From c665ce2eb6889111a73b3236c0bfaf6809ec7c1b Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom@hubrecht.ovh>
Date: Fri, 30 Jun 2023 09:56:50 +0000
Subject: [PATCH] Add deployment workflow (#7)

Reviewed-on: https://git.hubrecht.ovh/DGNum/dgnum.eu/pulls/7
Co-authored-by: Tom Hubrecht <tom@hubrecht.ovh>
Co-committed-by: Tom Hubrecht <tom@hubrecht.ovh>
---
 .forgejo/workflows/deploy-dgnum.yaml | 66 ++++++++++++++++++++++++++++
 default.nix                          | 10 +++++
 flake.lock                           | 17 +++++++
 flake.nix                            |  9 +++-
 site/default.nix                     |  6 ++-
 ssg/default.nix                      | 10 +++--
 6 files changed, 112 insertions(+), 6 deletions(-)
 create mode 100644 .forgejo/workflows/deploy-dgnum.yaml
 create mode 100644 default.nix

diff --git a/.forgejo/workflows/deploy-dgnum.yaml b/.forgejo/workflows/deploy-dgnum.yaml
new file mode 100644
index 0000000..54f2ec3
--- /dev/null
+++ b/.forgejo/workflows/deploy-dgnum.yaml
@@ -0,0 +1,66 @@
+name: Publish website to Codeberg Pages
+run-name: publish-dgnum.eu
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  publish:
+    runs-on: native
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          path: dgnum.eu
+
+      - name: Build website
+        run: |
+          # Hack to set the cache in the working directory
+          HOME="$GITHUB_WORKSPACE" nix-build dgnum.eu
+
+      - name: Push new website
+        run: |
+          export HOME="$GITHUB_WORKSPACE"
+
+          echo "[+] Using SSH_DEPLOY_KEY"
+
+          # Setup deploy key
+          DEPLOY_KEY_FILE="$HOME/.ssh/deploy_key"
+          mkdir .ssh
+          echo "${SSH_DEPLOY_KEY}" > "$DEPLOY_KEY_FILE"
+          chmod 600 "$DEPLOY_KEY_FILE"
+
+          # Setup known hosts
+          KNOWN_HOSTS_FILE="$HOME/.ssh/known_hosts"
+          ssh-keyscan -H codeberg.org > "$KNOWN_HOSTS_FILE"
+
+          export GIT_SSH_COMMAND="ssh -i $DEPLOY_KEY_FILE -o UserKnownHostsFile=$KNOWN_HOSTS_FILE"
+          GIT_CMD_REPOSITORY="git@codeberg.org:DGNum/$GIT_REPOSITORY.git"
+
+          echo "[+] Cloning remote repository"
+          git clone --single-branch --depth 1 --branch main "$GIT_CMD_REPOSITORY" "$GIT_REPOSITORY"
+
+          git config --global user.email "$GIT_USER_EMAIL"
+          git config --global user.name  "$GIT_USER_NAME"
+
+          echo "[+] Updating assets"
+          rm -r "$GIT_REPOSITORY"/*
+
+          # Update assets
+          cp -R --no-preserve=mode,ownership,timestamps result/* "$GIT_REPOSITORY/"
+          cd "$GIT_REPOSITORY"
+
+          echo "[+] Creating commit"
+          ORIGIN_COMMIT="https://$GIT_ORIGIN_SERVER/$GITHUB_REPOSITORY/commit/$GITHUB_SHA"
+          git add .
+          git diff-index --quiet HEAD || git commit --message "Automatic pages update from $ORIGIN_COMMIT"
+
+          echo "[+] Pushing update"
+          git push "$GIT_CMD_REPOSITORY" --set-upstream main
+        env:
+          SSH_DEPLOY_KEY: ${{ secrets.SSH_DEPLOY_KEY }}
+          GIT_REPOSITORY: pages
+          GIT_USER_EMAIL: automated-update@dgnum.eu
+          GIT_USER_NAME: Forgejo Action
+          GIT_ORIGIN_SERVER: git.hubrecht.ovh
diff --git a/default.nix b/default.nix
new file mode 100644
index 0000000..2cccff2
--- /dev/null
+++ b/default.nix
@@ -0,0 +1,10 @@
+(import
+  (
+    let lock = builtins.fromJSON (builtins.readFile ./flake.lock); in
+    fetchTarball {
+      url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
+      sha256 = lock.nodes.flake-compat.locked.narHash;
+    }
+  )
+  { src = ./.; }
+).defaultNix
diff --git a/flake.lock b/flake.lock
index 8ea3b48..474c1c7 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,21 @@
 {
   "nodes": {
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1673956053,
+        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
     "flake-utils": {
       "inputs": {
         "systems": "systems"
@@ -35,6 +51,7 @@
     },
     "root": {
       "inputs": {
+        "flake-compat": "flake-compat",
         "flake-utils": "flake-utils",
         "nixpkgs": "nixpkgs"
       }
diff --git a/flake.nix b/flake.nix
index 81da4dc..3453526 100644
--- a/flake.nix
+++ b/flake.nix
@@ -4,15 +4,20 @@
   inputs = {
     nixpkgs.url = "nixpkgs/nixos-unstable";
     flake-utils.url = "github:numtide/flake-utils";
+    flake-compat = {
+      url = "github:edolstra/flake-compat";
+      flake = false;
+    };
   };
 
-  outputs = { self, nixpkgs, flake-utils }:
+  outputs = { self, nixpkgs, flake-utils, ... }:
     flake-utils.lib.eachDefaultSystem (system:
       let
         pkgs = nixpkgs.legacyPackages.${system};
         ssg = pkgs.callPackage ./ssg { };
         defaultInputs = with pkgs; [ nixfmt shellcheck ];
-      in {
+      in
+      {
         formatter = pkgs.nixfmt;
 
         devShells = {
diff --git a/site/default.nix b/site/default.nix
index 5b29c49..754826d 100644
--- a/site/default.nix
+++ b/site/default.nix
@@ -1,4 +1,8 @@
-{ glibcLocales, nix-gitignore, ssg, stdenv }:
+{ glibcLocales
+, nix-gitignore
+, ssg
+, stdenv
+}:
 
 stdenv.mkDerivation {
   name = "dgnum.eu";
diff --git a/ssg/default.nix b/ssg/default.nix
index b524484..b32229a 100644
--- a/ssg/default.nix
+++ b/ssg/default.nix
@@ -1,4 +1,8 @@
-{ haskellPackages, locale, nix-gitignore }:
+{ haskellPackages
+, nix-gitignore
+}:
 
-let srcs = nix-gitignore.gitignoreSourcePure ../.gitignore ./.;
-in haskellPackages.callCabal2nix "ssg" srcs { }
+haskellPackages.callCabal2nix
+  "ssg"
+  (nix-gitignore.gitignoreSourcePure ../.gitignore ./.)
+{ }