From d82a066fb3a125dceba766c75a49823401a0c93f Mon Sep 17 00:00:00 2001 From: mwiegand Date: Sun, 13 Mar 2022 18:11:11 +0100 Subject: [PATCH] gitea ci --- bundles/build-ci/items.py | 9 +++++++++ bundles/build-ci/metadata.py | 24 ++++++++++++++++++++++++ bundles/build-server/files/ci | 31 +++++++++++++++++++++++++++++++ bundles/build-server/items.py | 10 +++++++++- bundles/build-server/metadata.py | 18 ++++++++++++++++++ bundles/lonercrew/metadata.py | 28 ++++++++++++++++++++++++++++ data/lonercrew/vhost.conf | 11 +++++++++++ nodes/netcup.mails.py | 3 +++ 8 files changed, 133 insertions(+), 1 deletion(-) create mode 100644 bundles/build-ci/items.py create mode 100644 bundles/build-ci/metadata.py create mode 100644 bundles/build-server/files/ci create mode 100644 bundles/lonercrew/metadata.py create mode 100644 data/lonercrew/vhost.conf diff --git a/bundles/build-ci/items.py b/bundles/build-ci/items.py new file mode 100644 index 0000000..b2d1e4a --- /dev/null +++ b/bundles/build-ci/items.py @@ -0,0 +1,9 @@ +for project, options in node.metadata.get('build-ci').items(): + directories[options['path']] = { + 'owner': 'build-ci', + 'group': options['group'], + 'mode': '770', + 'needs': [ + 'user:build-ci', + ], + } diff --git a/bundles/build-ci/metadata.py b/bundles/build-ci/metadata.py new file mode 100644 index 0000000..4d96f80 --- /dev/null +++ b/bundles/build-ci/metadata.py @@ -0,0 +1,24 @@ +from shlex import quote + + +@metadata_reactor.provides( + 'users/build-ci/authorized_users', +) +def ssh_keys(metadata): + return { + 'users': { + 'build-ci': { + 'authorized_users': { + f'build-server@{other_node.name}' + for other_node in repo.nodes + if other_node.has_bundle('build-server') + }, + }, + }, + 'sudoers': { + 'build-ci': { + f"/usr/bin/chown -R build-ci\:{quote(ci['group'])} {quote(ci['path'])}" + for ci in metadata.get('build-ci').values() + } + }, + } diff --git a/bundles/build-server/files/ci b/bundles/build-server/files/ci new file mode 100644 index 0000000..a17e19b --- /dev/null +++ b/bundles/build-server/files/ci @@ -0,0 +1,31 @@ +#!/bin/bash + +set -xu + + +CONFIG_PATH=${config_path} +JSON="$1" +REPO_NAME=$(jq -r .repository.name <<< $JSON) +CLONE_URL=$(jq -r .repository.clone_url <<< $JSON) +SSH_OPTIONS='-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' + +for INTEGRATION in "$(cat $CONFIG_PATH | jq -r '.ci | values[]')" +do + + echo '-----------------------' + echo $INTEGRATION + + [[ $(jq -r '.repo' <<< $INTEGRATION) = $REPO_NAME ]] || continue + + HOSTNAME=$(jq -r '.hostname' <<< $INTEGRATION) + DESTINATION_PATH=$(jq -r '.path' <<< $INTEGRATION) + DESTINATION_GROUP=$(jq -r '.group' <<< $INTEGRATION) + + cd ~ + rm -rf "$REPO_NAME" + git clone "$CLONE_URL" "$REPO_NAME" + + ssh $SSH_OPTIONS "build-ci@$HOSTNAME" "find \"$DESTINATION_PATH\" -mindepth 1 -delete" + scp -r $SSH_OPTIONS "$REPO_NAME"/* "build-ci@$HOSTNAME:$DESTINATION_PATH" + ssh $SSH_OPTIONS "build-ci@$HOSTNAME" "sudo chown -R build-ci:$DESTINATION_GROUP $(printf "%q" "$DESTINATION_PATH")" +done diff --git a/bundles/build-server/items.py b/bundles/build-server/items.py index d09d7bd..1739217 100644 --- a/bundles/build-server/items.py +++ b/bundles/build-server/items.py @@ -10,7 +10,7 @@ directories = { files = { '/etc/build-server.json': { 'owner': 'build-server', - 'content': json.dumps(node.metadata.get('build-server'), indent=4, cls=MetadataJSONEncoder) + 'content': json.dumps(node.metadata.get('build-server'), indent=4, sort_keys=True, cls=MetadataJSONEncoder) }, '/opt/build-server/strategies/crystal': { 'content_type': 'mako', @@ -21,4 +21,12 @@ files = { 'download_server': node.metadata.get('build-server/download_server_ip'), }, }, + '/opt/build-server/strategies/ci': { + 'content_type': 'mako', + 'owner': 'build-server', + 'mode': '0777', # FIXME + 'context': { + 'config_path': '/etc/build-server.json', + }, + }, } diff --git a/bundles/build-server/metadata.py b/bundles/build-server/metadata.py index f742198..fa92c0e 100644 --- a/bundles/build-server/metadata.py +++ b/bundles/build-server/metadata.py @@ -40,6 +40,24 @@ def agent_conf(metadata): }, } +@metadata_reactor.provides( + 'build-server', +) +def ci(metadata): + return { + 'build-server': { + 'ci': { + f'{repo}@{other_node.name}': { + 'hostname': other_node.metadata.get('hostname'), + 'repo': repo, + **options, + } + for other_node in repo.nodes + if other_node.has_bundle('build-ci') + for repo, options in other_node.metadata.get('build-ci').items() + }, + }, + } @metadata_reactor.provides( 'nginx/vhosts', diff --git a/bundles/lonercrew/metadata.py b/bundles/lonercrew/metadata.py new file mode 100644 index 0000000..0bcdcaf --- /dev/null +++ b/bundles/lonercrew/metadata.py @@ -0,0 +1,28 @@ +if not node.has_bundle('build-ci'): + raise Exception('lownercrew needs bundle build-ci') + + +defaults = { + 'build-ci': { + 'lonercrew': { + 'path': '/opt/lonercrew', + 'group': 'www-data', + 'rev': 'master', + }, + }, +} + + +@metadata_reactor.provides( + 'nginx/vhosts', +) +def nginx(metadata): + return { + 'nginx': { + 'vhosts': { + 'lonercrew.io': { + 'content': 'lonercrew/vhost.conf', + }, + }, + }, + } diff --git a/data/lonercrew/vhost.conf b/data/lonercrew/vhost.conf new file mode 100644 index 0000000..d66b80e --- /dev/null +++ b/data/lonercrew/vhost.conf @@ -0,0 +1,11 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + ssl_certificate /var/lib/dehydrated/certs/${server_name}/fullchain.pem; + ssl_certificate_key /var/lib/dehydrated/certs/${server_name}/privkey.pem; + + server_name ${server_name}; + index index.html; + root /opt/lonercrew; +} diff --git a/nodes/netcup.mails.py b/nodes/netcup.mails.py index 0fcc1f5..44bcc09 100644 --- a/nodes/netcup.mails.py +++ b/nodes/netcup.mails.py @@ -14,6 +14,8 @@ 'islamicstate.eu', 'wireguard', 'zfs', + 'lonercrew', + 'build-ci', ], 'metadata': { 'id': 'ea29bdf0-0b47-4bf4-8346-67d60c9dc4ae', @@ -45,6 +47,7 @@ 'islamicstate.eu', 'hausamsilberberg.de', 'wiegand.tel', + 'lonercrew.io', }, }, 'dns': {