From 0cee10a83c8acb84b4ce9f6afb3351435e5545c4 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Sun, 10 May 2020 00:20:10 +0100 Subject: [PATCH] gitlab-ci: make populating secrets into repo more consistent --- .gitlab-ci.yml | 3 +-- hack/deploy.sh | 8 +------- hack/populate_secrets.sh | 11 +++++++++++ 3 files changed, 13 insertions(+), 9 deletions(-) create mode 100755 hack/populate_secrets.sh diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 48637ed6b8..107e93a72c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -6,8 +6,7 @@ nixCache: stage: build image: "nixos/nix:latest" script: - - "mkdir -p ops/secrets" - - "cp ${OPS_SECRETS_DEFAULT_NIX} ops/secrets/default.nix" + - "./hack/populate_secrets.sh" - "nix build -v -f ./ci-root.nix --substituters \"https://cache.nixos.org s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1\"" - "nix copy -v --to 's3://lukegb-nix-cache?endpoint=storage.googleapis.com' ./result" diff --git a/hack/deploy.sh b/hack/deploy.sh index 12f84b67cd..b2b8cf9369 100755 --- a/hack/deploy.sh +++ b/hack/deploy.sh @@ -2,13 +2,7 @@ set -euo pipefail -echo Dropping files into place as defined by manifest... -while read -r manifest_line; do - IFS='=' read -ra manifest_bits <<< "$manifest_line" - if [[ "${#manifest_bits[@]}" -ne 2 ]]; then continue; fi - echo -e "\t${manifest_bits[1]}" - cp "${!manifest_bits[0]}" "${manifest_bits[1]}" -done < "$SECRETS_MANIFEST" +./hack/populate_secrets.sh ssh_cmd="ssh -o StrictHostKeyChecking=accept-new" diff --git a/hack/populate_secrets.sh b/hack/populate_secrets.sh new file mode 100755 index 0000000000..6754871dca --- /dev/null +++ b/hack/populate_secrets.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env bash + +set -euo pipefail + +echo Dropping files into place as defined by manifest... +while read -r manifest_line; do + IFS='=' read -ra manifest_bits <<< "$manifest_line" + if [[ "${#manifest_bits[@]}" -ne 2 ]]; then continue; fi + echo -e "\t${manifest_bits[1]}" + cp "${!manifest_bits[0]}" "${manifest_bits[1]}" +done < "$SECRETS_MANIFEST"