diff options
Diffstat (limited to 'src/infrastructure/scripts/cicd.sh')
| -rwxr-xr-x | src/infrastructure/scripts/cicd.sh | 154 |
1 files changed, 154 insertions, 0 deletions
diff --git a/src/infrastructure/scripts/cicd.sh b/src/infrastructure/scripts/cicd.sh new file mode 100755 index 0000000..662abd5 --- /dev/null +++ b/src/infrastructure/scripts/cicd.sh @@ -0,0 +1,154 @@ +#!/bin/sh +set -eu + +usage() { + cat <<-'EOF' + Usage: + cicd [-n] NAME [SHA] + cicd -h + EOF +} + +help() { + cat <<-'EOF' + + + Options: + -n build the system, but don't switch to it (dry-run) + -h, --help show this message + + NAME the name of the project + SHA the repository SHA to checkout (default: main) + + + Run a "guix system reconfigure" as root via "sudo -i". If a -U + flag is given, perform a "guix pull" (in root profile) prior to + the reconfigure. The user must be able to become the "deployer" + user, either via "sudo reconfigure" or by being member of the + "become-deployer" group. + + + Examples: + + Reconfigure the system: + + $ reconfigure + + + Build the system on a custom SHA, but don't switch to it: + + $ reconfigure -n 916dafc092f797349a54515756f2c8e477326511 + + + Update and upgrade: + + $ reconfigure -U + EOF +} + + +for flag in "$@"; do + case "$flag" in + --) + break + ;; + --help) + usage + help + exit + ;; + *) + ;; + esac +done + +DRY_RUN=false +while getopts 'nh' flag; do + case "$flag" in + n) + DRY_RUN=true + ;; + h) + usage + help + exit + ;; + *) + usage >&2 + exit 2 + ;; + esac +done +shift $((OPTIND - 1)) + +NAME="${1:-}" +SHA="${2:-main}" +REPO="/srv/git/$NAME.git" + +if [ -z "$NAME" ]; then + printf 'Missing NAME.\n\n' >&2 + usage >&2 + exit 2 +fi + +if [ "$(id -un)" != 'root' ]; then + printf 'This script must be run as root.\n\n' >&2 + usage >&2 + exit 2 +fi + + +set +eu +# shellcheck source=/dev/null +. /etc/rc +set -eu + + +uuid() { + od -xN20 /dev/urandom | + head -n1 | + awk '{OFS="-"; print $2$3,$4,$5,$6,$7$8$9}' +} + +tmpname() { + printf '%s/uuid-tmpname with spaces.%s' "${TMPDIR:-/tmp}" "$(uuid)" +} + +mkdtemp() { + name="$(tmpname)" + mkdir -- "$name" + printf '%s' "$name" +} + + +TMP="$(mkdtemp)" +trap 'rm -rf "$TMP"' EXIT + + +set -x +chown deployer:deployer "$TMP" +cd "$TMP" +sudo -u deployer git clone "$REPO" . +sudo -u deployer --preserve-env=GIT_CONFIG_GLOBAL git checkout "$SHA" +guix system describe + +if [ -f manifest.scm ]; then + guix shell -Cv3 -m manifest.scm -- make dev +else + sudo -u deployer make dev +fi + +if [ "$DRY_RUN" = false ]; then + # COMMENT: pre-receive is always running the previous version! + # The same is true for the reconfigure script itself. + sudo cp description "$REPO"/description + sudo cp aux/ci/git-pre-receive.sh "$REPO"/hooks/pre-receive + + sudo -u deployer rsync \ + --delete \ + --chmod=D775,F664 \ + --chown=deployer:deployer \ + --exclude 'ci/*' \ + -a \ + public/ /srv/www/s/"$NAME"/ +fi |