aboutsummaryrefslogtreecommitdiff
path: root/src/infrastructure/scripts/cicd.sh
diff options
context:
space:
mode:
Diffstat (limited to 'src/infrastructure/scripts/cicd.sh')
-rwxr-xr-xsrc/infrastructure/scripts/cicd.sh154
1 files changed, 154 insertions, 0 deletions
diff --git a/src/infrastructure/scripts/cicd.sh b/src/infrastructure/scripts/cicd.sh
new file mode 100755
index 0000000..662abd5
--- /dev/null
+++ b/src/infrastructure/scripts/cicd.sh
@@ -0,0 +1,154 @@
+#!/bin/sh
+set -eu
+
+usage() {
+ cat <<-'EOF'
+ Usage:
+ cicd [-n] NAME [SHA]
+ cicd -h
+ EOF
+}
+
+help() {
+ cat <<-'EOF'
+
+
+ Options:
+ -n build the system, but don't switch to it (dry-run)
+ -h, --help show this message
+
+ NAME the name of the project
+ SHA the repository SHA to checkout (default: main)
+
+
+ Run a "guix system reconfigure" as root via "sudo -i". If a -U
+ flag is given, perform a "guix pull" (in root profile) prior to
+ the reconfigure. The user must be able to become the "deployer"
+ user, either via "sudo reconfigure" or by being member of the
+ "become-deployer" group.
+
+
+ Examples:
+
+ Reconfigure the system:
+
+ $ reconfigure
+
+
+ Build the system on a custom SHA, but don't switch to it:
+
+ $ reconfigure -n 916dafc092f797349a54515756f2c8e477326511
+
+
+ Update and upgrade:
+
+ $ reconfigure -U
+ EOF
+}
+
+
+for flag in "$@"; do
+ case "$flag" in
+ --)
+ break
+ ;;
+ --help)
+ usage
+ help
+ exit
+ ;;
+ *)
+ ;;
+ esac
+done
+
+DRY_RUN=false
+while getopts 'nh' flag; do
+ case "$flag" in
+ n)
+ DRY_RUN=true
+ ;;
+ h)
+ usage
+ help
+ exit
+ ;;
+ *)
+ usage >&2
+ exit 2
+ ;;
+ esac
+done
+shift $((OPTIND - 1))
+
+NAME="${1:-}"
+SHA="${2:-main}"
+REPO="/srv/git/$NAME.git"
+
+if [ -z "$NAME" ]; then
+ printf 'Missing NAME.\n\n' >&2
+ usage >&2
+ exit 2
+fi
+
+if [ "$(id -un)" != 'root' ]; then
+ printf 'This script must be run as root.\n\n' >&2
+ usage >&2
+ exit 2
+fi
+
+
+set +eu
+# shellcheck source=/dev/null
+. /etc/rc
+set -eu
+
+
+uuid() {
+ od -xN20 /dev/urandom |
+ head -n1 |
+ awk '{OFS="-"; print $2$3,$4,$5,$6,$7$8$9}'
+}
+
+tmpname() {
+ printf '%s/uuid-tmpname with spaces.%s' "${TMPDIR:-/tmp}" "$(uuid)"
+}
+
+mkdtemp() {
+ name="$(tmpname)"
+ mkdir -- "$name"
+ printf '%s' "$name"
+}
+
+
+TMP="$(mkdtemp)"
+trap 'rm -rf "$TMP"' EXIT
+
+
+set -x
+chown deployer:deployer "$TMP"
+cd "$TMP"
+sudo -u deployer git clone "$REPO" .
+sudo -u deployer --preserve-env=GIT_CONFIG_GLOBAL git checkout "$SHA"
+guix system describe
+
+if [ -f manifest.scm ]; then
+ guix shell -Cv3 -m manifest.scm -- make dev
+else
+ sudo -u deployer make dev
+fi
+
+if [ "$DRY_RUN" = false ]; then
+ # COMMENT: pre-receive is always running the previous version!
+ # The same is true for the reconfigure script itself.
+ sudo cp description "$REPO"/description
+ sudo cp aux/ci/git-pre-receive.sh "$REPO"/hooks/pre-receive
+
+ sudo -u deployer rsync \
+ --delete \
+ --chmod=D775,F664 \
+ --chown=deployer:deployer \
+ --exclude 'ci/*' \
+ -a \
+ public/ /srv/www/s/"$NAME"/
+fi