132 lines
5.4 KiB
YAML
132 lines
5.4 KiB
YAML
kind: secret
|
|
name: mastodon_access_token
|
|
get:
|
|
path: mastodon-creds
|
|
name: access_token
|
|
---
|
|
kind: pipeline
|
|
name: hello-world
|
|
type: docker
|
|
|
|
platform:
|
|
os: linux
|
|
arch: arm64
|
|
|
|
|
|
steps:
|
|
- name: block-posts-containing-tk
|
|
image: busybox
|
|
commands:
|
|
# # This is necessary because, if `grep ...` doesn't find anything, it will _return_ (not print) a value of 1
|
|
# # (non-zero return codes indicating errors in Unix - since there are many more ways for something to go wrong
|
|
# # than there are for it to go right!), and so the `files=` assignment will also return 1, and the whole operation
|
|
# # will be considered a failure.
|
|
# #
|
|
# # Since a non-zero value is truthy in Linux, we can use the OR operator (`||`) to only execute the second command
|
|
# # if the first one errors out. So, this line can be translated to English as:
|
|
# # "Set the variable `files` to a list of all the files that contain `TK` - unless there aren't any, in which case
|
|
# # set it to `FILES NOT FOUND"
|
|
- files=$(grep -rl 'TK' blog/content/posts || echo "FILES NOT FOUND")
|
|
# # We have to filter out (`grep -v`) the "marker" value of `FILES NOT FOUND`, otherwise the no-matches case would
|
|
# # be recorded as having 1 matching file, leading to an error-out below.
|
|
# # (I guess _technically_ there's an edge case in that, if I ever make a blog post titled "FILES NOT FOUND" _which also_
|
|
# # contains the string `TK`, it would slip through this check. But that feels pretty unlikely - not least because spaces
|
|
# # are very rare in my filesystem names - so I'm ok taking that risk)
|
|
- count=$(wc -l <(echo "$files" | grep -v "FILES NOT FOUND") | awk '{print $1}')
|
|
- if [[ "$count" -gt "0" ]]; then
|
|
- echo "Found TK in $count files:"
|
|
- echo $files
|
|
- exit 1 # TODO - and alerting via Matrix!
|
|
- fi
|
|
- name: build-blog
|
|
image: alpine
|
|
# Very unlikely to need updates, and pulling images seems slow on this setup -
|
|
# can manually reset this if necessary
|
|
pull: if-not-exists
|
|
commands:
|
|
# I considered caching this install in a pre-built image in registry,
|
|
# but the install seems pretty quick!
|
|
- apk add hugo git
|
|
- git submodule init
|
|
- git submodule update --recursive
|
|
- hugo --source blog
|
|
- name: docker-build-and-push
|
|
image: thegeeklab/drone-docker-buildx # Absurd that this isn't offered as first-party!
|
|
privileged: true
|
|
settings:
|
|
registry: gitea.scubbo.org
|
|
username: scubbo
|
|
password:
|
|
from_secret: gitea_password
|
|
repo: gitea.scubbo.org/scubbo/blog_helm
|
|
tags:
|
|
- ${DRONE_COMMIT_SHA:0:10}
|
|
platforms:
|
|
- linux/arm64
|
|
- linux/amd64
|
|
- name: auto-update-infra-repo
|
|
image: gitea.scubbo.org/scubbo/auto-repo-update-drone-plugin:latest
|
|
settings:
|
|
branch: main
|
|
git_repo: https://gitea.scubbo.org/scubbo/blog-infrastructure
|
|
image_tag: ${DRONE_COMMIT_SHA:0:10}
|
|
destination_file: helm/deployed-images/prod
|
|
author_email: scubbojj@gmail.com
|
|
author_name: Jack Jackson
|
|
commit_message: "[Auto] Update Prod to ${DRONE_COMMIT_SHA:0:10}"
|
|
access_token:
|
|
from_secret: gitea_pat
|
|
- name: update-argo
|
|
image: curlimages/curl
|
|
environment:
|
|
ARGO_TOKEN:
|
|
from_secret: argo_token
|
|
commands:
|
|
- "curl -sS -X POST \"argo-cd-argocd-server.argo.svc.cluster.local/api/v1/applications/blog-infrastructure/sync\" -H \"Authorization: Bearer ${ARGO_TOKEN}\" -H \"Content-Type: application/json\""
|
|
- name: purge-cache
|
|
image: curlimages/curl
|
|
environment:
|
|
CLOUDFLARE_TOKEN:
|
|
from_secret: cloudflare_token
|
|
commands:
|
|
- "curl -sS -X POST \"https://api.cloudflare.com/client/v4/zones/c86d55d225ed973d5da45239beac2f99/purge_cache\" -H \"Authorization: Bearer ${CLOUDFLARE_TOKEN}\" -H \"Content-Type:application/json\" -d '{\"files\":[\"https://blog.scubbo.com\"]}'"
|
|
- name: telegram_notification
|
|
image: appleboy/drone-telegram
|
|
when:
|
|
status:
|
|
- failure
|
|
- success
|
|
settings:
|
|
token:
|
|
from_secret: telegram_token
|
|
to:
|
|
from_secret: telegram_convo_id
|
|
# TODO - parse the file itself to a) extract title, and b) not post if it's a draft post (or, conversely, post if it's
|
|
# a draft that's been published - which would require changing the "is new file" logic)
|
|
- name: mastodon_post
|
|
image: alpine
|
|
environment:
|
|
MASTODON_TOKEN:
|
|
from_secret: mastodon_access_token
|
|
commands:
|
|
- apk add curl git perl
|
|
- "ADDED_FILES=$(git show --name-status --pretty=format: HEAD | grep '^A' | awk '{print $2}')"
|
|
- if [[ "$( echo -n $ADDED_FILES | grep -c '^')" -ne 1 ]]; then
|
|
- echo "Non-single file added"
|
|
- " echo \"(DEBUG: $ADDED_FILES)\""
|
|
- return
|
|
- fi
|
|
- NEW_FILE=$(echo $ADDED_FILES | head -n1)
|
|
- echo "New File is $NEW_FILE"
|
|
- if ! [[ "$NEW_FILE" =~ ^blog/content/posts/.* ]]; then
|
|
- echo "Sole added file was not a blog post";
|
|
- return;
|
|
- fi
|
|
# Debug - checking value
|
|
- echo $MASTODON_TOKEN | perl -pe 's/(.)/$1:/g'
|
|
# TODO - parameterize hostname
|
|
- BLOG_URL=$(echo "$NEW_FILE" | perl -pe 's|blog/content|https://blog.scubbo.org|' | perl -pe 's/\.md$//')
|
|
- echo $BLOG_URL
|
|
- "curl -v https://fosstodon.org/api/v1/statuses -H \"Authorization: Bearer $MASTODON_TOKEN\" -F \"status=I just blogged! Check it out at $BLOG_URL\""
|
|
- echo "Another command to give some extra output"
|