From fbf2e01ebd32e2a1d12ee36dd2c9ea4c296cddbf Mon Sep 17 00:00:00 2001
From: Thomas Lake <tswsl1989@sucs.org>
Date: Thu, 24 Sep 2020 20:31:35 +0100
Subject: [PATCH 1/3] Update CI configuration

---
 .gitlab-ci.yml | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 3b093dd..5b05f7f 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -22,16 +22,11 @@ build-deploy:
     refs:
       - master
   before_script:
-    - pacman -Sy --noconfirm openssh hugo
-    - eval $(ssh-agent -s)
-    - mkdir -p ~/.ssh
-    - printf '%s\n' "$SSH_PRIVATE_KEY" | ssh-add -
-    - echo $SSH_KNOWN_HOSTS > ~/.ssh/known_hosts
+    - pacman -Sy --noconfirm hugo
   script:
     - hugo
-    - ssh -o StrictHostKeyChecking=no -o "UserKnownHostsFile /dev/null" kalube@sucs.org rm -rf public_html/blogtest
-    - scp -o StrictHostKeyChecking=no -o "UserKnownHostsFile /dev/null" -r public kalube@sucs.org:public_html/blogtest
+    - curl https://blogs.sucs.org/update.php
   artifacts:
     paths:
       - public
-    expire_in: 1 week
\ No newline at end of file
+    expire_in: 1 week
-- 
GitLab


From 847d707b8d9c79003d365b67c1d78d22af71c829 Mon Sep 17 00:00:00 2001
From: Thomas Lake <tswsl1989@sucs.org>
Date: Thu, 24 Sep 2020 20:32:02 +0100
Subject: [PATCH 2/3] Update Hugo configuration

- Match title abbreviation to rest of site
- Update URL
- Update language code
---
 config.toml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/config.toml b/config.toml
index 2a9266c..a1ef90b 100644
--- a/config.toml
+++ b/config.toml
@@ -1,7 +1,7 @@
-baseURL = "https://sucs.org/~kalube/blogtest"
+baseURL = "https://blogs.sucs.org/"
 relativeURLs = false
-languageCode = "en-us"
-title = "The S.U.C.S Register"
+languageCode = "en-gb"
+title = "The SUCS Register"
 theme = "sucs"
 
 paginate     = 10
@@ -29,4 +29,4 @@ paginate     = 10
   [[menu.main]]
     name = "Tags"
     url = "/tags"
-    weight = 4
\ No newline at end of file
+    weight = 4
-- 
GitLab


From 5eb295cf40598090904c34bb90db6975947d29ca Mon Sep 17 00:00:00 2001
From: Thomas Lake <tswsl1989@sucs.org>
Date: Thu, 24 Sep 2020 20:33:04 +0100
Subject: [PATCH 3/3] Introduce myself, and add a post

---
 content/authors/thomas-lake/_index.md         |  9 ++++++++
 .../posts/20200924-Gitlab-CI-and-testing.md   | 22 +++++++++++++++++++
 2 files changed, 31 insertions(+)
 create mode 100644 content/authors/thomas-lake/_index.md
 create mode 100644 content/posts/20200924-Gitlab-CI-and-testing.md

diff --git a/content/authors/thomas-lake/_index.md b/content/authors/thomas-lake/_index.md
new file mode 100644
index 0000000..b888634
--- /dev/null
+++ b/content/authors/thomas-lake/_index.md
@@ -0,0 +1,9 @@
+---
+name: "Thomas Lake"
+# Delete the following if unused
+twitter: "@DrTomLake"
+github: "tswsl1989"
+website: "https://sucs.org/~tswsl1989/"
+---
+
+Marine Energy researcher in the [ZCCE Energy and Environment Research Group](https://www.swansea.ac.uk/engineering/zcce/energy-environment/). One of the SUCS admin team, trying to be as useful as possible when time permits.
diff --git a/content/posts/20200924-Gitlab-CI-and-testing.md b/content/posts/20200924-Gitlab-CI-and-testing.md
new file mode 100644
index 0000000..4c9c36c
--- /dev/null
+++ b/content/posts/20200924-Gitlab-CI-and-testing.md
@@ -0,0 +1,22 @@
+---
+title: "Attempting to deploy Hugo with GitLab CI/CD"
+date: 2020-09-24T20:21:00+01:00
+draft: false
+toc: false
+authors:
+  - Thomas Lake
+tags:
+  - sucs
+  - gitlab
+---
+
+How do you arrange to deploy a new project on to an old server, without opening up a raft of vulnerabilities?
+
+The answer to that is, unsurprisingly, "with difficulty"
+<!--more-->
+
+SUCS has a single main server, called silver, that provides pretty much all of our public facing services. There are a few things, such as gitlab, that live as virtual machines on a second server (called iridium).
+
+The current deployment method uses a PHP script hosted on the blogs site that, when called from an authorised IP, will download the latest blog build from GitLab and extract it on the server for the world to see.
+
+This appeared to be a more tightly constrained solution than allowing SSH access for the user that the site runs as, but still feels like a bit of a bodge. At least it fits in with the rest of the bodges, patches and decade old "temporary" solutions that make up most of the SUCS infrastructure!
-- 
GitLab