./logs/terraform-apply.txt 2>&1 -echo "Done." - -echo "Storing .tfstate file..." -pushd ../vps-state/ -git add secrets/terraform.tfstate secrets/terraform.tfstate.backup -git commit -m "CI: update Terraform .tfstate files for CI run ${VPS_COMMIT_SHA}" --allow-empty -git push origin master -popd -echo "Done." - -echo "Running the Ansible provision.yaml playbook..." -create-known-hosts-file -cp ./generated/provision.yaml ./provision.yaml -ansible-playbook -v provision.yaml > ./logs/ansible-provision.txt -echo "Done." diff --git a/scripts/ci/mail.sh b/scripts/ci/mail.sh deleted file mode 100755 index 9caebd4..0000000 --- a/scripts/ci/mail.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/usr/bin/env bash -set -Eeuo pipefail -cd "$(dirname "${BASH_SOURCE[0]}")" -cd ../../ - -EXIT_CODE="${1:-}" - -[[ -z "${EXIT_CODE}" ]] && { - # shellcheck disable=SC2016 - echo 'Error: missing $EXIT positional argument.' - exit 2 -} - -if [[ "${EXIT_CODE}" = 0 ]]; then - SUBJECT_SUFFIX=' (successful build)' -else - SUBJECT_SUFFIX=' (FAILED BUILD)' -fi - -SUBJECT="VPS CI run #${JOB_ID} logs${SUBJECT_SUFFIX}" -ATTACHMENT_PATH='logs.txt' -BODY=$(cat <<EOF -CI run for commit ${VPS_COMMIT_SHA}. -See run: -https://builds.sr.ht/~euandreh/job/${JOB_ID} - -Logs are attached. - -EOF -) - -tail -n +1 ./logs/*.txt > "${ATTACHMENT_PATH}" - -[[ "${USER}" = "build" ]] || { - echo "Not running on CI." - echo "Early exit on sending email logs." - exit -} - -gpg --always-trust \ - -r "${GPG_TO}" \ - -e "${ATTACHMENT_PATH}" - -curl "${MAILGUN_URL}" \ - -s \ - --user "${MAILGUN_USER}" \ - -F from="${MAILGUN_FROM}" \ - -F to="${MAILGUN_TO}" \ - -F subject="${SUBJECT}" \ - -F text="${BODY}" \ - -F attachment="@${ATTACHMENT_PATH}.gpg" diff --git a/scripts/ci/setup.sh b/scripts/ci/setup.sh deleted file mode 100755 index d876df7..0000000 --- a/scripts/ci/setup.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/env nix-shell -#!nix-shell -i bash ../../shell.nix -# shellcheck shell=bash -set -Eeuo pipefail -cd "$(dirname "${BASH_SOURCE[0]}")" -cd ../../ - -echo "Unlocking git-crypt repos..." -git crypt unlock -# Assumes vps-state was already cloned -pushd ../vps-state/ -git crypt unlock -git remote set-url origin git@git.sr.ht:~euandreh/vps-state -popd -# git smudge after git-crypt clears file permissions -chmod 400 ./secrets/ssh/vps-box-client -echo "Done." - -echo "cd ./vps/ && source .envrc && cd ../" >> ~/.buildenv - -source .envrc - -git config --global user.email "${GIT_CI_USER}" -git config --global user.name "sr.ht CI" - -curl https://euandre.org/public-key.txt | gpg --import |