From 1265bfe5d212811cf61cdccd6023c0367bf79038 Mon Sep 17 00:00:00 2001
From: Lars Brinkhoff <lars@nocrew.org>
Date: Wed, 20 Jan 2021 12:40:27 +0100
Subject: [PATCH] Deploy built images using rsync.

---
 .github/workflows/build.yml |  6 ++++++
 build/deploy.sh             | 30 ++++++++++++++++++++++++++++--
 2 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index f55550f12..30d41fce6 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -8,6 +8,7 @@ defaults:
 
 jobs:
   build:
+    environment: Deploy
     runs-on: ${{matrix.os}}
     strategy:
       matrix:
@@ -22,3 +23,8 @@ jobs:
         run: sh -ex build/dependencies.sh install_linux
       - name: Build
         run: make check-dirs all EMULATOR=${{matrix.emulator}}
+      - name: Deploy
+        if: github.ref == 'refs/heads/master'
+        env:
+          SECRET: ${{secrets.SECRET}}
+        run: sh build/deploy.sh
diff --git a/build/deploy.sh b/build/deploy.sh
index 71f52a29c..3db86ef48 100755
--- a/build/deploy.sh
+++ b/build/deploy.sh
@@ -1,5 +1,31 @@
 #!/bin/sh
 
-echo "Here we can do anything when deployment has finished."
-echo "Such as kicking off a second build stage."
+# At the $HOST, the $USER needs to have an .ssh directory with
+# authorized_keys matching $SECRET.
+
+set -e
+
+HOST=hactrn.org
+PORT=22
+USER=images
+DIR=/var/www/hactrn.org/images
+
+SSH=$HOME/.ssh
+ID=$SSH/id_rsa
+
+if test -z "$SECRET"; then
+    echo 'ERROR: No key in $SECRET.'
+    exit 1
+fi
+
+mkdir -p $SSH
+chmod 700 $SSH
+echo "$SECRET" > $ID
+chmod 600 $ID
+
+ssh-keyscan -p $PORT -H $HOST >> ~/.ssh/known_hosts
+
+echo "Deploying to $USER@$HOST:$PORT"
+rsync -av --inplace -e "ssh -p$PORT -l$USER" out $HOST:$DIR
+
 exit 0