Commit ebe2843b authored by Katharina Fey's avatar Katharina Fey 🏴
Browse files

Finishing deploy steps

parent 474517df
......@@ -3,7 +3,12 @@
use crate::{config::Config, derive_key};
use serde_json::Value;
use std::{collections::HashMap, process::Command};
use std::{
collections::HashMap,
fs::{remove_file, remove_dir_all, File, Permissions},
io::Write,
process::Command,
};
use tempdir::TempDir;
type JsonMap = HashMap<String, Value>;
......@@ -28,6 +33,22 @@ pub fn run(data: DeployData) {
.expect("Failed to format tmpdir path!")
);
let deploy_key_path = format!(
"{}/fucking_delete_me.priv",
dir.path()
.as_os_str()
.to_str()
.expect("Failed to format deploy key path!")
);
let run_script = format!(
"{}/forge_run.sh",
dir.path()
.as_os_str()
.to_str()
.expect("Failed to format deploy key path!")
);
Command::new("ssh-agent")
.args(&[
"bash",
......@@ -37,16 +58,63 @@ pub fn run(data: DeployData) {
data.repo_key, repo
),
])
.current_dir(dir)
.current_dir(&dir)
.output()
.expect("Failed to run git-clone command!");
let mut config = Config::load((git_dir + "/.forge.yml").as_str()).expect("Invalid config!");
let mut config =
Config::load((git_dir.clone() + "/.forge.yml").as_str()).expect("Invalid config!");
let key = derive_key(data.secret, data.salt);
// Run this to pre-cache a generation
Command::new("nixos-rebuild")
.args(&["build", "-I", "nixos-config=configuration.nix"])
.current_dir(&git_dir)
.output()
.expect("Failed to run git-clone command!");
let cmd = &config.deploy.cmd;
File::create(&run_script)
.and_then(|mut f| f.write_all(b"#!/bin/sh\n").map(|_| f))
.and_then(|mut f| f.write_all(cmd.as_bytes()))
.expect("Failed to build system config!");
// !!! WARNING: writing sensitive key material to disk
let deploy_key = config.parse_secret(key);
File::create(&deploy_key_path)
.and_then(|mut f| f.write_all(deploy_key.as_bytes()))
.expect("Failed to build system config!");
// Load required data from config
let user = config.auth.key;
let mirror = config.deploy.mirror;
eprintln!("Key `auth.method` currently ignored!");
// Clear the mirror directory first
Command::new("ssh")
.args(&[
&format!("{}@localhost -i {}", user, deploy_key_path),
"bash",
&run_script,
])
.env("OUT_DIR", &git_dir)
.env("MIRROR", mirror)
.current_dir(&git_dir)
.output()
.map_err(|e| scrub(&deploy_key_path).map(|_| e).unwrap())
.expect("Failed to run git-clone command!");
// Remove working state
scrub(&deploy_key_path);
remove_dir_all(&dir);
}
// ssh-agent bash -c 'ssh-add /somewhere/yourkey; git clone git@github.com:user/project.git'
/// Try to clear the private keyfile from disk
fn scrub(path: &String) -> Option<()> {
remove_file(path).expect("CRITICAL: Failed to delete private key from temp folder!!");
Some(())
}
fn get_repo(json: &JsonMap) -> String {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment