From c32fd29ac14d22a8a5e395f8ac56601edf768cf1 Mon Sep 17 00:00:00 2001
From: Jan Philipp Timme <jan.philipp@timme.it>
Date: Mon, 16 Dec 2019 18:22:00 +0100
Subject: [PATCH] Allow way more flexibility regarding permissions before/after
 cloning/deploying

---
 deploy/defaults.yaml |  6 ++++++
 deploy/gitlab.sls    | 26 ++++++++++++++++++++++----
 2 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/deploy/defaults.yaml b/deploy/defaults.yaml
index a8060d6..9b8989e 100644
--- a/deploy/defaults.yaml
+++ b/deploy/defaults.yaml
@@ -1,6 +1,12 @@
 deploy:
   config:
     deploy_directory: /srv/repo
+    deploy_directory_before_clone_user: deployer
+    deploy_directory_before_clone_group: deployer
+    deploy_directory_before_clone_mode: 770
+    deploy_directory_after_clone_user: deployer
+    deploy_directory_after_clone_group: deployer
+    deploy_directory_after_clone_mode: 770
     venv_directory: /srv/venv
     cert_directory: /etc/hsh-certs
     static_directory: /srv/static
diff --git a/deploy/gitlab.sls b/deploy/gitlab.sls
index 850d79d..93deaaa 100644
--- a/deploy/gitlab.sls
+++ b/deploy/gitlab.sls
@@ -8,16 +8,18 @@ deploy_packages:
     - order: 0
     - pkgs: [git]
 
-deploy_target_directory:
+{# Ensure deploy_directory exists with proper permissions to deploy before actually deploying into it. #}
+deploy_target_directory_before_clone_permissions:
   file.directory:
     - name: {{ deploy.config.deploy_directory }}
-    - user: deployer
-    - group: deployer
-    - mode: 770
+    - user: {{ deploy.config.deploy_directory_before_clone_user }}
+    - group: {{ deploy.config.deploy_directory_before_clone_group }}
+    - mode: {{ deploy.config.deploy_directory_before_clone_mode }}
     - require:
       - user: deployer
       - group: deployer
 
+
 {% for project_name, project_config in deploy.projects.items() if project_config.get('gitlab', False) %}
 {% set repo_config = project_config.gitlab %}
 
@@ -29,6 +31,8 @@ deploy_{{ project_name }}_clone_git:
     - force_fetch: true
     - force_reset: true  # ignore local repos changed!
     - target: {{ project_config.path }}
+    - require:
+      - file: deploy_target_directory_before_clone_permissions
 
 deploy_{{ project_name }}_clone_directory_permissions:
   file.directory:
@@ -59,3 +63,17 @@ deploy_{{ project_name }}_run_after_clone_command:
 {% endif %}
 
 {% endfor%}
+
+{# Allow fixing permissions of deploy_directory after cloning all projects in there. #}
+deploy_target_directory_after_clone_permissions:
+  file.directory:
+    - name: {{ deploy.config.deploy_directory }}
+    - user: {{ deploy.config.deploy_directory_after_clone_user }}
+    - group: {{ deploy.config.deploy_directory_after_clone_group }}
+    - mode: {{ deploy.config.deploy_directory_after_clone_mode }}
+    - require:
+      - user: deployer
+      - group: deployer
+{% for project_name, project_config in deploy.projects.items() if project_config.get('gitlab', False) %}
+      - git: deploy_{{ project_name }}_clone_git
+{% endfor %}
-- 
GitLab