x - Jaypore CI - > Jaypore CI: Minimal, Offline, Local CI system.

commit 2bce1609ef7aa60e525dccb4c657964b26d26375
parent 93b9f6689441b680d72a109f39fb3cf02d104b81
Author: Arjoonn Sharma <arjoonn@midpathsoftware.com>
Date:   Fri, 27 Mar 2026 13:31:23 +0530

x

Diffstat:
M scripts/publish_site.sh  | 28 ++++++++++++++++------------
A secrets/.gitignore  | 3 +++
A secrets/bin/.gitignore  | 3 +++
A secrets/bin/create_envfile.sh  | 8 ++++++++
A secrets/bin/edit_env.sh  | 30 ++++++++++++++++++++++++++++++
A secrets/bin/ensure_bins.sh  | 34 ++++++++++++++++++++++++++++++++++
A secrets/bin/set_env.sh  | 8 ++++++++

7 files changed, 102 insertions(+), 12 deletions(-)
diff --git a/scripts/publish_site.sh b/scripts/publish_site.sh
@@ -7,18 +7,22 @@ set -o pipefail
 publish() {
     echo "Publishing site"
     pwd
-    cd website
-    md5sum secrets/ci.key
-    source secrets/bin/set_env.sh ci
-
-    cd /vol/www && zip -r ../website.zip .
-
-    echo Pushing build
-    curl -H "Content-Type: application/zip" \
-         -H "Authorization: Bearer $NETLIFY_TOKEN" \
-         --data-binary "@/vol/website.zip" \
-         https://api.netlify.com/api/v1/sites/$NETLIFY_SITEID/deploys | python3 -m json.tool
+    md5sum secrets/prod.key
+    md5sum secrets/prod.enc
+    source secrets/bin/set_env.sh prod
+    echo "Build site"
+    bash pwa/actions/build_pwa.sh
+    echo "Creating zip"
+    (
+        cd /build \
+        && zip -r /website.zip ./ \
+        && cd / \
+        && echo "Publishing Site ID: $NETLIFY_SITEID" \
+        && curl -H "Content-Type: application/zip" \
+            -H "Authorization: Bearer $NETLIFY_TOKEN" \
+            --data-binary "@website.zip" \
+            https://api.netlify.com/api/v1/sites/$NETLIFY_SITEID/deploys
+    )
 }
 
 (publish)
-
diff --git a/secrets/.gitignore b/secrets/.gitignore
@@ -0,0 +1,3 @@
+*.key
+*.plaintext*
+!dev.key
diff --git a/secrets/bin/.gitignore b/secrets/bin/.gitignore
@@ -0,0 +1,3 @@
+age
+age-keygen
+sops
diff --git a/secrets/bin/create_envfile.sh b/secrets/bin/create_envfile.sh
@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+
+BIN=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+SECRETS=$(echo "$BIN/..")
+NAME=$1
+(bash $BIN/ensure_bins.sh)
+PATH="$PATH:$HOME/.local/bin:$BIN"
+SOPS_AGE_KEY_FILE=$SECRETS/$NAME.key sops --decrypt --input-type dotenv --output-type dotenv $SECRETS/$NAME.enc > secrets/$NAME.plaintext.env
diff --git a/secrets/bin/edit_env.sh b/secrets/bin/edit_env.sh
@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+
+set -o errexit
+set -o pipefail
+
+main (){
+    NAME=$1
+    BIN=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+    SECRETS=$(echo "$BIN/..")
+    KEY_FILE=$(echo "$SECRETS/$NAME.key")
+    ENC_FILE=$(echo "$SECRETS/$NAME.enc")
+    PLAINTEXT_FILE=$(echo "$SECRETS/$NAME.plaintext")
+    export SOPS_AGE_KEY_FILE=$KEY_FILE
+    echo "BIN      = $BIN"
+    echo "SECRETS  = $SECRETS"
+    echo "KEY      = $KEY_FILE"
+    echo "SOPS KEY = $SOPS_AGE_KEY_FILE"
+    echo "ENC      = $ENC_FILE"
+    echo "PLAIN    = $PLAINTEXT_FILE"
+    (bash $BIN/ensure_bins.sh)
+    PATH="$PATH:$HOME/.local/bin:$BIN"
+
+    if [[ -f "$ENC_FILE" ]]; then
+        sops --decrypt --input-type dotenv --output-type dotenv "$ENC_FILE" > "$PLAINTEXT_FILE"
+    fi
+    ${EDITOR:-nano} "$PLAINTEXT_FILE"
+    sops --input-type dotenv --output-type dotenv --encrypt --age $(age-keygen -y "$KEY_FILE") "$PLAINTEXT_FILE" > "$ENC_FILE"
+    rm "$PLAINTEXT_FILE"
+}
+(main $1)
diff --git a/secrets/bin/ensure_bins.sh b/secrets/bin/ensure_bins.sh
@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+set -o errexit
+set -o pipefail
+
+get_sops(){
+    if sops --version > /dev/null
+    then
+        return
+    else
+        echo "SOPS not found in PATH. Downloading..."
+        curl -L -o $HOME/.local/bin/sops https://github.com/getsops/sops/releases/download/v3.8.1/sops-v3.8.1.linux.amd64
+        chmod u+x $HOME/.local/bin/sops
+    fi
+}
+
+get_age(){
+    if age --version > /dev/null
+    then
+        return
+    else
+        echo "AGE not found in PATH. Downloading..."
+        curl -L -o /tmp/age.tar.gz https://github.com/FiloSottile/age/releases/download/v1.1.1/age-v1.1.1-linux-amd64.tar.gz
+        (cd /tmp && tar xf age.tar.gz && cd age && cp age $HOME/.local/bin && cp age-keygen $HOME/.local/bin)
+    fi
+}
+
+main (){
+    mkdir -p $HOME/.local/bin
+    PATH="$PATH:$HOME/.local/bin"
+    get_age
+    get_sops
+}
+(main)
diff --git a/secrets/bin/set_env.sh b/secrets/bin/set_env.sh
@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+
+BIN=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+SECRETS=$(echo "$BIN/..")
+NAME=$1
+(bash $BIN/ensure_bins.sh)
+PATH="$PATH:$HOME/.local/bin:$BIN"
+export $(SOPS_AGE_KEY_FILE=$SECRETS/$NAME.key sops --decrypt --input-type dotenv --output-type dotenv $SECRETS/$NAME.enc | xargs)

	Jaypore CI > Jaypore CI: Minimal, Offline, Local CI system.
	Log \| Files \| Refs \| README \| LICENSE

M	scripts/publish_site.sh	\|	28	++++++++++++++++------------
A	secrets/.gitignore	\|	3	+++
A	secrets/bin/.gitignore	\|	3	+++
A	secrets/bin/create_envfile.sh	\|	8	++++++++
A	secrets/bin/edit_env.sh	\|	30	++++++++++++++++++++++++++++++
A	secrets/bin/ensure_bins.sh	\|	34	++++++++++++++++++++++++++++++++++
A	secrets/bin/set_env.sh	\|	8	++++++++