Have GitHub organisations list in one place (#892)

ocurrent · Oct 11, 2023 · 9ea371f · 9ea371f
1 parent 5abdc68
commit 9ea371f
Show file tree

Hide file tree

Showing 3 changed files with 117 additions and 2 deletions.
diff --git a/Makefile b/Makefile
@@ -9,5 +9,10 @@ deploy-backend:
 deploy-web:
 	env DOCKER_BUILDKIT=1 docker --context $(CONTEXT) build -f Dockerfile.web -t ocaml-ci-web .
 
-deploy-stack:
+orgs := $(shell cat deploy-data/github-organisations.txt | tr '\n' ',')
+
+stack.yml: stack.yml.in deploy-data/github-organisations.txt
+	sed 's/GITHUB_ORGANISATIONS/${orgs:,=}/' stack.yml.in > stack.yml
+
+deploy-stack: stack.yml
 	docker --context $(CONTEXT) stack deploy --prune -c stack.yml ocaml-ci
diff --git a/stack.yml b/stack.yml
@@ -40,7 +40,7 @@ services:
       --submission-solver-service /run/secrets/ocaml-ci-solver.cap 
       --migration-path /migrations
       --verbosity info
-      --github-account-allowlist 'talex5,ocurrent,ocaml,mirage,avsm,samoht,kit-ty-kate,tarides,aantron,ocamllabs,realworldocaml,NathanReb,0install,gpetiot,ocaml-ppx,CraigFe,pascutto,julow,ocaml-gospel,vbmithr,gs0510,magnuss,dune-universe,janestreet,emillon,capnproto,ocaml-opam,ocaml-dune,favonia,joelburget,jeffa5,bikallem,jonludlam,g2p,stedolan,ocsigen,dinosaure,hannesm,mirleft,robur-coop,misterda,ocaml-multicore,cdaringe,inhabitedtype,tmcgilchrist,ocaml-doc,grievejia,Leonidas-from-XIV,ocaml-community,verbosemode,tomjridge,thizanne,n-osborne,TheLortex,patricoferris,routineco,moby,djs55,hyunha,hyper-systems,coco33920,sanette,maiste,yomimono,c-cube,novemberkilo,joaosreis,mtelvers,ygrek,geocaml,panglesd,SimonJF,haesbaert,benmandrew,andrenth,backtracking,jmid,shindere,gildor478,mefyl,ElectreAAS,well-typed-lightbulbs,johnyob,lasamlai,zshipko,andreas,bobot,dialohq,reynir,nilsbecker,ngernest,progman1,moyodiallo,edwintorok,smuenzel'
+      --github-account-allowlist talex5,ocurrent,ocaml,mirage,avsm,samoht,kit-ty-kate,tarides,aantron,ocamllabs,realworldocaml,NathanReb,0install,gpetiot,ocaml-ppx,CraigFe,pascutto,Julow,ocaml-gospel,vbmithr,gs0510,MagnusS,dune-universe,janestreet,emillon,capnproto,ocaml-opam,ocaml-dune,favonia,joelburget,jeffa5,bikallem,jonludlam,g2p,stedolan,ocsigen,dinosaure,hannesm,mirleft,robur-coop,MisterDA,ocaml-multicore,cdaringe,inhabitedtype,tmcgilchrist,ocaml-doc,grievejia,Leonidas-from-XIV,ocaml-community,verbosemode,tomjridge,thizanne,n-osborne,TheLortex,patricoferris,routineco,moby,djs55,hyunha,hyper-systems,coco33920,sanette,maiste,yomimono,c-cube,novemberkilo,joaosreis,mtelvers,ygrek,geocaml,panglesd,SimonJF,haesbaert,benmandrew,andrenth,backtracking,jmid,shindere,gildor478,mefyl,ElectreAAS,well-typed-lightbulbs,johnyob,lasamlai,zshipko,andreas,bobot,dialohq,reynir,nilsbecker,ngernest,progman1,moyodiallo,edwintorok,smuenzel
     environment:
       - "CAPNP_PROFILE=production"
       - "PLATFORMS=all"

diff --git a/stack.yml.in b/stack.yml.in
@@ -0,0 +1,110 @@
+version: '3.1'
+volumes:
+  data:
+  capnp-secrets:
+  gitlab-data:
+  gitlab-capnp-secrets:
+
+secrets:
+  ocaml-ci-github-key:
+    external: true
+  ocaml-ci-oauth:
+    external: true
+  ocaml-ci-submission.cap:
+    external: true
+  ocaml-ci-webhook-secret:
+    external: true
+  ocaml-ci-gitlab-oauth:
+    external: true
+  ocaml-ci-gitlab-token:
+    external: true
+  ocaml-ci-gitlab-webhook-secret:
+    external: true
+  ocaml-ci-solver.cap:
+    external: true
+
+services:
+  ci:
+    image: ocurrent/ocaml-ci-service:live
+    # image: ocaml-ci-service
+    # For local deploys using docker -c ocaml.ci.dev build -t ocaml-ci-service -f Dockerfile .
+    command: >
+      --github-app-id 39151
+      --github-private-key-file /run/secrets/ocaml-ci-github-key
+      --github-oauth /run/secrets/ocaml-ci-oauth
+      --github-webhook-secret-file /run/secrets/ocaml-ci-webhook-secret
+      --confirm above-average
+      --confirm-auto-release 120
+      --capnp-public-address=tcp:ocaml.ci.dev:8102 --capnp-listen-address=tcp:0.0.0.0:9000
+      --submission-service /run/secrets/ocaml-ci-submission.cap
+      --submission-solver-service /run/secrets/ocaml-ci-solver.cap 
+      --migration-path /migrations
+      --verbosity info
+      --github-account-allowlist GITHUB_ORGANISATIONS
+    environment:
+      - "CAPNP_PROFILE=production"
+      - "PLATFORMS=all"
+      - "DOCKER_BUILDKIT=1"
+      - "PROGRESS_NO_TRUNC=1"
+    ports:
+      - '8102:9000'
+    volumes:
+      - 'data:/var/lib/ocurrent'
+      - '/var/run/docker.sock:/var/run/docker.sock'
+      - 'capnp-secrets:/capnp-secrets'
+    secrets:
+      - 'ocaml-ci-oauth'
+      - 'ocaml-ci-github-key'
+      - 'ocaml-ci-submission.cap'
+      - 'ocaml-ci-solver.cap'
+      - 'ocaml-ci-webhook-secret'
+    sysctls:
+      - 'net.ipv4.tcp_keepalive_time=60'
+
+  gitlab:
+    image: ocurrent/ocaml-ci-gitlab-service:live
+    # image: ocaml-ci-gitlab-service
+    # For local deploys using docker -c ocaml.ci.dev build -t ocaml-ci-gitlab-service -f Dockerfile.gitlab .
+    command: >
+      --gitlab-oauth /run/secrets/ocaml-ci-gitlab-oauth
+      --gitlab-token-file /run/secrets/ocaml-ci-gitlab-token
+      --gitlab-webhook-secret-file /run/secrets/ocaml-ci-gitlab-webhook-secret
+      --submission-service /run/secrets/ocaml-ci-submission.cap
+      --submission-solver-service /run/secrets/ocaml-ci-solver.cap
+      --capnp-public-address=tcp:ocaml.ci.dev:8202
+      --capnp-listen-address=tcp:0.0.0.0:9000
+      --migration-path /migrations
+      --verbosity info
+    environment:
+      - "CAPNP_PROFILE=production"
+      - "PLATFORMS=all"
+      - "DOCKER_BUILDKIT=1"
+      - "PROGRESS_NO_TRUNC=1"
+    ports:
+      - '8202:9000'
+    volumes:
+      - 'gitlab-data:/var/lib/ocurrent'
+      - '/var/run/docker.sock:/var/run/docker.sock'
+      - 'gitlab-capnp-secrets:/capnp-secrets'
+    secrets:
+      - 'ocaml-ci-gitlab-oauth'
+      - 'ocaml-ci-gitlab-token'
+      - 'ocaml-ci-submission.cap'
+      - 'ocaml-ci-solver.cap'
+      - 'ocaml-ci-gitlab-webhook-secret'
+    sysctls:
+      - 'net.ipv4.tcp_keepalive_time=60'
+
+  web:
+    image: ocurrent/ocaml-ci-web:live
+    # image: ocaml-ci-web
+    # For local deploys using docker -c ocaml.ci.dev build -t ocaml-ci-web -f Dockerfile.web .
+    command: >
+      --backend /capnp-secrets/ocaml-ci-admin.cap
+      --gitlab-backend /gitlab-capnp-secrets/ocaml-ci-gitlab-admin.cap
+      --listen-prometheus=9090
+    volumes:
+      - 'capnp-secrets:/capnp-secrets:ro'
+      - 'gitlab-capnp-secrets:/gitlab-capnp-secrets:ro'
+    sysctls:
+      - 'net.ipv4.tcp_keepalive_time=60'