Add a new make target that provisions dagger-ci declaratively
While at it, add help make target & make it the default. This explains all make targets. Run `make help` to see it in action 😉 dagger-ci-pr1499-2022-01-26 API token was added as an AGE secret. It can be accessed only by the intended recipients are able to decrypt it with their private SSH keys. echo "TOKEN" | age -R .age.recipients.txt -o .do.dagger-ci-pr1499-2022-01-26.age Do not assume that /bin/true exists on hosts running Docker. Use "true" and let the system resolve the path. Re-enable all ssh Universe tests. Signed-off-by: Gerhard Lazu <gerhard@lazu.co.uk>
This commit is contained in:
Gerhard Lazu
25
infra/.age.recipients.txt
Normal file
25
infra/.age.recipients.txt
Normal file
@@ -0,0 +1,25 @@
|
||||
# https://github.com/aluzzardi.keys
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBdUetLJMkr0Wro7RBRw/AXAx2iFocPgneGe3DHOZ13l
|
||||
# https://github.com/gerhard.keys
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJrIgA2e197dXRzdNKIaI1XZxEpcPMh4kF5xRx/BCU+D
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTneuqI8M7q6F/sWEjZcpnHPN4BkerHtTtolZQdeIgP
|
||||
# https://github.com/grouville.keys
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDrh+TE4jbmB/JvCkIA7aZEiuzzOlqN/Vw6y7Y7Vb1T+/vE5ki7n6JRqvPso01mhiXffnFFvyRrgGy/0KY60ZJEglbxcUNdCueq9AcITtrlgEt6Keq8UyuNqfMsEGQ5HUruO+nZxbFD7RxeXLhvrOF17W/yemLiPkZbHx73lHhxWbvHzxVOVGxMJricvG4utULOuRH63VZpov0r0/jd6H8NytNPXWK6dDXyaqQF/CQd45p6TKfn4dyIIewE+Nhc5s8iRXUatzx+6YaN5cWG3MtX0zSxYulclV1pDlk1PBlGm5ja2Ma7s1XwOzqPbowk3UkOVThOlvixaX1PNnyOGKSn
|
||||
# https://github.com/jlongtine.keys
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwayLK5Ux8bdbY0weVGHVpKX+fyN/vx8HYuiJq9XHLkB6SKrBstAwIuDhhquMrY/oLJiPzevB1AI+KthlAmjUXOGE90KSXTkIfOVwSEhcF6RjgzlZrIKQlI+WhmBxuZK93B8wkNV5RsmtMY3aKBAmoRVzDlBLpGRknzUx2VpBIop1JuCVlB3mFK0TJruz631UVsXb1vsVxkVzKQC4GYnF7rAWKCxDRuHaU6QDQ5S95SQAoD/DNQZWm2IPEX+RGIkbFMG0EJQpU46SlPog+XEDarm1MnhIUmnscdV6duASQAd/HdqckL1oIcrYqgx1x6tFab9/UF4Ieiazay7EGaMqLsVYE/im+mVWUOnrHfySlHNkVc9PikAbsxN1m5RSAK0luSIMOX4rHrNRZWPGPookyfZl+G2Ub7OBCI8VkwVgg4WvUB5yJ52x+3liKKmetJ/gc7yxrjogt28p0ymRPMoEqLGwDj/oFtcUGk1CDkcQZ6cUvWUJ1QDCc1Fiku7vqLBHchAHhP3N3GKJTx38rMTnfzUArkGSJIhUvdEPpsFjSSNhlMOkgzuPl1GE/O0CCCVQ3zQRC8UaJZ3oF51z/RRqVwwJslJuiD0rHdOymira0vAV5GmWBGBPEUnALud6/tdPcizpEFb3DEI4/wn0OMkd1okW2fA1PzZ1Yx5B4yhh5KQ==
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJY1FIrb8L5X6B76XuAFofrr/sEMsObzto2u2WGuhT90
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGiMAsFaF8HfMPoENNpXwg6yp2DzVpRCBPFVMs2pNBGK
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILQ4IIwtzW5Ye7CeZtXaPavydC4/Jkd6EzZOd1NHHfhV
|
||||
# https://github.com/samalba.keys
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDkK82AY5XUGWGcuC3uWGNId2gI9azHQCX1hb54IWGxY45PEXmCC+dJVDPNXYArjvZNwSrjPJUhnjWB0swyniEwLqQ2dPxOmtdqXz4nhPPdpK7JW+we5lDqikIJObBoWoCog1gEc3wQvl/g9kZuYDDz10/ObpuB138ktiDYWmtHP2fg/yPlujgCoBy8CecJypwndSmXn7gb4bvgNUUq1XLvNNQFkZU9pjBTr/BKvQn2XKmSaCVbJvt6E3Xg7J7mfEcd9e2NLKqxUmvXbp/Fm7S3epo2i5wv2RZoWuyYV3iKD9TBh8ew2G2vmoPkJBPiy/F2i18iSD/ittIYFAA94uTAToWy+7La9JDpUEoxrWWkWtvFPuREIymWabWM7R8BfrXk8IrKkmZFIObxMivgYYwxSJG6l6o0tWLjJ6xQRbw2JMBJc6yuLWvINHE+wd/FX+4X/E92WOE8/Ng2C7LEVowasY/0H5m/LWbgPu1EY77663U1uIGRL2qiOcDmAiBoRdyOzPiU+Yy8s8+cNg3MM53KbJjwG9j4hOevcLM22nMNm/wj4CCWRKDDpRbhqQAugVV9z8cLvEhpetQQJavZCw9RuNvvfY/Yn9mqCbyXkPeBubqqj8J2ySI0pY0Dj0OQMvFOUYS5SUVD44T8bgALe5cVDPVXG7gScZBXvqMh8CpTFw==
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIChHduoNVCHes4vY9TK6FIvlTYAZRbXxGSNF/aSMcZeY
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICBPlafSmJnuEOKp5nvclcNICjx5kDd6U/Do4fY6+Td6
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID2yAn9FNY3oTM4ePJuIkOhqwWlTeaXbgtRrh4GnQMVb
|
||||
# https://github.com/shykes.keys
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6XeLC/rHVI3B9TWIM+rG1v66EJMeSoyO6DpEt+kwyWvABBNm5dYJeUb5WZU3pt6p2x+VdNK8S8+x1PutzkyEpNEQ7r1OaG7uNz1lNpZMPS5iUfZMCh6meQ53+5Zt3d2OIeh1EiMBph+u24Lz3I7g4dMgaqSQW9e+OU4maAu3oyBnWkE1b31irjAt5xXHxbrbbmqsi0MNaiK94jCBedQHOGBg8j781hGwSPtUlKlaSJK5ZfGjm/3LUy25ve+2MkI9uu8JcX0RwMJ/vC6Sy2u9F7UH7zwYhAxI7AtbYeZClctLhCtw421Yj4ZeK4Wgb8qQQaGng8jUDnK8Ka45lqz7uE4pu2NwvJBYdzQcNX/LG6q2Z1plzOVZ6PXrkwzuUQd608HysUc0xXqyNKHQF0YKf9lBNUEKQpYhBk8AGJlyfdd3vT1PszDFvDz6AO5zFZOYlLtUOTEKbj/6n44xVvnPVqERwP7u8TjQzgmUJHyj48evH6niMB2XhX4IheOq3NtT5mQjafEAQHXMgn8TU7fYa3OuYWMO/vMXEpEVCLnbX3E01p/TlWXYKrD/nOVo9YZURsDdVLMJ8U6jPhwT/8K71/JJefgj4KjRDvOvRsmP9876AxkNtfV37zkQwu6k4vm4+MtB+2qCGWxaGBJk3jMY1R/yBi0OB0MfF3HAynHnk2Q==
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPkOs4K/ywiMe/oM16jP3UPgnGLuBN6gX/KdoQGthBek
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCzn+KeEhM62rd/FomYZI6A6GvdCXgak111r5UgfY89eJ4Vi81ytkzKtbmYmS6p8euVzJiNm0g2B/u6C5LIG1SLpTY3vAMynSLpTBpGbEy0Lbmzyo2egbDUpuHycZ8EHOIH/lBafRJ1pMZK0CyR+wEK/cuu0GCeyn8TkabyQH2mAVjc6dLPmM9xnWZOXDBjlwkmLCSSPfFbH22iUqVPfh14DWd9fztrYj2my8HXjC6JyGf+r7RTOWdPMdNaI0C+nkI+6KBh/D7MgTCZGHNW6WCMHDceFWSPtCTDizKhz2k+5euhPmGrjfIIr7wocjWKtz0R7bEyGwvfNd/PNm1GMoEnXL1LK61ggitB2GuRcwQqeQ+6DMwLmG1i6HksjhLL/nBvvpgSKfHnyxZoHZshmhb0WMWNDJN0V+Pd/iM0HAqW0o3GJDaWlIUOoMxPDoAlGYmX27AI2IC2iqvzVpNP4saTfHFDg0gc/ToHnci0P5ugrfKPqXwTNzCngIcqUgrHMZS0CsP+XVczj3D3wzCMzBFZsNM6zXB2WiG8AjE8/akG0fKJ9KktE3gaYvn9O1pI8FowS7MVtPjRankf2+vhk4DYOWGq9xEYAJrvaOuymWVXd1+S2Nx8B6kL3MMJCnAByVcME8JUasVth/YvbiPACqBM58rI/52NslA6JyaDHZYr6w==
|
||||
# https://github.com/slumbering.keys
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDfBt8QLbmNmME16e9r0Rg2TTEWIQ2dQkRdYXYlBSwhA/wg6QMPxKVqUmOMebhrnVgnHgrl5yI7fqk2xtZd6+59nCm7dh8NiFhmA6nACCr7mYisZT0/ph5jNym9UFcr7LGF9mrkplf6Dx5fg+KWZHTUPZr6D23nRnFkBnC1G6DwHL64eW0lkfPeoS7+Vb09cyP3GifHkKxP0JiBqmRt7KmtCDcIwCEUP8oGV3fCZTOMHNVMtaucehS7kmJUq/VGhk+soPgyb4Ii/7I2XUm1eCoAlUyJz8qfF7xDyAGfZWu/et5ggVl3UCj47Gi3z3+s02enSCdpPSuskm+qCmNdor6ThKSe5PjAuiwXIdhtziDb1DVPRKaaXapHVV3RWuO0tjbb9bJ1B5JvE+6mdVaCg6PBwMJcY9NcDO3xx6ATxJ9Bvg53WxogKdSjqYMhCPsGd08/PihEyWe/pXWDCFsg5hbmKqsB5p857nsLbxjmW9M8EM/Ti2j5X+PBh7H76KC324U=
|
||||
# https://github.com/talentedmrjones.keys
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII4t9Xg9prIa9COG7t19FcNW5pordCM/W+x9le+NcGJm
|
||||
BIN
infra/.do.dagger-ci-pr1499-2022-01-26.age
Normal file
BIN
infra/.do.dagger-ci-pr1499-2022-01-26.age
Normal file
Binary file not shown.
110
infra/Makefile
Normal file
110
infra/Makefile
Normal file
@@ -0,0 +1,110 @@
|
||||
SHELL := bash# we want bash behaviour in all shell invocations
|
||||
PLATFORM := $(shell uname)
|
||||
platform := $(shell uname | tr A-Z a-z)
|
||||
architecture := $(shell uname -m)
|
||||
ifeq ($(architecture),x86_64)
|
||||
architecture_alt := amd64
|
||||
endif
|
||||
|
||||
# https://stackoverflow.com/questions/4842424/list-of-ansi-color-escape-sequences
|
||||
BOLD := \033[1m
|
||||
NORMAL := \033[0m
|
||||
RED := \033[1;31m
|
||||
GREEN := \033[1;32m
|
||||
|
||||
LOCAL_BIN := $(CURDIR)/bin
|
||||
$(LOCAL_BIN):
|
||||
mkdir -p $(LOCAL_BIN)
|
||||
|
||||
XDG_CONFIG_HOME ?= $(CURDIR)/.config
|
||||
export XDG_CONFIG_HOME
|
||||
.DEFAULT_GOAL := help
|
||||
HELP_TARGET_DEPTH ?= \#
|
||||
.PHONY: help
|
||||
help: # Show how to get started & what targets are available
|
||||
@printf "\nIf this is your first time running this, remember to run: $(BOLD)make .env && source .env$(NORMAL)\n"
|
||||
@printf "This is a list of all the make targets that you can run, e.g. $(BOLD)make dagger$(NORMAL) - or $(BOLD)m dagger$(NORMAL)\n\n"
|
||||
@awk -F':+ |$(HELP_TARGET_DEPTH)' '/^[0-9a-zA-Z._%-]+:+.+$(HELP_TARGET_DEPTH).+$$/ { printf "$(GREEN)%-20s\033[0m %s\n", $$1, $$3 }' $(MAKEFILE_LIST) | sort
|
||||
@echo
|
||||
|
||||
.PHONY: env
|
||||
env:: # Print all env variables
|
||||
@echo 'alias m=make'
|
||||
@echo 'export PATH="$(LOCAL_BIN):$$PATH"'
|
||||
@echo 'export XDG_CONFIG_HOME="$(XDG_CONFIG_HOME)"'
|
||||
|
||||
.env: # Create the .env file - 💡 use the -B flag to re-create
|
||||
$(MAKE) --no-print-directory env > .env
|
||||
|
||||
# Every system has curl installed here:
|
||||
CURL ?= /usr/bin/curl
|
||||
|
||||
AGE := $(LOCAL_BIN)/age
|
||||
AGE_RELEASES := https://github.com/FiloSottile/age/releases
|
||||
AGE_VERSION := 1.0.0
|
||||
AGE_BIN_DIR := $(LOCAL_BIN)/age-v$(AGE_VERSION)-$(platform)-$(architecture_alt)
|
||||
AGE_URL := $(AGE_RELEASES)/download/v$(AGE_VERSION)/$(notdir $(AGE_BIN_DIR)).tar.gz
|
||||
AGE := $(AGE_BIN_DIR)/age/age
|
||||
$(AGE): | $(CURL) $(LOCAL_BIN)
|
||||
$(CURL) --progress-bar --fail --location --output $(AGE_BIN_DIR).tar.gz "$(AGE_URL)"
|
||||
mkdir -p $(AGE_BIN_DIR) && tar zxf $(AGE_BIN_DIR).tar.gz -C $(AGE_BIN_DIR)
|
||||
touch $(AGE)
|
||||
chmod +x $(AGE)
|
||||
$(AGE) --version | grep $(AGE_VERSION)
|
||||
ln -sf $(AGE) $(LOCAL_BIN)/age
|
||||
.PHONY: age
|
||||
age: $(AGE)
|
||||
|
||||
define get_github_keys_for_age_recipient
|
||||
@printf "Configuring $(BOLD)$(1)$(NORMAL) as an age recipient...\n"
|
||||
@echo "# $(1)" >> $(@)
|
||||
@$(CURL) --silent --fail --location $(1) >> $(@)
|
||||
endef
|
||||
.age.recipients.txt: | $(CURL) # Generate all AGE recipients from GitHub keys
|
||||
$(call get_github_keys_for_age_recipient,https://github.com/aluzzardi.keys)
|
||||
$(call get_github_keys_for_age_recipient,https://github.com/gerhard.keys)
|
||||
$(call get_github_keys_for_age_recipient,https://github.com/grouville.keys)
|
||||
$(call get_github_keys_for_age_recipient,https://github.com/jlongtine.keys)
|
||||
$(call get_github_keys_for_age_recipient,https://github.com/samalba.keys)
|
||||
$(call get_github_keys_for_age_recipient,https://github.com/shykes.keys)
|
||||
$(call get_github_keys_for_age_recipient,https://github.com/slumbering.keys)
|
||||
$(call get_github_keys_for_age_recipient,https://github.com/talentedmrjones.keys)
|
||||
|
||||
DOCTL := $(LOCAL_BIN)/age
|
||||
DOCTL_RELEASES := https://github.com/digitalocean/doctl/releases
|
||||
DOCTL_VERSION := 1.69.0
|
||||
DOCTL_BIN_DIR := $(LOCAL_BIN)/doctl-$(DOCTL_VERSION)-$(platform)-$(architecture_alt)
|
||||
DOCTL_URL := $(DOCTL_RELEASES)/download/v$(DOCTL_VERSION)/$(notdir $(DOCTL_BIN_DIR)).tar.gz
|
||||
DOCTL := $(DOCTL_BIN_DIR)/doctl
|
||||
$(DOCTL): | $(CURL) $(LOCAL_BIN)
|
||||
$(CURL) --progress-bar --fail --location --output $(DOCTL_BIN_DIR).tar.gz "$(DOCTL_URL)"
|
||||
mkdir -p $(DOCTL_BIN_DIR) && tar zxf $(DOCTL_BIN_DIR).tar.gz -C $(DOCTL_BIN_DIR)
|
||||
touch $(DOCTL)
|
||||
chmod +x $(DOCTL)
|
||||
$(DOCTL) version | grep $(DOCTL_VERSION)
|
||||
ln -sf $(DOCTL) $(LOCAL_BIN)/doctl
|
||||
.PHONY: doctl
|
||||
doctl: $(DOCTL)
|
||||
ifndef DIGITALOCEAN_ACCESS_TOKEN
|
||||
@printf "\n$(RED)DIGITALOCEAN_ACCESS_TOKEN $(BOLD)env var is missing$(NORMAL)\n"
|
||||
@printf "\nIf your private SSH key is in the $(BOLD).age.recipients.txt$(NORMAL) file, you can do the following:\n"
|
||||
@printf "$(BOLD)export DIGITALOCEAN_ACCESS_TOKEN=\$$(age -d -i ~/.ssh/$(GREEN)YOUR_SSH_PRIVATE_KEY$(NORMAL)$(BOLD) .do.dagger-ci-pr1499-2022-01-26.age)$(NORMAL)\n"
|
||||
@printf "\nReplace $(BOLD)$(GREEN)YOUR_SSH_PRIVATE_KEY$(NORMAL) with the name of your private SSH key\n\n"
|
||||
@exit 1
|
||||
endif
|
||||
|
||||
DAGGER_CI_NAME ?= dagger-ci-2022-01-26
|
||||
.PHONY: dagger-ci
|
||||
dagger-ci: | $(AGE) doctl # Create dagger-ci
|
||||
$(DOCTL) compute droplet create \
|
||||
--image debian-11-x64 \
|
||||
--size s-1vcpu-1gb-intel \
|
||||
--region nyc1 \
|
||||
--enable-monitoring \
|
||||
--ssh-keys 32985130,32968299,32835944,23961075,23698535 \
|
||||
--user-data-file ./dagger-ci.cloudinit \
|
||||
$(DAGGER_CI_NAME)
|
||||
|
||||
.PHONY: dagger-ci-ssh
|
||||
dagger-ci-ssh: | $(AGE) doctl # SSH into dagger-ci
|
||||
$(DOCTL) compute ssh $(DAGGER_CI_NAME)
|
||||
28
infra/dagger-ci.cloudinit
Normal file
28
infra/dagger-ci.cloudinit
Normal file
@@ -0,0 +1,28 @@
|
||||
#cloud-config
|
||||
write_files:
|
||||
- path: /etc/nixos/host.nix
|
||||
permissions: '0644'
|
||||
content: |
|
||||
{pkgs, ...}:
|
||||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
git
|
||||
htop
|
||||
nix-diff
|
||||
nixfmt
|
||||
nvd
|
||||
tmux
|
||||
vim
|
||||
];
|
||||
services.do-agent.enable = true;
|
||||
virtualisation.docker.package = pkgs.docker_20_10;
|
||||
virtualisation.docker.enable = true;
|
||||
virtualisation.docker.autoPrune.enable = true;
|
||||
virtualisation.docker.autoPrune.dates = "daily";
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAl40j8zO5APwryoo8Ai0GiHkKWPA6MxPPVjEB6Rc1bm dagger-ci@2022_01_26"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHUK9LTCmlmqHQahsqtUTTWfuKkdxrh80hkpasdI+PEo dagger-ci-pass@2022_01_26"
|
||||
];
|
||||
}
|
||||
runcmd:
|
||||
- curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | PROVIDER=digitalocean NIXOS_IMPORT=./host.nix NIX_CHANNEL=nixos-21.11 bash 2>&1 | tee /tmp/nixos-infect.log
|
||||
Reference in New Issue
Block a user