276 lines
8.9 KiB
Bash
Executable File
276 lines
8.9 KiB
Bash
Executable File
set -euo pipefail
|
|
|
|
echo "== CONFIGURATION =="
|
|
export AWS_ACCESS_KEY=${AWS_ACCESS_KEY:-}
|
|
export CARGO_NET_GIT_FETCH_WITH_CLI=${CARGO_NET_GIT_FETCH_WITH_CLI:-true}
|
|
export GCP_CLUSTER_NAME=${GCP_CLUSTER_NAME:-}
|
|
export GCP_CONTROL_PLANE_LOCATION=${GCP_CONTROL_PLANE_LOCATION:-}
|
|
export GCP_PRINCIPAL=${GCP_PRINCIPAL:-}
|
|
export GCP_PROJECT_NAME=${GCP_PROJECT_NAME:-}
|
|
export GITEA_INSTANCE=${GITEA_INSTANCE:-}
|
|
export GITEA_INSTANCE_SCHEME=${GITEA_INSTANCE_SCHEME:-https}
|
|
export GITEA_ORGANIZATION=${GITEA_ORGANIZATION:-}
|
|
export GIT_TERMINAL_PROMPT=${GIT_TERMINAL_PROMPT:-0}
|
|
export NIXOS_CACHE_LOCATION=${NIXOS_CACHE_LOCATION:-https://cache.nixos.org/}
|
|
export NIXOS_CACHE_SIGN_KEY=${NIXOS_CACHE_SIGN_KEY:-cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=}
|
|
export NIX_S3_CACHE_LOCATION=${NIX_S3_CACHE_LOCATION:-}
|
|
export NIX_SIGN_KEY=${NIX_SIGN_KEY:-}
|
|
export RUNNER_CAPACITY=${RUNNER_CAPACITY:-1}
|
|
export RUNNER_CONFIG_FILE=${RUNNER_CONFIG_FILE:-}
|
|
export RUNNER_CONTAINER_IS_PRIVILEGED=${RUNNER_CONTAINER_IS_PRIVILEGED:-false}
|
|
export RUNNER_CONTAINER_OPTIONS=${RUNNER_CONTAINER_OPTIONS:-}
|
|
export RUNNER_DOCKER_HOST=${RUNNER_DOCKER_HOST:-}
|
|
export RUNNER_JOB_TIMEOUT=${RUNNER_JOB_TIMEOUT:-3h}
|
|
export RUNNER_LABELS=${RUNNER_LABELS:-["action-runner-persistent:host","action-runner:docker://action-runner-job:latest","ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest"]}
|
|
export RUNNER_LOG_LEVEL=${RUNNER_LOG_LEVEL:-info}
|
|
export RUNNER_RUNNER_FILE=${RUNNER_RUNNER_FILE:-.runner}
|
|
export RUNNER_USERNAME=${RUNNER_USERNAME:-}
|
|
export RUNNER_WORKDIR=${RUNNER_WORKDIR:-/tmp}
|
|
export TWINE_NON_INTERACTIVE=${TWINE_NON_INTERACTIVE:-true}
|
|
echo "AWS_ACCESS_KEY=\"${AWS_ACCESS_KEY}"\"
|
|
echo "CARGO_NET_GIT_FETCH_WITH_CLI=\"${CARGO_NET_GIT_FETCH_WITH_CLI}"\"
|
|
echo "GCP_CLUSTER_NAME=\"${GCP_CLUSTER_NAME}"\"
|
|
echo "GCP_CONTROL_PLANE_LOCATION=\"${GCP_CONTROL_PLANE_LOCATION}"\"
|
|
echo "GCP_PRINCIPAL=\"${GCP_PRINCIPAL}"\"
|
|
echo "GCP_PROJECT_NAME=\"${GCP_PROJECT_NAME}"\"
|
|
echo "GITEA_INSTANCE=\"${GITEA_INSTANCE}"\"
|
|
echo "GITEA_INSTANCE_SCHEME=\"${GITEA_INSTANCE_SCHEME}"\"
|
|
echo "GITEA_ORGANIZATION=\"${GITEA_ORGANIZATION}"\"
|
|
echo "GIT_TERMINAL_PROMPT=\"${GIT_TERMINAL_PROMPT}"\"
|
|
echo "NIXOS_CACHE_LOCATION=\"${NIXOS_CACHE_LOCATION}"\"
|
|
echo "NIXOS_CACHE_SIGN_KEY=\"${NIXOS_CACHE_SIGN_KEY}"\"
|
|
echo "NIX_S3_CACHE_LOCATION=\"${NIX_S3_CACHE_LOCATION}"\"
|
|
echo "NIX_SIGN_KEY=\"${NIX_SIGN_KEY}"\"
|
|
echo "RUNNER_CAPACITY=\"${RUNNER_CAPACITY}"\"
|
|
echo "RUNNER_CONFIG_FILE=\"${RUNNER_CONFIG_FILE}"\"
|
|
echo "RUNNER_CONTAINER_IS_PRIVILEGED=\"${RUNNER_CONTAINER_IS_PRIVILEGED}"\"
|
|
echo "RUNNER_CONTAINER_OPTIONS=\"${RUNNER_CONTAINER_OPTIONS}"\"
|
|
echo "RUNNER_DOCKER_HOST=\"${RUNNER_DOCKER_HOST}"\"
|
|
echo "RUNNER_JOB_TIMEOUT=\"${RUNNER_JOB_TIMEOUT}"\"
|
|
echo "RUNNER_LABELS=\"${RUNNER_LABELS}"\"
|
|
echo "RUNNER_LOG_LEVEL=\"${RUNNER_LOG_LEVEL}"\"
|
|
echo "RUNNER_RUNNER_FILE=\"${RUNNER_RUNNER_FILE}"\"
|
|
echo "RUNNER_USERNAME=\"${RUNNER_USERNAME}"\"
|
|
echo "RUNNER_WORKDIR=\"${RUNNER_WORKDIR}"\"
|
|
echo "TWINE_NON_INTERACTIVE=\"${TWINE_NON_INTERACTIVE}"\"
|
|
echo ""
|
|
|
|
LAST_CONFIG_HASH_FILE="$HOME/current_config"
|
|
if [[ -f "$LAST_CONFIG_HASH_FILE" ]]; then
|
|
LAST_CONFIG_HASH=$(cat "$LAST_CONFIG_HASH_FILE")
|
|
else
|
|
LAST_CONFIG_HASH="-"
|
|
fi
|
|
|
|
mkdir -p "$HOME/scratch"
|
|
CONFIG_HASH_FILE="$HOME/scratch/config-hash.txt"
|
|
|
|
cat <<EOF > "$CONFIG_HASH_FILE"
|
|
AWS_ACCESS_KEY="$AWS_ACCESS_KEY"
|
|
AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY"
|
|
CARGO_NET_GIT_FETCH_WITH_CLI="$CARGO_NET_GIT_FETCH_WITH_CLI"
|
|
GCP_CLUSTER_NAME="$GCP_CLUSTER_NAME"
|
|
GCP_CONTROL_PLANE_LOCATION="$GCP_CONTROL_PLANE_LOCATION"
|
|
GCP_PRINCIPAL="$GCP_PRINCIPAL"
|
|
GCP_PROJECT_NAME="$GCP_PROJECT_NAME"
|
|
GCP_SERVICE_KEY="$GCP_SERVICE_KEY"
|
|
GIT_TERMINAL_PROMPT="$GIT_TERMINAL_PROMPT"
|
|
GITEA_INSTANCE="$GITEA_INSTANCE"
|
|
GITEA_INSTANCE_SCHEME="$GITEA_INSTANCE_SCHEME"
|
|
GITEA_ORGANIZATION="$GITEA_ORGANIZATION"
|
|
GITEA_SSH_KEY="$GITEA_SSH_KEY"
|
|
NIXOS_CACHE_LOCATION="$NIXOS_CACHE_LOCATION"
|
|
NIXOS_CACHE_SIGN_KEY="$NIXOS_CACHE_SIGN_KEY"
|
|
NIX_S3_CACHE_LOCATION="$NIX_S3_CACHE_LOCATION"
|
|
NIX_SECRET_SIGN_KEY="$NIX_SECRET_SIGN_KEY"
|
|
NIX_SIGN_KEY="$NIX_SIGN_KEY"
|
|
RUNNER_PASSWORD="$RUNNER_PASSWORD"
|
|
RUNNER_USERNAME="$RUNNER_USERNAME"
|
|
TWINE_NON_INTERACTIVE="$TWINE_NON_INTERACTIVE"
|
|
EOF
|
|
|
|
CURRENT_CONFIG_HASH=$(envsubst < "$CONFIG_HASH_FILE" | sha256sum)
|
|
echo "current config hash: $CURRENT_CONFIG_HASH"
|
|
echo "last config hash: $LAST_CONFIG_HASH"
|
|
|
|
if [[ "$CURRENT_CONFIG_HASH" == "$LAST_CONFIG_HASH" ]]; then
|
|
echo "-> config unchanged."
|
|
CONFIG_CHANGED=0
|
|
else
|
|
echo "-> config changed. updating."
|
|
CONFIG_CHANGED=1
|
|
fi
|
|
echo ""
|
|
|
|
if [[ "$CONFIG_CHANGED" -eq 1 || ! -d "$HOME/.config/gcloud" ]]; then
|
|
echo "== SETTING UP GOOGLE CLOUD CLI =="
|
|
|
|
GCP_SERVICE_KEY_FILENAME="$HOME/gcp_servicekey.json"
|
|
echo "$GCP_SERVICE_KEY" > "$GCP_SERVICE_KEY_FILENAME"
|
|
|
|
gcloud auth activate-service-account \
|
|
"$GCP_PRINCIPAL" --key-file="$GCP_SERVICE_KEY_FILENAME"
|
|
|
|
gcloud config set project "$GCP_PROJECT_NAME"
|
|
gcloud container clusters get-credentials \
|
|
"$GCP_CLUSTER_NAME" --location "$GCP_CONTROL_PLANE_LOCATION"
|
|
|
|
gcloud auth list
|
|
gcloud info
|
|
else
|
|
echo "== google cloud cli already configured =="
|
|
fi
|
|
|
|
if [[ "$CONFIG_CHANGED" -eq 1 || ! -f "$HOME/.docker/config.json" ]]; then
|
|
echo "== SETTING UP DOCKER USER CONFIG =="
|
|
mkdir -p "$HOME/.docker"
|
|
rm -fr "$HOME/.docker/config.json"
|
|
mkdir -p "$HOME/scratch"
|
|
DOCKER_CONFIG_FILE="$HOME/scratch/config.json"
|
|
|
|
cat <<EOF > "$DOCKER_CONFIG_FILE"
|
|
{
|
|
"credHelpers": {
|
|
"gcr.io": "gcloud",
|
|
"us.gcr.io": "gcloud",
|
|
"eu.gcr.io": "gcloud",
|
|
"asia.gcr.io": "gcloud",
|
|
"staging-k8s.gcr.io": "gcloud",
|
|
"marketplace.gcr.io": "gcloud",
|
|
"europe-docker.pkg.dev": "gcloud"
|
|
}
|
|
}
|
|
|
|
EOF
|
|
|
|
cp "$DOCKER_CONFIG_FILE" "$HOME/.docker/config.json"
|
|
else
|
|
echo "== docker already configured =="
|
|
fi
|
|
|
|
NIX_USER_CONF_FILES="$HOME/nix.conf"
|
|
NIX_SECRET_SIGN_KEY_FILE="$HOME/nix-sign.private"
|
|
|
|
if [[ "$CONFIG_CHANGED" -eq 1 || ! -f "$NIX_USER_CONF_FILES" ]]; then
|
|
echo "== SETTING UP NIX CONFIG =="
|
|
|
|
if [[ -v NIX_SECRET_SIGN_KEY ]]; then
|
|
echo "$NIX_SECRET_SIGN_KEY" > "$NIX_SECRET_SIGN_KEY_FILE"
|
|
fi
|
|
|
|
mkdir -p "$HOME/scratch"
|
|
NIX_USER_CONFIG_TEMPLATE_FILE="$HOME/scratch/nix.conf"
|
|
|
|
cat <<EOF > "$NIX_USER_CONFIG_TEMPLATE_FILE"
|
|
substituters = $NIX_S3_CACHE_LOCATION $NIXOS_CACHE_LOCATION
|
|
trusted-public-keys = $NIXOS_CACHE_SIGN_KEY $NIX_SIGN_KEY
|
|
trusted-substituters = $NIXOS_CACHE_LOCATION $NIX_S3_CACHE_LOCATION
|
|
always-allow-substitutes = true
|
|
|
|
EOF
|
|
|
|
cp "$NIX_USER_CONFIG_TEMPLATE_FILE" "$NIX_USER_CONF_FILES"
|
|
else
|
|
echo "== nix already configured =="
|
|
fi
|
|
|
|
if [[ "$CONFIG_CHANGED" -eq 1 || ! -f "$HOME/.aws/credentials" ]]; then
|
|
echo "== SETTING UP AWS CREDENTIALS FOR NIX CACHE =="
|
|
|
|
mkdir -p "$HOME/.aws"
|
|
mkdir -p "$HOME/scratch"
|
|
AWS_CREDENTIALS_FILE="$HOME/scratch/aws-credentials-template"
|
|
|
|
cat <<EOF > "$AWS_CREDENTIALS_FILE"
|
|
[default]
|
|
aws_access_key_id=$AWS_ACCESS_KEY
|
|
aws_secret_access_key=$AWS_SECRET_ACCESS_KEY
|
|
|
|
EOF
|
|
|
|
cp "$AWS_CREDENTIALS_FILE" "$HOME/.aws/credentials"
|
|
else
|
|
echo "== aws credentials for nix cache already configured =="
|
|
fi
|
|
|
|
if [[ "$CONFIG_CHANGED" -eq 1 || ! -d "$HOME/.ssh" ]]; then
|
|
echo "== SETTING UP SSH CLIENT =="
|
|
mkdir -p "$HOME/.ssh"
|
|
rm -fr "$HOME/.ssh/id_gitea"
|
|
echo "$GITEA_SSH_KEY" > "$HOME/.ssh/id_gitea"
|
|
chmod 0400 "$HOME/.ssh/id_gitea"
|
|
else
|
|
echo "== ssh client already configured =="
|
|
fi
|
|
|
|
if [[ "$CONFIG_CHANGED" -eq 1 || ! -f "$HOME/.netrc" ]]; then
|
|
echo "== SETTING UP NETRC =="
|
|
mkdir -p "$HOME/scratch"
|
|
NETRC_TEMPLATE_FILE="$HOME/scratch/netrc"
|
|
|
|
cat <<EOF > "$NETRC_TEMPLATE_FILE"
|
|
machine gitea.puzzleyou.net
|
|
login $RUNNER_USERNAME
|
|
password $RUNNER_PASSWORD
|
|
|
|
EOF
|
|
|
|
cp "$NETRC_TEMPLATE_FILE" "$HOME/.netrc"
|
|
chmod 600 "$HOME/.netrc"
|
|
else
|
|
echo "== netrc already configured =="
|
|
fi
|
|
|
|
if [[ "$CONFIG_CHANGED" -eq 1 || ! -f "$HOME/.pypirc" ]]; then
|
|
echo "== SETTING UP PYPIRC =="
|
|
mkdir -p "$HOME/scratch"
|
|
PYPIRC_TEMPLATE_FILE="$HOME/scratch/pypirc"
|
|
|
|
cat <<EOF > "$PYPIRC_TEMPLATE_FILE"
|
|
[distutils]
|
|
index-servers = gitea
|
|
|
|
[gitea]
|
|
repository = $GITEA_INSTANCE_SCHEME://$GITEA_INSTANCE/api/packages/$GITEA_ORGANIZATION/pypi
|
|
username = $RUNNER_USERNAME
|
|
password = $RUNNER_PASSWORD
|
|
|
|
EOF
|
|
|
|
cp "$PYPIRC_TEMPLATE_FILE" "$HOME/.pypirc"
|
|
else
|
|
echo "== pypirc already configured =="
|
|
fi
|
|
|
|
if [[ "$CONFIG_CHANGED" -eq 1 || ! -f "$HOME/.config/git/config" ]]; then
|
|
echo "== SETTING UP GIT =="
|
|
git config --global user.email "action-runner@cluster.local"
|
|
git config --global user.name "action-runner"
|
|
git config --global credential.helper store
|
|
|
|
mkdir -p "$HOME/scratch"
|
|
GIT_CREDENTIALS_FILE="$HOME/scratch/git-credentials"
|
|
|
|
cat <<EOF > "$GIT_CREDENTIALS_FILE"
|
|
$GITEA_INSTANCE_SCHEME://$RUNNER_USERNAME:$RUNNER_PASSWORD@$GITEA_INSTANCE
|
|
|
|
EOF
|
|
|
|
cp "$GIT_CREDENTIALS_FILE" "$HOME/.git-credentials"
|
|
else
|
|
echo "== git already configured =="
|
|
fi
|
|
|
|
echo "$CURRENT_CONFIG_HASH" > "$LAST_CONFIG_HASH_FILE"
|
|
|
|
if [[ -v GITHUB_ENV ]]; then
|
|
echo "== POPULATING GITHUB_ENV =="
|
|
cat <<EOF >> "$GITHUB_ENV"
|
|
CARGO_NET_GIT_FETCH_WITH_CLI="$CARGO_NET_GIT_FETCH_WITH_CLI"
|
|
TWINE_NON_INTERACTIVE="$TWINE_NON_INTERACTIVE"
|
|
NIX_S3_CACHE_LOCATION="$NIX_S3_CACHE_LOCATION"
|
|
EOF
|
|
else
|
|
echo "== \$GITHUB_ENV is not set. not running as an action. =="
|
|
fi
|