From 204ce17c993ba27bc4a18591de586603b509b333 Mon Sep 17 00:00:00 2001
From: Hongli Lai <hongli@hongli.nl>
Date: Wed, 31 Jul 2024 00:30:37 +0200
Subject: [PATCH] ...

---
 .github/workflows/apiserver.yml      | 21 +++++++++++++++------
 ansible/files/apiserver-deployer.sh  | 25 +++++++++++++++----------
 ansible/handlers/apiserver.yml       |  5 +++++
 ansible/tasks/apiserver-deployer.yml |  2 +-
 ansible/tasks/apiserver.yml          |  1 +
 ansible/tasks/essentials.yml         |  6 ------
 6 files changed, 37 insertions(+), 23 deletions(-)

diff --git a/.github/workflows/apiserver.yml b/.github/workflows/apiserver.yml
index 4b26cb8..5b75da2 100644
--- a/.github/workflows/apiserver.yml
+++ b/.github/workflows/apiserver.yml
@@ -35,17 +35,26 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - name: Setup Ruby
-        uses: ruby/setup-ruby@v1
+      - run: ls -l --color -Fh
+      - name: Check that we're using system Ruby
+        run: test "$(which ruby)" = /usr/bin/ruby
+
+      - uses: actions/cache@v4
         with:
-          ruby-version: "3.2"
-          working-directory: apiserver
-          bundler-cache: true
+          path: vendor/bundle
+          key: ${{ runner.os }}-24.04-${{ runner.arch }}-gems-${{ hashFiles('Gemfile.lock') }}
+
+      - name: Install matching Bundler version
+        run: gem install bundler -v $(grep -A1 "BUNDLED WITH" Gemfile.lock | tail -n1) --no-document
+
+      - name: Install gem bundle
+        run: bundle install
         env:
           BUNDLE_DEPLOYMENT: "true"
           BUNDLE_PATH: vendor/bundle
           BUNDLE_JOBS: 4
           BUNDLE_RETRY: 3
+          BUNDLE_CLEAN: "true"
 
       - name: Create tarball
         run: >
@@ -71,7 +80,7 @@ jobs:
   deploy:
     runs-on: ubuntu-24.04
     needs: build
-    if: github.ref == 'refs/heads/main' || github.event.inputs.deploy == 'true'
+    if: github.ref == 'refs/heads/hetzner' || github.event.inputs.deploy == 'true'
     environment: deploy
     permissions:
       contents: write
diff --git a/ansible/files/apiserver-deployer.sh b/ansible/files/apiserver-deployer.sh
index 687d1fc..a136b5f 100644
--- a/ansible/files/apiserver-deployer.sh
+++ b/ansible/files/apiserver-deployer.sh
@@ -10,31 +10,36 @@ INSTALL_DIR=/opt/apiserver/versions
 # Fetch the latest release information from the GitHub API
 echo "Fetching https://api.github.com/repos/$REPO/releases/latest..."
 LATEST_RELEASE=$(curl -fsSL "https://api.github.com/repos/$REPO/releases/latest")
-RELEASE_VERSION=$(echo "$LATEST_RELEASE" | jq -r .tag_name)
-echo "Latest version: $RELEASE_VERSION"
+LATEST_RELEASE_TAG=$(echo "$LATEST_RELEASE" | jq -r .tag_name)
+echo "Latest version: $LATEST_RELEASE_TAG"
 
 # Find the right asset for our system
-ASSET_NAME="apiserver-${RELEASE_VERSION}-${DIST_NAME}-${DIST_VERSION}-${ARCHITECTURE}.tar.zst"
+ASSET_NAME="${LATEST_RELEASE_TAG}-${DIST_NAME}-${DIST_VERSION}-${ARCHITECTURE}.tar.zst"
+echo "Looking for asset: $ASSET_NAME"
 ASSET_URL=$(echo "$LATEST_RELEASE" | jq -r --arg ASSET_NAME "$ASSET_NAME" '.assets[] | select(.name == $ASSET_NAME) | .browser_download_url')
 if [[ -z "$ASSET_URL" ]]; then
-    echo "Found asset: $ASSET_NAME"
-    echo "Asset URL: $ASSET_URL"
+    echo "ERROR: asset not found in release."
+    exit 1
 fi
+echo "Found asset URL: $ASSET_URL"
 
 # Install asset if not already installed
-TARGET_DIR="${INSTALL_DIR}/${RELEASE_VERSION}-${DIST_NAME}-${DIST_VERSION}-${ARCHITECTURE}"
+TARGET_BASENAME="${LATEST_RELEASE_TAG}-${DIST_NAME}-${DIST_VERSION}-${ARCHITECTURE}"
+TARGET_DIR="${INSTALL_DIR}/${TARGET_BASENAME}"
 if [[ -d "$TARGET_DIR" ]]; then
     echo "Asset already installed under $TARGET_DIR."
 else
     echo "Installing asset to $TARGET_DIR..."
 
-    curl -fsSLO "/tmp/$ASSET_NAME" "$ASSET_URL"
-    mkdir "$TARGET_DIR"
-    tar --use-compress-program=unzstd -xf "/tmp/$ASSET_NAME" -C "$TARGET_DIR"
+    curl -fsSLo "/tmp/$ASSET_NAME" "$ASSET_URL"
+    rm -rf "${TARGET_DIR}.tmp"
+    mkdir "${TARGET_DIR}.tmp"
+    tar --use-compress-program=unzstd -xf "/tmp/$ASSET_NAME" -C "${TARGET_DIR}.tmp"
     rm "/tmp/$ASSET_NAME"
+    mv "${TARGET_DIR}.tmp" "$TARGET_DIR"
 fi
 
 # Activate latest version
-ln -sfn "$TARGET_DIR" /opt/apiserver/versions/latest
+ln -sfn "$TARGET_BASENAME" /opt/apiserver/versions/latest
 
 echo "Completed setup."
diff --git a/ansible/handlers/apiserver.yml b/ansible/handlers/apiserver.yml
index 675a5a9..f045500 100644
--- a/ansible/handlers/apiserver.yml
+++ b/ansible/handlers/apiserver.yml
@@ -1,3 +1,8 @@
+- name: Enable apiserver
+  service:
+    name: apiserver
+    state: enabled
+
 - name: Restart apiserver
   service:
     name: apiserver
diff --git a/ansible/tasks/apiserver-deployer.yml b/ansible/tasks/apiserver-deployer.yml
index 73e232c..b83f0e5 100644
--- a/ansible/tasks/apiserver-deployer.yml
+++ b/ansible/tasks/apiserver-deployer.yml
@@ -13,7 +13,7 @@
   file:
     path: /opt/apiserver/versions
     state: directory
-    recursive: true
+    recurse: true
     owner: apiserver-deployer
     group: apiserver-deployer
     mode: 0755
diff --git a/ansible/tasks/apiserver.yml b/ansible/tasks/apiserver.yml
index 2a22162..361f2a8 100644
--- a/ansible/tasks/apiserver.yml
+++ b/ansible/tasks/apiserver.yml
@@ -35,4 +35,5 @@
     mode: 0644
   notify:
     - Reload systemd
+    - Enable apiserver
     - Restart apiserver
diff --git a/ansible/tasks/essentials.yml b/ansible/tasks/essentials.yml
index e39a06d..3a09690 100644
--- a/ansible/tasks/essentials.yml
+++ b/ansible/tasks/essentials.yml
@@ -14,12 +14,6 @@
     update_cache: true
     cache_valid_time: 3600
 
-- name: Install Github CLI
-  apt:
-    name: gh
-    update_cache: true
-    cache_valid_time: 3600
-
 - name: Install jq
   apt:
     name: jq