before_script: - nix-env -iA nixpkgs.openssh nixpkgs.gnupg nixpkgs.curl nixpkgs.git nixpkgs.pass || true # prepare github deployment for NUR - mkdir -p ~/.ssh - echo "$github_deploy_privkey" > ~/.ssh/github_deploy.key - chmod 600 ~/.ssh/github_deploy.key - ssh-keyscan -H 'github.com' >> ~/.ssh/known_hosts # prepare git fetching of secrets - echo "$gitlab_deploy_privkey" > ~/.ssh/gitlab_deploy.key - chmod 600 ~/.ssh/gitlab_deploy.key - echo "$ssh_git_shackspace_serverkey" >> ~/.ssh/known_hosts # import secret key for secrets - which gpg - which gpg2 - echo "$secrets_gpg_key" | gpg --import deployment test: stage: test script: - GIT_SSH_COMMAND="ssh -i ~/.ssh/gitlab_deploy.key" git clone git@ssh.git.shackspace.de:rz/secrets.git ~/brain - test $(PASSWORD_STORE_DIR=~/brain pass smoke) == 1337 - git submodule update --init - $(nix-build krebs/krops.nix --no-out-link --argstr name wolf --argstr target /tmp -A test) - $(nix-build krebs/krops.nix --no-out-link --argstr name puyak --argstr target /tmp -A test) nix-shell test: stage: test script: - nix-shell --pure --command 'true' -p stdenv && echo success - nix-shell --pure --command 'false' -p stdenv || echo success - git --version - ssh -V - gpg --version - curl --version wolf deployment: stage: deploy script: - cp ~/.ssh/gitlab_deploy.key ~/.ssh/id_rsa - git clone git@ssh.git.shackspace.de:rz/secrets.git ~/brain - git submodule update --init - ssh-keyscan -H 'wolf.shack' >> ~/.ssh/known_hosts - $(nix-build krebs/krops.nix --no-out-link --argstr name wolf --argstr target wolf.shack -A deploy) only: changes: - .gitlab-ci.yml - krebs/**/* - lib/**/* - .gitmodules puyak deployment: stage: deploy script: - cp ~/.ssh/gitlab_deploy.key ~/.ssh/id_rsa - git clone git@ssh.git.shackspace.de:rz/secrets.git ~/brain - git submodule update --init - ssh-keyscan -H 'puyak.shack' >> ~/.ssh/known_hosts - $(nix-build krebs/krops.nix --no-out-link --argstr name puyak --argstr target puyak.shack -A deploy) only: changes: - .gitlab-ci.yml - krebs/**/* - lib/**/* - .gitmodules nur-packages makefu: stage: deploy script: - git reset --hard origin/master - git filter-branch -f --prune-empty --subdirectory-filter makefu/5pkgs HEAD - git remote add deploy git@github.com:makefu/nur-packages.git || git remote set-url deploy git@github.com:makefu/nur-packages.git - GIT_SSH_COMMAND="ssh -i ~/.ssh/github_deploy.key" git push --force deploy HEAD:master - curl -XPOST http://nur-update.herokuapp.com/update?repo=makefu only: changes: - makefu/**/* after_script: - rm -rf .ssh/