Get wiki role to push updates to the right place in docker

Ikiwiki has this three-repo setup with post-update hooks

9 files changed, 118 insertions, 25 deletions

diff --git a/roles/wiki-publish/defaults/main.yml b/roles/wiki-publish/defaults/main.yml
index c6ca568..863003f 100644
--- a/roles/wiki-publish/defaults/main.yml
+++ b/roles/wiki-publish/defaults/main.yml
@@ -5,3 +5,4 @@ emacsconf_el_dir: ~/emacsconf-el
 emacsconf_edit_wiki_dir: ~/emacsconf-wiki
 emacsconf_private_dir: ~/emacsconf-2022-private
 emacs_config_dir: ~/.emacs.d
+emacs_package: emacs-snapshot-nox
diff --git a/roles/wiki-publish/tasks/main.yml b/roles/wiki-publish/tasks/main.yml
index 897cecc..960aa01 100644
--- a/roles/wiki-publish/tasks/main.yml
+++ b/roles/wiki-publish/tasks/main.yml
@@ -1,17 +1,18 @@
 ---
 - name: Set up SSH directory
   ansible.builtin.file:
-    path: /home/ikiwiki/.ssh
+    path: "/home/{{ emacsconf_publish_user }}/.ssh"
     state: directory
     mode: '0700'
 - name: Install SSH key for EmacsConf wiki
   ansible.builtin.get_url:
     url: https://emacsconf.org/id_rsa_anon_git_emacsconf
-    dest: /home/ikiwiki/.ssh/id_rsa_anon_git_emacsconf
+    dest: "/home/{{ emacsconf_publish_user }}/.ssh/id_rsa_anon_git_emacsconf"
     mode: '0600'
-    owner: 'ikiwiki'
+    owner: "{{ emacsconf_publish_user }}"
 - name: Set up packages
   become: yes
+  when: emacs_package and emacs_package != "emacs"
   block:
     # This repository is currently not working
     # - name: Add snapshot repository
@@ -23,7 +24,7 @@
         state: absent
     - name: Install Emacs snapshot
       ansible.builtin.apt:
-        name: emacs-snapshot-nox
+        name: "{{ emacs_package }}"
         state: present
 - name: Set up Emacs configuration for non-interactive publishing
   become: true
@@ -47,16 +48,29 @@
       ansible.builtin.git:
         repo: git://git.emacsconf.org/emacsconf-wiki
         dest: "{{ emacsconf_edit_wiki_dir }}"
+      register: wiki_clone
+      failed_when:
+        - wiki_clone.failed
+        - not 'Local modifications exist in repository' in wiki_clone.msg
+        - not 'Failed to checkout branch' in wiki_clone.msg
     - name: Check out emacsconf-el
       ansible.builtin.git:
         repo: git@git.emacsconf.org:pub/emacsconf-el
         dest: "{{ emacsconf_el_dir }}"
       register: elisp
+      failed_when:
+        - elisp.failed
+        - not 'Local modifications exist in repository' in elisp.msg
+        - not 'Failed to checkout branch' in elisp.msg
     - name: Check out emacsconf-2022-private
       ansible.builtin.git:
         repo: git@git.emacsconf.org:emacsconf-2022-private
         dest: "{{ emacsconf_private_dir }}"
       register: private
+      failed_when:
+        - private.failed
+        - not 'Local modifications exist in repository' in private.msg
+        - not 'Failed to checkout branch' in private.msg
 - name: Publish
   tags: publish
   block:
diff --git a/roles/wiki/defaults/main.yml b/roles/wiki/defaults/main.yml
index 421427c..3b890b0 100644
--- a/roles/wiki/defaults/main.yml
+++ b/roles/wiki/defaults/main.yml
@@ -2,7 +2,7 @@
 ikiwiki_git_branch: master
 ikiwiki_path: /home/ikiwiki
 ikiwiki_src_dir: "{{ ikiwiki_path }}/emacsconf"
-ikiwiki_plugin_path: /home/ikiwiki/.ikiwiki/IkiWiki/Plugin
+ikiwiki_plugin_path: /home/ikiwiki/.ikiwiki/
 ikiwiki_admin: bandali@gnu.org
 ikiwiki_dest: /var/www/emacsconf.org
 ikiwiki_url: https://emacsconf.org
@@ -18,4 +18,5 @@ ikiwiki_cookie_jar: "{{ ikiwiki_path }}/.ikiwiki/cookies"
 ikiwiki_git_wrapper: "{{ ikiwiki_path }}/hooks/emacsconf"
 ikiwiki_git_test_receive_wrapper: "{{ ikiwiki_path }}/hooks/emacsconf-pre"
 ikiwiki_git_base_url: //git.emacsconf.org/emacsconf-wiki
+ikiwiki_cgi_wrapper: "{{ ikiwiki_path }}/ikiwiki.cgi"
 
diff --git a/roles/wiki/tasks/docker.yml b/roles/wiki/tasks/docker.yml
index 1a759a4..be6591c 100644
--- a/roles/wiki/tasks/docker.yml
+++ b/roles/wiki/tasks/docker.yml
@@ -2,10 +2,13 @@
   apt:
     pkg:
       - lighttpd
-      - supervisord
+      - supervisor
+      - sudo
 - name: Create the anon user
   user:
     name: anon
+    state: present
+  when: docker
 - name: Set up Ikiwiki setup
   template:
     src: emacsconf.setup
@@ -14,27 +17,52 @@
     group: www-data
 - name: Set up the ikiwiki directories
   file:
-    dest: /var/www/html
+    dest: "{{ ikiwiki_dest }}"
     state: directory
-    owner: www-data
+    owner: ikiwiki
     group: www-data
+    recurse: true
 - name: Clone the bare git repo
   git:
     bare: true
     repo: "{{ ikiwiki_git_source_mount }}"
     dest: "{{ ikiwiki_bare_git_dir }}"
     version: "{{ ikiwiki_git_branch }}"
+- name: Set up post-update hook
+  tags: wip
+  template:
+    src: post-update
+    dest: "{{ ikiwiki_bare_git_dir }}/hooks/post-update"
+    mode: 0755
+- name: Remove sample
+  tags: wip
+  file:
+    path: "{{ ikiwiki_bare_git_dir }}/hooks/post-update.sample"
+    state: absent
+- name: Set up ikiwiki post-update hook
+  tags: wip
+  template:
+    src: post-update.h00-ikiwiki-wrapper
+    dest: "{{ ikiwiki_bare_git_dir }}/hooks/post-update.h00-ikiwiki-wrapper"
+    mode: 0755  
 - name: Change owner
+  tags: wip
   file:
     dest: "{{ ikiwiki_bare_git_dir }}"
     recurse: true
-    owner: www-data
+    owner: ikiwiki
     group: www-data
 - name: Clone the working git repo
   git:
     repo: "{{ ikiwiki_bare_git_dir }}"
     dest: "{{ ikiwiki_src_dir }}"
     version: "{{ ikiwiki_git_branch }}"
+- name: Chown all the files to ikiwiki
+  file:
+    dest: "{{ ikiwiki_src_dir }}"
+    owner: ikiwiki
+    group: ikiwiki
+    recurse: true
 - name: Copy supervisor config
   template:
     src: supervisord.conf
@@ -43,7 +71,31 @@
   service:
     name: lighttpd
     state: started
-- name: Start supervisord
+- name: Start ssh
+  tags: ssh
   service:
-    name: supervisor
-    state: restarted
+    name: ssh
+    state: started
+- name: Set up SSH directory
+  tags: ssh
+  file:
+    path: /home/ikiwiki/.ssh
+    owner: ikiwiki
+    group: ikiwiki
+    state: directory
+    mode: 0700
+- name: Set up SSH authentication
+  tags: ssh
+  block:
+    - name: Copy key
+      template:
+        src: "{{ docker_ssh_key }}"
+        dest: "/home/ikiwiki/.ssh/authorized_keys2"
+        mode: 0600
+    - name: Change ownership
+      file:
+        path: "/home/ikiwiki/.ssh"
+        owner: ikiwiki
+        group: ikiwiki
+        recurse: true
+  when: docker_ssh_key is defined
diff --git a/roles/wiki/tasks/main.yml b/roles/wiki/tasks/main.yml
index 35c297d..cd7cbdc 100644
--- a/roles/wiki/tasks/main.yml
+++ b/roles/wiki/tasks/main.yml
@@ -22,29 +22,26 @@
     name: ikiwiki
     group: ikiwiki
     state: present
-- debug:
-    var: docker
-- name: Set up or update repositories
-  ansible.builtin.git:
-    repo: git://git.emacsconf.org/emacsconf-wiki
-    dest: "{{ ikiwiki_src_dir }}"
-  when: not docker|d(false)
 - name: Template the config
   ansible.builtin.template:
     src: emacsconf.setup
     dest: "{{ ikiwiki_path }}/emacsconf.setup"
     owner: ikiwiki
+- name: Create the plugin directory
+  file:
+    path: "{{ ikiwiki_plugin_path }}/IkiWiki/Plugin"
+    state: directory
 - name: Copy Ikiwiki plugins
   tags: wiki-plugins
   template:
     src: "{{ item }}"
-    dest: "{{ ikiwiki_plugin_path }}/{{ item }}"
+    dest: "{{ ikiwiki_plugin_path }}/IkiWiki/Plugin/{{ item }}"
   loop:
     - copyright.pm
     - htmlscrubber.pm
     - license.pm
 - include: docker.yml
-  when: docker is true
+  when: docker
 - name: Chown all the files to ikiwiki
   tags: wiki-plugins
   file:
@@ -54,7 +51,9 @@
     recurse: true
 - name: Regenerate all the files
   tags: wiki-regenerate, wiki-plugins
-  shell: ikiwiki --setup "{{ ikiwiki_path }}/emacsconf.setup" --rebuild --wrappers
+  become: true
+  become_user: ikiwiki
+  shell: cd ~ikiwiki; ikiwiki --setup "{{ ikiwiki_path }}/emacsconf.setup" --rebuild --wrappers
   register: output
 - debug:
     var: output
diff --git a/roles/wiki/templates/emacsconf.setup b/roles/wiki/templates/emacsconf.setup
index ea9c4c8..81b089b 100644
--- a/roles/wiki/templates/emacsconf.setup
+++ b/roles/wiki/templates/emacsconf.setup
@@ -30,7 +30,7 @@ url: {{ ikiwiki_url }}
 reverse_proxy: 0
 # filename of cgi wrapper to generate
 #cgi_wrapper: /home/ikiwiki/public_html/emacsconf/ikiwiki.cgi
-cgi_wrapper: {{ ikiwiki_path }}/ikiwiki.cgi
+cgi_wrapper: {{ ikiwiki_cgi_wrapper }}
 # mode for cgi_wrapper (can safely be made suid)
 cgi_wrappermode: 06755
 # number of seconds to delay CGI requests when overloaded
diff --git a/roles/wiki/templates/htmlscrubber.pm b/roles/wiki/templates/htmlscrubber.pm
index 1ce95b2..caf78a1 100755
--- a/roles/wiki/templates/htmlscrubber.pm
+++ b/roles/wiki/templates/htmlscrubber.pm
@@ -93,8 +93,8 @@ sub scrubber {
 		}],
 		default => [undef, { (
                              map { $_ => 1 } qw{
-                                 version xmlns x y fill font-size font-weight stroke stroke-width stroke-dasharray transform 
-          data-start data-end data-video data-target data-tracks data-track
+                                 version xmlns x y fill font-size font-weight stroke stroke-width stroke-dasharray transform opacity
+          data-start data-end data-video data-target data-tracks data-track 
               kind label srclang default
 				abbr accept accept-charset accesskey
 				align alt axis border cellpadding cellspacing
diff --git a/roles/wiki/templates/post-update b/roles/wiki/templates/post-update
new file mode 100755
index 0000000..523b8de
--- /dev/null
+++ b/roles/wiki/templates/post-update
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+# Determine what input the hook needs
+# post-update takes args, pre/post-receive take stdin
+type=args
+stdin=''
+[ $0 != hooks/post-update ] && {
+    type=stdin
+    stdin=`cat`
+}
+
+for h in $0.*; do
+    [ -x $h ] || continue
+    if [ $type = args ]
+    then
+        $h $@ || { [ $0 = hooks/pre-receive ] && exit 1; }
+    else
+        echo "$stdin" | $h || { [ $0 = hooks/pre-receive ] && exit 1; }
+    fi
+done
diff --git a/roles/wiki/templates/post-update.h00-ikiwiki-wrapper b/roles/wiki/templates/post-update.h00-ikiwiki-wrapper
new file mode 100755
index 0000000..684ac28
--- /dev/null
+++ b/roles/wiki/templates/post-update.h00-ikiwiki-wrapper
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+# bring the mirror up to date with this repo
+cd "{{ ikiwiki_src_dir }}"
+git fetch --prune
+exec {{ ikiwiki_path }}/hooks/emacsconf