diff options
author | tv <tv@krebsco.de> | 2019-09-11 10:34:02 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2019-09-11 10:34:02 +0200 |
commit | 0182f1bd64973e93d4cf4c30b6005708b7e09240 (patch) | |
tree | f5a318fee1572b9b35f9f321d4ac707bc7935792 /.gitlab-ci.yml | |
parent | e388d02623b98bad5db52b29ea1ef1f494fddae8 (diff) | |
parent | 5d24345ff430df38263c113041070a900c23131e (diff) |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to '.gitlab-ci.yml')
-rw-r--r-- | .gitlab-ci.yml | 53 |
1 files changed, 45 insertions, 8 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6d2f15063..fb273c932 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,20 +1,57 @@ before_script: - - mkdir -p ~/.ssh - - echo "$deploy_privkey" > deploy.key - - export GIT_SSH_COMMAND="ssh -i $PWD/deploy.key" - - chmod 600 deploy.key - - ssh-keyscan -H 'github.com' >> ~/.ssh/known_hosts + - nix-env -iA nixpkgs.openssh nixpkgs.gnupg nixpkgs.curl nixpkgs.git nixpkgs.pass || true + # prepare github deployment for NUR + - mkdir -p ~/.ssh + - echo "$github_deploy_privkey" > ~/.ssh/github_deploy.key + - chmod 600 ~/.ssh/github_deploy.key + - ssh-keyscan -H 'github.com' >> ~/.ssh/known_hosts + # prepare git fetching of secrets + - echo "$gitlab_deploy_privkey" > ~/.ssh/gitlab_deploy.key + - chmod 600 ~/.ssh/gitlab_deploy.key + - ssh-keyscan -H 'ssh.git.shackspace.de' >> ~/.ssh/known_hosts + # import secret key for secrets + - echo "$secrets_gpg_key" | gpg --import +wolf deployment test: + stage: test + script: + - GIT_SSH_COMMAND="ssh -i ~/.ssh/gitlab_deploy.key" git clone git@ssh.git.shackspace.de:rz/secrets.git ~/brain + - test $(PASSWORD_STORE_DIR=~/brain pass smoke) == 1337 + - git submodule update --init + - $(nix-build krebs/krops.nix --no-out-link --argstr name wolf --argstr target /tmp -A test) nix-shell test: + stage: test script: - - env - nix-shell --pure --command 'true' -p stdenv && echo success - nix-shell --pure --command 'false' -p stdenv || echo success + - git --version + - ssh -V + - gpg --version + - curl --version +wolf deployment: + stage: deploy + script: + - cp ~/.ssh/gitlab_deploy.key ~/.ssh/id_rsa + - git clone git@ssh.git.shackspace.de:rz/secrets.git ~/brain + - git submodule update --init + - ssh-keyscan -H 'wolf.shack' >> ~/.ssh/known_hosts + # TODO, hostname wolf cannot be resolved + - $(nix-build krebs/krops.nix --no-out-link --argstr name wolf --argstr target wolf.shack -A deploy) + only: + changes: + - .gitlab-ci.yml + - krebs/**/* + - lib/**/* + - .gitmodules nur-packages makefu: + stage: deploy script: - git reset --hard origin/master - git filter-branch -f --prune-empty --subdirectory-filter makefu/5pkgs HEAD - git remote add deploy git@github.com:makefu/nur-packages.git || git remote set-url deploy git@github.com:makefu/nur-packages.git - - git push --force deploy HEAD:master + - GIT_SSH_COMMAND="ssh -i ~/.ssh/github_deploy.key" git push --force deploy HEAD:master - curl -XPOST http://nur-update.herokuapp.com/update?repo=makefu + only: + changes: + - makefu/**/* after_script: - - rm -f deploy.key + - rm -rf .ssh/ |