1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
---
image: $CI_REGISTRY/schleuder/schleuder-ci-images:debian-generic
stages:
- build
- deploy
- qa
variables:
DEPLOY_BASE: dev/review
DEPLOY_SLUG: dev/review/$CI_PROJECT_NAME/$CI_COMMIT_REF_SLUG
build:
script:
# Set jekylls 'baseurl' option in case we're not dealing with the main branch.
- 'if ! [ "$CI_COMMIT_REF_SLUG" == "main" ]; then
echo "baseurl: /$DEPLOY_SLUG" >> _config.yml;
fi'
- jekyll build --verbose
- tar cfz site.tar.gz _site
stage: build
artifacts:
paths:
- site.tar.gz
expire_in: 1 day
deploy:
script:
# Disable bash history to prevent secret variables to be recorded and saved
- unset HISTFILE
# Start SSH agent
- eval $(ssh-agent -s)
# Add the SSH key stored in the SSH_DEPLOY_KEY variable to the agent store
# We're using 'tr' to fix line endings which makes ed25519 keys work without
# extra base64 encoding
- echo "$DEPLOY_KEY" | tr -d '\r' | ssh-add - > /dev/null
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- printf "
|1|ZfxGVbfwfCHlaURlet/V6y+2gjg=|/X7OweXQUnXZnGSKkvF/IpVz4n4= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPJx38PfGvaHtkSsHptiHoIQxlI3Yf0cskPNTwAQnY14\n
|1|8YPsezXF2SYQ7rq9U5TbDnMsVjo=|SJOodZB+8j+dO+l6YTdZ7+44XLw= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPJx38PfGvaHtkSsHptiHoIQxlI3Yf0cskPNTwAQnY14
" > ~/.ssh/known_hosts
- tar fxv site.tar.gz
# In case we're not dealing with the main branch, create the review dir on the webserver.
# We need to catch possible errors, as lftp seems buggy: It fails if the dir already exists,
# even if called with the -f option, which should ignore errors (like this one).
# lftp needs a "dummy" password, even if key-based authentication is used.
- if ! [ "$CI_COMMIT_REF_SLUG" == "main" ];
then DEPLOY_SLUG="www/$DEPLOY_SLUG";
export DEPLOY_SLUG;
lftp -e "mkdir -fp $DEPLOY_SLUG; quit" -u $DEPLOY_USER,dummy sftp://$DEPLOY_HOST || /bin/true;
else
DEPLOY_SLUG="www";
export DEPLOY_SLUG;
fi
- lftp -e "mirror -eRv -x ^dev/ -x ^download/ _site $DEPLOY_SLUG; quit;" -u $DEPLOY_USER,dummy sftp://$DEPLOY_HOST
# TODO: Implement clean up: Remove the review dir once the merge to master happened.
stage: deploy
# It's currently not possible to use env vars which are / were set in the script: part above.
environment:
name: $DEPLOY_BASE/$CI_PROJECT_NAME/$CI_COMMIT_REF_SLUG
url: https://schleuder.org/$DEPLOY_BASE/$CI_PROJECT_NAME/$CI_COMMIT_REF_SLUG
only:
# This job relies on secret env vars, which are only available in our repo.
- branches@schleuder/schleuder-website
variables:
GIT_STRATEGY: none
codespell:
script:
# Run codespell to check for spelling errors, using a config with ignored words,
# ignoring warnings about binary files and to check file names as well.
# Also, exclude the vendor dir, which leads to false positives.
- codespell -q 2 -f -I utils/ci/codespell/ignored_words.txt -S vendor
# This job should help with merge requests. Therefore, don't run it
# against the main branch.
only:
- branches
except:
- main
stage: qa
linkcheck:
script:
# Run linkchecker against the pushed (and deployed) branch. Exclude mailto: links, as the ones
# which we commonly use miss a MX record.
- linkchecker --check-extern --ignore-url=mailto --ignore-url=woff https://schleuder.org/$DEPLOY_SLUG
only:
# This job relies on secret env vars, which are only available in our repo.
- branches@schleuder/schleuder-website
except:
# This job should help with merge requests, so there is no point in running it against the main
# branch.
- main@schleuder/schleuder-website
stage: qa
variables:
GIT_STRATEGY: none
|
