summaryrefslogtreecommitdiffstats
path: root/.gitlab-ci.yml
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2019-09-11 10:34:02 +0200
committertv <tv@krebsco.de>2019-09-11 10:34:02 +0200
commit0182f1bd64973e93d4cf4c30b6005708b7e09240 (patch)
treef5a318fee1572b9b35f9f321d4ac707bc7935792 /.gitlab-ci.yml
parente388d02623b98bad5db52b29ea1ef1f494fddae8 (diff)
parent5d24345ff430df38263c113041070a900c23131e (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to '.gitlab-ci.yml')
-rw-r--r--.gitlab-ci.yml53
1 files changed, 45 insertions, 8 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 6d2f15063..fb273c932 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,20 +1,57 @@
before_script:
- - mkdir -p ~/.ssh
- - echo "$deploy_privkey" > deploy.key
- - export GIT_SSH_COMMAND="ssh -i $PWD/deploy.key"
- - chmod 600 deploy.key
- - ssh-keyscan -H 'github.com' >> ~/.ssh/known_hosts
+ - nix-env -iA nixpkgs.openssh nixpkgs.gnupg nixpkgs.curl nixpkgs.git nixpkgs.pass || true
+ # prepare github deployment for NUR
+ - mkdir -p ~/.ssh
+ - echo "$github_deploy_privkey" > ~/.ssh/github_deploy.key
+ - chmod 600 ~/.ssh/github_deploy.key
+ - ssh-keyscan -H 'github.com' >> ~/.ssh/known_hosts
+ # prepare git fetching of secrets
+ - echo "$gitlab_deploy_privkey" > ~/.ssh/gitlab_deploy.key
+ - chmod 600 ~/.ssh/gitlab_deploy.key
+ - ssh-keyscan -H 'ssh.git.shackspace.de' >> ~/.ssh/known_hosts
+ # import secret key for secrets
+ - echo "$secrets_gpg_key" | gpg --import
+wolf deployment test:
+ stage: test
+ script:
+ - GIT_SSH_COMMAND="ssh -i ~/.ssh/gitlab_deploy.key" git clone git@ssh.git.shackspace.de:rz/secrets.git ~/brain
+ - test $(PASSWORD_STORE_DIR=~/brain pass smoke) == 1337
+ - git submodule update --init
+ - $(nix-build krebs/krops.nix --no-out-link --argstr name wolf --argstr target /tmp -A test)
nix-shell test:
+ stage: test
script:
- - env
- nix-shell --pure --command 'true' -p stdenv && echo success
- nix-shell --pure --command 'false' -p stdenv || echo success
+ - git --version
+ - ssh -V
+ - gpg --version
+ - curl --version
+wolf deployment:
+ stage: deploy
+ script:
+ - cp ~/.ssh/gitlab_deploy.key ~/.ssh/id_rsa
+ - git clone git@ssh.git.shackspace.de:rz/secrets.git ~/brain
+ - git submodule update --init
+ - ssh-keyscan -H 'wolf.shack' >> ~/.ssh/known_hosts
+ # TODO, hostname wolf cannot be resolved
+ - $(nix-build krebs/krops.nix --no-out-link --argstr name wolf --argstr target wolf.shack -A deploy)
+ only:
+ changes:
+ - .gitlab-ci.yml
+ - krebs/**/*
+ - lib/**/*
+ - .gitmodules
nur-packages makefu:
+ stage: deploy
script:
- git reset --hard origin/master
- git filter-branch -f --prune-empty --subdirectory-filter makefu/5pkgs HEAD
- git remote add deploy git@github.com:makefu/nur-packages.git || git remote set-url deploy git@github.com:makefu/nur-packages.git
- - git push --force deploy HEAD:master
+ - GIT_SSH_COMMAND="ssh -i ~/.ssh/github_deploy.key" git push --force deploy HEAD:master
- curl -XPOST http://nur-update.herokuapp.com/update?repo=makefu
+ only:
+ changes:
+ - makefu/**/*
after_script:
- - rm -f deploy.key
+ - rm -rf .ssh/