Simplify CI config by using ssh deploy keys

Signed-off-by: baalajimaestro <me@baalajimaestro.me>
This commit is contained in:
baalajimaestro 2023-06-18 17:06:47 +05:30
parent b20f4082eb
commit 1d99a1e160
Signed by: baalajimaestro
GPG Key ID: F93C394FE9BBAFD5
3 changed files with 24 additions and 10 deletions

View File

@ -1,8 +1,20 @@
#! /bin/sh
apk add git py3-pip python3
apk add git py3-pip python3 openssh-client
mkdir ~/.ssh
chmod 700 ~/.ssh
echo "Setting Host Keys for GitLab...."
echo '[git.baalajimaestro.me]:29999 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3IrYRuprw3liGd+/EGLBFqxQ9S2+/1FNxNCpO87wjRIpDxZjAWOvT2tUoIEUzWEGNHqkgRLn+rR0hsGK0SqHIPyEIsJ5AKuS7zuhy6fkVS7RsDHjJ8usBF4j3EnkYBse5qLgUIf37u0mF0EXAFcuwOBgvXM6hqL0UYcQqRGWWrHvkRRcmizkAcxJcframf3+PLG/vn4fSUH7ZUUqjx6/QIJS0iFb0HB2mv8sWzpJlJmy46WZVltwPDLOLeGZb4OcAB20/yfPalb4MsQeSrVmYtRos3sN8Uh/DwfNT/u5Jk6qqXHm3GW2fzsbZInb+0XjrmdaH3awhUN0vQMDvYgvR2UcZHgRuJvKXMAo3keOA8m9cBXJvopr/TyKt4GUvIGzjXUB9kyW/sIxn6qJel8y3b486FxV1EI2m9wKzFbtRdRG1xWxjTR16LyerrzwgAaAayFxyuQ6UgvM4zCzdgk6cDT2hGfHhF2NUKiWDobGowQJairVCzaYZCT/jy9avm2M=' >> ~/.ssh/known_hosts
echo '[git.baalajimaestro.me]:29999 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBL0yV054Ox/OPWCAz6hzo6VKkugDJx7ziCQBAdjhWfTTK3YCYroPANtflimBZYNhl43OyUx0mbdh8W27+T/PXBU=' >> ~/.ssh/known_hosts
echo '[git.baalajimaestro.me]:29999 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHJWhNlVfjAqfnHGqtqudlRZ8IBD8gt2XJUvBBAI6+5K' >> ~/.ssh/known_hosts
git config --global user.name baalajimaestro
git config --global user.email me@baalajimaestro.me
pip3 install GitPython
export HUGO_ENV=production
python3 .buildpush.py

View File

@ -6,11 +6,7 @@ from time import time
from pathlib import Path
# All the env vars
base_repo_user = os.environ.get("BASE_REPO_USERNAME")
base_repo_token = os.environ.get("BASE_REPO_TOKEN")
content_repo_git = os.environ.get("CONTENT_REPO_GIT")
content_repo_username = os.environ.get("CONTENT_REPO_USERNAME")
content_repo_token = os.environ.get("CONTENT_REPO_TOKEN")
out_dir = os.environ.get("OUT_DIR")
# Find absolute path of current directory
@ -19,11 +15,15 @@ path = Path(cwd)
base_dir = str(path)
current_time = str(int(time()))
# Set SSH Key path
git_ssh_cmd = "ssh -i /tmp/ssh-key"
# Clone our content
content_repo = Repo.clone_from(
f"https://{content_repo_username}:{content_repo_token}@git.baalajimaestro.me/baalajimaestro/{content_repo_git}.git",
f"ssh://git@git.baalajimaestro.me:29999/baalajimaestro/{content_repo_git}.git",
f"{base_dir}/content",
branch="prod"
branch="prod",
env=dict(GIT_SSH_COMMAND=git_ssh_cmd)
)
@ -33,7 +33,7 @@ os.chdir(out_dir)
repo = Repo.init(out_dir)
repo.create_remote(
"origin",
f"https://{base_repo_user}:{base_repo_token}@git.baalajimaestro.me/baalajimaestro/personal-website.git",
f"ssh://git@git.baalajimaestro.me:29999/baalajimaestro/personal-website.git",
)
# Build the binaries
@ -44,4 +44,4 @@ process = subprocess.run(["hugo", "--gc", "--minify", "-d", out_dir])
os.chdir(out_dir)
repo.git.add(".")
repo.index.commit(f"[MaestroCI]: Binaries as of {current_time}")
repo.git.push("origin", "master", force=True)
repo.git.push("origin", "master", force=True, env=dict(GIT_SSH_COMMAND=git_ssh_cmd))

View File

@ -1,5 +1,7 @@
build-and-push:
stage: build
before_script:
- chmod 600 $SSH_SECRET_KEY
script:
- docker run -v $(pwd):/app -w /app -e BASE_REPO_TOKEN="$BASE_REPO_TOKEN" -e BASE_REPO_USERNAME="$BASE_REPO_USERNAME" -e CONTENT_REPO_GIT="$CONTENT_REPO_GIT" -e CONTENT_REPO_TOKEN="$CONTENT_REPO_TOKEN" -e CONTENT_REPO_USERNAME="$CONTENT_REPO_USERNAME" -e OUT_DIR="$OUT_DIR" registry.baalajimaestro.me/baalajimaestro/hugo-alpine-ext:latest sh .build.sh
- docker run -v $(pwd):/app -w /app -v "$SSH_SECRET_KEY":/tmp/ssh-key -e CONTENT_REPO_GIT="$CONTENT_REPO_GIT" -e OUT_DIR="$OUT_DIR" registry.baalajimaestro.me/baalajimaestro/hugo-alpine-ext:latest sh .build.sh
- docker run -v $(pwd):/app busybox rm -rf /app/content /app/resources