diff options
author | Robin H. Johnson <robbat2@gentoo.org> | 2023-12-31 08:40:05 +0000 |
---|---|---|
committer | Robin H. Johnson <robbat2@gentoo.org> | 2023-12-31 00:47:58 -0800 |
commit | d13c14c7fb6f9351d4667cf34f81044b138e635d (patch) | |
tree | 8b5a195a83bf0dbae76f084b39f6c2d63758f558 | |
parent | tooling: s3 stuff (diff) | |
download | assets-d13c14c7fb6f9351d4667cf34f81044b138e635d.tar.gz assets-d13c14c7fb6f9351d4667cf34f81044b138e635d.tar.bz2 assets-d13c14c7fb6f9351d4667cf34f81044b138e635d.zip |
tooling: upload toolmain
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
-rw-r--r-- | .gitignore | 2 | ||||
-rw-r--r-- | .s3ignore | 18 | ||||
-rw-r--r-- | README.md | 13 | ||||
-rw-r--r-- | upload.sh | 70 |
4 files changed, 103 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..7fe5b88 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +marker.txt +.* diff --git a/.s3ignore b/.s3ignore new file mode 100644 index 0000000..cc15784 --- /dev/null +++ b/.s3ignore @@ -0,0 +1,18 @@ +# Patterns that should not be uploaded + +# Git data +.git* + +# This file itself +.s3ignore + +# S3 API stuff +cors.json +cors.xml +website.json +website.xml + +# Tooling +*.sh +# Local hidden files +.* @@ -3,6 +3,19 @@ This repo (and website) hold the pre-built website style/theme assets for `gentoo.org` websites. +## How to upload +`CREDCOMMAND="..." bash upload.sh` +Where `CREDCOMMAND` returns YAML with the S3 credentials needed for uploading. + +Will set: +- CORS Configuration +- S3 Static website configuration + +### Dependencies +- `yq` +- `s3cmd` +- `awscli` + ## Git Repositories - [Assets](https://gitweb.gentoo.org/sites/assets.git/) - [Tyrian theme source](https://gitweb.gentoo.org/sites/tyrian-theme.git/) diff --git a/upload.sh b/upload.sh new file mode 100644 index 0000000..b3d830c --- /dev/null +++ b/upload.sh @@ -0,0 +1,70 @@ +#!/bin/bash + +# TODO: refactor this to extract from central secrets +: "${CREDCOMMAND:=/bin/false}" +AWS_ACCESS_KEY_ID=$(${CREDCOMMAND} | yq .access-key) +AWS_SECRET_ACCESS_KEY=$(${CREDCOMMAND} | yq .secret-key) +bucket=$(${CREDCOMMAND} | yq .bucket) +endpoint=$(${CREDCOMMAND} | yq .endpoint) + +export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY +if [[ $bucket == null ]]; then + echo "Something is wrong with your CREDCOMMAND to fetch credentials" 1>&2 + echo "Should return YAML, with keys of access-key, secret-key, endpoint, bucket" 1>&2 + exit 1 +fi + +dest=s3://${bucket}/ +_s3cmd() { + CMD=( + "s3cmd" + "--host-bucket=${endpoint}" + "--host=${endpoint}" + # Yep, it doesn't read from ENV in some cases. + "--access_key=${AWS_ACCESS_KEY_ID}" + "--secret_key=${AWS_SECRET_ACCESS_KEY}" + "--acl-public" + "--recursive" + "--exclude-from=.s3ignore" + "--force" + #--dry-run + ) + ( set -x ; "${CMD[@]}" "$@" ) +} +#_s3cmd --acl-public --exclude-from=.s3ignore --no-mime-magic --guess-mime-type ${cmd} --recursive . ${dest} --dry-run +EXT_MIMES=( + 'css=text/css' + 'eot=application/vnd.ms-fontobject' + 'html=text/html' + 'js=text/javascript' + 'map=application/json' + 'md=text/markdown' + 'otf=font/otf' + 'png=image/png' + 'svg=image/svg+xml' + 'ttf=font/ttf' + 'webp=image/webp' + 'webp=image/webp' + 'woff2=font/woff2' + 'woff=font/woff' + #'txt=text/plain' # Skip this, so the default upload doesn't throw an error. +) + +( date -uR ; date -u --iso=sec ) >marker.txt + +(set -x ; aws --endpoint "$endpoint" s3api put-bucket-website --bucket "$bucket" --website-configuration file://./website.json ) +(set -x ; aws --endpoint "$endpoint" s3api put-bucket-cors --bucket "$bucket" --cors-configuration file://./cors.json ) + +_ext='' +#cmd='put --no-check-md5' # To force-upload +cmd='sync' # Delta +for ext_mime in "${EXT_MIMES[@]}" ; do + ext="${ext_mime/=*}" + mime="${ext_mime/*=}" + _s3cmd ${cmd} . ${dest} --exclude='*' --include="*.${ext}" --mime-type="${mime}" + _ext+=" --exclude=*.${ext}" +done +# This should upload marker.txt +_s3cmd ${cmd} . ${dest} $_ext --no-mime-magic --guess-mime-type + +# vim: sts=2 sw=2 ts=2 et: |