From 020db14b1e249827c9a9b0015dc54f084892c2b7 Mon Sep 17 00:00:00 2001 From: basebuilder Date: Wed, 3 Apr 2024 17:47:13 +0000 Subject: [PATCH 01/12] Update README.md --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index c046f81..b65dab6 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,7 @@ There are three different types of deployments currently supported: The default deployment is **fully public**: * `/`: the Hugo site is served -* `/deploy`: triggers `webhookd` to re-build the site, **includes publicly viewable logs** +* `/deploy`: triggers `webhookd` to re-build the site, **includes publicly viewable build logs** ### HTTP Basic Auth @@ -87,7 +87,11 @@ key was written to the server and look for `true` in the far right column: ``` $ abra app secret ls example.org +``` +Assuming the previous steps were correct, you should see `true` in the far right column. + +``` +------------+---------+----------------------------+-------------------+ | NAME | VERSION | GENERATED NAME | CREATED ON SERVER | +------------+---------+----------------------------+-------------------+ From d3fa64cee3e6b534772cc8fa00262844498d7fe5 Mon Sep 17 00:00:00 2001 From: basebuilder Date: Thu, 13 Jun 2024 11:46:06 +0200 Subject: [PATCH 02/12] update .env.sample and README to clarify HTTP Auth & Private repos #8 --- .env.sample | 9 ++++--- README.md | 68 +++++++++++++++++++++++++++++++++++------------------ 2 files changed, 51 insertions(+), 26 deletions(-) diff --git a/.env.sample b/.env.sample index b366234..7f573e8 100644 --- a/.env.sample +++ b/.env.sample @@ -1,12 +1,12 @@ TYPE=parasol-static-site -DOMAIN=parasol.example.com +DOMAIN=parasol.example.org LETS_ENCRYPT_ENV=production # **NOTE** Please change this value to your repo -HUGO_GIT_URL=git@codeberg.org:offline/future.git +HUGO_GIT_URL=git@codeberg.org:eotl/example-repo.git -# HTTP basic auth protected deploy endpoint +# HTTP Basic Auth protected /deploy endpoint #COMPOSE_FILE="compose.yml:compose.auth.yml" #AUTH_ENABLED=1 #AUTH_USERNAME=foobar @@ -16,3 +16,6 @@ HUGO_GIT_URL=git@codeberg.org:offline/future.git #COMPOSE_FILE="compose.yml:compose.private.yml" #PRIVATE_ENABLED=1 #SECRET_DEPLOY_KEY_VERSION=v1 + +# Include compose files by appending "compose.yml:compose.private.yml" +COMPOSE_FILE="compose.yml" diff --git a/README.md b/README.md index b65dab6..455e17d 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,4 @@ -Parasol Static Site -==================== +# Parasol Static Site :open_umbrella: :spider_web: A recipe for generating static websites with [Hugo](https://gohugo.io) and a listener service which triggers git pulls and builds via [webhookd](https://github.com/ncarlier/webhookd) @@ -18,19 +17,18 @@ A recipe for generating static websites with [Hugo](https://gohugo.io) and a lis * `abra app config ` * `abra app deploy ` -For more, see [`docs.coopcloud.tech`](https://docs.coopcloud.tech). +This will deploys a public website built from a Hugo site stored in a **public +git repository.** If you need various private modes, there are four different +deployment scenarios supported: -## Modes +- Public Site & Public Repo +- HTTP Basic Auth & Public Repo +- Public Site & Private Repo +- HTTP Basic Auth & Private Repo -There are three different types of deployments currently supported: +### Public Site & Public Repo -- Public Site & Repo -- Public Site & Private Repo -- Private Site & Repo - -### Public - -The default deployment is **fully public**: +The default deployment is a **fully public** site and **public git repository.** * `/`: the Hugo site is served * `/deploy`: triggers `webhookd` to re-build the site, **includes publicly viewable build logs** @@ -38,25 +36,32 @@ The default deployment is **fully public**: ### HTTP Basic Auth -If you enable this in your `.env` file: +To enable a password protected site built from a public git repo, uncomment the +following lines in your `.env` file: ``` -COMPOSE_FILE="compose.yml:compose.auth.yml" AUTH_ENABLED=1 AUTH_USERNAME=foobar SECRET_AUTH_PASSWORD_VERSION=v1 ``` -Then you can run `abra app secret generate -a `. +And append `:compose.auth.yml` to the `COMPOSE_FILE=` variable such as: + +``` +COMPOSE_FILE="compose.yml:compose.auth.yml" +``` + +Then run `abra app secret generate -a ` command. When you deploy: * `/`: the Hugo site is served -* `/deploy`: the webhook is behind HTTP basic auth +* `/deploy`: the webhook is behind HTTP Basic Auth + ### Private Repository -If you enable this in your `.env` file: +If you enable the following lines in your `.env` file: ``` COMPOSE_FILE="compose.yml:compose.private.yml" @@ -64,6 +69,13 @@ PRIVATE_ENABLED=1 SECRET_DEPLOY_KEY_VERSION=v1 ``` +To enable a public site built from a private git repo pulled with a SSH deploy +key, include the following `.yml` files: + +``` +COMPOSE_FILE="compose.yml:compose.private.yml" +``` + Then you need to generate a SSH key: ``` @@ -82,14 +94,13 @@ Due to a limitation in `abra` ([can't insert files yet](https://git.coopcloud.te $ DOCKER_CONTEXT=example.org docker secret create example_org_deploy_key_v1 /path/to/ssh-private-key ``` -Assuming that completes with no errors, run the following command to confirm the -key was written to the server and look for `true` in the far right column: +Assuming that completes with no errors, run the following command to confirm: ``` $ abra app secret ls example.org ``` -Assuming the previous steps were correct, you should see `true` in the far right column. +If successful, you should see `true` in the far right column. ``` +------------+---------+----------------------------+-------------------+ @@ -103,24 +114,30 @@ Then, you need to upload the public SSH key part to the Git repository settings as a "Deploy key". In *Gitea*, that is located in: ``` -Repository Settings > Deploy keys +Repository -> Settings > Deploy keys ``` +Or via URL path: + +- https://codeberg.org/user/website-repo/settings/keys + You can then deploy and the deploy key will be loaded before cloning the private repository and all should nicely. ### HTTP Basic Auth & Private Repository -Combine them with the `COMPOSE_FILE` technique: +You need to edit the `COMPOSE_FILE=` line to include the following `.yml` files: ``` COMPOSE_FILE="compose.yml:compose.auth.yml:compose.private.yml" ``` + ## Troubleshooting -This is a WIP, there are likely dragons and foot cannons. Ye be warned. +This is a WIP, there are likely dragons and foot cannons. Ye be warned :dragon: :pirate_flag: :grimacing: + #### Site not generating? @@ -149,6 +166,11 @@ abra app run badger sh cat /etc/nginx/.htpasswd ``` +For more details documentation, see the *Coop-Cloud Docs* + +- [`docs.coopcloud.tech`](https://docs.coopcloud.tech) + + ## License The following starter was made by [@adz](https://adz.garden) for [offline.place](https://offline.place) with the following license: From 6187a9e3a5afa72148b89de1d2d4b678399ff750 Mon Sep 17 00:00:00 2001 From: p4u1 Date: Thu, 13 Jun 2024 11:49:10 +0200 Subject: [PATCH 03/12] update .env.sample --- .env.sample | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.env.sample b/.env.sample index 7f573e8..5e799dc 100644 --- a/.env.sample +++ b/.env.sample @@ -2,18 +2,19 @@ TYPE=parasol-static-site DOMAIN=parasol.example.org LETS_ENCRYPT_ENV=production +COMPOSE_FILE="compose.yml" # **NOTE** Please change this value to your repo HUGO_GIT_URL=git@codeberg.org:eotl/example-repo.git # HTTP Basic Auth protected /deploy endpoint -#COMPOSE_FILE="compose.yml:compose.auth.yml" +#COMPOSE_FILE="$COMPOSE_FILE:compose.auth.yml" #AUTH_ENABLED=1 #AUTH_USERNAME=foobar #SECRET_AUTH_PASSWORD_VERSION=v1 # Private repository deployment -#COMPOSE_FILE="compose.yml:compose.private.yml" +#COMPOSE_FILE="$COMPOSE_FILE:compose.private.yml" #PRIVATE_ENABLED=1 #SECRET_DEPLOY_KEY_VERSION=v1 From f7d721ff0a6396edd4c424c3aaf8196fe4076f91 Mon Sep 17 00:00:00 2001 From: p4u1 Date: Thu, 13 Jun 2024 12:06:32 +0200 Subject: [PATCH 04/12] update .env.sample and README.md --- .env.sample | 3 --- README.md | 16 ++-------------- 2 files changed, 2 insertions(+), 17 deletions(-) diff --git a/.env.sample b/.env.sample index 5e799dc..dc7aa14 100644 --- a/.env.sample +++ b/.env.sample @@ -17,6 +17,3 @@ HUGO_GIT_URL=git@codeberg.org:eotl/example-repo.git #COMPOSE_FILE="$COMPOSE_FILE:compose.private.yml" #PRIVATE_ENABLED=1 #SECRET_DEPLOY_KEY_VERSION=v1 - -# Include compose files by appending "compose.yml:compose.private.yml" -COMPOSE_FILE="compose.yml" diff --git a/README.md b/README.md index 455e17d..4d7b8ed 100644 --- a/README.md +++ b/README.md @@ -40,17 +40,12 @@ To enable a password protected site built from a public git repo, uncomment the following lines in your `.env` file: ``` +COMPOSE_FILE="$COMPOSE_FILE:compose.auth.yml" AUTH_ENABLED=1 AUTH_USERNAME=foobar SECRET_AUTH_PASSWORD_VERSION=v1 ``` -And append `:compose.auth.yml` to the `COMPOSE_FILE=` variable such as: - -``` -COMPOSE_FILE="compose.yml:compose.auth.yml" -``` - Then run `abra app secret generate -a ` command. When you deploy: @@ -64,18 +59,11 @@ When you deploy: If you enable the following lines in your `.env` file: ``` -COMPOSE_FILE="compose.yml:compose.private.yml" +COMPOSE_FILE="$COMPOSE_FILE:compose.private.yml" PRIVATE_ENABLED=1 SECRET_DEPLOY_KEY_VERSION=v1 ``` -To enable a public site built from a private git repo pulled with a SSH deploy -key, include the following `.yml` files: - -``` -COMPOSE_FILE="compose.yml:compose.private.yml" -``` - Then you need to generate a SSH key: ``` From 21e1275cada44514a3e790e6ef1221d038bf1d79 Mon Sep 17 00:00:00 2001 From: basebuilder Date: Thu, 13 Jun 2024 14:17:06 +0200 Subject: [PATCH 05/12] update README with Alternative Domains & Sub-Domains --- README.md | 32 +++++++++++++++++++++++++++----- 1 file changed, 27 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 4d7b8ed..3dcf02a 100644 --- a/README.md +++ b/README.md @@ -76,13 +76,14 @@ Then, you need to remove the final newline of the file: $ truncate -s -1 ``` -Due to a limitation in `abra` ([can't insert files yet](https://git.coopcloud.tech/coop-cloud/organising/issues/586)), you'll have to manually ingest the privater key file with this command: +Due to a limitation in `abra` ([can't insert files yet](https://git.coopcloud.tech/coop-cloud/organising/issues/586)), you'll have to manually ingest the SSH private key file manually. +If you are deploying a site that is an alternative domain or sub-domain from the server name, please read [this troubleshooting note](#alternative-domainssub-domains). ``` $ DOCKER_CONTEXT=example.org docker secret create example_org_deploy_key_v1 /path/to/ssh-private-key ``` -Assuming that completes with no errors, run the following command to confirm: +If that completes with no errors, run the following command: ``` $ abra app secret ls example.org @@ -98,20 +99,24 @@ If successful, you should see `true` in the far right column. +------------+---------+----------------------------+-------------------+ ``` -Then, you need to upload the public SSH key part to the Git repository settings -as a "Deploy key". In *Gitea*, that is located in: +You now need to upload the public SSH key part to the Git repository settings +as a `Deploy Key`, which in *Gitea/Forgejo* is located in the web UI at: ``` Repository -> Settings > Deploy keys ``` -Or via URL path: +Or via URL: - https://codeberg.org/user/website-repo/settings/keys You can then deploy and the deploy key will be loaded before cloning the private repository and all should nicely. +``` +$ abra app deploy example.org +``` + ### HTTP Basic Auth & Private Repository @@ -154,6 +159,23 @@ abra app run badger sh cat /etc/nginx/.htpasswd ``` +#### Alternative Domains & Sub-Domains + +If you are deploying a private repository where a *alternative domain* +(`alternative.com`) or a *sub-domain* (`sub.example.org`) from that of the +server `example.org` you need to craft a special `DOCKER_CONTEXT` value. If your +apps are named: + +- `alternative.com` +- `sub.example.org` + +Then the respective commands would be: + +``` +$ DOCKER_CONTEXT=example.org docker secret create alternative_com_deploy_key_v1 /path/to/ssh-private-key +$ DOCKER_CONTEXT=example.org docker secret create sub_example_org_deploy_key_v1 /path/to/ssh-private-key +``` + For more details documentation, see the *Coop-Cloud Docs* - [`docs.coopcloud.tech`](https://docs.coopcloud.tech) From 70568903b9ab3514a88f1de3f058a1f3dd707f53 Mon Sep 17 00:00:00 2001 From: p4u1 Date: Tue, 6 Aug 2024 18:22:05 +0200 Subject: [PATCH 06/12] add optional HUGO_GIT_BRANCH --- abra.sh | 2 +- compose.yml | 1 + deploy.sh.tmpl | 6 ++++++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/abra.sh b/abra.sh index de77d33..1b18106 100644 --- a/abra.sh +++ b/abra.sh @@ -3,4 +3,4 @@ export BADGER_ENTRYPOINT_VERSION=v1 export DEFAULT_CONF_VERSION=v1 export SSH_CONF_VERSION=v1 export SSH_DEPLOY_KEY_VERSION=v1 -export WEBHOOKD_SCRIPT_VERSION=v1 +export WEBHOOKD_SCRIPT_VERSION=v2 diff --git a/compose.yml b/compose.yml index 79aa5b5..489380e 100644 --- a/compose.yml +++ b/compose.yml @@ -31,6 +31,7 @@ services: image: codeberg.org/eotl/site-badger:0.1.0 environment: - HUGO_GIT_URL + - HUGO_GIT_BRANCH - HUGO_PUBLIC_DIR=/usr/share/nginx/website - HUGO_WORKING_DIR=/root/website - PRIVATE_ENABLED diff --git a/deploy.sh.tmpl b/deploy.sh.tmpl index 5d09a7f..c075b22 100755 --- a/deploy.sh.tmpl +++ b/deploy.sh.tmpl @@ -23,6 +23,12 @@ echo "◆ Pull latest version from .git repository" git fetch --all git reset --hard origin/main +if [ ! -d "$HUGO_GIT_BRANCH" ]; then + echo "Checkout $HUGO_GIT_BRANCH" + git reset --hard origin/$HUGO_GIT_BRANCH + git checkout origin/$HUGO_GIT_BRANCH +fi + echo "◆ Install or update Hugo Modules" hugo mod get -u From fb4a3fad430105e9b1b9ec45e93dcad09153bec6 Mon Sep 17 00:00:00 2001 From: p4u1 Date: Tue, 6 Aug 2024 18:30:02 +0200 Subject: [PATCH 07/12] fix empty HUGO_GIT_BRANCH --- abra.sh | 2 +- deploy.sh.tmpl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/abra.sh b/abra.sh index 1b18106..bbe239c 100644 --- a/abra.sh +++ b/abra.sh @@ -3,4 +3,4 @@ export BADGER_ENTRYPOINT_VERSION=v1 export DEFAULT_CONF_VERSION=v1 export SSH_CONF_VERSION=v1 export SSH_DEPLOY_KEY_VERSION=v1 -export WEBHOOKD_SCRIPT_VERSION=v2 +export WEBHOOKD_SCRIPT_VERSION=v3 diff --git a/deploy.sh.tmpl b/deploy.sh.tmpl index c075b22..fa37a40 100755 --- a/deploy.sh.tmpl +++ b/deploy.sh.tmpl @@ -23,7 +23,7 @@ echo "◆ Pull latest version from .git repository" git fetch --all git reset --hard origin/main -if [ ! -d "$HUGO_GIT_BRANCH" ]; then +if [ ! -z "$HUGO_GIT_BRANCH" ]; then echo "Checkout $HUGO_GIT_BRANCH" git reset --hard origin/$HUGO_GIT_BRANCH git checkout origin/$HUGO_GIT_BRANCH From 9fd5fef3d27548ccab41a653863facb7c0136679 Mon Sep 17 00:00:00 2001 From: basebuilder Date: Tue, 26 Nov 2024 16:06:01 +0100 Subject: [PATCH 08/12] add Usage section to README --- README.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/README.md b/README.md index 3dcf02a..ebe77c0 100644 --- a/README.md +++ b/README.md @@ -127,6 +127,24 @@ COMPOSE_FILE="compose.yml:compose.auth.yml:compose.private.yml" ``` +## Usage + +To trigger the deploy webhook with normal HTTP request + +```bash +curl -v -XPOST https://example.org/deploy +``` + +To trigger the deploy webhook with HTTP Auth enabled, add the header with: + +```bash +curl -v XPOST -H "Authorization: Basic " https://hook.com/deploy +``` + +Assuming all is setup correctly, you should see the build triggered +when viewing `abra app log example.org` log output. + + ## Troubleshooting This is a WIP, there are likely dragons and foot cannons. Ye be warned :dragon: :pirate_flag: :grimacing: From 48bbe165ad4363ae480b542ec9afd3acf9d38594 Mon Sep 17 00:00:00 2001 From: basebuilder Date: Sun, 8 Dec 2024 14:05:04 +0100 Subject: [PATCH 09/12] improve example URLs for deploy keys in README --- README.md | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index ebe77c0..38bddd3 100644 --- a/README.md +++ b/README.md @@ -99,19 +99,26 @@ If successful, you should see `true` in the far right column. +------------+---------+----------------------------+-------------------+ ``` -You now need to upload the public SSH key part to the Git repository settings -as a `Deploy Key`, which in *Gitea/Forgejo* is located in the web UI at: +You now need to upload the Public SSH key to the Git repository settings +as a `Deploy Key` at which forge website you use. This is usually +located in some web UI flow like: ``` Repository -> Settings > Deploy keys ``` -Or via URL: +Easiest is to copy the URLs below and change the `user/website-repo` values to +match your site: -- https://codeberg.org/user/website-repo/settings/keys +``` +https://github.com/user/website-repo/settings/keys +https://gitlab.com/user/website-repo/-/settings/repository#js-deploy-keys-settings +https://git.coopcloud.tech/user/website-repo/settings/keys +https://codeberg.org/user/website-repo/settings/keys +``` -You can then deploy and the deploy key will be loaded before cloning the private -repository and all should nicely. +You can then deploy the abra recipe and the deploy key will be loaded before cloning the +private repository and all should nicely. ``` $ abra app deploy example.org From 95bbe01b73da7f832a1f71d54f6702ba69a971e7 Mon Sep 17 00:00:00 2001 From: Ammar Hussein Date: Mon, 9 Dec 2024 19:07:00 -0800 Subject: [PATCH 10/12] #9 adding coop-cloud version label --- compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/compose.yml b/compose.yml index 489380e..fb09fde 100644 --- a/compose.yml +++ b/compose.yml @@ -26,6 +26,7 @@ services: - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)" - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" + - "coop-cloud.${STACK_NAME}.version=" badger: image: codeberg.org/eotl/site-badger:0.1.0 From a0e35bf25045d223dfd1614350154713e8d9d1ea Mon Sep 17 00:00:00 2001 From: Ammar Hussein Date: Mon, 9 Dec 2024 19:08:33 -0800 Subject: [PATCH 11/12] chore: publish v0.2.0+1.25.3-alpine release --- compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compose.yml b/compose.yml index fb09fde..19ed7ad 100644 --- a/compose.yml +++ b/compose.yml @@ -26,7 +26,7 @@ services: - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)" - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - - "coop-cloud.${STACK_NAME}.version=" + - "coop-cloud.${STACK_NAME}.version=v0.2.0+1.25.3-alpine" badger: image: codeberg.org/eotl/site-badger:0.1.0 From b8bd53d0d04c88ffb19c6f210891d1ddc342d9ca Mon Sep 17 00:00:00 2001 From: Ammar Hussein Date: Mon, 9 Dec 2024 19:21:11 -0800 Subject: [PATCH 12/12] fix .env.sample domain --- .env.sample | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.env.sample b/.env.sample index dc7aa14..d38641e 100644 --- a/.env.sample +++ b/.env.sample @@ -1,6 +1,6 @@ TYPE=parasol-static-site -DOMAIN=parasol.example.org +DOMAIN=parasol-static-site.example.com LETS_ENCRYPT_ENV=production COMPOSE_FILE="compose.yml"