From fb8e0da0734a1dabb51487e40f69f9fa2928ba57 Mon Sep 17 00:00:00 2001
From: Jakub Czajka <jakub@ekhem.eu.org>
Date: Sat, 29 Apr 2023 22:06:10 +0200
Subject: [PATCH] [metadata] Configure automatic deployment.

---
 90-git                          |  4 ++++
 README                          |  7 ++++++
 metadata.git/deploy.yaml        | 42 +++++++++++++++++++++++++++++++++
 metadata.git/hooks/post-receive | 13 ++++++++++
 4 files changed, 66 insertions(+)
 create mode 100644 90-git
 create mode 100644 metadata.git/deploy.yaml
 create mode 100755 metadata.git/hooks/post-receive

diff --git a/90-git b/90-git
new file mode 100644
index 0000000..97a2054
--- /dev/null
+++ b/90-git
@@ -0,0 +1,4 @@
+# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
+# License: GPL-3.0 or later.
+
+git     ALL=(ALL) NOPASSWD: /usr/bin/ansible-playbook
diff --git a/README b/README
index 7cf2149..691f213 100644
--- a/README
+++ b/README
@@ -2,3 +2,10 @@ metadata
 ========
 
 Metadata files (descriptions, hooks etc.) for the other git repositories.
+
+Install
+-------
+
+Copy the `post-receive` hook to `metadata.git/hooks` in order for the repository
+to automatically update other repositories. It copies files from this repository
+to `/srv/git` after each commit.
diff --git a/metadata.git/deploy.yaml b/metadata.git/deploy.yaml
new file mode 100644
index 0000000..9182049
--- /dev/null
+++ b/metadata.git/deploy.yaml
@@ -0,0 +1,42 @@
+# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
+# License: GPL-3.0 or later.
+
+- hosts: servers
+  vars:
+    dest: "{{ ansible_local.env.vars.git_home_dir }}"
+    repo: "{{ ansible_local.env.vars.git_home_dir }}/metadata.git"
+  tasks:
+    - name: Checkout metadata's configuration files to the destination directory
+      command: /usr/bin/git --work-tree={{ dest }} --git-dir={{ repo }} \
+        checkout main --force
+      become: true
+    - name: Move 90-git to /etc/sudoers.d
+      command: /usr/bin/mv {{ dest }}/90-git /etc/sudoers.d
+      become: true
+    - name: Set ownership and permissions for /etc/sudoers.d/90-git
+      file:
+        path: /etc/sudoers.d/90-git
+        mode: 0440
+        owner: root
+        group: root
+      become: true
+
+    - name: Install ansible
+      package:
+        name:
+          - ansible
+        state: latest
+      become: true
+    - find:
+        paths: "{{ dest }}"
+        recurse: true
+        patterns: post-receive
+      register: post_receive_scripts
+    - name: Make all post-receive scripts executable and set ownership
+      file:
+        path: "{{ item.path }}"
+        mode: 0744
+        owner: git
+        group: git
+      become: true
+      with_items: "{{ post_receive_scripts.files }}"
diff --git a/metadata.git/hooks/post-receive b/metadata.git/hooks/post-receive
new file mode 100755
index 0000000..ac81bdc
--- /dev/null
+++ b/metadata.git/hooks/post-receive
@@ -0,0 +1,13 @@
+#!/bin/sh
+# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
+# License: GPL-3.0 or later.
+
+while read old_revision new_revision branch
+do
+    if [ "${branch}" != "refs/heads/main" ]
+    then
+       echo "${branch} is not the main branch so not deploying."
+       exit 0
+    fi
+    sudo /usr/bin/ansible-playbook --connection=local deploy.yaml
+done
-- 
2.39.5