Deploy web2019 to the intl domain #40

Merged
sb10q merged 3 commits from 134-deploy into master 2024-08-14 10:54:53 +08:00
Showing only changes of commit 9da1ab6707 - Show all commits

View File

@ -649,19 +649,7 @@ in
notificationSender = "hydra@m-labs.hk";
minimumDiskFree = 15; # in GB
minimumDiskFreeEvaluator = 1;
extraConfig = let
deployWebIntl = pkgs.writeShellScript "deployWebIntl"
''
#!${pkgs.bash}/bin/bash
[ $(jq '.buildStatus' < $HYDRA_JSON) = 0 ]
export "TMPSSH=`mktemp -d`"
trap "rm -rf '$TMPSSH'" EXIT
cp --preserve=mode /opt/hydra_id_ed25519 "$TMPSSH/id_ed25519"
cp --preserve=mode /opt/hydra_id_ed25519.pub "$TMPSSH/id_ed25519.pub"
echo "5.78.86.156 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEMbV69aqkHdQ1T5lMuALyHjNowU1rottZtEV4OhKQ6Y" > "$TMPSSH/known_hosts"
${pkgs.rsync}/bin/rsync -r -e "${pkgs.openssh}/bin/ssh -i '$TMPSSH/id_ed25519' -o 'UserKnownHostsFile=$TMPSSH/known_hosts' -o IdentitiesOnly=yes" -c $(jq -r '.outputs[0].path' < $HYDRA_JSON)/ zolaupd@5.78.86.156:/var/www/m-labs-intl.com/html/
'';
in
extraConfig =
''
binary_cache_secret_key_file = /etc/nixos/secret/nixbld.m-labs.hk-1
max_output_size = 10000000000
Outdated
Review

cp -a or similar?

Such a command would be shorter and avoid any time window during which the file is world-readable.

``cp -a`` or similar? Such a command would be shorter and avoid any time window during which the file is world-readable.
@ -672,7 +660,7 @@ in
</runcommand>
<runcommand>
job = web:web:web-intl
Outdated
Review

Is this tested? I doubt rsync is in scope.
You may also want to use writeShellScript.

Is this tested? I doubt rsync is in scope. You may also want to use writeShellScript.
command = ${deployWebIntl}
command = [ $(jq '.buildStatus' < $HYDRA_JSON) = 0 ] && ${pkgs.rsync}/bin/rsync -r -c $(jq -r '.outputs[0].path' < $HYDRA_JSON)/ zolaupd@5.78.86.156:/var/www/m-labs-intl.com/html/
Outdated
Review

Is this still executed if a command fails?

If you had paid attention to my other commits in this repos, you would have noticed that I use trap to handle situations like this.

Is this still executed if a command fails? If you had paid attention to my other commits in this repos, you would have noticed that I use ``trap`` to handle situations like this.
Outdated
Review

Also rm -rf $HOME is bad form in any shell script.

Also ``rm -rf $HOME`` is bad form in any shell script.
</runcommand>
<runcommand>
job = web:web:nmigen-docs