diff options
Diffstat (limited to 'scripts/ci/deploy.sh')
-rwxr-xr-x | scripts/ci/deploy.sh | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/scripts/ci/deploy.sh b/scripts/ci/deploy.sh new file mode 100755 index 0000000..7fcfda7 --- /dev/null +++ b/scripts/ci/deploy.sh @@ -0,0 +1,87 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash ../../shell.nix +# shellcheck shell=bash +set -Eeuo pipefail +cd "$(dirname "${BASH_SOURCE[0]}")" +cd ../../ + +mail_debug_log() { + local -r ec="${?}" + echo "Sending logs via email..." + ./scripts/ci/mail.sh "${ec}" + echo "Done." + + echo "Storing file changes to '.tfstate' files..." + pushd ../vps-state/ + git add . + git commit -m "CI: fallback add all after provision.sh failure for CI run $VPS_COMMIT_SHA" ||: + git push origin master + popd + echo "Done." +} +trap mail_debug_log EXIT + +create_known_hosts_file() { + echo "${TLD},$(terraform output public_floating_ip) ssh-rsa $(awk '{print $2}' < ./secrets/ssh/vps-box-server.pub)" > ./generated/generated-known-hosts.txt +} + +echo "Shutting down running containers and backing up data..." +create_known_hosts_file +ssh "$TLD" "cd /home/vps/ && docker-compose down" +scp ./secrets/borg/borg-remote.pub "$TLD":/root/.ssh/id_rsa.pub +scp ./secrets/borg/borg-remote "$TLD":/root/.ssh/id_rsa +scp ./secrets/borg/known-hosts.txt "$TLD":/root/.ssh/known_hosts +scp ./generated/create-backup.sh "$TLD":/home/vps/create-backup.sh +ssh "$TLD" 'chmod 400 /root/.ssh/id_rsa' +ssh "$TLD" "chmod +x /home/vps/create-backup.sh" +ssh "$TLD" /home/vps/create-backup.sh > ./logs/borg-create.txt 2>&1 +echo "Done." + +echo "Initializing Terraform..." +terraform --version +terraform init +echo "Done." + +if [[ "${DESTROY_VOLUME:-}" != "" ]]; then + echo "Destroying existing infrastructure..." + terraform destroy -input=false -auto-approve > ./logs/terraform-destroy.txt 2>&1 +else + echo "Skipping explicit intentional destruction of existing infrastructure..." +fi +echo "Done." + +echo "Running 'terraform plan' and storing the planfile..." +mkdir -p "../vps-state/secrets/plan-files/" +PLAN_FILE_NAME="$(date -Iseconds)-${VPS_COMMIT_SHA}.tfplan" +PLAN_FILE_PATH="../vps-state/secrets/plan-files/${PLAN_FILE_NAME}" +terraform plan -input=false -out="${PLAN_FILE_PATH}" > ./logs/terraform-plan.txt 2>&1 +pushd ../vps-state/ +git add "secrets/plan-files/${PLAN_FILE_NAME}" +git commit -m "CI: add .tfplan plan file for CI run ${VPS_COMMIT_SHA}" +git push origin master +popd +echo "Done." + +echo "Running 'terraform apply'..." +terraform apply -input=false -auto-approve "${PLAN_FILE_PATH}" > ./logs/terraform-apply.txt 2>&1 +echo "Done." + +echo "Storing .tfstate file..." +pushd ../vps-state/ +git add secrets/terraform.tfstate secrets/terraform.tfstate.backup +git commit -m "CI: update Terraform .tfstate files for CI run ${VPS_COMMIT_SHA}" +git push origin master +popd +echo "Done." + +echo "Running the Ansible playbook..." +create_known_hosts_file +ansible-playbook -v provision.yaml > ./logs/ansible.txt 2>&1 +echo "Done." + +echo "Locking git-crypt repositories back..." +git crypt lock +pushd ../vps-state/ +git crypt lock +popd +echo "Done." |