This repository has been archived by the owner on Oct 29, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 39
/
playbook.yml
248 lines (229 loc) · 9.18 KB
/
playbook.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
---
#
# Ansible playbook to prepare a Bitrise OS X VM/box, used through vagrant
#
- hosts: all
# accelerate: true
remote_user: vagrant
become_method: sudo
vars:
- ansible_sudo_pass: vagrant
- param_user: vagrant
tasks:
#
# Required param checks
- fail: msg="bitrise_box_version not defined (format example 'r2p3')"
when: bitrise_box_version|default("") == ""
- debug: msg=" (i) bitrise_box_version = {{ bitrise_box_version }}"
- debug: msg=" (!) Incremental Setup? {{ is_incremental_setup|default(false) }}"
#
# Setup the debug log file for custom scripts
# [!] Collect custom script outputs to ~/Desktop/debug.log, for inspection.
# You can inspect it during setup with $ tail -f ~/Desktop/debug.log
# custom installer scripts (the ones in ./installers folder) use this debug log file
- file: path=/Users/{{ param_user }}/Desktop/debug.log
state=touch
owner="{{ param_user }}"
mode=0644
#
# Add user to sudoers-no-password
# don't require password for running sudo with this user
- name: "Add user {{ param_user }} to sudoers with no password"
become: yes
lineinfile: "dest=/etc/sudoers
regexp='^{{ param_user }} ALL'
line='{{ param_user }} ALL=(ALL) NOPASSWD: ALL'
state=present
validate='visudo -cf %s'"
#
# Switch to Xcode stable, for brew-ing and anything else
# what requires Xcode / Xcode Command Line Tools (e.g. Ruby gems
# with native extension)
- shell: bash -l -c "xcode-select --switch {{ xcode_path }}"
become: yes
#
# SSH config
- name: ensure .ssh folder is ok
file: path=/Users/{{ param_user }}/.ssh
state=directory
owner="{{ param_user }}"
mode=0700
- name: copy ssh key to remote's {{ param_user }} user
copy: src=setupfiles/authorized_keys
dest="/Users/{{ param_user }}/.ssh/authorized_keys"
owner="{{ param_user }}"
mode=0600
#
# Disable every non SSH key based setup option
# allow only SSH key based SSH login
- name: sshd_config settings
become: yes
lineinfile: dest=/etc/ssh/sshd_config
regexp="{{ item.regexp }}"
line="{{ item.line }}"
state="{{ item.state }}"
with_items:
# PasswordAuthentication no
- { regexp: '^PasswordAuthentication yes', line: '', state: "absent" }
- { regexp: '^PasswordAuthentication no', line: 'PasswordAuthentication no', state: "present" }
# PermitEmptyPasswords no
- { regexp: '^PermitEmptyPasswords yes', line: '', state: "absent" }
- { regexp: '^PermitEmptyPasswords no', line: 'PermitEmptyPasswords no', state: "present" }
# # LoginGraceTime 1m
- { regexp: '^LoginGraceTime', line: 'LoginGraceTime 1m', state: "present" }
# PermitRootLogin no
- { regexp: '^PermitRootLogin yes', line: '', state: "absent" }
- { regexp: '^PermitRootLogin no', line: 'PermitRootLogin no', state: "present" }
# # LogLevel 1m
- { regexp: '^LogLevel', line: 'LogLevel VERBOSE', state: "present" }
# UsePAM no -> if this is not set to 'no' then password authentication still possible!
- { regexp: '^UsePAM yes', line: '', state: "absent" }
- { regexp: '^UsePAM no', line: 'UsePAM no', state: "present" }
# ChallengeResponseAuthentication
- { regexp: '^ChallengeResponseAuthentication yes', line: '', state: "absent" }
- { regexp: '^ChallengeResponseAuthentication no', line: 'ChallengeResponseAuthentication no', state: "present" }
# UseDNS no -> for better speed
- { regexp: '^UseDNS yes', line: '', state: "absent" }
- { regexp: '^UseDNS no', line: 'UseDNS no', state: "present" }
- name: ssh connection config (user specific)
copy: src=setupfiles/ssh-config
dest="/Users/{{ param_user }}/.ssh/config"
owner="{{ param_user }}"
mode=0600
#
# Setup profiles
# we'll create a ~/.profiles folder and add bitrise specific
# profiles there.
- name: ensure .profiles folder is ok
file: path=/Users/{{ param_user }}/.profiles
state=directory
owner="{{ param_user }}"
mode=0700
# this is the main Bitrise profile, includes
# the bitrise specific environments
- name: setup bitrise_profile
copy: src=profiles/bitrise_profile
dest="/Users/{{ param_user }}/.profiles/bitrise_profile"
owner="{{ param_user }}"
mode=0600
# ~/.bashrc will load ~/.profiles/bitrise_profile
# and the other profiles (~/.profile and ~/.bash_profile) will
# load ~/.bashrc, so no matter how the shell is initialized
# it'll load all the required Environment Variables
- name: setup .bashrc
copy: src=profiles/bashrc
dest="/Users/{{ param_user }}/.bashrc"
owner="{{ param_user }}"
mode=0600
- name: setup .profile
copy: src=profiles/profile
dest="/Users/{{ param_user }}/.profile"
owner="{{ param_user }}"
mode=0600
- name: setup .bash_profile
copy: src=profiles/bash_profile
dest="/Users/{{ param_user }}/.bash_profile"
owner="{{ param_user }}"
mode=0600
# Turn off automatic update
- shell: softwareupdate --schedule off
become: yes
#
# Install and update homebrew
- name: run brew installer script
script: installers/install_brew.sh creates=/usr/local/bin/brew
- homebrew: update_homebrew=yes upgrade_all=no
# brew some commands
- homebrew: name=git state=present
- homebrew: name=wget state=present
- homebrew: name=mercurial state=present
- homebrew: name=xctool state=present
- homebrew: name=node state=present
- homebrew: name=ansible state=present
- homebrew: name=coreutils state=present
- homebrew: name=watchman state=present
- homebrew: name=flow state=present
- homebrew: name=tree state=present
# Ruby
# - homebrew: name=ruby state=present
# for now use our pinned 2.2.4 version, as CocoaPods doesn't work with
# the latest, 2.3.0 Ruby
- shell: bash -l -c "brew tap bitrise-io/homebrew-pinned"
- shell: bash -l -c "brew install bitrise-io/homebrew-pinned/ruby"
args:
creates: /usr/local/Cellar/ruby/2.2.4/bin/ruby
# make sure the symlink exists
- shell: ls -alh /usr/local/bin/ruby
## Go
# Gopath is $HOME/go
- homebrew: name=go state=present
- file: path="/Users/{{ param_user }}/go/{{ item.fold_path }}"
state=directory
owner="{{ param_user }}"
with_items:
- { fold_path: 'src' }
- { fold_path: 'bin' }
- { fold_path: 'pkg' }
# Default ruby version (brew installed ruby)
- shell: bash -l -c "gem install --no-document bundler cocoapods nomad-cli xcpretty fastlane"
when: is_incremental_setup|default(false) == false
- shell: bash -l -c "bundle --version"
when: is_incremental_setup|default(false) == false
# GEMs: Cocoapods
- shell: bash -l -c "pod setup"
when: is_incremental_setup|default(false) == false
#
# Setup Bitrise specific folders
#
# Setup the base folders / paths, referenced by ~/.profiles/bitrise_profile
# These folders will be created in the HOME directory.
- file: path="/Users/{{ param_user }}/{{ item.fold_path }}"
state=directory
owner="{{ param_user }}"
with_items:
# BITRISE_SOURCE_DIR
- { fold_path: 'git' }
# BITRISE_STEP_DIR
- { fold_path: 'stepdir' }
# BITRISE_DEPLOY_DIR
- { fold_path: 'deploy' }
# BITRISE_LIBRARY_DIR
- { fold_path: 'Library/MobileDevice/Provisioning Profiles' }
# BITRISE_PROFILE_DIR
- { fold_path: 'profiles' }
# BITRISE_SYM_ROOT
- { fold_path: 'build' }
# BITRISE_OBJ_ROOT
- { fold_path: 'bin' }
# BITRISE_FOLDER_PATH
- { fold_path: 'bitrise' }
# BITRISE_STEP_DATA_FOLDER_PATH
- { fold_path: 'bitrise/stepdata' }
#
- { fold_path: 'bitrise/tools' }
# Sync the tools/ dir
- synchronize: src=tools/ dest="/Users/{{ param_user }}/bitrise/tools/"
#
# Install cmd-bridge
- name: run cmd-bridge installer script
script: installers/install_cmd-bridge.sh
# Install Bitrise CLI Stack Tools
- name: install Bitrise CLI Stack Tools
script: installers/install_bitrise_cli_stack_tools.sh
# The box-info.json contains Box/VM version information,
# to make it easy to track VM versions.
- name: setup Desktop/box-info.json
template: src=setupfiles/box-info.json.template
dest="/Users/{{ param_user }}/Desktop/box-info.json"
owner="{{ param_user }}"
mode=0600
#
# Switch to Xcode stable, the default Xcode for building
- shell: bash -l -c "xcode-select --switch {{ xcode_path }}"
become: yes
#
# Final debug prints
- debug: msg="---> Finished with automatic stuff - but here's some things you have to do manually:"
- debug: msg=" (!) After you finished with the preparations RESTART the machine!"
- debug: msg=" (!) Don't forget to remove the VM snapshots (if you used snapshots) before packaging!"
- debug: msg="---> Finished"