CI: require passwordless sudo for services deploy
Some checks failed
Deploy / deploy (push) Failing after 7s
Some checks failed
Deploy / deploy (push) Failing after 7s
This commit is contained in:
Jeremie Fraeys
parent
6ca0219902
commit
529ae3da07
1 changed files with 27 additions and 18 deletions
|
|
@ -78,40 +78,49 @@ jobs:
|
|||
|
||||
ssh -i ~/.ssh/id_ed25519 "$SERVICE_USER@$SERVICE_HOST" /bin/sh -lc "set -euo pipefail
|
||||
|
||||
sudo mkdir -p /opt/infra-controller /etc/infra-controller /var/lib/infra-controller /var/log/infra-controller
|
||||
if ! command -v sudo >/dev/null 2>&1; then
|
||||
echo 'ERROR: sudo not installed on services server' >&2
|
||||
exit 1
|
||||
fi
|
||||
if ! sudo -n true 2>/dev/null; then
|
||||
echo 'ERROR: passwordless sudo is required for CI deploy (configure NOPASSWD for this SSH user)' >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
sudo -n mkdir -p /opt/infra-controller /etc/infra-controller /var/lib/infra-controller /var/log/infra-controller
|
||||
|
||||
if [ ! -d /opt/infra-controller/.git ]; then
|
||||
sudo rm -rf /opt/infra-controller/*
|
||||
sudo git clone '$REPO_URL' /opt/infra-controller
|
||||
sudo -n rm -rf /opt/infra-controller/*
|
||||
sudo -n git clone '$REPO_URL' /opt/infra-controller
|
||||
fi
|
||||
|
||||
cd /opt/infra-controller
|
||||
sudo git fetch --all --prune
|
||||
sudo git checkout -f '$GIT_SHA'
|
||||
sudo -n git fetch --all --prune
|
||||
sudo -n git checkout -f '$GIT_SHA'
|
||||
|
||||
if [ ! -d /opt/infra-controller/venv ]; then
|
||||
sudo python3 -m venv /opt/infra-controller/venv
|
||||
sudo -n python3 -m venv /opt/infra-controller/venv
|
||||
fi
|
||||
sudo /opt/infra-controller/venv/bin/pip install --upgrade pip
|
||||
sudo /opt/infra-controller/venv/bin/pip install -e .
|
||||
sudo -n /opt/infra-controller/venv/bin/pip install --upgrade pip
|
||||
sudo -n /opt/infra-controller/venv/bin/pip install -e .
|
||||
|
||||
if [ ! -f /etc/infra-controller/config.toml ]; then
|
||||
sudo cp config/controller.toml.example /etc/infra-controller/config.toml
|
||||
sudo -n cp config/controller.toml.example /etc/infra-controller/config.toml
|
||||
fi
|
||||
if [ ! -f /etc/infra-controller/controller.env ]; then
|
||||
sudo cp systemd/infra-controller.env /etc/infra-controller/controller.env
|
||||
sudo -n cp systemd/infra-controller.env /etc/infra-controller/controller.env
|
||||
fi
|
||||
|
||||
sudo cp systemd/infra-controller.service /etc/systemd/system/
|
||||
sudo cp systemd/infra-controller-once.service /etc/systemd/system/
|
||||
sudo cp systemd/infra-controller-watch.service /etc/systemd/system/
|
||||
sudo systemctl daemon-reload
|
||||
sudo -n cp systemd/infra-controller.service /etc/systemd/system/
|
||||
sudo -n cp systemd/infra-controller-once.service /etc/systemd/system/
|
||||
sudo -n cp systemd/infra-controller-watch.service /etc/systemd/system/
|
||||
sudo -n systemctl daemon-reload
|
||||
|
||||
sudo systemctl disable --now infra-controller.path 2>/dev/null || true
|
||||
sudo systemctl enable --now infra-controller-watch.service
|
||||
sudo systemctl restart infra-controller-watch.service
|
||||
sudo -n systemctl disable --now infra-controller.path 2>/dev/null || true
|
||||
sudo -n systemctl enable --now infra-controller-watch.service
|
||||
sudo -n systemctl restart infra-controller-watch.service
|
||||
|
||||
sudo chown -R infractl:infractl /opt/infra-controller /var/lib/infra-controller /var/log/infra-controller || true
|
||||
sudo -n chown -R infractl:infractl /opt/infra-controller /var/lib/infra-controller /var/log/infra-controller || true
|
||||
|
||||
/opt/infra-controller/venv/bin/infra-controller --once
|
||||
"
|
||||
|
|
|
|||
Loading…
Reference in a new issue