-
-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathupdate.sh
executable file
·120 lines (102 loc) · 3.5 KB
/
update.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
#!/bin/bash
# I am really sorry for anyone who has to work with this, including myself and
# Kat. - mattl
#
# For troubleshooting:
# sudo tail -f /var/log/letsencrypt/letsencrypt.log
set -o errexit
set -o errtrace
set -o nounset
trap '_es=${?};
_lo=${LINENO};
_co=${BASH_COMMAND};
echo "${0}: line ${_lo}: \"${_co}\" exited with a status of ${_es}";
exit ${_es}' ERR
repo='https://github.com/creativecommons/creativecommons.org.git'
reponame='cc-all-forks'
workdir="${HOME}"
checkoutdir="${workdir}/${reponame}"
resourcedir="${HOME}/magical-pony"
statusfile='/var/www/html/index.html'
rm -rf "${checkoutdir}"
mkdir -p "${checkoutdir}"
{
echo '<h1>Updating the Magical Pony</h1>'
echo "<h2>$(date '+%A %F %T %:::z %Z')</h2>"
cat pony.img.html
} > "${statusfile}"
pushd "${checkoutdir}"
echo
echo "# git clone ${repo}"
# Get a clean version to avoid any merge/reset weirdness
git clone "${repo}" .
echo
echo '<h2>Branches</h2>' >> "${statusfile}"
for branchname in $(git branch -r | grep -v 'HEAD\|master')
do
echo "# ${branchname}"
branchid="${branchname##*/}"
branchpath="/srv/clones/${branchid}"
webroot="${branchpath}/docroot"
domain="${branchid}.legal.creativecommons.org"
certbotargs="${certbotargs:-} -w ${webroot} -d ${domain}"
echo "${branchpath}"
git checkout -f -q "${branchname}"
git show-branch --sha1-name HEAD
mkdir -p "${branchpath}.NEW"
git archive "${branchname}" \
| tar -xC "${branchpath}.NEW"
[[ -d ${branchpath} ]] && mv ${branchpath} ${branchpath}.OLD
mv ${branchpath}.NEW ${branchpath}
[[ -d ${branchpath}.OLD ]] && rm -rf ${branchpath}.OLD
# Ensure branchpath mtime is up-to-date
touch ${branchpath}/.gitignore
cp "${resourcedir}/default" \
"/etc/apache2/sites-enabled/${branchid}.conf"
perl -p -i -e "s/MAGICALPONY/${branchid}/g" \
"/etc/apache2/sites-enabled/${branchid}".conf
hash=$(git log ${branchname} -1 --format='%H')
{
echo "<h3>${branchid} (${branchname})</h3>"
echo '<p><b>Commit: </b>'
echo " <a href=\"https://github.com/creativecommons/creativecommons.org/commit/${hash}\">${hash}</a>"
echo '</p>'
} >> "${statusfile}"
git log ${branchname} -1 --format="<p>%s</p>" >> "${statusfile}"
echo
done
popd
echo
echo '# cerbotargs:'
echo "${certbotargs}"
echo
echo '# run cerbot'
echo
# Get any new certificates, incorporate old one, refresh expiring, install any
# new http->https redirects, and do so automatically.
if /usr/bin/certbot --authenticator webroot --installer apache \
--agree-tos -m webmaster@creativecommons.org \
--non-interactive --expand --keep-until-expiring --redirect \
${certbotargs}
then
echo '<h1>And we are done!</h1>' >> "${statusfile}"
else
{
echo '<h1>certbot ERROR</h1>'
echo '<p>See <pre>/var/log/letsencrypt/letsencrypt.log</pre>.</p>'
} >> "${statusfile}"
fi
echo
echo "<h2>$(date '+%A %F %T %:::z %Z')</h2>" >> "${statusfile}"
# Touch primary apache files to ensure they are preserved
touch /etc/apache2/sites-enabled/legal.creativecommons.org.conf
touch /etc/apache2/sites-enabled/legal.creativecommons.org-le-ssl.conf
echo '# Clean-up: /srv/clones'
find /srv/clones/* -maxdepth 0 -type d -mtime +1
find /srv/clones/* -maxdepth 0 -type d -mtime +1 -exec rm -rf {} +
echo
echo '# Clean-up: /etc/apache2/sites-enabled/'
find /etc/apache2/sites-enabled/ -mtime +1
find /etc/apache2/sites-enabled/ -mtime +1 -delete
echo
service apache2 restart