The CI will now build the site and publish it to a test location. Most of the things are straightforward,
I would only like @cwg and @jbweston to review the security decision. The restricted key only allowing sync to the test server is stored as a gitlab variable, so on gitlab server in repository settings -> variables. An alternative option would be to store it on the runner, however this would make moving runners from one server to another more involved, while it wouldn't add extra security: I believe having read access to private repository configuration is largely equivalent to the gitlab server being compromised, so that the website deploy key loss is:
- relatively harmless compared to other problems
- also highly likely
That's why I suggest to keep this configuration. I didn't yet add auto-deploy on push to master, since I would like to solve #3 (closed) before we deploy nikola to the main website.