gitlab-ci: make populating secrets into repo more consistent

This commit is contained in:
Luke Granger-Brown 2020-05-10 00:20:10 +01:00
parent 3b8f4a2472
commit 0cee10a83c
3 changed files with 13 additions and 9 deletions

View file

@ -6,8 +6,7 @@ nixCache:
stage: build stage: build
image: "nixos/nix:latest" image: "nixos/nix:latest"
script: script:
- "mkdir -p ops/secrets" - "./hack/populate_secrets.sh"
- "cp ${OPS_SECRETS_DEFAULT_NIX} ops/secrets/default.nix"
- "nix build -v -f ./ci-root.nix --substituters \"https://cache.nixos.org s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1\"" - "nix build -v -f ./ci-root.nix --substituters \"https://cache.nixos.org s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1\""
- "nix copy -v --to 's3://lukegb-nix-cache?endpoint=storage.googleapis.com' ./result" - "nix copy -v --to 's3://lukegb-nix-cache?endpoint=storage.googleapis.com' ./result"

View file

@ -2,13 +2,7 @@
set -euo pipefail set -euo pipefail
echo Dropping files into place as defined by manifest... ./hack/populate_secrets.sh
while read -r manifest_line; do
IFS='=' read -ra manifest_bits <<< "$manifest_line"
if [[ "${#manifest_bits[@]}" -ne 2 ]]; then continue; fi
echo -e "\t${manifest_bits[1]}"
cp "${!manifest_bits[0]}" "${manifest_bits[1]}"
done < "$SECRETS_MANIFEST"
ssh_cmd="ssh -o StrictHostKeyChecking=accept-new" ssh_cmd="ssh -o StrictHostKeyChecking=accept-new"

11
hack/populate_secrets.sh Executable file
View file

@ -0,0 +1,11 @@
#!/usr/bin/env bash
set -euo pipefail
echo Dropping files into place as defined by manifest...
while read -r manifest_line; do
IFS='=' read -ra manifest_bits <<< "$manifest_line"
if [[ "${#manifest_bits[@]}" -ne 2 ]]; then continue; fi
echo -e "\t${manifest_bits[1]}"
cp "${!manifest_bits[0]}" "${manifest_bits[1]}"
done < "$SECRETS_MANIFEST"