Simplify CI config by using ssh deploy keys

Signed-off-by: baalajimaestro <me@baalajimaestro.me>

.build.sh

@@ -1,8 +1,20 @@
 #! /bin/sh
 
-apk add git py3-pip python3
+apk add git py3-pip python3 openssh-client
+
+mkdir ~/.ssh
+chmod 700 ~/.ssh
+
+echo "Setting Host Keys for GitLab...."
+echo '[git.baalajimaestro.me]:29999 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3IrYRuprw3liGd+/EGLBFqxQ9S2+/1FNxNCpO87wjRIpDxZjAWOvT2tUoIEUzWEGNHqkgRLn+rR0hsGK0SqHIPyEIsJ5AKuS7zuhy6fkVS7RsDHjJ8usBF4j3EnkYBse5qLgUIf37u0mF0EXAFcuwOBgvXM6hqL0UYcQqRGWWrHvkRRcmizkAcxJcframf3+PLG/vn4fSUH7ZUUqjx6/QIJS0iFb0HB2mv8sWzpJlJmy46WZVltwPDLOLeGZb4OcAB20/yfPalb4MsQeSrVmYtRos3sN8Uh/DwfNT/u5Jk6qqXHm3GW2fzsbZInb+0XjrmdaH3awhUN0vQMDvYgvR2UcZHgRuJvKXMAo3keOA8m9cBXJvopr/TyKt4GUvIGzjXUB9kyW/sIxn6qJel8y3b486FxV1EI2m9wKzFbtRdRG1xWxjTR16LyerrzwgAaAayFxyuQ6UgvM4zCzdgk6cDT2hGfHhF2NUKiWDobGowQJairVCzaYZCT/jy9avm2M=' >> ~/.ssh/known_hosts
+echo '[git.baalajimaestro.me]:29999 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBL0yV054Ox/OPWCAz6hzo6VKkugDJx7ziCQBAdjhWfTTK3YCYroPANtflimBZYNhl43OyUx0mbdh8W27+T/PXBU=' >> ~/.ssh/known_hosts
+echo '[git.baalajimaestro.me]:29999 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHJWhNlVfjAqfnHGqtqudlRZ8IBD8gt2XJUvBBAI6+5K' >> ~/.ssh/known_hosts
+
 git config --global user.name baalajimaestro
 git config --global user.email me@baalajimaestro.me
+
 pip3 install GitPython
+
 export HUGO_ENV=production
+
 python3 .buildpush.py

.buildpush.py

@@ -6,11 +6,7 @@ from time import time
 from pathlib import Path
 
 # All the env vars
-base_repo_user = os.environ.get("BASE_REPO_USERNAME")
-base_repo_token = os.environ.get("BASE_REPO_TOKEN")
 content_repo_git = os.environ.get("CONTENT_REPO_GIT")
-content_repo_username = os.environ.get("CONTENT_REPO_USERNAME")
-content_repo_token = os.environ.get("CONTENT_REPO_TOKEN")
 out_dir = os.environ.get("OUT_DIR")
 
 # Find absolute path of current directory
@@ -19,11 +15,15 @@ path = Path(cwd)
 base_dir = str(path)
 current_time = str(int(time()))
 
+# Set SSH Key path
+git_ssh_cmd = "ssh -i /tmp/ssh-key"
+
 # Clone our content
 content_repo = Repo.clone_from(
-    f"https://{content_repo_username}:{content_repo_token}@git.baalajimaestro.me/baalajimaestro/{content_repo_git}.git",
+    f"ssh://git@git.baalajimaestro.me:29999/baalajimaestro/{content_repo_git}.git",
     f"{base_dir}/content",
-    branch="prod"
+    branch="prod",
+    env=dict(GIT_SSH_COMMAND=git_ssh_cmd)
 )
 
 
@@ -33,7 +33,7 @@ os.chdir(out_dir)
 repo = Repo.init(out_dir)
 repo.create_remote(
     "origin",
-    f"https://{base_repo_user}:{base_repo_token}@git.baalajimaestro.me/baalajimaestro/personal-website.git",
+    f"ssh://git@git.baalajimaestro.me:29999/baalajimaestro/personal-website.git",
 )
 
 # Build the binaries
@@ -44,4 +44,4 @@ process = subprocess.run(["hugo", "--gc", "--minify", "-d", out_dir])
 os.chdir(out_dir)
 repo.git.add(".")
 repo.index.commit(f"[MaestroCI]: Binaries as of {current_time}")
-repo.git.push("origin", "master", force=True)
+repo.git.push("origin", "master", force=True, env=dict(GIT_SSH_COMMAND=git_ssh_cmd))

.gitlab-ci.yml

@@ -1,5 +1,7 @@
 build-and-push:
     stage: build
+    before_script:
+        - chmod 600 $SSH_SECRET_KEY
     script:
-        - docker run -v $(pwd):/app -w /app -e BASE_REPO_TOKEN="$BASE_REPO_TOKEN" -e BASE_REPO_USERNAME="$BASE_REPO_USERNAME" -e CONTENT_REPO_GIT="$CONTENT_REPO_GIT" -e CONTENT_REPO_TOKEN="$CONTENT_REPO_TOKEN" -e CONTENT_REPO_USERNAME="$CONTENT_REPO_USERNAME" -e OUT_DIR="$OUT_DIR" registry.baalajimaestro.me/baalajimaestro/hugo-alpine-ext:latest sh .build.sh
+        - docker run -v $(pwd):/app -w /app -v "$SSH_SECRET_KEY":/tmp/ssh-key -e CONTENT_REPO_GIT="$CONTENT_REPO_GIT" -e OUT_DIR="$OUT_DIR" registry.baalajimaestro.me/baalajimaestro/hugo-alpine-ext:latest sh .build.sh
         - docker run -v $(pwd):/app busybox rm -rf /app/content /app/resources