summaryrefslogtreecommitdiffstats
path: root/.gitlab-ci.yml
blob: cf8f6e8f474fdf51ab04ef906ed487389a4dc224 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
before_script:
  - nix-env -iA nixpkgs.openssh nixpkgs.gnupg nixpkgs.curl nixpkgs.git nixpkgs.pass || true
  # prepare github deployment for NUR
  - mkdir -p ~/.ssh
  - echo "$github_deploy_privkey" > ~/.ssh/github_deploy.key
  - chmod 600 ~/.ssh/github_deploy.key
  - ssh-keyscan -H 'github.com' >> ~/.ssh/known_hosts
  # prepare git fetching of secrets
  - echo "$gitlab_deploy_privkey" > ~/.ssh/gitlab_deploy.key
  - chmod 600 ~/.ssh/gitlab_deploy.key
  - echo "$ssh_git_shackspace_serverkey" >> ~/.ssh/known_hosts
  # import secret key for secrets
  - which gpg
  - which gpg2
  - echo "$secrets_gpg_key" | gpg --import
deployment test:
  stage: test
  script:
    - GIT_SSH_COMMAND="ssh -i ~/.ssh/gitlab_deploy.key" git clone git@ssh.git.shackspace.de:rz/secrets.git ~/brain
    - test $(PASSWORD_STORE_DIR=~/brain pass smoke) == 1337
    - git submodule update --init
    - $(nix-build krebs/krops.nix --no-out-link --argstr name wolf --argstr target /tmp -A test)
    - $(nix-build krebs/krops.nix --no-out-link --argstr name puyak --argstr target /tmp -A test)
nix-shell test:
  stage: test
  script:
    - nix-shell --pure --command 'true' -p stdenv && echo success
    - nix-shell --pure --command 'false' -p stdenv || echo success
    - git --version
    - ssh -V
    - gpg --version
    - curl --version
wolf deployment:
  stage: deploy
  script:
    - cp ~/.ssh/gitlab_deploy.key ~/.ssh/id_rsa
    - git clone git@ssh.git.shackspace.de:rz/secrets.git ~/brain
    - git submodule update --init
    - ssh-keyscan -H 'wolf.shack' >> ~/.ssh/known_hosts
    - $(nix-build krebs/krops.nix --no-out-link --argstr name wolf --argstr target wolf.shack -A deploy)
  only:
    changes:
      - .gitlab-ci.yml
      - krebs/**/*
      - lib/**/*
      - .gitmodules
puyak deployment:
  stage: deploy
  script:
    - cp ~/.ssh/gitlab_deploy.key ~/.ssh/id_rsa
    - git clone git@ssh.git.shackspace.de:rz/secrets.git ~/brain
    - git submodule update --init
    - ssh-keyscan -H 'puyak.shack' >> ~/.ssh/known_hosts
    - $(nix-build krebs/krops.nix --no-out-link --argstr name puyak --argstr target puyak.shack -A deploy)
  only:
    changes:
      - .gitlab-ci.yml
      - krebs/**/*
      - lib/**/*
      - .gitmodules
nur-packages makefu:
  stage: deploy
  script:
    - git reset --hard origin/master
    - git filter-branch -f --prune-empty --subdirectory-filter makefu/5pkgs HEAD
    - git remote add deploy git@github.com:makefu/nur-packages.git  || git remote set-url deploy git@github.com:makefu/nur-packages.git
    - GIT_SSH_COMMAND="ssh -i ~/.ssh/github_deploy.key" git push --force deploy HEAD:master
    - curl -XPOST http://nur-update.herokuapp.com/update?repo=makefu
  only:
    changes:
      - makefu/**/*
after_script:
    - rm -rf .ssh/