-
-
Notifications
You must be signed in to change notification settings - Fork 3
/
.gitlab-ci.yml
114 lines (102 loc) · 4.11 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
image: debian:bookworm-slim
stages:
- deploy
- publish
# Common steps required for each type of build
# Pin hugo version from buster for guardianproject.info
.setup: &setup |
set -x
set -e
printf 'APT::Install-Recommends "0";\nAPT::Install-Suggests "0";\n' > /etc/apt/apt.conf.d/99no-install-recommends
printf 'Acquire::Retries "20";\n' > /etc/apt/apt.conf.d/99acquire-retries
printf 'APT::Get::Assume-Yes "true";\n' > /etc/apt/apt.conf.d/99assumeyes
printf 'Package: hugo\nPin: version 0.5*\nPin-Priority: 1000\n' > /etc/apt/preferences.d/hugo
apt-get update
apt-get install ca-certificates
printf 'deb https://deb.debian.org/debian/ buster main\n' > /etc/apt/sources.list.d/buster.list
sed -i 's,http:,https:,g' $(find /etc/apt/sources.list* -type f)
apt-get update
apt-get install curl fdroidserver git gpg gpg-wks-client hugo locales make mawk python3 sassc unzip
grep '^en_US.UTF-8 UTF-8' /etc/locale.gen || echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
locale-gen
export LC_ALL=en_US.UTF-8
# index-v1.jar tests need SHA1 support still, TODO switch to index.download_repo_index_v2
sed -i 's,SHA1 denyAfter 20[0-9][0-9],SHA1 denyAfter 2024,' /usr/lib/jvm/default-java/conf/security/java.security
set +x
# test deploy to GitLab Pages
pages:
stage: deploy
artifacts:
paths:
- public
expire_in: 1w
when: always
script:
- *setup
- echo "fail if these documents include http:// links"
- sed -i 's,http://,https://,g' content/*.md content/code/*.md content/apps/*.md
- git diff --exit-code
- echo "fail if images use http:// links"
- find content -type f |xargs sed -Ei 's,(<img .*?src=")http://,\1https://,g'
- git diff --exit-code
# run check scripts
- tools/check-hugo-template-variables.py
# set up GitLab Pages URL (e.g. "https://guardianproject.gitlab.io/info")
- sed -i "s,^baseURL\x3a.*,baseURL\x3a 'https://${CI_PROJECT_NAMESPACE}.gitlab.io/$CI_PROJECT_NAME'," config.yaml
- hugo env
- make
.publish-setup: &publish-setup
- mkdir -p ~/.ssh
- chmod 0700 ~/.ssh
- cat .known_hosts >> ~/.ssh/known_hosts
- chmod 0644 ~/.ssh/known_hosts
- eval $(ssh-agent -s)
- echo >> $SSH_PRIVATE_KEY # ensure trailing newline
- cat "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
- chmod -R a+rX,g+w,o-w public/
guardianproject.info:
stage: publish
only:
- master@guardianproject/info
artifacts:
paths:
- public
expire_in: 1d
script:
- test -z "$SSH_PRIVATE_KEY" && exit 1
- *setup
- sed -i "s,^baseURL\x3a.*,baseURL\x3a 'https://guardianproject.info'," config.yaml
- hugo env
- make
- apt-get install -qy openssh-client rsync
- *publish-setup
- rsync -axv --omit-dir-times --delete
--exclude-from=.rsync-deploy-exclude-list
public/* .htaccess
[email protected]:/home/members/nfreitas/sites/guardianproject.info/users/guardianproject/guardianproject.info/web/
GitHub Pages:
stage: publish
only:
- master@guardianproject/info
script:
- *setup
# set up GitLab Pages URL (e.g. "https://guardianproject.github.io/info")
- sed -i "s,^baseURL\x3a.*,baseURL\x3a 'https://${CI_PROJECT_NAMESPACE}.github.io/$CI_PROJECT_NAME'," config.yaml
- hugo env
- make
- echo "deploy to GitHub Pages"
- apt-get install -qy git openssh-client
- *publish-setup
- echo 'github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl'
>> /etc/ssh/ssh_known_hosts
- echo 'github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg='
>> /etc/ssh/ssh_known_hosts
- cp .htaccess public/
- cd public
- git init
- git config --global user.name "$CI_PIPELINE_ID/$CI_JOB_ID"
- git config --global user.email "$CI_PROJECT_PATH@$CI_SERVER_HOST"
- git checkout -B gh-pages
- git add --force --all .
- git commit . -m "public/ from https://gitlab.com/guardianproject/info/-/jobs/$CI_JOB_ID"
- git push --force [email protected]:guardianproject/info.git gh-pages