aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobin H. Johnson <robbat2@gentoo.org>2023-12-31 08:40:05 +0000
committerRobin H. Johnson <robbat2@gentoo.org>2023-12-31 00:47:58 -0800
commitd13c14c7fb6f9351d4667cf34f81044b138e635d (patch)
tree8b5a195a83bf0dbae76f084b39f6c2d63758f558
parenttooling: s3 stuff (diff)
downloadassets-main.tar.gz
assets-main.tar.bz2
assets-main.zip
tooling: upload toolmain
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
-rw-r--r--.gitignore2
-rw-r--r--.s3ignore18
-rw-r--r--README.md13
-rw-r--r--upload.sh70
4 files changed, 103 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..7fe5b88
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+marker.txt
+.*
diff --git a/.s3ignore b/.s3ignore
new file mode 100644
index 0000000..cc15784
--- /dev/null
+++ b/.s3ignore
@@ -0,0 +1,18 @@
+# Patterns that should not be uploaded
+
+# Git data
+.git*
+
+# This file itself
+.s3ignore
+
+# S3 API stuff
+cors.json
+cors.xml
+website.json
+website.xml
+
+# Tooling
+*.sh
+# Local hidden files
+.*
diff --git a/README.md b/README.md
index 3cef655..2aa8e07 100644
--- a/README.md
+++ b/README.md
@@ -3,6 +3,19 @@
This repo (and website) hold the pre-built website style/theme assets for
`gentoo.org` websites.
+## How to upload
+`CREDCOMMAND="..." bash upload.sh`
+Where `CREDCOMMAND` returns YAML with the S3 credentials needed for uploading.
+
+Will set:
+- CORS Configuration
+- S3 Static website configuration
+
+### Dependencies
+- `yq`
+- `s3cmd`
+- `awscli`
+
## Git Repositories
- [Assets](https://gitweb.gentoo.org/sites/assets.git/)
- [Tyrian theme source](https://gitweb.gentoo.org/sites/tyrian-theme.git/)
diff --git a/upload.sh b/upload.sh
new file mode 100644
index 0000000..b3d830c
--- /dev/null
+++ b/upload.sh
@@ -0,0 +1,70 @@
+#!/bin/bash
+
+# TODO: refactor this to extract from central secrets
+: "${CREDCOMMAND:=/bin/false}"
+AWS_ACCESS_KEY_ID=$(${CREDCOMMAND} | yq .access-key)
+AWS_SECRET_ACCESS_KEY=$(${CREDCOMMAND} | yq .secret-key)
+bucket=$(${CREDCOMMAND} | yq .bucket)
+endpoint=$(${CREDCOMMAND} | yq .endpoint)
+
+export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
+if [[ $bucket == null ]]; then
+ echo "Something is wrong with your CREDCOMMAND to fetch credentials" 1>&2
+ echo "Should return YAML, with keys of access-key, secret-key, endpoint, bucket" 1>&2
+ exit 1
+fi
+
+dest=s3://${bucket}/
+_s3cmd() {
+ CMD=(
+ "s3cmd"
+ "--host-bucket=${endpoint}"
+ "--host=${endpoint}"
+ # Yep, it doesn't read from ENV in some cases.
+ "--access_key=${AWS_ACCESS_KEY_ID}"
+ "--secret_key=${AWS_SECRET_ACCESS_KEY}"
+ "--acl-public"
+ "--recursive"
+ "--exclude-from=.s3ignore"
+ "--force"
+ #--dry-run
+ )
+ ( set -x ; "${CMD[@]}" "$@" )
+}
+#_s3cmd --acl-public --exclude-from=.s3ignore --no-mime-magic --guess-mime-type ${cmd} --recursive . ${dest} --dry-run
+EXT_MIMES=(
+ 'css=text/css'
+ 'eot=application/vnd.ms-fontobject'
+ 'html=text/html'
+ 'js=text/javascript'
+ 'map=application/json'
+ 'md=text/markdown'
+ 'otf=font/otf'
+ 'png=image/png'
+ 'svg=image/svg+xml'
+ 'ttf=font/ttf'
+ 'webp=image/webp'
+ 'webp=image/webp'
+ 'woff2=font/woff2'
+ 'woff=font/woff'
+ #'txt=text/plain' # Skip this, so the default upload doesn't throw an error.
+)
+
+( date -uR ; date -u --iso=sec ) >marker.txt
+
+(set -x ; aws --endpoint "$endpoint" s3api put-bucket-website --bucket "$bucket" --website-configuration file://./website.json )
+(set -x ; aws --endpoint "$endpoint" s3api put-bucket-cors --bucket "$bucket" --cors-configuration file://./cors.json )
+
+_ext=''
+#cmd='put --no-check-md5' # To force-upload
+cmd='sync' # Delta
+for ext_mime in "${EXT_MIMES[@]}" ; do
+ ext="${ext_mime/=*}"
+ mime="${ext_mime/*=}"
+ _s3cmd ${cmd} . ${dest} --exclude='*' --include="*.${ext}" --mime-type="${mime}"
+ _ext+=" --exclude=*.${ext}"
+done
+# This should upload marker.txt
+_s3cmd ${cmd} . ${dest} $_ext --no-mime-magic --guess-mime-type
+
+# vim: sts=2 sw=2 ts=2 et: