mirror of
https://git.sr.ht/~seirdy/seirdy.one
synced 2024-11-27 14:12:09 +00:00
ee24778538
- Check host key acc. to SSHFP DNS record - Enforce correct cipher
29 lines
899 B
YAML
29 lines
899 B
YAML
---
|
|
# we rsync binaries.tar.gz from the same server we deploy to.
|
|
# it contains these static-pie binaries:
|
|
# hugo, brotli, ect (like gzip/zopfli), sd, htmlq (like jq for html), and xmllint.
|
|
image: alpine/edge
|
|
packages:
|
|
- curl # for webring update script
|
|
- rsync
|
|
- git # for Hugo's gitInfo
|
|
- bmake
|
|
sources:
|
|
- https://git.sr.ht/~seirdy/seirdy.one
|
|
secrets:
|
|
- cc1eb90c-b07b-4c46-86d4-58fec41cf0e4
|
|
triggers:
|
|
- action: email
|
|
condition: always
|
|
to: seirdy@seirdy.one
|
|
tasks:
|
|
- deps: |
|
|
printf "VerifyHostKeyDNS=yes\nKexAlgorithms=sntrup761x25519-sha512@openssh.com\n" >> ~/.ssh/config
|
|
# mirrored at https://seirdy.one/misc/binaries.tar.gz
|
|
rsync -Wv deploy@seirdy.one:/home/deploy/binaries.tar.gz .
|
|
mkdir -p ~/bin
|
|
tar xzf binaries.tar.gz -oC ~/bin
|
|
- build_deploy: |
|
|
cd seirdy.one
|
|
export PATH=~/bin:$PATH
|
|
bmake deploy-prod deploy-onion
|