From c32fd29ac14d22a8a5e395f8ac56601edf768cf1 Mon Sep 17 00:00:00 2001 From: Jan Philipp Timme <jan.philipp@timme.it> Date: Mon, 16 Dec 2019 18:22:00 +0100 Subject: [PATCH] Allow way more flexibility regarding permissions before/after cloning/deploying --- deploy/defaults.yaml | 6 ++++++ deploy/gitlab.sls | 26 ++++++++++++++++++++++---- 2 files changed, 28 insertions(+), 4 deletions(-) diff --git a/deploy/defaults.yaml b/deploy/defaults.yaml index a8060d6..9b8989e 100644 --- a/deploy/defaults.yaml +++ b/deploy/defaults.yaml @@ -1,6 +1,12 @@ deploy: config: deploy_directory: /srv/repo + deploy_directory_before_clone_user: deployer + deploy_directory_before_clone_group: deployer + deploy_directory_before_clone_mode: 770 + deploy_directory_after_clone_user: deployer + deploy_directory_after_clone_group: deployer + deploy_directory_after_clone_mode: 770 venv_directory: /srv/venv cert_directory: /etc/hsh-certs static_directory: /srv/static diff --git a/deploy/gitlab.sls b/deploy/gitlab.sls index 850d79d..93deaaa 100644 --- a/deploy/gitlab.sls +++ b/deploy/gitlab.sls @@ -8,16 +8,18 @@ deploy_packages: - order: 0 - pkgs: [git] -deploy_target_directory: +{# Ensure deploy_directory exists with proper permissions to deploy before actually deploying into it. #} +deploy_target_directory_before_clone_permissions: file.directory: - name: {{ deploy.config.deploy_directory }} - - user: deployer - - group: deployer - - mode: 770 + - user: {{ deploy.config.deploy_directory_before_clone_user }} + - group: {{ deploy.config.deploy_directory_before_clone_group }} + - mode: {{ deploy.config.deploy_directory_before_clone_mode }} - require: - user: deployer - group: deployer + {% for project_name, project_config in deploy.projects.items() if project_config.get('gitlab', False) %} {% set repo_config = project_config.gitlab %} @@ -29,6 +31,8 @@ deploy_{{ project_name }}_clone_git: - force_fetch: true - force_reset: true # ignore local repos changed! - target: {{ project_config.path }} + - require: + - file: deploy_target_directory_before_clone_permissions deploy_{{ project_name }}_clone_directory_permissions: file.directory: @@ -59,3 +63,17 @@ deploy_{{ project_name }}_run_after_clone_command: {% endif %} {% endfor%} + +{# Allow fixing permissions of deploy_directory after cloning all projects in there. #} +deploy_target_directory_after_clone_permissions: + file.directory: + - name: {{ deploy.config.deploy_directory }} + - user: {{ deploy.config.deploy_directory_after_clone_user }} + - group: {{ deploy.config.deploy_directory_after_clone_group }} + - mode: {{ deploy.config.deploy_directory_after_clone_mode }} + - require: + - user: deployer + - group: deployer +{% for project_name, project_config in deploy.projects.items() if project_config.get('gitlab', False) %} + - git: deploy_{{ project_name }}_clone_git +{% endfor %} -- GitLab