tools: move site.sh into shake; stop running just-pushed shakefile
Running the just pushed Shake.hs was too insecure. [ci skip]
This commit is contained in:
Simon Michael
parent
61e053bd8e
commit
7af5ee4863
6
Makefile
6
Makefile
@ -705,10 +705,14 @@ site-livereload: \
|
|||||||
# /etc/github-post-receive.conf
|
# /etc/github-post-receive.conf
|
||||||
# 2. cron, nightly. Config: /etc/crontab
|
# 2. cron, nightly. Config: /etc/crontab
|
||||||
# 3. manually (make site).
|
# 3. manually (make site).
|
||||||
|
# This must use the existing Shake executable without rebuilding it,
|
||||||
|
# as we don't want to immediately execute new code from any collaborator.
|
||||||
.PHONY: site
|
.PHONY: site
|
||||||
site: \
|
site: \
|
||||||
$(call def-help,site, update the hledger.org website (run on prod) )
|
$(call def-help,site, update the hledger.org website (run on prod) )
|
||||||
@tools/site.sh
|
@[[ ! -x Shake ]] \
|
||||||
|
&& echo 'Please run "make Shake" first (manual compilation of Shake.hs is required)' \
|
||||||
|
|| ./Shake hledgerorg
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
$(call def-help-subheading,RELEASING:)
|
$(call def-help-subheading,RELEASING:)
|
||||||
|
|||||||
37
Shake.hs
37
Shake.hs
@ -24,6 +24,7 @@ tools, including:
|
|||||||
- makeinfo
|
- makeinfo
|
||||||
- pandoc
|
- pandoc
|
||||||
- sed
|
- sed
|
||||||
|
- GNU date (on mac: brew install coreutils)
|
||||||
|
|
||||||
Compiling this script is recommended, to ensure required packages are
|
Compiling this script is recommended, to ensure required packages are
|
||||||
installed, minimise startup delay, and reduce sensitivity to the
|
installed, minimise startup delay, and reduce sensitivity to the
|
||||||
@ -77,6 +78,7 @@ usage = unlines
|
|||||||
,"./Shake website build the website and web manuals"
|
,"./Shake website build the website and web manuals"
|
||||||
,"./Shake website-all build the website and all web manual versions"
|
,"./Shake website-all build the website and all web manual versions"
|
||||||
,"./Shake all build all the above"
|
,"./Shake all build all the above"
|
||||||
|
,"./Shake hledgerorg update the hledger.org website (when run on prod)"
|
||||||
,""
|
,""
|
||||||
,"./Shake mainpages build the web pages from the main repo"
|
,"./Shake mainpages build the web pages from the main repo"
|
||||||
,"./Shake wikipages build the web pages from the wiki repo"
|
,"./Shake wikipages build the web pages from the wiki repo"
|
||||||
@ -437,6 +439,41 @@ main = do
|
|||||||
"--lua-filter=tools/pandoc-toc.lua"
|
"--lua-filter=tools/pandoc-toc.lua"
|
||||||
"-o" out )
|
"-o" out )
|
||||||
|
|
||||||
|
-- This rule, for updating the live hledger.org site, gets called by:
|
||||||
|
-- 1. github-post-receive (github webhook handler), when something is pushed
|
||||||
|
-- to the main or wiki repos on Github. Config:
|
||||||
|
-- /etc/supervisord.conf -> [program:github-post-receive]
|
||||||
|
-- /etc/github-post-receive.conf
|
||||||
|
-- 2. cron, nightly. Config: /etc/crontab
|
||||||
|
-- 3. manually (make site).
|
||||||
|
phony "hledgerorg" $ do
|
||||||
|
-- out1 <- fromStdout <$>
|
||||||
|
cmd_ Shell
|
||||||
|
-- XXX ideally we would ensure here that output is logged,
|
||||||
|
-- but I don't know how to do that for the Shake rules.
|
||||||
|
-- Instead we'll do the logging in "make site".
|
||||||
|
-- -- run this sequence of commands, stopping if one fails:
|
||||||
|
-- "("
|
||||||
|
-- -- and log all output as well as echoing it
|
||||||
|
-- ") 2>&1 | tee -a site.log"
|
||||||
|
|
||||||
|
-- print timestamp. On mac, use brew-installed GNU date.
|
||||||
|
"echo"
|
||||||
|
"&& PATH=\"/usr/local/opt/coreutils/libexec/gnubin:$PATH\" date --rfc-3339=seconds"
|
||||||
|
-- pull latest wiki repo
|
||||||
|
"&& printf 'wiki repo: ' && git -C wiki pull"
|
||||||
|
-- pull latest main repo - sometimes already done by webhook, not always
|
||||||
|
"&& printf 'main repo: ' && git pull"
|
||||||
|
|
||||||
|
-- Shake.hs might have been updated, but we won't execute the
|
||||||
|
-- new one, too insecure. Continue with this one.
|
||||||
|
|
||||||
|
-- update wiki links on website front page
|
||||||
|
need [ "site/index.md" ]
|
||||||
|
|
||||||
|
-- update the live site based on all latest content
|
||||||
|
need [ "website-all" ]
|
||||||
|
|
||||||
-- HLEDGER PACKAGES/EXECUTABLES
|
-- HLEDGER PACKAGES/EXECUTABLES
|
||||||
|
|
||||||
phony "build" $ need packages
|
phony "build" $ need packages
|
||||||
|
|||||||
@ -1,36 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
# Update website(s): hledger.org
|
|
||||||
#
|
|
||||||
# Called via github webhook (on push to main repo or wiki)
|
|
||||||
# /etc/supervisord.conf -> [program:github-post-receive]
|
|
||||||
# /etc/github-post-receive.conf
|
|
||||||
# and via cron (nightly)
|
|
||||||
# /etc/crontab
|
|
||||||
# or manually (make site)
|
|
||||||
|
|
||||||
(\
|
|
||||||
|
|
||||||
echo && \
|
|
||||||
|
|
||||||
# print timestamp. On mac, use brew-installed GNU date.
|
|
||||||
PATH="/usr/local/opt/coreutils/libexec/gnubin:$PATH" date --rfc-3339=seconds && \
|
|
||||||
|
|
||||||
# fetch latest code & website - sometimes already done by webhook, not always
|
|
||||||
git pull && \
|
|
||||||
|
|
||||||
# fetch latest wiki content
|
|
||||||
printf "wiki: " && git -C wiki pull && \
|
|
||||||
|
|
||||||
# ensure GHC can handle non-ascii
|
|
||||||
export LANG=en_US.UTF-8 && \
|
|
||||||
|
|
||||||
# ensure latest Shake is built
|
|
||||||
./Shake.hs && \
|
|
||||||
|
|
||||||
|
|
||||||
# update website
|
|
||||||
./Shake site/index.md && \
|
|
||||||
./Shake website \
|
|
||||||
|
|
||||||
# print and log to:
|
|
||||||
) 2>&1 | tee -a site.log
|
|
||||||
Loading…
Reference in New Issue
Block a user