diff --git a/deploy/defaults.yaml b/deploy/defaults.yaml index a8060d6cda0160b63f51de28592c27d8c471f94d..9b8989ea3232c0feb9e73dcf90bf647b3f73b232 100644 --- a/deploy/defaults.yaml +++ b/deploy/defaults.yaml @@ -1,6 +1,12 @@ deploy: config: deploy_directory: /srv/repo + deploy_directory_before_clone_user: deployer + deploy_directory_before_clone_group: deployer + deploy_directory_before_clone_mode: 770 + deploy_directory_after_clone_user: deployer + deploy_directory_after_clone_group: deployer + deploy_directory_after_clone_mode: 770 venv_directory: /srv/venv cert_directory: /etc/hsh-certs static_directory: /srv/static diff --git a/deploy/gitlab.sls b/deploy/gitlab.sls index 850d79dd391f0c254f4798c8ceb20c99b9f420c8..93deaaaf3c1d6bd9e9790ba84ecad5f41417cfe2 100644 --- a/deploy/gitlab.sls +++ b/deploy/gitlab.sls @@ -8,16 +8,18 @@ deploy_packages: - order: 0 - pkgs: [git] -deploy_target_directory: +{# Ensure deploy_directory exists with proper permissions to deploy before actually deploying into it. #} +deploy_target_directory_before_clone_permissions: file.directory: - name: {{ deploy.config.deploy_directory }} - - user: deployer - - group: deployer - - mode: 770 + - user: {{ deploy.config.deploy_directory_before_clone_user }} + - group: {{ deploy.config.deploy_directory_before_clone_group }} + - mode: {{ deploy.config.deploy_directory_before_clone_mode }} - require: - user: deployer - group: deployer + {% for project_name, project_config in deploy.projects.items() if project_config.get('gitlab', False) %} {% set repo_config = project_config.gitlab %} @@ -29,6 +31,8 @@ deploy_{{ project_name }}_clone_git: - force_fetch: true - force_reset: true # ignore local repos changed! - target: {{ project_config.path }} + - require: + - file: deploy_target_directory_before_clone_permissions deploy_{{ project_name }}_clone_directory_permissions: file.directory: @@ -59,3 +63,17 @@ deploy_{{ project_name }}_run_after_clone_command: {% endif %} {% endfor%} + +{# Allow fixing permissions of deploy_directory after cloning all projects in there. #} +deploy_target_directory_after_clone_permissions: + file.directory: + - name: {{ deploy.config.deploy_directory }} + - user: {{ deploy.config.deploy_directory_after_clone_user }} + - group: {{ deploy.config.deploy_directory_after_clone_group }} + - mode: {{ deploy.config.deploy_directory_after_clone_mode }} + - require: + - user: deployer + - group: deployer +{% for project_name, project_config in deploy.projects.items() if project_config.get('gitlab', False) %} + - git: deploy_{{ project_name }}_clone_git +{% endfor %}