First step towards driving all infra state from sites.yaml

The new task `sites:sync` syncs *all* sites from sites.yaml, ensuring that everything is set up for them as it should. This includes setting up Lagoon with GITHUB token, capturing the Lagoon deploy key, saving it in sites.yaml, and ensuring all the Github repos are provisioned with Terraform. A single case is missing right now, which is running a first `lagoon deploy` for new sites. We need to figure out if that is actually required, and if so, if we can detect whether it needs doing
danskernesdigitalebibliotek · Mar 12, 2024 · 57bd5de · 57bd5de
1 parent 9a8ff28
commit 57bd5de
Show file tree

Hide file tree

Showing 2 changed files with 72 additions and 13 deletions.
diff --git a/docs/runbooks/add-library-site-to-platform.md b/docs/runbooks/add-library-site-to-platform.md
@@ -109,22 +109,15 @@ The following describes a semi-automated version of "Add a Project" in
 ```sh
 # From within dplsh:
 
-# If your ssh-key is passphrase-projected we'll need to setup an ssh-agent
-# instance:
-$ eval $(ssh-agent); ssh-add
+# Run the sites:sync task to sync the site state in sites.yaml, creating your new site
+$ task sites:sync
 
-# 1. Add a project
-# PROJECT_NAME=<project name>  GIT_URL=<url> task lagoon:project:add
-$ PROJECT_NAME=core-test1 [email protected]:danishpubliclibraries/env-core-test1.git\
-  task lagoon:project:add
+# You may be prompted to confirm Terraform plan execution and approve other critical steps.
+# Read and consider these messages carefully and ensure you are not needlessly changing
+# other sites.
 
-# The project is added, and a deployment key is printed, use it for the next step.
-
-# 2. Add the deployment key to sites.yaml under the key "deploy_key".
-$ vi environments/${DPLPLAT_ENV}/sites.yaml
-# Then update the repositories using Terraform
-$ task env_repos:provision
 
+#TODO: move first deploys to Taskfile
 # 3.a Trigger a deployment manually, this will fail as the repository is empty
 #    but will serve to prepare Lagoon for future deployments.
 # lagoon deploy branch -p <project-name> -b <branch>

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
@@ -731,6 +731,72 @@ tasks:
       - sh: "[ ! -z {{.SITE}} ]"
         msg: "Env variable SITE is not set or empty."
 
+    sites:list-keys:
+      desc: List keys for sites in sites.yaml config
+      dir: "{{.dir_env}}"
+      cmds:
+        - cat sites.yaml | yq '.sites | keys | .[]'
+
+    sites:sync:
+      desc: Performs a full synchronization from sites.yaml to running state
+      dir: "{{.dir_env}}"
+      cmds:
+        - |
+          set -e
+          cat sites.yaml | yq '.sites | keys | .[]' | while read -r site; do
+            SITE="$site" task site:lagoon:project:ensure
+            SITE="$site" task site:lagoon:project:capture-deploy-key
+          done
+        - task: env_repos:provision
+        - |
+          echo "TODO: figure out which sites are newly created and require a first deploy\
+                and run lagoon deploy for them - and for plan:webmaster run deploy of\
+                moduletest, too"
+        - |
+          set -e
+          cat sites.yaml | yq '.sites | keys | .[]' | while read -r site; do
+            SITE="$site" task site:sync
+          done
+
+    site:lagoon:project:ensure:
+      # TODO: ensure github registry credentials are current known version on update case, too
+      #       - consider implementing in set:environment-variable so it updates if already set
+      desc: |
+        Ensures a lagoon project is set up and configured correctly for a
+        given site as specified by sites.yaml
+      deps: [lagoon:cli:config]
+      dir: "{{.dir_env}}"
+      env: # TODO: vars instead?
+        GIT_URL: "[email protected]:danishpubliclibraries/env-{{.SITE}}.git"
+      cmds:
+        - echo "hey ${GIT_URL}"
+        - |
+          if [ "$(lagoon get project --project "{{.SITE}}" --output-json | jq '.data[0].id' --raw-output)" = "0" ]; then
+            PROJECT_NAME="{{.SITE}}" GIT_URL="${GIT_URL}" task lagoon:project:add;
+            PROJECT_NAME="{{.SITE}}" task lagoon:project:set:github-registry-credentials
+          else
+            PROJECT_NAME="{{.SITE}}" GIT_URL="${GIT_URL}" task lagoon:project:update;
+          fi
+      preconditions:
+      - sh: "[ ! -z {{.SITE}} ]"
+        msg: "Env variable SITE is not set or empty."
+
+    site:lagoon:project:capture-deploy-key:
+      # TODO: print a big message if a deploy key is newly captured, so we know to commit changes!
+      desc: Gets the deploy key for a particular project from Lagoon and persists it in sites.yaml
+      deps: [lagoon:cli:config]
+      dir: "{{.dir_env}}"
+      env: # TODO: vars?
+        DEPLOY_KEY:
+          sh: lagoon get project-key --project "{{.SITE}}" --output-json | jq '.data[0].publickey' --raw-output
+        SITE: "{{.SITE}}"
+      cmds:
+        - echo "depl k ${DEPLOY_KEY}"
+        - yq -i e '.sites[env(SITE)].deploy_key |= env(DEPLOY_KEY)' sites.yaml
+      preconditions:
+      - sh: "[ ! -z {{.SITE}} ]"
+        msg: "Env variable SITE is not set or empty."
+
     ui-password:
       desc: Get the password to access a given user interface
       cmds: