andreijiroh.dev / site
~ajhalili2006's personal website, built with Zensical (successor of Material for Mkdocs) [old repo name got bugged while attempting to do manual knot migration via repo deletion] andreijiroh.dev
zensical mkdocs-material website
fork atom

Update scripts to hell and back

Signed-off-by: Andrei Jiroh Halili <ajhalili2006@gmail.com>

andreijiroh.dev 8b77e1e7 f57b1b16

options
unified split
Changed files
+61 -86
.build.yml
.github
workflows
docker.yml
.gitignore
.gitlab-ci.yml
bin
deploykit-srht.site.sh
docker
build.sh
+3 -29
.build.yml 
···

       
27

       
27

       
 

       
  # in case of triggered from hottub


     

       
28

       
28

       
 

       
  - repo-sync: |


     

       
29

       
29

       
 

       
      cd tildeweb


     

       
30

       

       
-

       
      env # for debugging purposes only


     

       
31

       

       
-

       



     

       
32

       

       
-

       
      git remote add hub https://github.com/ajhalili2006/tildeverse-web && git pull hub main


     

       
33

       

       
-

       
      git remote add lab https://mau.dev/ajhalili2006/tildeverse-web && git pull lab main


     

       
34

       

       
-

       



     

       
35

       

       
-

       
      if [ "$BUILD_REASON" != "patchset" ] && [ "$BUILD_SUBMITTER" != "hub.sr.ht" ]; then


     

       
36

       

       
-

       
        git remote set-url origin ssh://git@git.sr.ht/~ajhalili2006/tildeweb


     

       
37

       

       
-

       
      fi


     

       
38

       
30

       
 

       
  - build: |


     

       
39

       
31

       
 

       
      cd tildeweb && pip3 install -r requirements.txt --user


     

       
40

       
32

       
 

       
      export PATH="$PATH:$HOME/.local/bin"


     

       
41

       

       
-

       



     

       
42

       

       
-

       
      mkdocs build -d public -f mkdocs.yml


     

       

       
33

       
+

       
      bash ./build.sh


     

       
43

       
34

       
 

       
  - generate-archive: |


     

       
44

       
35

       
 

       
      cd tildeweb


     

       
45

       

       
-

       
      tar cvzf tildeweb-prod-build.tar.gz public


     

       

       
36

       
+

       
      tar -C public -cvz . -f tildeweb-prod-build.tar.gz


     

       
46

       
37

       
 

       
  - deploy: |


     

       
47

       

       
-

       
      if [ "$BUILD_REASON" == "patchset" ] && [ "$BUILD_SUBMITTER" == "hub.sr.ht" ]; then


     

       
48

       

       
-

       
        complete-build


     

       
49

       

       
-

       
        exit 0


     

       
50

       

       
-

       
      elif [ ! -f "$HOME/.ssh/passowrdless-auth-sshfs" ]; then


     

       
51

       

       
-

       
        complete-build


     

       
52

       

       
-

       
        exit 0


     

       
53

       

       
-

       
      fi


     

       
54

       

       
-

       
  


     

       
55

       

       
-

       
      cd tildeweb


     

       
56

       

       
-

       
      echo "StrictHostKeyChecking=no" >> ~/.ssh/config


     

       
57

       

       
-

       
      eval $(ssh-agent) && ssh-add ~/.ssh/passwordless-auth-sshfs


     

       
58

       

       
-

       
      rsync -rP public ajhalili2006@vern.cc:/home/ajhalili2006/public_html/ || true


     

       
59

       

       
-

       
      rsync -rP public ajhalili2006@ctrl-c.club:/home/ajhalili2006/public_html/ || true


     

       
60

       

       
-

       
      #rsync -rP gmi ajhalili2006@vern.cc:/home/ajhalili2006/public_gemini/


     

       
61

       

       
-

       
      #rsync -rP gmi ajhalili2006@ctrl-c.club:/home/ajhalili2006/public_gemini/


     

       
62

       

       
-

       
  


     

       
63

       

       
-

       
      git push origin -o skip-ci


     

       
64

       

       
-

       
      git remote set-url lab ssh://git@mau.dev/ajhalili2006/tildeverse-web && git push lab main


     

       

       
38

       
+

       
      echo done


     

       
65

       
39

       
 

       
artifacts:


     

       
66

       
40

       
 

       
  - tildeweb/tildeweb-prod-build.tar.gz
+18 -49
.github/workflows/docker.yml 
···

       
32

       
32

       
 

       
      - name: Checkout repository


     

       
33

       
33

       
 

       
        uses: actions/checkout@v3


     

       
34

       
34

       
 

       



     

       
35

       

       
-

       
      # Install the cosign tool except on PR


     

       
36

       

       
-

       
      # https://github.com/sigstore/cosign-installer


     

       
37

       

       
-

       
      - name: Install cosign


     

       
38

       

       
-

       
        if: github.event_name != 'pull_request'


     

       
39

       

       
-

       
        uses: sigstore/cosign-installer@f3c664df7af409cb4873aa5068053ba9d61a57b6 #v2.6.0


     

       
40

       

       
-

       
        with:


     

       
41

       

       
-

       
          cosign-release: 'v1.13.1'


     

       
42

       

       
-

       



     

       
43

       
35

       
 

       
      # Workaround: https://github.com/docker/build-push-action/issues/461


     

       
44

       
36

       
 

       
      - name: Setup Docker buildx


     

       
45

       
37

       
 

       
        uses: docker/setup-buildx-action@v2


     

       

       
38

       
+

       
        with:


     

       

       
39

       
+

       
          buildkitd-flags: --debug


     

       
46

       
40

       
 

       



     

       
47

       
41

       
 

       
      # Login against a Docker registry except on PR


     

       
48

       
42

       
 

       
      # https://github.com/docker/login-action


     
···

       
74

       
68

       
 

       
            type=raw,value=latest,enable={{is_default_branch}}


     

       
75

       
69

       
 

       
            type=sha,enable=true,priority=100,prefix=commit-,suffix=,format=long


     

       
76

       
70

       
 

       
            type=schedule,pattern=nightly


     

       
77

       

       
-

       



     

       

       
71

       
+

       
            type=raw,prefix=branch-,value={{branch}}


     

       
78

       
72

       
 

       
      - uses: actions/checkout@v3


     

       
79

       
73

       
 

       
      - uses: hadolint/hadolint-action@v3.1.0


     

       
80

       
74

       
 

       
        with:


     
···

       
93

       
87

       
 

       
          load: true


     

       
94

       
88

       
 

       
          tags: ${{ steps.meta.outputs.tags }}


     

       
95

       
89

       
 

       
          labels: ${{ steps.meta.outputs.labels }}


     

       
96

       

       
-

       
          cache-from: type=gha


     

       
97

       

       
-

       
          cache-to: type=gha,mode=max


     

       

       
90

       
+

       
          cache-from: |


     

       

       
91

       
+

       
            type=registry,ref=quay.io/ajhalili2006/mkdocs-material-build-ci:buildkit-cache-web


     

       

       
92

       
+

       
            type=registry,ref=quay.io/ajhalili2006/mkdocs-material-build-ci:branch-main


     

       

       
93

       
+

       
            type=registry,ref=quay.io/ajhalili2006/mkdocs-material-build-ci:latest


     

       

       
94

       
+

       
          cache-to: type=registry,ref=quay.io/ajhalili2006/mkdocs-material-build-ci:buildkit-cache-web


     

       
98

       
95

       
 

       
      - name: Workaround pushbot for misbehaving reverse proxies


     

       
99

       
96

       
 

       
        if: ${{ github.event_name != 'pull_request' }}


     

       
100

       
97

       
 

       
        run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} docker push {}


     

       
101

       

       
-

       



     

       
102

       

       
-

       
      # Sign the resulting Docker image digest except on PRs.


     

       
103

       

       
-

       
      # This will only write to the public Rekor transparency log when the Docker


     

       
104

       

       
-

       
      # repository is public to avoid leaking data.  If you would like to publish


     

       
105

       

       
-

       
      # transparency data even for private images, pass --force to cosign below.


     

       
106

       

       
-

       
      # https://github.com/sigstore/cosign


     

       
107

       

       
-

       
      - name: Sign the published Docker image


     

       
108

       

       
-

       
        if: ${{ github.event_name != 'pull_request' }}


     

       
109

       

       
-

       
        env:


     

       
110

       

       
-

       
          COSIGN_EXPERIMENTAL: "true"


     

       
111

       

       
-

       
        # This step uses the identity token to provision an ephemeral certificate


     

       
112

       

       
-

       
        # against the sigstore community Fulcio instance.


     

       
113

       

       
-

       
        run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }}


     

       
114

       
98

       
 

       
  devenv:


     

       
115

       
99

       
 

       
    name: Generate Gitpod workspace image snapshot


     

       
116

       
100

       
 

       
    runs-on: ubuntu-latest


     
···

       
124

       
108

       
 

       
      - name: Checkout repository


     

       
125

       
109

       
 

       
        uses: actions/checkout@v3


     

       
126

       
110

       
 

       



     

       
127

       

       
-

       
      # Install the cosign tool except on PR


     

       
128

       

       
-

       
      # https://github.com/sigstore/cosign-installer


     

       
129

       

       
-

       
      - name: Install cosign


     

       
130

       

       
-

       
        if: github.event_name != 'pull_request'


     

       
131

       

       
-

       
        uses: sigstore/cosign-installer@f3c664df7af409cb4873aa5068053ba9d61a57b6 #v2.6.0


     

       
132

       

       
-

       
        with:


     

       
133

       

       
-

       
          cosign-release: 'v1.13.1'


     

       
134

       

       
-

       



     

       
135

       
111

       
 

       
      # Workaround: https://github.com/docker/build-push-action/issues/461


     

       
136

       
112

       
 

       
      - name: Setup Docker buildx


     

       
137

       

       
-

       
        uses: docker/setup-buildx-action@v2


     

       

       
113

       
+

       
        uses: docker/setup-buildx-action@


     

       

       
114

       
+

       
        with:


     

       

       
115

       
+

       
          buildkitd-flags: --debug


     

       
138

       
116

       
 

       



     

       
139

       
117

       
 

       
      # Login against a Docker registry except on PR


     

       
140

       
118

       
 

       
      # https://github.com/docker/login-action


     
···

       
165

       
143

       
 

       
            type=raw,value=latest,enable={{is_default_branch}}


     

       
166

       
144

       
 

       
            type=sha,enable=true,priority=100,prefix=commit-,suffix=,format=long


     

       
167

       
145

       
 

       
            type=schedule,pattern=nightly


     

       

       
146

       
+

       
            type=raw,prefix=branch-,value={{branch}}


     

       
168

       
147

       
 

       



     

       
169

       
148

       
 

       
      - uses: actions/checkout@v3


     

       
170

       
149

       
 

       
      - uses: hadolint/hadolint-action@v3.1.0


     

       
171

       
150

       
 

       
        with:


     

       
172

       

       
-

       
          dockerfile: docker/Dockerfile


     

       

       
151

       
+

       
          dockerfile: .gitpod.Dockerfile


     

       
173

       
152

       
 

       



     

       
174

       
153

       
 

       
      # Build and push Docker image with Buildx (don't push on PR)


     

       
175

       
154

       
 

       
      # https://github.com/docker/build-push-action


     
···

       
184

       
163

       
 

       
          load: true


     

       
185

       
164

       
 

       
          tags: ${{ steps.meta.outputs.tags }}


     

       
186

       
165

       
 

       
          labels: ${{ steps.meta.outputs.labels }}


     

       
187

       

       
-

       
          cache-from: type=gha


     

       
188

       

       
-

       
          cache-to: type=gha,mode=max


     

       

       
166

       
+

       
          cache-from: |


     

       

       
167

       
+

       
            type=registry,ref=quay.io/ajhalili2006/gitpod-workspace:buildkit-cache-web


     

       

       
168

       
+

       
            type=registry,ref=ghcr.io/ajhalili2006/ajhalili2006.github.io/devenv:nightly


     

       

       
169

       
+

       
            type=registry,ref=cr.io/ajhalili2006/ajhalili2006.github.io/devenv:branch-main


     

       

       
170

       
+

       
          cache-to: type=registry,ref=quay.io/ajhalili2006/gitpod-workspace:buildkit-cache-web


     

       
189

       
171

       
 

       
      - name: Workaround pushbot for misbehaving reverse proxies


     

       
190

       
172

       
 

       
        if: ${{ github.event_name != 'pull_request' }}


     

       
191

       
173

       
 

       
        run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} docker push {}


     

       
192

       

       
-

       



     

       
193

       

       
-

       
      # Sign the resulting Docker image digest except on PRs.


     

       
194

       

       
-

       
      # This will only write to the public Rekor transparency log when the Docker


     

       
195

       

       
-

       
      # repository is public to avoid leaking data.  If you would like to publish


     

       
196

       

       
-

       
      # transparency data even for private images, pass --force to cosign below.


     

       
197

       

       
-

       
      # https://github.com/sigstore/cosign


     

       
198

       

       
-

       
      - name: Sign the published Docker image


     

       
199

       

       
-

       
        if: ${{ github.event_name != 'pull_request' }}


     

       
200

       

       
-

       
        env:


     

       
201

       

       
-

       
          COSIGN_EXPERIMENTAL: "true"


     

       
202

       

       
-

       
        # This step uses the identity token to provision an ephemeral certificate


     

       
203

       

       
-

       
        # against the sigstore community Fulcio instance.


     

       
204

       

       
-

       
        run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }}
+2 -1
.gitignore 
···

       
6

       
6

       
 

       
.venv


     

       
7

       
7

       
 

       
.cache


     

       
8

       
8

       
 

       
node_modules


     

       
9

       

       
-

       
.env

     

       

       
9

       
+

       
.env


     

       

       
10

       
+

       
*.tar.gz
+22 -6
.gitlab-ci.yml 
···

       
1

       
1

       
 

       
# The Docker image that will be used to build your app


     

       
2

       
2

       
 

       
image: quay.io/ajhalili2006/mkdocs-material-build-ci:nightly


     

       
3

       
3

       
 

       



     

       
4

       

       
-

       
# Functions that should be executed before the build script is run


     

       
5

       

       
-

       
before_script:


     

       
6

       

       
-

       
  - pip3 install -r requirements.txt


     

       
7

       

       
-

       
  - npm ci


     

       
8

       

       
-

       
  - curl --silent "https://gitlab.com/gitlab-org/incubation-engineering/mobile-devops/download-secure-files/-/raw/main/installer" | bash


     

       
9

       

       
-

       
  - (curl -Ls --tlsv1.2 --proto "=https" --retry 3 https://cli.doppler.com/install.sh || wget -t 3 -qO- https://cli.doppler.com/install.sh) | sh


     

       

       
4

       
+

       
stages:


     

       

       
5

       
+

       
  - build


     

       
10

       
6

       
 

       



     

       

       
7

       
+

       
default:


     

       

       
8

       
+

       
  tags:


     

       

       
9

       
+

       
    - amd64 # currently, we only the image in amd64 right now.


     

       

       
10

       
+

       
  # Functions that should be executed before the build script is run


     

       

       
11

       
+

       
  before_script:


     

       

       
12

       
+

       
    - pip3 install -r requirements.txt


     

       

       
13

       
+

       
    - npm ci


     

       

       
14

       
+

       
    - curl --silent "https://gitlab.com/gitlab-org/incubation-engineering/mobile-devops/download-secure-files/-/raw/main/installer" | bash


     

       

       
15

       
+

       
    - (curl -Ls --tlsv1.2 --proto "=https" --retry 3 https://cli.doppler.com/install.sh || wget -t 3 -qO- https://cli.doppler.com/install.sh) | sh


     

       

       
16

       
+

       
# Global builds and stuff


     

       
11

       
17

       
 

       
variables:


     

       
12

       
18

       
 

       
  DEBUG: "1"


     

       
13

       
19

       
 

       
  FF_ENABLE_COMMIT_DATA: "true"


     
···

       
15

       
21

       
 

       
  SECURE_FILES_DOWNLOAD_PATH: /run/secrets


     

       
16

       
22

       
 

       



     

       
17

       
23

       
 

       
pages:


     

       

       
24

       
+

       
  stage: build


     

       
18

       
25

       
 

       
  script:


     

       
19

       
26

       
 

       
    - bash ./build.sh


     

       
20

       
27

       
 

       
    - doppler run -- ./bin/deploykit-pages.sh


     
···

       
28

       
35

       
 

       
    # This ensures that only pushes to the default branch will trigger


     

       
29

       
36

       
 

       
    # a pages deploy


     

       
30

       
37

       
 

       
    - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH


     

       

       
38

       
+

       
pages:srht:


     

       

       
39

       
+

       
  stage: build


     

       

       
40

       
+

       
  needs:


     

       

       
41

       
+

       
    - pages


     

       

       
42

       
+

       
  script:


     

       

       
43

       
+

       
    - tar -C gmi -cvz . -f site.tar.gz


     

       

       
44

       
+

       
    - doppler run -- ./bin/deploykit-srht.site.sh


     

       

       
45

       
+

       
  rules:


     

       

       
46

       
+

       
    - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
+11
bin/deploykit-srht.site.sh 
···

       

       
1

       
+

       
#!/bin/env bash


     

       

       
2

       
+

       



     

       

       
3

       
+

       
if [[ $SOURCEHUT_PAGES_TOKEN == "" ]]; then


     

       

       
4

       
+

       
  echo "missing SOURCEHUT_PAGES_TOKEN variable"


     

       

       
5

       
+

       
  exit 1


     

       

       
6

       
+

       
fi


     

       

       
7

       
+

       



     

       

       
8

       
+

       
curl --oauth2-bearer "$SOURCEHUT_PAGES_TOKEN" \


     

       

       
9

       
+

       
    -Fcontent=@site.tar.gz \


     

       

       
10

       
+

       
    -Fprotocol=GEMINI \


     

       

       
11

       
+

       
    https://pages.sr.ht/publish/username.srht.site
+5 -1
docker/build.sh 
···

       
10

       
10

       
 

       
  docker build \


     

       
11

       
11

       
 

       
  -t $TAG \


     

       
12

       
12

       
 

       
  -f "$DOCKERFILE" \


     

       
13

       

       
-

       
  "$CONTEXT"

     

       

       
13

       
+

       
  "$CONTEXT"


     

       

       
14

       
+

       



     

       

       
15

       
+

       
if [[ $DEPLOY != "" ]]; then


     

       

       
16

       
+

       
  docker push "$TAG"


     

       

       
17

       
+

       
fi