Deploy web2019 to the intl domain #40
|
@ -649,7 +649,19 @@ in
|
||||||
notificationSender = "hydra@m-labs.hk";
|
notificationSender = "hydra@m-labs.hk";
|
||||||
minimumDiskFree = 15; # in GB
|
minimumDiskFree = 15; # in GB
|
||||||
minimumDiskFreeEvaluator = 1;
|
minimumDiskFreeEvaluator = 1;
|
||||||
extraConfig =
|
extraConfig = let
|
||||||
|
deployWebIntl = pkgs.writeShellScript "deployWebIntl"
|
||||||
|
''
|
||||||
|
#!${pkgs.bash}/bin/bash
|
||||||
|
|||||||
|
[ $(jq '.buildStatus' < $HYDRA_JSON) = 0 ]
|
||||||
|
export "TMPSSH=`mktemp -d`"
|
||||||
sb10q
commented
Does this work as intended when used in RunCommand? Does this work as intended when used in RunCommand?
May be safer to use writeShellScript as I mentioned earlier (and which you ignored, as often).
esavkin
commented
They forgot to specify anything useful in the docs, but looking at the source code they eventually just run it with IPC::Run3: Also code for checking that
Will fail with They forgot to specify anything useful in the docs, but looking at the source code they eventually just run it with IPC::Run3: https://github.com/NixOS/hydra/blob/d7986226f0666d5aa0032fdcdb9f38eef6a91dd3/src/lib/Hydra/Plugin/RunCommand.pm#L259 . Which under the hood runs the subprocess with perl's `system` https://metacpan.org/pod/perlfunc#system , which runs it with default shell (`/bin/sh`).
Also code for checking that `trap` actually works:
```perl
use strict;
use warnings;
use IPC::Run3;
my $output;
open(my $pipe, "| cat");
my $command = "export TMPSSH=\`mktemp -d\` && \\\necho \$TMPSSH && \\\ntrap \"rm -rf \$TMPSSH\" EXIT";
run3 $command, undef, \$output, undef;
run3 "ls -al ${output}";
```
Will fail with `ls: cannot access '/tmp/tmp.bOSgsRnGNW': No such file or directory`
sb10q
commented
Right. It's not specified and might change. Right. It's not specified and might change.
|
|||||||
|
trap "rm -rf '$TMPSSH'" EXIT
|
||||||
sb10q
commented
Why do you need that .ssh directory if you're overriding each file in the ssh invokation using -o ? Why do you need that .ssh directory if you're overriding each file in the ssh invokation using -o ?
|
|||||||
|
cp --preserve=mode /opt/hydra_id_ed25519 "$TMPSSH/id_ed25519"
|
||||||
|
cp --preserve=mode /opt/hydra_id_ed25519.pub "$TMPSSH/id_ed25519.pub"
|
||||||
|
echo "5.78.86.156 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEMbV69aqkHdQ1T5lMuALyHjNowU1rottZtEV4OhKQ6Y" > "$TMPSSH/known_hosts"
|
||||||
|
${pkgs.rsync}/bin/rsync -r -e "${pkgs.openssh}/bin/ssh -i '$TMPSSH/id_ed25519' -o 'UserKnownHostsFile=$TMPSSH/known_hosts' -o IdentitiesOnly=yes" -c $(jq -r '.outputs[0].path' < $HYDRA_JSON)/ zolaupd@5.78.86.156:/var/www/m-labs-intl.com/html/
|
||||||
sb10q
commented
Is this tested? I doubt rsync is in scope. Is this tested? I doubt rsync is in scope.
You may also want to use writeShellScript.
|
|||||||
|
'';
|
||||||
sb10q
commented
Is this still executed if a command fails? If you had paid attention to my other commits in this repos, you would have noticed that I use Is this still executed if a command fails?
If you had paid attention to my other commits in this repos, you would have noticed that I use ``trap`` to handle situations like this.
sb10q
commented
Also Also ``rm -rf $HOME`` is bad form in any shell script.
|
|||||||
|
in
|
||||||
''
|
''
|
||||||
binary_cache_secret_key_file = /etc/nixos/secret/nixbld.m-labs.hk-1
|
binary_cache_secret_key_file = /etc/nixos/secret/nixbld.m-labs.hk-1
|
||||||
max_output_size = 10000000000
|
max_output_size = 10000000000
|
||||||
|
@ -660,13 +672,7 @@ in
|
||||||
</runcommand>
|
</runcommand>
|
||||||
<runcommand>
|
<runcommand>
|
||||||
job = web:web:web-intl
|
job = web:web:web-intl
|
||||||
command = [ $(jq '.buildStatus' < $HYDRA_JSON) = 0 ] && export HOME=`mktemp -d` && \
|
command = ${deployWebIntl}
|
||||||
mkdir $HOME/.ssh && \
|
|
||||||
cp /opt/hydra_id_ed25519 $HOME/.ssh/id_ed25519 && \
|
|
||||||
cp /opt/hydra_id_ed25519.pub $HOME/.ssh/id_ed25519.pub && \
|
|
||||||
echo "5.78.86.156 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEMbV69aqkHdQ1T5lMuALyHjNowU1rottZtEV4OhKQ6Y" > $HOME/.ssh/known_hosts && \
|
|
||||||
chmod 600 $HOME/.ssh/id_ed25519 && \
|
|
||||||
${pkgs.rsync}/bin/rsync -r -c $(jq -r '.outputs[0].path' < $HYDRA_JSON) zolaupd@5.78.86.156:/var/www/m-labs-intl.com/html/
|
|
||||||
</runcommand>
|
</runcommand>
|
||||||
<runcommand>
|
<runcommand>
|
||||||
job = web:web:nmigen-docs
|
job = web:web:nmigen-docs
|
||||||
|
|
cp -a
or similar?Such a command would be shorter and avoid any time window during which the file is world-readable.