From 9c038cbff09b600d6b3be32c6c9b1a4cd6779ec2 Mon Sep 17 00:00:00 2001
From: Griffin Smith <grfn@gws.fyi>
Date: Sun, 23 May 2021 18:34:41 +0200
Subject: feat(ops/deploy-whitby): Add the start of a script to deploy whitby

Add the beginnings of an auto-deploy script for whitby, intended to
be (eventually) suitable for running automatically in a systemd timer.
The current iteration of the script doesn't actually do any deploying,
but instead takes as an argument a revision, creates a new git worktree
in /tmp with that revision checked out, runs a nix-diff of whitby's
system derivation in the running system and at that closure, puts an
html-rendered version of that diff in the public directory used by
deploy.tvl.fyi, and finally sends a message to IRC via irccat with a
link to that HTML page.

Refs: b/110
Change-Id: Id40525567f8845590c909568befd8d00c07a481c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3145
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: kn <klemens@posteo.de>
---
 ops/deploy-whitby/default.nix      | 30 +++++++++++++++++++++++++
 ops/deploy-whitby/deploy-whitby.sh | 45 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 75 insertions(+)
 create mode 100644 ops/deploy-whitby/default.nix
 create mode 100755 ops/deploy-whitby/deploy-whitby.sh

diff --git a/ops/deploy-whitby/default.nix b/ops/deploy-whitby/default.nix
new file mode 100644
index 000000000000..640f8ecfd23a
--- /dev/null
+++ b/ops/deploy-whitby/default.nix
@@ -0,0 +1,30 @@
+{ pkgs, ... }:
+
+pkgs.stdenv.mkDerivation {
+  name = "deploy-whitby";
+
+  phases = [ "installPhase" "installCheckPhase" ];
+
+  nativeBuildInputs = with pkgs; [
+    makeWrapper
+  ];
+
+  installPhase = ''
+    mkdir -p $out/bin
+    makeWrapper ${./deploy-whitby.sh} $out/bin/deploy-whitby.sh \
+      --prefix PATH : ${with pkgs; lib.makeBinPath [
+        nix-diff
+        ansi2html
+        git
+      ]}
+  '';
+
+  installCheckInputs = with pkgs; [
+    shellcheck
+  ];
+
+  doInstallCheck = true;
+  installCheckPhase = ''
+    shellcheck $out/bin/deploy-whitby.sh
+  '';
+}
diff --git a/ops/deploy-whitby/deploy-whitby.sh b/ops/deploy-whitby/deploy-whitby.sh
new file mode 100755
index 000000000000..808f65cda2cf
--- /dev/null
+++ b/ops/deploy-whitby/deploy-whitby.sh
@@ -0,0 +1,45 @@
+#!/usr/bin/env bash
+set -Ceuo pipefail
+
+HTML_ROOT="${HTML_ROOT:-/var/html/deploys.tvl.fyi}"
+URL_BASE="${URL_BASE:-https://deploys.tvl.fyi/diff}"
+IRCCAT_PORT="${IRCCAT_PORT:-4722}"
+
+drv_hash() {
+    basename "$1" | sed 's/-.*//'
+}
+
+new_rev="$1"
+
+if [ -z "$new_rev" ]; then
+    >&2 echo "Usage: $0 <new_rev>"
+    exit 1
+fi
+
+if [ -d "/tmp/deploy.worktree" ]; then
+    >&2 echo "/tmp/deploy.worktree exists - exiting in case another deploy is currently running"
+    exit 1
+fi
+
+worktree_dir=/tmp/worktree_dir
+
+cleanup() {
+    rm -rf "$worktree_dir"
+}
+trap cleanup EXIT
+
+git clone https://cl.tvl.fyi/depot "$worktree_dir" --reference /depot
+git -C "$worktree_dir" checkout "$new_rev"
+
+current=$(nix show-derivation /run/current-system | jq -r 'keys | .[0]')
+new=$(nix-instantiate -A ops.nixos.whitbySystem "$worktree_dir")
+
+diff_filename="$(drv_hash "$current")..$(drv_hash "$new")"
+nix-diff "$current" "$new" --color always \
+    | ansi2html \
+    >| "$HTML_ROOT/diff/$diff_filename"
+
+echo "#tvl whitby is being deployed! system diff: $URL_BASE/$diff_filename" \
+    | nc -w 5 -N localhost "$IRCCAT_PORT"
+
+# TODO(grfn): Actually do the deploy
-- 
cgit 1.4.1