Introduction
Introduction Statistics Contact Development Disclaimer Help
Title: OpenBSD in a CI environment with sourcehut
Author: Solène
Date: 03 December 2023
Tags: openbsd devops git
Description: In this article, you will learn how to use sourcehut git
forge to run CI in an OpenBSD environment
# Introduction
If you ever required continuous integration pipelines to do some
actions in an OpenBSD environment, you certainly figured that most Git
"forge" didn't provide OpenBSD as a host environment for the CI.
It turns out that sourcehut is offering many environments, and OpenBSD
is one among them, but you can also find Guix, NixOS, NetBSD, FreeBSD
or even 9front!
Let's see how this works.
sourcehut official website
sourcehut: Documentation about host systems offering in CI
Note that the CI is only available to paid accounts, the minimal fee is
"$2/month or $20/year". There are no tiers, so as long as you pay
something you have a paid account. sourcehut is offering a
clutter-free web interface, and developing an open source product that
is also capable of running OpenBSD in a CI environment, I decided to
support them (I really rarely subscribe to any kind of services).
PS: sourcehut supports Mercurial projects too.
# The CI
Upon each CI trigger, a new VM is created, it's possible to define the
operating system and version you want for the environment, and then
what to do in it.
The CI works when you have a "manifest" file in your project with the
path `.build.yml` at the root of your project, it contains all the
information about what to do.
sourcehut: Documentation about manifests and builds
# Secret management
When you run code in a CI, you often need secrets, and most often you
require SSH keys if you want to push artefacts.
The SSH key secret is simplified, if sourcehut recognizes a secret to
be a private SSH key, it will automatically save it at the right place.
sourcehut: Documentation about secrets in CI
# Example
Here is a simple example of a manifest file I use to build a website
using the static generator hugo, and then push the result on a remote
server.
```
image: openbsd/latest
packages:
- hugo--
- rsync--
secrets:
- f20c67ec-64c2-46a2-a308-6ad929c5d2e7
sources:
- [email protected]:~solene/my-project
tasks:
- init: |
cd my-project
git clone https://github.com/adityatelange/hugo-PaperMod themes/PaperMod …
- build: |
cd my-project
echo 'web.perso.pw ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKRj0NK7ZPMQgkgqw8…
make
```
On the example above, we can notice different parts:
* image: this tells the manifest which OS to use, openbsd/latest means
latest release.
* packages: this tells which packages to install, it's OS-agnostic. I
use extra dashes because some alternate versions of these packages
exists, I just want the simple flavour for each.
* secrets: this tells which secret I want among the secrets stored in
sourcehut. This is a dedicated private SSH key in this case.
* sources: this tells which sources to clone in the CI. Be careful
though, if a repository is private, the CI needs to have the SSH key to
access the repository. I spent some time figuring this the hard way.
* tasks: this defines which commands to run, they are grouped in jobs.
If you use SSH, don't forget to either use `ssh-keyscan` to generate
the content for `~/.ssh/known_hosts`, or add the known fingerprint like
me that would require an update if the SSH host key changes.
A cool thing is when your CI job failed, the environment will continue
to live for at least 10 minutes while offering an SSH access for debug
purpose.
sourcehut: Documentation about SSH into build environments
# Conclusion
I finally found a Git forge that is ethic and supportive of niche
operating system. Its interface may be rude with fewer features, but
it loads faster and is cleaner to understand. The price ($20/year) is
higher than the competition (GitHub or GitLab) which can be used freely
(up to some point) but they don't offer the CI choice and the elegant
workflow sourcehut has.
# Going further
You can self-host a sourcehut instance if you prefer, it's open source
and packaged for some Linux distributions.
sourcehut: Documentation about the deployment process
You are viewing proxied material from dataswamp.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.