initial: action/site-publish @v1
This commit is contained in:
Donavan Fritz
Executable
+170
@@ -0,0 +1,170 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
# new-site.sh — Create a new static site: Gitea repo + Garage bucket.
|
||||
#
|
||||
# Usage: ./new-site.sh --name <name> --domain <domain> [--type static|hugo|mkdocs]
|
||||
#
|
||||
# Requires: tea CLI configured; kubectl with sjc001 context (for bucket setup).
|
||||
|
||||
usage() {
|
||||
echo "Usage: $0 --name <name> --domain <domain> [--type static|hugo|mkdocs]" >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
NAME=""
|
||||
DOMAIN=""
|
||||
TYPE="static"
|
||||
|
||||
while [ $# -gt 0 ]; do
|
||||
case "$1" in
|
||||
--name) NAME="$2"; shift 2 ;;
|
||||
--domain) DOMAIN="$2"; shift 2 ;;
|
||||
--type) TYPE="$2"; shift 2 ;;
|
||||
*) usage ;;
|
||||
esac
|
||||
done
|
||||
|
||||
[ -z "$NAME" ] || [ -z "$DOMAIN" ] && usage
|
||||
|
||||
ORG="websites"
|
||||
WORK_DIR="$(mktemp -d)"
|
||||
trap 'rm -rf "$WORK_DIR"' EXIT
|
||||
|
||||
# --- Garage bucket setup (one-off, via in-cluster Job) ---
|
||||
echo "Creating Garage bucket '${NAME}' and enabling web hosting..."
|
||||
cat <<EOF | kubectl --context sjc001 -n storage apply -f - >/dev/null
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: bucket-setup-${NAME//./-}
|
||||
namespace: storage
|
||||
spec:
|
||||
ttlSecondsAfterFinished: 120
|
||||
backoffLimit: 0
|
||||
template:
|
||||
spec:
|
||||
restartPolicy: Never
|
||||
containers:
|
||||
- name: setup
|
||||
image: alpine:3.20
|
||||
command: [/bin/sh, -euc]
|
||||
args:
|
||||
- |
|
||||
apk add --no-cache curl jq >/dev/null
|
||||
H=http://garage.storage.svc:3903
|
||||
AUTH="Authorization: Bearer \$TOKEN"
|
||||
# ci-deploy-key id is fixed per cluster — update if re-keyed
|
||||
CI_KID=GKbe265a2b8ea53695ae734787
|
||||
BUCKET=${NAME}
|
||||
# Create bucket (idempotent: 409 if exists)
|
||||
curl -s -X POST -H "\$AUTH" -H "Content-Type: application/json" \
|
||||
-d "{\"globalAlias\":\"\$BUCKET\"}" "\$H/v2/CreateBucket" -o /dev/null
|
||||
BID=\$(curl -sf -H "\$AUTH" "\$H/v2/GetBucketInfo?globalAlias=\$BUCKET" | jq -r .id)
|
||||
echo "bucket id: \$BID"
|
||||
curl -s -X POST -H "\$AUTH" -H "Content-Type: application/json" \
|
||||
-d "{\"bucketId\":\"\$BID\",\"accessKeyId\":\"\$CI_KID\",\"permissions\":{\"read\":true,\"write\":true,\"owner\":false}}" \
|
||||
"\$H/v2/AllowBucketKey" -o /dev/null
|
||||
curl -s -X POST -H "\$AUTH" -H "Content-Type: application/json" \
|
||||
-d '{"websiteAccess":{"enabled":true,"indexDocument":"index.html","errorDocument":"404.html"}}' \
|
||||
"\$H/v2/UpdateBucket?id=\$BID" -o /dev/null
|
||||
curl -sf -H "\$AUTH" "\$H/v2/GetBucketInfo?globalAlias=\$BUCKET" | jq '{websiteAccess, keys: (.keys | map(.name))}'
|
||||
env:
|
||||
- name: TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: garage-rpc-secret
|
||||
key: admin-token
|
||||
EOF
|
||||
kubectl --context sjc001 -n storage wait --for=condition=complete --timeout=60s job/bucket-setup-${NAME//./-}
|
||||
kubectl --context sjc001 -n storage logs job/bucket-setup-${NAME//./-}
|
||||
kubectl --context sjc001 -n storage delete job bucket-setup-${NAME//./-} --ignore-not-found >/dev/null
|
||||
|
||||
# --- Gitea repo ---
|
||||
echo "Creating Gitea repo ${ORG}/${NAME}..."
|
||||
tea repo create --owner "$ORG" --name "$NAME" --init
|
||||
|
||||
echo "Cloning..."
|
||||
git clone "ssh://git@code.fritzlab.net/${ORG}/${NAME}.git" "$WORK_DIR"
|
||||
cd "$WORK_DIR"
|
||||
|
||||
# --- Starter content + site.yaml ---
|
||||
case "$TYPE" in
|
||||
static)
|
||||
mkdir -p html
|
||||
cat > html/index.html <<'HTML'
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<title>Welcome</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Hello from fritzlab</h1>
|
||||
<p>Served from Garage S3.</p>
|
||||
</body>
|
||||
</html>
|
||||
HTML
|
||||
cat > site.yaml <<YAML
|
||||
domain: ${DOMAIN}
|
||||
type: static
|
||||
content_dir: html
|
||||
YAML
|
||||
;;
|
||||
hugo)
|
||||
hugo new site . --force
|
||||
cat > site.yaml <<YAML
|
||||
domain: ${DOMAIN}
|
||||
type: hugo
|
||||
YAML
|
||||
;;
|
||||
mkdocs)
|
||||
cat > mkdocs.yml <<YAML
|
||||
site_name: ${NAME}
|
||||
theme:
|
||||
name: material
|
||||
YAML
|
||||
mkdir -p docs
|
||||
cat > docs/index.md <<MD
|
||||
# ${NAME}
|
||||
|
||||
Welcome.
|
||||
MD
|
||||
cat > site.yaml <<YAML
|
||||
domain: ${DOMAIN}
|
||||
type: mkdocs
|
||||
YAML
|
||||
;;
|
||||
esac
|
||||
|
||||
# --- CI workflow ---
|
||||
mkdir -p .gitea/workflows
|
||||
cat > .gitea/workflows/publish.yaml <<'WORKFLOW'
|
||||
name: Publish
|
||||
on:
|
||||
push:
|
||||
branches: [main]
|
||||
jobs:
|
||||
publish:
|
||||
runs-on: fritzlab
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: https://code.fritzlab.net/fritzlab/publish-static-site@v1
|
||||
with:
|
||||
token: ${{ secrets.CI_BOT_TOKEN }}
|
||||
s3-access-key: ${{ secrets.GARAGE_S3_ACCESS_KEY }}
|
||||
s3-secret-key: ${{ secrets.GARAGE_S3_SECRET_KEY }}
|
||||
WORKFLOW
|
||||
|
||||
git add -A
|
||||
git commit -m "Initial site scaffold"
|
||||
git push
|
||||
|
||||
echo
|
||||
echo "Site created: ${ORG}/${NAME}"
|
||||
echo "First build will trigger on push."
|
||||
echo
|
||||
echo "DNS: ${DOMAIN} is covered by the *.vino.network wildcard (→ traefik.edge)."
|
||||
echo "For a domain outside vino.network, add an explicit CNAME:"
|
||||
echo " ${DOMAIN} 300 IN CNAME traefik.edge.svc.k8s.sjc001.fritzlab.net."
|
||||
Reference in New Issue
Block a user