This commit is contained in:
parent
0b8bb5cb40
commit
fcee258207
7 changed files with 444 additions and 0 deletions
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -3,3 +3,5 @@ node_modules
|
||||||
public
|
public
|
||||||
resources
|
resources
|
||||||
.hugo_build.lock
|
.hugo_build.lock
|
||||||
|
sec
|
||||||
|
tmp/
|
||||||
|
|
12
.woodpecker.yml
Normal file
12
.woodpecker.yml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
pipeline:
|
||||||
|
build:
|
||||||
|
image: python
|
||||||
|
when:
|
||||||
|
event: [ push, pull_request, tag, deployment ]
|
||||||
|
commands:
|
||||||
|
- curl -fsSL https://deb.nodesource.com/setup_16.x | bash - &&\
|
||||||
|
- apt update && apt-get -y --no-install-recommends install nodejs tar gpg curl wget
|
||||||
|
- make env
|
||||||
|
- make
|
||||||
|
- make ci-deploy
|
||||||
|
secrets: [ GITEA_WRITE_DEPLOY_KEY, LIBREPAGES_DEPLOY_SECRET ]
|
25
Makefile
Normal file
25
Makefile
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
default:
|
||||||
|
./scripts/hugo.sh build
|
||||||
|
|
||||||
|
ci-deploy: ## Deploy from CI/CD. Only call from within CI
|
||||||
|
@if [ "${CI}" != "woodpecker" ]; \
|
||||||
|
then echo "Only call from within CI. Will re-write your local Git configuration. To override, set export CI=woodpecker"; \
|
||||||
|
exit 1; \
|
||||||
|
fi
|
||||||
|
git config --global user.email "${CI_COMMIT_AUTHOR_EMAIL}"
|
||||||
|
git config --global user.name "${CI_COMMIT_AUTHOR}"
|
||||||
|
./scripts/hugo.sh deploy librepages public "${CI_COMMIT_AUTHOR} <${CI_COMMIT_AUTHOR_EMAIL}>"
|
||||||
|
./scripts/ci.sh --init "$$GITEA_WRITE_DEPLOY_KEY"
|
||||||
|
./scripts/ci.sh --deploy ${LIBREPAGES_DEPLOY_SECRET} librepages
|
||||||
|
./scripts/ci.sh --clean
|
||||||
|
|
||||||
|
env: ## Download build dependencies and setup dev environment
|
||||||
|
./scripts/hugo.sh install
|
||||||
|
npm run install
|
||||||
|
npm run build
|
||||||
|
|
||||||
|
help: ## Prints help for targets with comments
|
||||||
|
@cat $(MAKEFILE_LIST) | grep -E '^[a-zA-Z_-]+:.*?## .*$$' | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
|
||||||
|
|
||||||
|
serve:
|
||||||
|
./scripts/hugo.sh hugo server
|
120
scripts/ci.sh
Executable file
120
scripts/ci.sh
Executable file
|
@ -0,0 +1,120 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# ci.sh: Helper script to automate deployment operations on CI/CD
|
||||||
|
# Copyright © 2022 Aravinth Manivannan <realaravinth@batsense.net>
|
||||||
|
#
|
||||||
|
# This program is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU Affero General Public License as
|
||||||
|
# published by the Free Software Foundation, either version 3 of the
|
||||||
|
# License, or (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU Affero General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU Affero General Public License
|
||||||
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
set -xEeuo pipefail
|
||||||
|
#source $(pwd)/scripts/lib.sh
|
||||||
|
|
||||||
|
readonly SSH_ID_FILE=/tmp/ci-ssh-id
|
||||||
|
readonly SSH_REMOTE_NAME=origin-ssh
|
||||||
|
|
||||||
|
match_arg() {
|
||||||
|
if [ $1 == $2 ] || [ $1 == $3 ]
|
||||||
|
then
|
||||||
|
return 0
|
||||||
|
else
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
help() {
|
||||||
|
cat << EOF
|
||||||
|
USAGE: ci.sh [SUBCOMMAND]
|
||||||
|
Helper script to automate deployment operations on CI/CD
|
||||||
|
|
||||||
|
Subcommands
|
||||||
|
|
||||||
|
-c --clean cleanup secrets, SSH key and other runtime data
|
||||||
|
-i --init <SSH_PRIVATE_KEY> initialize environment, write SSH private to file
|
||||||
|
-d --deploy <PAGES-SECRET> <TARGET BRANCH> push branch to Gitea and call Pages server
|
||||||
|
-h --help print this help menu
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
|
# $1: SSH private key
|
||||||
|
write_ssh(){
|
||||||
|
truncate --size 0 $SSH_ID_FILE
|
||||||
|
echo "$1" > $SSH_ID_FILE
|
||||||
|
chmod 600 $SSH_ID_FILE
|
||||||
|
}
|
||||||
|
|
||||||
|
set_ssh_remote() {
|
||||||
|
http_remote_url=$(git remote get-url origin)
|
||||||
|
remote_hostname=$(echo $http_remote_url | cut -d '/' -f 3)
|
||||||
|
repository_owner=$(echo $http_remote_url | cut -d '/' -f 4)
|
||||||
|
repository_name=$(echo $http_remote_url | cut -d '/' -f 5)
|
||||||
|
ssh_remote="git@$remote_hostname:$repository_owner/$repository_name"
|
||||||
|
ssh_remote="git@git.batsense.net:mCaptcha/website.git"
|
||||||
|
git remote add $SSH_REMOTE_NAME $ssh_remote
|
||||||
|
}
|
||||||
|
|
||||||
|
clean() {
|
||||||
|
if [ -f $SSH_ID_FILE ]
|
||||||
|
then
|
||||||
|
shred $SSH_ID_FILE
|
||||||
|
rm $SSH_ID_FILE
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# $1: Pages API secret
|
||||||
|
# $2: Deployment target branch
|
||||||
|
deploy() {
|
||||||
|
if (( "$#" < 2 ))
|
||||||
|
then
|
||||||
|
help
|
||||||
|
else
|
||||||
|
git -c core.sshCommand="/usr/bin/ssh -oStrictHostKeyChecking=no -i $SSH_ID_FILE"\
|
||||||
|
push --force $SSH_REMOTE_NAME $2
|
||||||
|
curl -vv --location --request \
|
||||||
|
POST "https://deploy.batsense.net/api/v1/update"\
|
||||||
|
--header 'Content-Type: application/json' \
|
||||||
|
--data-raw "{ \"secret\": \"$1\", \"branch\": \"$2\" }"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
if (( "$#" < 1 ))
|
||||||
|
then
|
||||||
|
help
|
||||||
|
exit -1
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
if match_arg $1 '-i' '--init'
|
||||||
|
then
|
||||||
|
if (( "$#" < 2 ))
|
||||||
|
then
|
||||||
|
help
|
||||||
|
exit -1
|
||||||
|
fi
|
||||||
|
set_ssh_remote
|
||||||
|
write_ssh "$2"
|
||||||
|
elif match_arg $1 '-c' '--clean'
|
||||||
|
then
|
||||||
|
clean
|
||||||
|
elif match_arg $1 '-d' '--deploy'
|
||||||
|
then
|
||||||
|
if (( "$#" < 3 ))
|
||||||
|
then
|
||||||
|
help
|
||||||
|
exit -1
|
||||||
|
fi
|
||||||
|
deploy $2 $3
|
||||||
|
elif match_arg $1 '-h' '--help'
|
||||||
|
then
|
||||||
|
help
|
||||||
|
else
|
||||||
|
help
|
||||||
|
fi
|
155
scripts/hugo.sh
Executable file
155
scripts/hugo.sh
Executable file
|
@ -0,0 +1,155 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# Used in CI workflow: install hugo binary from GitHub
|
||||||
|
# Copyright © 2021 Aravinth Manivannan <realaravinth@batsense.net>
|
||||||
|
#
|
||||||
|
# This program is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU Affero General Public License as
|
||||||
|
# published by the Free Software Foundation, either version 3 of the
|
||||||
|
# License, or (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU Affero General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU Affero General Public License
|
||||||
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
readonly PROJECT_ROOT=$(pwd)
|
||||||
|
readonly TARBALL=hugo.tar.gz
|
||||||
|
readonly SOURCE="https://github.com/gohugoio/hugo/releases/download/v0.110.0/hugo_0.110.0_linux-amd64.tar.gz"
|
||||||
|
|
||||||
|
readonly BIN_PATH=tmp/bin
|
||||||
|
readonly BIN=$BIN_PATH/hugo
|
||||||
|
|
||||||
|
readonly DIST=public
|
||||||
|
|
||||||
|
source $(pwd)/scripts/lib.sh
|
||||||
|
|
||||||
|
help() {
|
||||||
|
cat << EOF
|
||||||
|
hugo.sh: hugo build script
|
||||||
|
USAGE:
|
||||||
|
hugo.sh <options>
|
||||||
|
OPTIONS:
|
||||||
|
b build build website
|
||||||
|
c clean clean dependencies and build artifacts
|
||||||
|
d deploy deploy build to branch
|
||||||
|
h help print this help menu
|
||||||
|
i install install build dependencies
|
||||||
|
u url make urls relative
|
||||||
|
z hugo invoke hugo
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
|
download() {
|
||||||
|
if [ ! -e $BIN_PATH ];
|
||||||
|
then
|
||||||
|
mkdir -p $BIN_PATH
|
||||||
|
cd $BIN_PATH
|
||||||
|
echo "[*] Downloading Hugo"
|
||||||
|
wget --quiet --output-document=$TARBALL $SOURCE
|
||||||
|
tar -xvzf $TARBALL > /dev/null
|
||||||
|
rm $TARBALL
|
||||||
|
echo "[*] Downloaded hugo into $BIN"
|
||||||
|
cd $PROJECT_ROOT
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
init() {
|
||||||
|
if [ ! -d $BIN_PATH ]
|
||||||
|
then
|
||||||
|
mkdir $BIN_PATH
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -f $BIN ]
|
||||||
|
then
|
||||||
|
cd $BIN_PATH
|
||||||
|
download
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
run() {
|
||||||
|
$BIN "${@:1}"
|
||||||
|
}
|
||||||
|
|
||||||
|
build() {
|
||||||
|
run
|
||||||
|
}
|
||||||
|
|
||||||
|
no_absolute_url() {
|
||||||
|
sed -i 's/https:\/\/mcaptcha.org//g' $(find public -type f | grep html)
|
||||||
|
}
|
||||||
|
|
||||||
|
clean() {
|
||||||
|
rm -rf $BIN_PATH || true
|
||||||
|
rm -rf $DIST || true
|
||||||
|
echo "[*] Workspace cleaned"
|
||||||
|
}
|
||||||
|
|
||||||
|
# $1: branch name
|
||||||
|
# $2: directory containing build assets
|
||||||
|
# $3: Author in <author-name author@example.com> format
|
||||||
|
deploy() {
|
||||||
|
cd $PROJECT_ROOT
|
||||||
|
original_branch=$(git branch --show-current)
|
||||||
|
tmp_dir=$(mktemp -d)
|
||||||
|
cp -r $2/* $tmp_dir
|
||||||
|
|
||||||
|
if [[ -z $(git ls-remote --heads origin ${1}) ]]
|
||||||
|
then
|
||||||
|
echo "[*] Creating deployment branch $1"
|
||||||
|
git checkout --orphan $1
|
||||||
|
else
|
||||||
|
echo "[*] Deployment branch $1 exists, pulling changes from remote"
|
||||||
|
git fetch origin $1
|
||||||
|
git switch $1
|
||||||
|
fi
|
||||||
|
|
||||||
|
git rm -rf .
|
||||||
|
/bin/rm -rf *
|
||||||
|
cp -r $tmp_dir/* .
|
||||||
|
git add --all
|
||||||
|
if [ $(git status --porcelain | xargs | sed '/^$/d' | wc -l) -gt 0 ];
|
||||||
|
then
|
||||||
|
echo "[*] Repository has changed, committing changes"
|
||||||
|
git commit \
|
||||||
|
--author="$3" \
|
||||||
|
--message="new deploy: $(date --iso-8601=seconds)"
|
||||||
|
fi
|
||||||
|
git checkout $original_branch
|
||||||
|
}
|
||||||
|
|
||||||
|
check_arg $1
|
||||||
|
download
|
||||||
|
|
||||||
|
if match_arg $1 'c' 'clean'
|
||||||
|
then
|
||||||
|
clean
|
||||||
|
elif match_arg $1 'i' 'install'
|
||||||
|
then
|
||||||
|
init
|
||||||
|
elif match_arg $1 'd' 'deploy'
|
||||||
|
then
|
||||||
|
check_arg $2
|
||||||
|
check_arg $3
|
||||||
|
check_arg $4
|
||||||
|
deploy $2 $3 $4
|
||||||
|
elif match_arg $1 'b' 'build'
|
||||||
|
then
|
||||||
|
build
|
||||||
|
elif match_arg $1 'h' 'help'
|
||||||
|
then
|
||||||
|
help
|
||||||
|
elif match_arg $1 'z' 'hugo'
|
||||||
|
then
|
||||||
|
hugo "${@:3}"
|
||||||
|
else
|
||||||
|
echo "Error: $1 is not an option"
|
||||||
|
help
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
exit 0
|
32
scripts/lib.sh
Executable file
32
scripts/lib.sh
Executable file
|
@ -0,0 +1,32 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# Copyright © 2021 Aravinth Manivannan <realaravinth@batsense.net>
|
||||||
|
#
|
||||||
|
# This program is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU Affero General Public License as
|
||||||
|
# published by the Free Software Foundation, either version 3 of the
|
||||||
|
# License, or (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU Affero General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU Affero General Public License
|
||||||
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
check_arg(){
|
||||||
|
if [ -z $1 ]
|
||||||
|
then
|
||||||
|
help
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
match_arg() {
|
||||||
|
if [ $1 == $2 ] || [ $1 == $3 ]
|
||||||
|
then
|
||||||
|
return 0
|
||||||
|
else
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
}
|
98
scripts/spellcheck.sh
Executable file
98
scripts/spellcheck.sh
Executable file
|
@ -0,0 +1,98 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# Used in CI workflow: install and check for spelling errors
|
||||||
|
# Copyright © 2021 Aravinth Manivannan <realaravinth@batsense.net>
|
||||||
|
#
|
||||||
|
# This program is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU Affero General Public License as
|
||||||
|
# published by the Free Software Foundation, either version 3 of the
|
||||||
|
# License, or (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU Affero General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU Affero General Public License
|
||||||
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
readonly MISSPELL_DOWNLOAD="https://github.com/client9/misspell/releases/download/v0.3.4/misspell_0.3.4_linux_64bit.tar.gz"
|
||||||
|
readonly TMP_DIR=$(pwd)/tmp
|
||||||
|
readonly PROJECT_ROOT=$(pwd)
|
||||||
|
readonly MISSPELL_TARBALL="$TMP_DIR/misspell.tar.bz2"
|
||||||
|
readonly MISSPELL="$TMP_DIR/misspell"
|
||||||
|
|
||||||
|
set -Eeuo pipefail
|
||||||
|
|
||||||
|
source $(pwd)/scripts/lib.sh
|
||||||
|
|
||||||
|
FLAGS=""
|
||||||
|
|
||||||
|
help() {
|
||||||
|
cat << EOF
|
||||||
|
spellcheck.sh: Check for spelling errors
|
||||||
|
USAGE:
|
||||||
|
spellcheck.sh <options>
|
||||||
|
OPTIONS:
|
||||||
|
c --check check for spelling erros
|
||||||
|
h --help print this help menu
|
||||||
|
w --write check and fix spelling errors
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
download() {
|
||||||
|
if [ ! -e $MISSPELL ];
|
||||||
|
then
|
||||||
|
echo "[*] Downloading misspell"
|
||||||
|
wget --quiet --output-doc=$MISSPELL_TARBALL $MISSPELL_DOWNLOAD;
|
||||||
|
cd $TMP_DIR
|
||||||
|
tar -xf $MISSPELL_TARBALL;
|
||||||
|
cd $PROJECT_ROOT
|
||||||
|
pip install codespell
|
||||||
|
else
|
||||||
|
echo "[*] Found misspell"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
spell_check_codespell() {
|
||||||
|
_check(){
|
||||||
|
codespell $FLAGS $PROJECT_ROOT/$1 #|| true
|
||||||
|
}
|
||||||
|
_check README.md
|
||||||
|
_check contents
|
||||||
|
}
|
||||||
|
|
||||||
|
spell_check_misspell() {
|
||||||
|
mkdir $TMP_DIR || true
|
||||||
|
download
|
||||||
|
|
||||||
|
_check(){
|
||||||
|
$MISSPELL $FLAGS $PROJECT_ROOT/$1
|
||||||
|
}
|
||||||
|
|
||||||
|
_check contents
|
||||||
|
_check README.md
|
||||||
|
}
|
||||||
|
|
||||||
|
check_arg $1
|
||||||
|
|
||||||
|
if match_arg $1 'w' '--write'
|
||||||
|
then
|
||||||
|
echo "[*] checking and correcting spellings"
|
||||||
|
FLAGS="-w"
|
||||||
|
spell_check_misspell
|
||||||
|
spell_check_codespell
|
||||||
|
elif match_arg $1 'c' '--check'
|
||||||
|
then
|
||||||
|
echo "[*] checking spellings"
|
||||||
|
spell_check_misspell
|
||||||
|
spell_check_codespell
|
||||||
|
elif match_arg $1 'h' '--help'
|
||||||
|
then
|
||||||
|
help
|
||||||
|
else
|
||||||
|
echo "undefined option"
|
||||||
|
help
|
||||||
|
exit 1
|
||||||
|
fi
|
Loading…
Reference in a new issue