name: Maintenance on: - push - workflow_dispatch jobs: infra: runs-on: ubuntu-latest env: AWS_ACCESS_KEY_ID: '${{ secrets.AWS_ACCESS_KEY_ID }}' AWS_SECRET_ACCESS_KEY: '${{ secrets.AWS_SECRET_ACCESS_KEY }}' DIGITALOCEAN_TOKEN: '${{ secrets.DIGITALOCEAN_TOKEN }}' YC_SERVICE_ACCOUNT_KEY_FILE: '${{ secrets.YC_SERVICE_ACCOUNT_KEY_FILE }}' steps: - name: Set up Terraform uses: hashicorp/setup-terraform@v3 - name: Add SSH key run: | mkdir -p ~/.ssh cat > ~/.ssh/config <<'EOF' StrictHostKeyChecking no EOF cat > ~/.ssh/id_ed25519 <<'EOF' ${{ secrets.SSH_KEY }} EOF chmod 0600 ~/.ssh/id_ed25519 - name: Checkout run: | git clone -q ssh://git@bitbucket.org/egor-tensin/infra.git - name: Configure git run: | git config --global user.name 'Egor Tensin' git config --global user.email 'egor@tensin.name' - name: Run maintenance run: | make -C infra maintenance yandex-cloud-cli-bin: runs-on: ubuntu-latest container: image: archlinux:base-devel steps: - name: Install dependencies run: | pacman -Sy --noconfirm git openssh - name: Add SSH key run: | mkdir -p /root/.ssh/ cat > /root/.ssh/config <<'EOF' StrictHostKeyChecking no EOF cat > /root/.ssh/id_ed25519 <<'EOF' ${{ secrets.SSH_KEY }} EOF chmod 0600 /root/.ssh/id_ed25519 - name: Checkout run: | git clone -q ssh://aur@aur.archlinux.org/yandex-cloud-cli-bin.git chmod -R o+w yandex-cloud-cli-bin - name: Run maintenance run: | git config --system --add safe.directory "$( pwd )/yandex-cloud-cli-bin" # Stupid makepkg hard forbids running as root, which is stupid, which # is why I'm doing all of that stupidity here and above. runuser -u nobody -- make -C yandex-cloud-cli-bin maintenance