aboutsummaryrefslogtreecommitdiff
path: root/scripts/ci/deploy.sh
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/ci/deploy.sh')
-rwxr-xr-xscripts/ci/deploy.sh87
1 files changed, 87 insertions, 0 deletions
diff --git a/scripts/ci/deploy.sh b/scripts/ci/deploy.sh
new file mode 100755
index 0000000..7fcfda7
--- /dev/null
+++ b/scripts/ci/deploy.sh
@@ -0,0 +1,87 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash ../../shell.nix
+# shellcheck shell=bash
+set -Eeuo pipefail
+cd "$(dirname "${BASH_SOURCE[0]}")"
+cd ../../
+
+mail_debug_log() {
+ local -r ec="${?}"
+ echo "Sending logs via email..."
+ ./scripts/ci/mail.sh "${ec}"
+ echo "Done."
+
+ echo "Storing file changes to '.tfstate' files..."
+ pushd ../vps-state/
+ git add .
+ git commit -m "CI: fallback add all after provision.sh failure for CI run $VPS_COMMIT_SHA" ||:
+ git push origin master
+ popd
+ echo "Done."
+}
+trap mail_debug_log EXIT
+
+create_known_hosts_file() {
+ echo "${TLD},$(terraform output public_floating_ip) ssh-rsa $(awk '{print $2}' < ./secrets/ssh/vps-box-server.pub)" > ./generated/generated-known-hosts.txt
+}
+
+echo "Shutting down running containers and backing up data..."
+create_known_hosts_file
+ssh "$TLD" "cd /home/vps/ && docker-compose down"
+scp ./secrets/borg/borg-remote.pub "$TLD":/root/.ssh/id_rsa.pub
+scp ./secrets/borg/borg-remote "$TLD":/root/.ssh/id_rsa
+scp ./secrets/borg/known-hosts.txt "$TLD":/root/.ssh/known_hosts
+scp ./generated/create-backup.sh "$TLD":/home/vps/create-backup.sh
+ssh "$TLD" 'chmod 400 /root/.ssh/id_rsa'
+ssh "$TLD" "chmod +x /home/vps/create-backup.sh"
+ssh "$TLD" /home/vps/create-backup.sh > ./logs/borg-create.txt 2>&1
+echo "Done."
+
+echo "Initializing Terraform..."
+terraform --version
+terraform init
+echo "Done."
+
+if [[ "${DESTROY_VOLUME:-}" != "" ]]; then
+ echo "Destroying existing infrastructure..."
+ terraform destroy -input=false -auto-approve > ./logs/terraform-destroy.txt 2>&1
+else
+ echo "Skipping explicit intentional destruction of existing infrastructure..."
+fi
+echo "Done."
+
+echo "Running 'terraform plan' and storing the planfile..."
+mkdir -p "../vps-state/secrets/plan-files/"
+PLAN_FILE_NAME="$(date -Iseconds)-${VPS_COMMIT_SHA}.tfplan"
+PLAN_FILE_PATH="../vps-state/secrets/plan-files/${PLAN_FILE_NAME}"
+terraform plan -input=false -out="${PLAN_FILE_PATH}" > ./logs/terraform-plan.txt 2>&1
+pushd ../vps-state/
+git add "secrets/plan-files/${PLAN_FILE_NAME}"
+git commit -m "CI: add .tfplan plan file for CI run ${VPS_COMMIT_SHA}"
+git push origin master
+popd
+echo "Done."
+
+echo "Running 'terraform apply'..."
+terraform apply -input=false -auto-approve "${PLAN_FILE_PATH}" > ./logs/terraform-apply.txt 2>&1
+echo "Done."
+
+echo "Storing .tfstate file..."
+pushd ../vps-state/
+git add secrets/terraform.tfstate secrets/terraform.tfstate.backup
+git commit -m "CI: update Terraform .tfstate files for CI run ${VPS_COMMIT_SHA}"
+git push origin master
+popd
+echo "Done."
+
+echo "Running the Ansible playbook..."
+create_known_hosts_file
+ansible-playbook -v provision.yaml > ./logs/ansible.txt 2>&1
+echo "Done."
+
+echo "Locking git-crypt repositories back..."
+git crypt lock
+pushd ../vps-state/
+git crypt lock
+popd
+echo "Done."