feat(ops/deploy-whitby): Add the start of a script to deploy whitby

Add the beginnings of an auto-deploy script for whitby, intended to
be (eventually) suitable for running automatically in a systemd timer.
The current iteration of the script doesn't actually do any deploying,
but instead takes as an argument a revision, creates a new git worktree
in /tmp with that revision checked out, runs a nix-diff of whitby's
system derivation in the running system and at that closure, puts an
html-rendered version of that diff in the public directory used by
deploy.tvl.fyi, and finally sends a message to IRC via irccat with a
link to that HTML page.

Refs: b/110
Change-Id: Id40525567f8845590c909568befd8d00c07a481c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3145
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: kn <klemens@posteo.de>
This commit is contained in:
Griffin Smith 2021-05-23 18:34:41 +02:00 committed by grfn
parent 79b39bb66e
commit 9c038cbff0
2 changed files with 75 additions and 0 deletions

View file

@ -0,0 +1,30 @@
{ pkgs, ... }:
pkgs.stdenv.mkDerivation {
name = "deploy-whitby";
phases = [ "installPhase" "installCheckPhase" ];
nativeBuildInputs = with pkgs; [
makeWrapper
];
installPhase = ''
mkdir -p $out/bin
makeWrapper ${./deploy-whitby.sh} $out/bin/deploy-whitby.sh \
--prefix PATH : ${with pkgs; lib.makeBinPath [
nix-diff
ansi2html
git
]}
'';
installCheckInputs = with pkgs; [
shellcheck
];
doInstallCheck = true;
installCheckPhase = ''
shellcheck $out/bin/deploy-whitby.sh
'';
}

View file

@ -0,0 +1,45 @@
#!/usr/bin/env bash
set -Ceuo pipefail
HTML_ROOT="${HTML_ROOT:-/var/html/deploys.tvl.fyi}"
URL_BASE="${URL_BASE:-https://deploys.tvl.fyi/diff}"
IRCCAT_PORT="${IRCCAT_PORT:-4722}"
drv_hash() {
basename "$1" | sed 's/-.*//'
}
new_rev="$1"
if [ -z "$new_rev" ]; then
>&2 echo "Usage: $0 <new_rev>"
exit 1
fi
if [ -d "/tmp/deploy.worktree" ]; then
>&2 echo "/tmp/deploy.worktree exists - exiting in case another deploy is currently running"
exit 1
fi
worktree_dir=/tmp/worktree_dir
cleanup() {
rm -rf "$worktree_dir"
}
trap cleanup EXIT
git clone https://cl.tvl.fyi/depot "$worktree_dir" --reference /depot
git -C "$worktree_dir" checkout "$new_rev"
current=$(nix show-derivation /run/current-system | jq -r 'keys | .[0]')
new=$(nix-instantiate -A ops.nixos.whitbySystem "$worktree_dir")
diff_filename="$(drv_hash "$current")..$(drv_hash "$new")"
nix-diff "$current" "$new" --color always \
| ansi2html \
>| "$HTML_ROOT/diff/$diff_filename"
echo "#tvl whitby is being deployed! system diff: $URL_BASE/$diff_filename" \
| nc -w 5 -N localhost "$IRCCAT_PORT"
# TODO(grfn): Actually do the deploy