new-site.sh

#!/usr/bin/env bash
set -euo pipefail

# new-site.sh — Create a new static site: Gitea repo + Garage bucket.
#
# Usage: ./new-site.sh --name <name> --domain <domain> [--type static|hugo|mkdocs]
#
# Requires: tea CLI configured; kubectl with sjc001 context (for bucket setup).

usage() {
    echo "Usage: $0 --name <name> --domain <domain> [--type static|hugo|mkdocs]" >&2
    exit 1
}

NAME=""
DOMAIN=""
TYPE="static"

while [ $# -gt 0 ]; do
    case "$1" in
        --name)   NAME="$2";   shift 2 ;;
        --domain) DOMAIN="$2"; shift 2 ;;
        --type)   TYPE="$2";   shift 2 ;;
        *) usage ;;
    esac
done

[ -z "$NAME" ] || [ -z "$DOMAIN" ] && usage

ORG="websites"
WORK_DIR="$(mktemp -d)"
trap 'rm -rf "$WORK_DIR"' EXIT

# --- Garage bucket setup (one-off, via in-cluster Job) ---
echo "Creating Garage bucket '${NAME}' and enabling web hosting..."
cat <<EOF | kubectl --context sjc001 -n storage apply -f - >/dev/null
apiVersion: batch/v1
kind: Job
metadata:
  name: bucket-setup-${NAME//./-}
  namespace: storage
spec:
  ttlSecondsAfterFinished: 120
  backoffLimit: 0
  template:
    spec:
      restartPolicy: Never
      containers:
      - name: setup
        image: alpine:3.20
        command: [/bin/sh, -euc]
        args:
        - |
          apk add --no-cache curl jq >/dev/null
          H=http://garage.storage.svc:3903
          AUTH="Authorization: Bearer \$TOKEN"
          # ci-deploy-key id is fixed per cluster — update if re-keyed
          CI_KID=GKbe265a2b8ea53695ae734787
          BUCKET=${NAME}
          # Create bucket (idempotent: 409 if exists)
          curl -s -X POST -H "\$AUTH" -H "Content-Type: application/json" \
            -d "{\"globalAlias\":\"\$BUCKET\"}" "\$H/v2/CreateBucket" -o /dev/null
          BID=\$(curl -sf -H "\$AUTH" "\$H/v2/GetBucketInfo?globalAlias=\$BUCKET" | jq -r .id)
          echo "bucket id: \$BID"
          curl -s -X POST -H "\$AUTH" -H "Content-Type: application/json" \
            -d "{\"bucketId\":\"\$BID\",\"accessKeyId\":\"\$CI_KID\",\"permissions\":{\"read\":true,\"write\":true,\"owner\":false}}" \
            "\$H/v2/AllowBucketKey" -o /dev/null
          curl -s -X POST -H "\$AUTH" -H "Content-Type: application/json" \
            -d '{"websiteAccess":{"enabled":true,"indexDocument":"index.html","errorDocument":"404.html"}}' \
            "\$H/v2/UpdateBucket?id=\$BID" -o /dev/null
          curl -sf -H "\$AUTH" "\$H/v2/GetBucketInfo?globalAlias=\$BUCKET" | jq '{websiteAccess, keys: (.keys | map(.name))}'
        env:
        - name: TOKEN
          valueFrom:
            secretKeyRef:
              name: garage-rpc-secret
              key: admin-token
EOF
kubectl --context sjc001 -n storage wait --for=condition=complete --timeout=60s job/bucket-setup-${NAME//./-}
kubectl --context sjc001 -n storage logs job/bucket-setup-${NAME//./-}
kubectl --context sjc001 -n storage delete job bucket-setup-${NAME//./-} --ignore-not-found >/dev/null

# --- Gitea repo ---
echo "Creating Gitea repo ${ORG}/${NAME}..."
tea repo create --owner "$ORG" --name "$NAME" --init

echo "Cloning..."
git clone "ssh://git@code.fritzlab.net/${ORG}/${NAME}.git" "$WORK_DIR"
cd "$WORK_DIR"

# --- Starter content + site.yaml ---
case "$TYPE" in
    static)
        mkdir -p html
        cat > html/index.html <<'HTML'
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>Welcome</title>
</head>
<body>
    <h1>Hello from fritzlab</h1>
    <p>Served from Garage S3.</p>
</body>
</html>
HTML
        cat > site.yaml <<YAML
domain: ${DOMAIN}
type: static
content_dir: html
YAML
        ;;
    hugo)
        hugo new site . --force
        cat > site.yaml <<YAML
domain: ${DOMAIN}
type: hugo
YAML
        ;;
    mkdocs)
        cat > mkdocs.yml <<YAML
site_name: ${NAME}
theme:
  name: material
YAML
        mkdir -p docs
        cat > docs/index.md <<MD
# ${NAME}

Welcome.
MD
        cat > site.yaml <<YAML
domain: ${DOMAIN}
type: mkdocs
YAML
        ;;
esac

# --- CI workflow ---
mkdir -p .gitea/workflows
cat > .gitea/workflows/publish.yaml <<'WORKFLOW'
name: Publish
on:
  push:
    branches: [main]
jobs:
  publish:
    runs-on: fritzlab
    steps:
      - uses: actions/checkout@v4
      - uses: https://code.fritzlab.net/action/site-publish@v1
        with:
          token: ${{ secrets.CI_BOT_TOKEN }}
          s3-access-key: ${{ secrets.GARAGE_S3_ACCESS_KEY }}
          s3-secret-key: ${{ secrets.GARAGE_S3_SECRET_KEY }}
WORKFLOW

git add -A
git commit -m "Initial site scaffold"
git push

echo
echo "Site created: ${ORG}/${NAME}"
echo "First build will trigger on push."
echo
echo "DNS: ${DOMAIN} is covered by the *.vino.network wildcard (→ traefik.edge)."
echo "For a domain outside vino.network, add an explicit CNAME:"
echo "  ${DOMAIN}    300    IN    CNAME    traefik.edge.svc.k8s.sjc001.fritzlab.net."
initial: action/site-publish @v1 2026-05-06 08:07:28 -05:00			`#!/usr/bin/env bash`
			`set -euo pipefail`

			`# new-site.sh — Create a new static site: Gitea repo + Garage bucket.`
			`#`
			`# Usage: ./new-site.sh --name <name> --domain <domain> [--type static\|hugo\|mkdocs]`
			`#`
			`# Requires: tea CLI configured; kubectl with sjc001 context (for bucket setup).`

			`usage() {`
			`echo "Usage: $0 --name <name> --domain <domain> [--type static\|hugo\|mkdocs]" >&2`
			`exit 1`
			`}`

			`NAME=""`
			`DOMAIN=""`
			`TYPE="static"`

			`while [ $# -gt 0 ]; do`
			`case "$1" in`
			`--name) NAME="$2"; shift 2 ;;`
			`--domain) DOMAIN="$2"; shift 2 ;;`
			`--type) TYPE="$2"; shift 2 ;;`
			`*) usage ;;`
			`esac`
			`done`

			`[ -z "$NAME" ] \|\| [ -z "$DOMAIN" ] && usage`

			`ORG="websites"`
			`WORK_DIR="$(mktemp -d)"`
			`trap 'rm -rf "$WORK_DIR"' EXIT`

			`# --- Garage bucket setup (one-off, via in-cluster Job) ---`
			`echo "Creating Garage bucket '${NAME}' and enabling web hosting..."`
			`cat <<EOF \| kubectl --context sjc001 -n storage apply -f - >/dev/null`
			`apiVersion: batch/v1`
			`kind: Job`
			`metadata:`
			`name: bucket-setup-${NAME//./-}`
			`namespace: storage`
			`spec:`
			`ttlSecondsAfterFinished: 120`
			`backoffLimit: 0`
			`template:`
			`spec:`
			`restartPolicy: Never`
			`containers:`
			`- name: setup`
			`image: alpine:3.20`
			`command: [/bin/sh, -euc]`
			`args:`
			`- \|`
			`apk add --no-cache curl jq >/dev/null`
			`H=http://garage.storage.svc:3903`
			`AUTH="Authorization: Bearer \$TOKEN"`
			`# ci-deploy-key id is fixed per cluster — update if re-keyed`
			`CI_KID=GKbe265a2b8ea53695ae734787`
			`BUCKET=${NAME}`
			`# Create bucket (idempotent: 409 if exists)`
			`curl -s -X POST -H "\$AUTH" -H "Content-Type: application/json" \`
			`-d "{\"globalAlias\":\"\$BUCKET\"}" "\$H/v2/CreateBucket" -o /dev/null`
			`BID=\$(curl -sf -H "\$AUTH" "\$H/v2/GetBucketInfo?globalAlias=\$BUCKET" \| jq -r .id)`
			`echo "bucket id: \$BID"`
			`curl -s -X POST -H "\$AUTH" -H "Content-Type: application/json" \`
			`-d "{\"bucketId\":\"\$BID\",\"accessKeyId\":\"\$CI_KID\",\"permissions\":{\"read\":true,\"write\":true,\"owner\":false}}" \`
			`"\$H/v2/AllowBucketKey" -o /dev/null`
			`curl -s -X POST -H "\$AUTH" -H "Content-Type: application/json" \`
			`-d '{"websiteAccess":{"enabled":true,"indexDocument":"index.html","errorDocument":"404.html"}}' \`
			`"\$H/v2/UpdateBucket?id=\$BID" -o /dev/null`
			`curl -sf -H "\$AUTH" "\$H/v2/GetBucketInfo?globalAlias=\$BUCKET" \| jq '{websiteAccess, keys: (.keys \| map(.name))}'`
			`env:`
			`- name: TOKEN`
			`valueFrom:`
			`secretKeyRef:`
			`name: garage-rpc-secret`
			`key: admin-token`
			`EOF`
			`kubectl --context sjc001 -n storage wait --for=condition=complete --timeout=60s job/bucket-setup-${NAME//./-}`
			`kubectl --context sjc001 -n storage logs job/bucket-setup-${NAME//./-}`
			`kubectl --context sjc001 -n storage delete job bucket-setup-${NAME//./-} --ignore-not-found >/dev/null`

			`# --- Gitea repo ---`
			`echo "Creating Gitea repo ${ORG}/${NAME}..."`
			`tea repo create --owner "$ORG" --name "$NAME" --init`

			`echo "Cloning..."`
			`git clone "ssh://git@code.fritzlab.net/${ORG}/${NAME}.git" "$WORK_DIR"`
			`cd "$WORK_DIR"`

			`# --- Starter content + site.yaml ---`
			`case "$TYPE" in`
			`static)`
			`mkdir -p html`
			`cat > html/index.html <<'HTML'`
			`<!DOCTYPE html>`
			`<html lang="en">`
			`<head>`
			`<meta charset="utf-8">`
			`<meta name="viewport" content="width=device-width, initial-scale=1">`
			`<title>Welcome</title>`
			`</head>`
			`<body>`
			`<h1>Hello from fritzlab</h1>`
			`<p>Served from Garage S3.</p>`
			`</body>`
			`</html>`
			`HTML`
			`cat > site.yaml <<YAML`
			`domain: ${DOMAIN}`
			`type: static`
			`content_dir: html`
			`YAML`
			`;;`
			`hugo)`
			`hugo new site . --force`
			`cat > site.yaml <<YAML`
			`domain: ${DOMAIN}`
			`type: hugo`
			`YAML`
			`;;`
			`mkdocs)`
			`cat > mkdocs.yml <<YAML`
			`site_name: ${NAME}`
			`theme:`
			`name: material`
			`YAML`
			`mkdir -p docs`
			`cat > docs/index.md <<MD`
			`# ${NAME}`

			`Welcome.`
			`MD`
			`cat > site.yaml <<YAML`
			`domain: ${DOMAIN}`
			`type: mkdocs`
			`YAML`
			`;;`
			`esac`

			`# --- CI workflow ---`
			`mkdir -p .gitea/workflows`
			`cat > .gitea/workflows/publish.yaml <<'WORKFLOW'`
			`name: Publish`
			`on:`
			`push:`
			`branches: [main]`
			`jobs:`
			`publish:`
			`runs-on: fritzlab`
			`steps:`
			`- uses: actions/checkout@v4`
fix new-site.sh: scaffold uses action/site-publish@v1 (was old fritzlab/ URL) 2026-05-06 08:45:45 -05:00			`- uses: https://code.fritzlab.net/action/site-publish@v1`
initial: action/site-publish @v1 2026-05-06 08:07:28 -05:00			`with:`
			`token: ${{ secrets.CI_BOT_TOKEN }}`
			`s3-access-key: ${{ secrets.GARAGE_S3_ACCESS_KEY }}`
			`s3-secret-key: ${{ secrets.GARAGE_S3_SECRET_KEY }}`
			`WORKFLOW`

			`git add -A`
			`git commit -m "Initial site scaffold"`
			`git push`

			`echo`
			`echo "Site created: ${ORG}/${NAME}"`
			`echo "First build will trigger on push."`
			`echo`
			`echo "DNS: ${DOMAIN} is covered by the *.vino.network wildcard (→ traefik.edge)."`
			`echo "For a domain outside vino.network, add an explicit CNAME:"`
			`echo " ${DOMAIN} 300 IN CNAME traefik.edge.svc.k8s.sjc001.fritzlab.net."`