diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 000000000..d89ad2a43 --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,25 @@ +name: deploy +on: + push: + branches: + - master +jobs: + deploy: + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v2 + - uses: actions/setup-python@v2 + with: + python-version: 3.8 + - uses: actions/setup-node@v1 + with: + node-version: 14 + - run: pip install commonmark==0.9.1 + - run: npm install + - run: shellcheck deploy.sh + - run: shellcheck resources.whatwg.org/build/*.sh + - run: bash ./deploy.sh + env: + SERVER: ${{ secrets.MARQUEE_SERVER }} + SERVER_PUBLIC_KEY: ${{ secrets.MARQUEE_PUBLIC_KEY }} + SERVER_DEPLOY_KEY: ${{ secrets.MARQUEE_DEPLOY_KEY }} diff --git a/.gitignore b/.gitignore index a896eed1b..145d7840f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,3 @@ -deploy_key -deploy_key.pub - # Keep this list synchronized with https://github.com/whatwg/sg/blob/master/policy-link-mapping.txt whatwg.org/ipr-policy whatwg.org/workstream-policy diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index e300780da..000000000 --- a/.travis.yml +++ /dev/null @@ -1,25 +0,0 @@ -language: python -python: "3.8" - -env: - global: - - ENCRYPTION_LABEL="aec5871fe877" - - SERVER="165.227.248.76" - - SERVER_PUBLIC_KEY="ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDt6Igtp73aTOYXuFb8qLtgs80wWF6cNi3/AItpWAMpX3PymUw7stU7Pi+IoBJz21nfgmxaKp3gfSe2DPNt06l8=" - -install: - - pip install commonmark==0.9.1 - - npm install -script: - - shellcheck deploy.sh - - shellcheck resources.whatwg.org/build/*.sh - - bash ./deploy.sh - -branches: - only: - - master - -notifications: - email: - on_success: never - on_failure: always diff --git a/deploy.sh b/deploy.sh index 9b99422ec..04c976af6 100755 --- a/deploy.sh +++ b/deploy.sh @@ -62,23 +62,13 @@ if [[ "$TRAVIS" == "true" ]]; then fi # This ensures that only changes to the master branch get deployed -if [[ "$TRAVIS_BRANCH" != "master" || "$TRAVIS_PULL_REQUEST" != "false" ]]; then +if [[ "$GITHUB_REF" != "refs/heads/master" ]]; then header "Skipping deploy" else header "Synchronizing content with whatwg.org et al" - ENCRYPTED_KEY_VAR="encrypted_${ENCRYPTION_LABEL}_key" - ENCRYPTED_IV_VAR="encrypted_${ENCRYPTION_LABEL}_iv" - ENCRYPTED_KEY=${!ENCRYPTED_KEY_VAR} - ENCRYPTED_IV=${!ENCRYPTED_IV_VAR} - openssl aes-256-cbc -K "$ENCRYPTED_KEY" -iv "$ENCRYPTED_IV" -in deploy_key.enc -out deploy_key -d - chmod 600 deploy_key eval "$(ssh-agent -s)" - ssh-add deploy_key - echo "$SERVER $SERVER_PUBLIC_KEY" > known_hosts - # --verbose isn't used because there are too many files to list them all - # without exceeding log size limits: - # https://github.com/whatwg/whatwg.org/issues/287 - rsync --archive --chmod="D755,F644" --compress --delete --stats --log-file="rsync-log.txt" --rsh="ssh -o UserKnownHostsFile=known_hosts" ./whatwg.org ./*.whatwg.org "deploy@$SERVER:/var/www/" - scp -o="UserKnownHostsFile=known_hosts" rsync-log.txt "deploy@$SERVER:/var/www/whatwg.org/" - echo "Full rsync log at https://whatwg.org/rsync-log.txt" + echo "$SERVER_DEPLOY_KEY" | ssh-add - + mkdir -p ~/.ssh/ && echo "$SERVER $SERVER_PUBLIC_KEY" > ~/.ssh/known_hosts + rsync --verbose --archive --chmod=D755,F644 --compress --delete \ + ./whatwg.org ./*.whatwg.org "deploy@$SERVER:/var/www/" fi diff --git a/deploy_key.enc b/deploy_key.enc deleted file mode 100644 index 595bce376..000000000 Binary files a/deploy_key.enc and /dev/null differ