arch: null artifacts: - scolbyblog/output.tar.gz environment: BUILD_SUBMITTER: git.sr.ht GIT_REF: refs/heads/main image: debian/bookworm packages: - curl - fonts-liberation - imagemagick - python3 - python3-pip - python3-setuptools - python3-venv - python3-wheel - rsync repositories: {} secrets: - 2ccf0ee2-3429-473d-91c5-bbf637a4be5a shell: false sources: - https://git.sr.ht/~scolby33/scolbyblog#7d1b7e32caee90c682a348decb6693e0c5cb5cdd tasks: - deps: | sudo sed -i -e '/en_US.UTF-8/{s/^# //};p' /etc/locale.gen sudo dpkg-reconfigure --frontend noninteractive locales sudo update-locale 'en_US.UTF-8' mkdir -p ~/.local/bin printf 'PATH=~/.local/bin:$PATH\n' >> ~/.buildenv cd scolbyblog python3 -m venv venv venv/bin/python3 -m pip install --progress-bar off --no-warn-script-location -r requirements/requirements.txt pushd "$(venv/bin/python3 -m pip show markdown | grep '^Location' | cut -d ':' -f2 | xargs)" && patch markdown/extensions/toc.py ~/scolbyblog/patches/toc.patch popd pushd "$(venv/bin/python3 -m pip show pelican-image-process | grep '^Location' | cut -d ':' -f2 | xargs)" && patch pelican/plugins/image_process/image_process.py ~/scolbyblog/patches/image_process.patch pushd "$(venv/bin/python3 -m pip show pelican-minify | grep '^Location' | cut -d ':' -f2 | xargs)" && patch pelican/plugins/minify/minify.py ~/scolbyblog/patches/minify.patch popd - build: | cd scolbyblog git ls-tree -r -z --name-only HEAD content/ \ | xargs -0 -I {} -- \ git log --date='format:%Y%m%d%H%M.%S' \ --format='format:%ad%x00{}%x00' -1 -- {} \ | xargs -0 -n 2 -- touch -t venv/bin/pelican --fatal warnings --settings publishconf.py tar -czvf output.tar.gz output - check-branch: | cd scolbyblog if test "$(git rev-parse 'main')" != "$(git rev-parse HEAD)" then echo 'Only deploy from main.' complete-build fi - deploy: | printf "ssh.nyc1.nearlyfreespeech.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICbXE1f5S3N/flFHUm2i97tzKGJUWzxotY1HHBMIX72h\n" >> ~/.ssh/known_hosts cd scolbyblog rsync \ --info=COPY,DEL,FLIST2,MISC2,NAME,STATS3,SYMSAFE \ --checksum \ --compress \ --recursive \ --delete-after \ --filter='- .webassets-cache' \ output/ \ scolby_scolby@ssh.nyc1.nearlyfreespeech.net:/home/protected/www.scolby.com/deploy-cache commit_hash=$(git rev-parse HEAD) # do an atomic update of the live site contents # note that symlinks inside symlinks resolve relative to their real path ssh scolby_scolby@ssh.nyc1.nearlyfreespeech.net " set -xeuo pipefail cd /home/protected/www.scolby.com # delete the release dir if it exists for some reason test -d 'releases/www.scolby.com-$commit_hash' && rm -rf 'releases/www.scolby.com-$commit_hash' # copy the current state of the deploy-cache to the release dir cp -RPp deploy-cache 'releases/www.scolby.com-$commit_hash' # create relative symlink to .htaccess ln -sfh ../../.htaccess 'releases/www.scolby.com-$commit_hash' # create relative symlink to ai.txt ln -sfh ../../ai.txt 'releases/www.scolby.com-$commit_hash' # create relative symlink to robots.txt ln -sfh ../../robots.txt 'releases/www.scolby.com-$commit_hash' # create .well-known dir and symlink the real public acme-challenge dir inside it mkdir 'releases/www.scolby.com-$commit_hash/.well-known' ln -sfh ../../../../../public/.well-known/acme-challenge 'releases/www.scolby.com-$commit_hash/.well-known' # create relative symlink to security.txt ln -sfh ../../../security.txt 'releases/www.scolby.com-$commit_hash/.well-known' # create relative symlink to mta-sts.txt ln -sfh ../../../mta-sts.txt 'releases/www.scolby.com-$commit_hash/.well-known' # create properly-named symlink to the active release dir ln -sfh '../protected/www.scolby.com/releases/www.scolby.com-$commit_hash' www.scolby.com # move the symlink to the active release into place mv www.scolby.com /home/public # clean up, keeping only the current and previous release dirs cd releases && ls -t | tail -n +3 | xargs rm -frv " triggers: [] oauth: ""