use tofu

Author: sebasptsch

.github/workflows/deploy.yaml

@@ -12,6 +12,10 @@ name: Deploy to Server
 jobs:
   deploy:
     runs-on: ubuntu-latest
+    env:
+      TF_VAR_remote_user: ${{ secrets.SERVER_USER }}
+      TF_VAR_ssh_url: ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_IP }}
+      TF_VAR_remote_directory: /opt/progsoc/progcomp2025/competition
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
@@ -24,26 +28,10 @@ jobs:
           oauth-secret: ${{ secrets.TS_OAUTH_SECRET }}
           use-cache: 'true'
 
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: '3.12'
-          cache: 'pip'
-
-      - name: Install dependencies
-        run: |
-          python -m pip install --upgrade pip
-          pip install -r deploy/requirements.txt
-
-      - name: Add Server IP to Ansible hosts
-        run: |
-          echo "[progcomp2025]" >> deploy/ansible_hosts
-          echo "${{ secrets.SERVER_IP }}" >> deploy/ansible_hosts
-      - name: Run Ansible playbook
+      - uses: opentofu/setup-opentofu@v1
+        
+      - name: Apply OpenTofu configuration
         run: |
-          ansible-playbook deploy/ansible-deploy.yaml \
-            --inventory deploy/ansible_hosts \
-            --extra-vars "ansible_user=${{ secrets.SERVER_USER }}"
-        env:
-          ANSIBLE_HOST_KEY_CHECKING: false
-          ANSIBLE_CONFIG: deploy/ansible.cfg
+          cd deploy
+          tofu init
+          tofu apply --auto-approve

deploy/.terraform.lock.hcl

@@ -1,3 +1,19 @@
+variable "remote_user" {
+  type        = string
+  description = "The remote user to connect to the server."
+}
+
+variable "ssh_url" {
+  type        = string
+  description = "The SSH URL to connect to the remote server."
+}
+
+variable "remote_directory" {
+  type        = string
+  description = "The remote directory where the competition files will be copied."
+  default     = "/opt/progsoc/progcomp2025/competition"
+}
+
 terraform {
   required_providers {
     docker = {
@@ -8,12 +24,12 @@ terraform {
 }
 
 provider "docker" {
-  host = "ssh://sebas@speed"
+  host = "ssh://${var.ssh_url}"
   ssh_opts = ["-o", "StrictHostKeyChecking=no", "-o", "UserKnownHostsFile=/dev/null"]
 }
 
 data "docker_registry_image" "fuzzjudge" {
-  name = "ghcr.io/progsoc/fuzzjudge:latest"
+  name = "ghcr.io/progsoc/fuzzjudge:runtimes-latest"
 }
 
 
@@ -22,52 +38,38 @@ resource "docker_image" "fuzzjudge" {
     pull_triggers = [data.docker_registry_image.fuzzjudge.sha256_digest]
 }
 
-resource "terraform_data" "remote_docker_build" {
-    depends_on = [ docker_image.fuzzjudge ]
+data "external" "competition_files_hash" {
+    program = ["bash","${path.module}/hash.sh"]
+    query = {
+        # command ignoring all .db and rust target directories
+        hash = ""
+    }
+}
+
+resource "terraform_data" "copy_competition_files" {
     connection {
         type        = "ssh"
         user        = "sebas"
         host        = "speed"
     }
 
     provisioner "remote-exec" {
+      // Make sure the directory exists
         inline = [
-            "mkdir -p /opt/services/progcomp2025",
-            "chmod 755 /opt/services/progcomp2025",
-            "chown sebas:sebas /opt/services/progcomp2025"
-        ]
-      
-    }
-
-    provisioner "file" {
-        source = "../Dockerfile"
-        destination = "/opt/services/progcomp2025/Dockerfile"
-    }
-
-    provisioner "remote-exec" {
-        inline = [
-            "chmod 644 /opt/services/progcomp2025/competition",
-            "cd /opt/services/progcomp2025",
-            "docker build -t progcomp2025:latest ."
+            "mkdir -p ${var.remote_directory}",
+            "chown -R ${var.remote_user}:${var.remote_user} ${var.remote_directory}",
+            "find ${var.remote_directory} -type d -exec chmod 755 {} \\;",
+            "find ${var.remote_directory} -type f -exec chmod 644 {} \\;"
         ]
     }
-}
-
-resource "docker_image" "progcomp" {
-    depends_on = [ terraform_data.remote_docker_build ]
-    name         = "progcomp2025:latest"
-}
 
-resource "terraform_data" "copy_competition_files" {
-    connection {
-        type        = "ssh"
-        user        = "sebas"
-        host        = "speed"
+    // remote exec rsync
+    provisioner "local-exec" {
+        command = "rsync -avz --delete --exclude='*.db' --exclude='target' ../competition/ ${var.ssh_url}:${var.remote_directory}"
     }
 
-    provisioner "file" {
-        source      = "../competition/"
-        destination = "/opt/services/progcomp2025/competition"
+    triggers_replace = {
+        file_hash = data.external.competition_files_hash.result
     }
 }
 
@@ -78,21 +80,20 @@ variable "progcomp_env" {
     ]
 }
 
-
 resource "docker_container" "progcomp" {
+    depends_on = [ terraform_data.copy_competition_files ]
     name  = "progcomp2025"
-    image = docker_image.progcomp.image_id
+    image = docker_image.fuzzjudge.image_id
     ports {
         internal = 1989
         external = 2025
     }
     volumes {
-        host_path      = "/opt/services/progcomp2025/competition"
+        host_path      = var.remote_directory
         container_path = "/app/competition"
     }
 
     env = var.progcomp_env
     restart = "always"
-  
 }
 

deploy/ansible-deploy.yaml

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+# find ../competition -type f ! -name '*.db' ! -path '*/target/*' -exec sha256sum {} + | sha256sum | awk '{print $1}'
+
+jq -n --arg hash "$(find ../competition -type f ! -name '*.db' ! -path '*/target/*' -exec sha256sum {} + | sha256sum | awk '{print $1}')" \
+    '{hash: $hash}'

deploy/ansible.cfg

@@ -1,9 +1,6 @@
 services:
   fuzzjudge:
-    build:
-      context: .
-      pull: true
-      dockerfile: Dockerfile
+    image: ghcr.io/progsoc/fuzzjudge:runtimes-latest
     container_name: fuzzjudge
     pull_policy: always
     restart: unless-stopped