From 217d2863709ebbe1ed766a360edb228e8899fc68 Mon Sep 17 00:00:00 2001 From: EuAndreh Date: Mon, 10 Jun 2019 22:21:38 -0300 Subject: Output all generated files on ./generated/, refactor .envrc variables --- scripts/ci/deploy.sh | 87 +++++++++++++++++++++++++++++++++++++++++++ scripts/ci/mail.sh | 9 +---- scripts/ci/provision.sh | 99 ------------------------------------------------- scripts/ci/setup.sh | 24 ++++-------- 4 files changed, 96 insertions(+), 123 deletions(-) create mode 100755 scripts/ci/deploy.sh delete mode 100755 scripts/ci/provision.sh (limited to 'scripts/ci') diff --git a/scripts/ci/deploy.sh b/scripts/ci/deploy.sh new file mode 100755 index 0000000..7fcfda7 --- /dev/null +++ b/scripts/ci/deploy.sh @@ -0,0 +1,87 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash ../../shell.nix +# shellcheck shell=bash +set -Eeuo pipefail +cd "$(dirname "${BASH_SOURCE[0]}")" +cd ../../ + +mail_debug_log() { + local -r ec="${?}" + echo "Sending logs via email..." + ./scripts/ci/mail.sh "${ec}" + echo "Done." + + echo "Storing file changes to '.tfstate' files..." + pushd ../vps-state/ + git add . + git commit -m "CI: fallback add all after provision.sh failure for CI run $VPS_COMMIT_SHA" ||: + git push origin master + popd + echo "Done." +} +trap mail_debug_log EXIT + +create_known_hosts_file() { + echo "${TLD},$(terraform output public_floating_ip) ssh-rsa $(awk '{print $2}' < ./secrets/ssh/vps-box-server.pub)" > ./generated/generated-known-hosts.txt +} + +echo "Shutting down running containers and backing up data..." +create_known_hosts_file +ssh "$TLD" "cd /home/vps/ && docker-compose down" +scp ./secrets/borg/borg-remote.pub "$TLD":/root/.ssh/id_rsa.pub +scp ./secrets/borg/borg-remote "$TLD":/root/.ssh/id_rsa +scp ./secrets/borg/known-hosts.txt "$TLD":/root/.ssh/known_hosts +scp ./generated/create-backup.sh "$TLD":/home/vps/create-backup.sh +ssh "$TLD" 'chmod 400 /root/.ssh/id_rsa' +ssh "$TLD" "chmod +x /home/vps/create-backup.sh" +ssh "$TLD" /home/vps/create-backup.sh > ./logs/borg-create.txt 2>&1 +echo "Done." + +echo "Initializing Terraform..." +terraform --version +terraform init +echo "Done." + +if [[ "${DESTROY_VOLUME:-}" != "" ]]; then + echo "Destroying existing infrastructure..." + terraform destroy -input=false -auto-approve > ./logs/terraform-destroy.txt 2>&1 +else + echo "Skipping explicit intentional destruction of existing infrastructure..." +fi +echo "Done." + +echo "Running 'terraform plan' and storing the planfile..." +mkdir -p "../vps-state/secrets/plan-files/" +PLAN_FILE_NAME="$(date -Iseconds)-${VPS_COMMIT_SHA}.tfplan" +PLAN_FILE_PATH="../vps-state/secrets/plan-files/${PLAN_FILE_NAME}" +terraform plan -input=false -out="${PLAN_FILE_PATH}" > ./logs/terraform-plan.txt 2>&1 +pushd ../vps-state/ +git add "secrets/plan-files/${PLAN_FILE_NAME}" +git commit -m "CI: add .tfplan plan file for CI run ${VPS_COMMIT_SHA}" +git push origin master +popd +echo "Done." + +echo "Running 'terraform apply'..." +terraform apply -input=false -auto-approve "${PLAN_FILE_PATH}" > ./logs/terraform-apply.txt 2>&1 +echo "Done." + +echo "Storing .tfstate file..." +pushd ../vps-state/ +git add secrets/terraform.tfstate secrets/terraform.tfstate.backup +git commit -m "CI: update Terraform .tfstate files for CI run ${VPS_COMMIT_SHA}" +git push origin master +popd +echo "Done." + +echo "Running the Ansible playbook..." +create_known_hosts_file +ansible-playbook -v provision.yaml > ./logs/ansible.txt 2>&1 +echo "Done." + +echo "Locking git-crypt repositories back..." +git crypt lock +pushd ../vps-state/ +git crypt lock +popd +echo "Done." diff --git a/scripts/ci/mail.sh b/scripts/ci/mail.sh index 7058233..29420fa 100755 --- a/scripts/ci/mail.sh +++ b/scripts/ci/mail.sh @@ -3,14 +3,7 @@ set -Eeuo pipefail cd "$(dirname "${BASH_SOURCE[0]}")" cd ../../ -VPS_COMMIT_SHA="${1:-}" -EXIT_CODE="${2:-}" - -[[ -z "${VPS_COMMIT_SHA}" ]] && { - # shellcheck disable=SC2016 - echo 'Error: missing $VPS_COMMIT_SHA positional argument.' - exit 2 -} +EXIT_CODE="${1:-}" [[ -z "${EXIT_CODE}" ]] && { # shellcheck disable=SC2016 diff --git a/scripts/ci/provision.sh b/scripts/ci/provision.sh deleted file mode 100755 index d96d854..0000000 --- a/scripts/ci/provision.sh +++ /dev/null @@ -1,99 +0,0 @@ -#!/usr/bin/env nix-shell -#!nix-shell -i bash ../../shell.nix -# shellcheck shell=bash -set -Eeuo pipefail -cd "$(dirname "${BASH_SOURCE[0]}")" -cd ../../ - -VPS_COMMIT_SHA="$(git rev-parse HEAD)" -export VPS_COMMIT_SHA -gpg --import "${GPG_TO}.gpg" - -mail_debug_log() { - local -r ec="${?}" - echo "Sending logs via email..." - ./scripts/ci/mail.sh "${VPS_COMMIT_SHA}" "${ec}" - echo "Done." - - echo "Storing file changes to '.tfstate' files..." - pushd ../vps-state/ - git add . - git commit -m "CI: fallback add all after provision.sh failure for CI run $VPS_COMMIT_SHA" ||: - git push origin master - popd - echo "Done." -} -trap mail_debug_log EXIT - -create_known_hosts_file() { - echo "${TLD},$(terraform output public_floating_ip) ssh-rsa $(awk '{print $2}' < ./secrets/ssh/vps-box-server.pub)" > ./generated-known-hosts.txt -} - -setup_borg_files() { - local -r template_file="${1}" - local -r destination_name="${2}" - scp ./secrets/borg/borg-remote.pub "$TLD":/root/.ssh/id_rsa.pub - scp ./secrets/borg/borg-remote "$TLD":/root/.ssh/id_rsa - scp ./secrets/borg/known-hosts.txt "$TLD":/root/.ssh/known_hosts - ssh "$TLD" 'chmod 400 /root/.ssh/id_rsa' - # shellcheck disable=SC2029 - envsubst < "${template_file}" | ssh "$TLD" "cat > /home/vps/${destination_name} && chmod +x /home/vps/${destination_name}" - # shellcheck disable=SC2029 - ssh "$TLD" "chmod +x /home/vps/${destination_name}" -} - -echo "Shutting down running containers and backing up data..." -create_known_hosts_file -ssh "$TLD" "cd /home/vps/ && docker-compose down" -setup_borg_files ./scripts/box/create-backup.env.sh create-backup.sh -ssh "$TLD" /home/vps/create-backup.sh > ./logs/borg-create.txt 2>&1 -echo "Done." - -echo "Initializing Terraform..." -terraform --version -terraform init -echo "Done." - -if [[ "${DESTROY_VOLUME:-}" != "" ]]; then - echo "Destroying existing infrastructure..." - terraform destroy -input=false -auto-approve > ./logs/terraform-destroy.txt 2>&1 -else - echo "Skipping explicit intentional destruction of existing infrastructure..." -fi -echo "Done." - -echo "Running 'terraform plan' and storing the planfile..." -mkdir -p "../vps-state/secrets/plan-files/" -PLAN_FILE_NAME="$(date -Iseconds)-$VPS_COMMIT_SHA.tfplan" -PLAN_FILE_PATH="../vps-state/secrets/plan-files/$PLAN_FILE_NAME" -terraform plan -input=false -out="$PLAN_FILE_PATH" > ./logs/terraform-plan.txt 2>&1 -pushd ../vps-state/ -git add "secrets/plan-files/$PLAN_FILE_NAME" -git commit -m "CI: add .tfplan plan file for CI run $VPS_COMMIT_SHA" -git push origin master -popd -echo "Done." - -echo "Running 'terraform apply'..." -terraform apply -input=false -auto-approve "$PLAN_FILE_PATH" > ./logs/terraform-apply.txt 2>&1 -echo "Done." - -echo "Storing .tfstate file..." -pushd ../vps-state/ -git add secrets/terraform.tfstate secrets/terraform.tfstate.backup -git commit -m "CI: update Terraform .tfstate files for CI run $VPS_COMMIT_SHA" -git push origin master -popd -echo "Done." - -echo "Running the Ansible playbook..." -create_known_hosts_file -ansible-playbook -vvv provision.yaml > ./logs/ansible.txt -echo "Done." - -echo "Locking git-crypt repositories back..." -git crypt lock -pushd ../vps-state/ -git crypt lock -popd -echo "Done." diff --git a/scripts/ci/setup.sh b/scripts/ci/setup.sh index d9ac70c..84958d0 100755 --- a/scripts/ci/setup.sh +++ b/scripts/ci/setup.sh @@ -6,7 +6,7 @@ cd "$(dirname "${BASH_SOURCE[0]}")" cd ../../ echo "Unlocking git-crypt repos and configuring git..." -git config --global user.email "ci@euandre.org" +git config --global user.email "${GIT_CI_USER}" git config --global user.name "sr.ht CI" git crypt unlock @@ -17,25 +17,17 @@ git remote set-url origin git@git.sr.ht:~euandreh/vps-state popd echo "Done." +gpg --import "${GPG_TO}.gpg" + # git smudge after git-crypt clears file permissions chmod 400 ./secrets/ssh/vps-box-client cat .envrc >> ~/.buildenv source .envrc -SSH_SERVER_PRIVATE_KEY="$(cat ./secrets/ssh/vps-box-server)" -export SSH_SERVER_PRIVATE_KEY -SSH_SERVER_PUBLIC_KEY="$(cat ./secrets/ssh/vps-box-server.pub)" -export SSH_SERVER_PUBLIC_KEY - -# Used for keeping bash variables for run-time substituion instead of execution time substitution. -# Taken from: -# https://stackoverflow.com/questions/24963705/is-there-an-escape-character-for-envsubst -export DOLLAR='$' - envsubst < ./ssh.env.conf >> ~/.ssh/config -envsubst < ./hosts.env > ./hosts -envsubst < ./docker-compose.env.yaml > ./docker-compose.yaml -envsubst < ./user-data.env.sh > ./user-data.sh -envsubst < ./scripts/box/create-backup.env.sh > ./scripts/box/create-backup.sh -envsubst < ./scripts/box/restore-backup.env.sh > ./scripts/box/restore-backup.sh +envsubst < ./hosts.env > ./generated/hosts +envsubst < ./docker-compose.env.yaml > ./generated/docker-compose.yaml +envsubst < ./scripts/box/user-data.env.sh > ./generated/user-data.sh +envsubst < ./scripts/box/create-backup.env.sh > ./generated/create-backup.sh +envsubst < ./scripts/box/restore-backup.env.sh > ./generated/restore-backup.sh -- cgit v1.2.3