diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 48637ed6b8..107e93a72c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -6,8 +6,7 @@ nixCache: stage: build image: "nixos/nix:latest" script: - - "mkdir -p ops/secrets" - - "cp ${OPS_SECRETS_DEFAULT_NIX} ops/secrets/default.nix" + - "./hack/populate_secrets.sh" - "nix build -v -f ./ci-root.nix --substituters \"https://cache.nixos.org s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1\"" - "nix copy -v --to 's3://lukegb-nix-cache?endpoint=storage.googleapis.com' ./result" diff --git a/hack/deploy.sh b/hack/deploy.sh index 12f84b67cd..b2b8cf9369 100755 --- a/hack/deploy.sh +++ b/hack/deploy.sh @@ -2,13 +2,7 @@ set -euo pipefail -echo Dropping files into place as defined by manifest... -while read -r manifest_line; do - IFS='=' read -ra manifest_bits <<< "$manifest_line" - if [[ "${#manifest_bits[@]}" -ne 2 ]]; then continue; fi - echo -e "\t${manifest_bits[1]}" - cp "${!manifest_bits[0]}" "${manifest_bits[1]}" -done < "$SECRETS_MANIFEST" +./hack/populate_secrets.sh ssh_cmd="ssh -o StrictHostKeyChecking=accept-new" diff --git a/hack/populate_secrets.sh b/hack/populate_secrets.sh new file mode 100755 index 0000000000..6754871dca --- /dev/null +++ b/hack/populate_secrets.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env bash + +set -euo pipefail + +echo Dropping files into place as defined by manifest... +while read -r manifest_line; do + IFS='=' read -ra manifest_bits <<< "$manifest_line" + if [[ "${#manifest_bits[@]}" -ne 2 ]]; then continue; fi + echo -e "\t${manifest_bits[1]}" + cp "${!manifest_bits[0]}" "${manifest_bits[1]}" +done < "$SECRETS_MANIFEST"