diff --git a/infrastructure/c4k-website-build/image/resources/entrypoint.sh b/infrastructure/c4k-website-build/image/resources/entrypoint.sh index 39833e9..f2d61f7 100755 --- a/infrastructure/c4k-website-build/image/resources/entrypoint.sh +++ b/infrastructure/c4k-website-build/image/resources/entrypoint.sh @@ -7,6 +7,8 @@ source /usr/local/bin/functions.sh echo "Downloading website" get-and-unzip-website-data +echo "Executing Custom Scripts, if applicable" +execute-scripts-when-existing echo "Building website" build-and-extract-website echo "Moving files" diff --git a/infrastructure/c4k-website-build/image/resources/functions.sh b/infrastructure/c4k-website-build/image/resources/functions.sh index 60b673b..b4c0204 100644 --- a/infrastructure/c4k-website-build/image/resources/functions.sh +++ b/infrastructure/c4k-website-build/image/resources/functions.sh @@ -6,9 +6,27 @@ function get-and-unzip-website-data() { unzip $SOURCEDIR/$filename -d $BUILDDIR } +function execute-scripts-when-existing { + if [[ -e $BUILDDIR/$SCRIPTFILE ]] + then + checksum="$(sha256sum $BUILDDIR/$SCRIPTFILE)" + if [[ "$SHA256SUM" == "$checksum" ]] + then + /bin/bash $BUILDDIR/$SCRIPTFILE + else + printf "Provided SHA256 Sum does not match calculated sum. Exiting." + printf "Calculated SHA256: $checksum" + printf "Given SHA256: $SHA256SUM" + exit 1 + fi + else + prinf "No script file provided, exiting." + exit 0 + fi +} + function build-and-extract-website() { (cd $BUILDDIR; dir=$(ls); cd $dir; lein run;) - # websiteartifactname=$(ls target/ | grep -Eo "*.+\.war"); unzip target/$websiteartifactname } function move-website-files-to-target() { diff --git a/src/main/cljc/dda/c4k_website/website.cljc b/src/main/cljc/dda/c4k_website/website.cljc index 31dbf69..fc3e687 100644 --- a/src/main/cljc/dda/c4k_website/website.cljc +++ b/src/main/cljc/dda/c4k_website/website.cljc @@ -11,13 +11,15 @@ [dda.c4k-common.base64 :as b64] [dda.c4k-common.predicate :as pred] [dda.c4k-website.ingress-cert :as ing] - [clojure.string :as str])) + [clojure.string :as str] + [clojure.string :as st])) (defn fqdn-list? [input] (every? true? (map pred/fqdn-string? input))) (s/def ::unique-name string?) +(s/def ::sha256sum-output string?) (s/def ::issuer pred/letsencrypt-issuer?) (s/def ::volume-size pred/integer-string?) (s/def ::authtoken pred/bash-env-string?) @@ -28,7 +30,7 @@ (s/def ::username string?) (def websitedata? (s/keys :req-un [::unique-name ::fqdns ::gitea-host ::gitea-repo ::branchname] - :opt-un [::issuer ::volume-size])) + :opt-un [::issuer ::volume-size ::sha256sum-output])) (def websiteauth? (s/keys :req-un [::unique-name ::username ::authtoken])) @@ -43,6 +45,14 @@ (def config? (s/keys :req-un [::websites] :opt-un [::issuer ::volume-size])) +(defn-spec get-hash-from-sha256sum-output string? + [sha256sum-output string?] + (first (st/split sha256sum-output #" "))) + +(defn-spec get-file-name-from-sha256sum-output string? + [sha256sum-output string?] + (second (st/split sha256sum-output #" "))) + (defn-spec replace-dots-by-minus string? [fqdn pred/fqdn-string?] (str/replace fqdn #"\." "-")) @@ -163,29 +173,28 @@ (replace-all-matching-subvalues-in-string-start "NAME" (replace-dots-by-minus unique-name)) (cm/replace-all-matching-values-by-new-value "WEBSITESTORAGESIZE" (str volume-size "Gi"))))) -(defn-spec generate-website-build-cron pred/map-or-seq? - [config flattened-and-reduced-config?] - (let [{:keys [unique-name]} config] +(defn-spec replace-build-data pred/map-or-seq? + [resource-file string? + config flattened-and-reduced-config?] + (let [{:keys [unique-name sha256sum-output]} config] (-> - (yaml/load-as-edn "website/website-build-cron.yaml") + (yaml/load-as-edn resource-file) (assoc-in [:metadata :labels :app.kubernetes.part-of] (generate-app-name unique-name)) + (cm/replace-all-matching-values-by-new-value "CHECK_SUM" (get-hash-from-sha256sum-output sha256sum-output)) + (cm/replace-all-matching-values-by-new-value "SCRIPT_FILE" (get-file-name-from-sha256sum-output sha256sum-output)) (replace-all-matching-subvalues-in-string-start "NAME" (replace-dots-by-minus unique-name))))) -(defn-spec generate-website-initial-build-job pred/map-or-seq? +(defn-spec generate-website-build-cron pred/map-or-seq? [config flattened-and-reduced-config?] - (let [{:keys [unique-name]} config] - (-> - (yaml/load-as-edn "website/website-initial-build-job.yaml") - (assoc-in [:metadata :labels :app.kubernetes.part-of] (generate-app-name unique-name)) - (replace-all-matching-subvalues-in-string-start "NAME" (replace-dots-by-minus unique-name))))) + (replace-build-data "website/website-build-cron.yaml" config)) + +(defn-spec generate-website-initial-build-job pred/map-or-seq? + [config flattened-and-reduced-config?] + (replace-build-data "website/website-initial-build-job.yaml" config)) (defn-spec generate-website-build-deployment pred/map-or-seq? [config flattened-and-reduced-config?] - (let [{:keys [unique-name]} config] - (-> - (yaml/load-as-edn "website/website-build-deployment.yaml") - (assoc-in [:metadata :labels :app.kubernetes.part-of] (generate-app-name unique-name)) - (replace-all-matching-subvalues-in-string-start "NAME" (replace-dots-by-minus unique-name))))) + (replace-build-data "website/website-build-deployment.yaml" config)) (defn-spec generate-website-build-secret pred/map-or-seq? [auth flattened-and-reduced-config?] diff --git a/src/main/cljs/dda/c4k_website/browser.cljs b/src/main/cljs/dda/c4k_website/browser.cljs index c050c2b..e78316f 100644 --- a/src/main/cljs/dda/c4k_website/browser.cljs +++ b/src/main/cljs/dda/c4k_website/browser.cljs @@ -31,19 +31,20 @@ (cm/concat-vec (br/generate-input-field "issuer" "(Optional) Your issuer prod/staging:" "") (br/generate-text-area - "websites" "A collection containing fqdns and repo infos for each website:" + "websites" "Contains fqdns, repo infos, an optional sha256sum-output for script execution for each website:" "{:websites [{:unique-name \"test.io\", :fqdns [\"test.de\" \"www.test.de\"], :gitea-host \"githost.de\", :gitea-repo \"repo\", - :branchname \"main\"} + :branchname \"main\", + :sha256sum-output \"123456789ab123cd345de script-file-name.sh\"} {:unique-name \"example.io \", :fqdns [\"example.org\" \"www.example.org\"], :gitea-host \"githost.org\", :gitea-repo \"repo\", :branchname \"main\"}]}" - "10"))) + "11"))) (generate-group "credentials" (br/generate-text-area diff --git a/src/main/resources/website/website-build-cron.yaml b/src/main/resources/website/website-build-cron.yaml index 711fdb6..1c2bd00 100644 --- a/src/main/resources/website/website-build-cron.yaml +++ b/src/main/resources/website/website-build-cron.yaml @@ -16,10 +16,15 @@ spec: - image: domaindrivenarchitecture/c4k-website-build name: NAME-build-app imagePullPolicy: IfNotPresent - command: ["/entrypoint.sh"] + command: ["/entrypoint.sh"] envFrom: - secretRef: - name: NAME-secret + name: NAME-secret + env: + - name: SHA256SUM + value: CHECK_SUM + - name: SCRIPTFILE + value: SCRIPT_FILE volumeMounts: - name: content-volume mountPath: /var/www/html/website diff --git a/src/main/resources/website/website-build-deployment.yaml b/src/main/resources/website/website-build-deployment.yaml index 5dec7b8..5b76ce4 100644 --- a/src/main/resources/website/website-build-deployment.yaml +++ b/src/main/resources/website/website-build-deployment.yaml @@ -25,7 +25,12 @@ spec: command: ["/entrypoint.sh"] envFrom: - secretRef: - name: NAME-secret + name: NAME-secret + env: + - name: SHA256SUM + value: CHECK_SUM + - name: SCRIPTFILE + value: SCRIPT_FILE volumeMounts: - name: content-volume mountPath: /var/www/html/website diff --git a/src/main/resources/website/website-build-secret.yaml b/src/main/resources/website/website-build-secret.yaml index 33bac32..405eaf8 100644 --- a/src/main/resources/website/website-build-secret.yaml +++ b/src/main/resources/website/website-build-secret.yaml @@ -6,5 +6,6 @@ metadata: app.kubernetes.part-of: NAME-website data: AUTHTOKEN: TOKEN - GITREPOURL: URL + GITREPOURL: URL + \ No newline at end of file diff --git a/src/main/resources/website/website-initial-build-job.yaml b/src/main/resources/website/website-initial-build-job.yaml index a66d461..ce44808 100644 --- a/src/main/resources/website/website-initial-build-job.yaml +++ b/src/main/resources/website/website-initial-build-job.yaml @@ -14,7 +14,12 @@ spec: command: ["/entrypoint.sh"] envFrom: - secretRef: - name: NAME-secret + name: NAME-secret + env: + - name: SHA256SUM + value: CHECK_SUM + - name: SCRIPTFILE + value: SCRIPT_FILE volumeMounts: - name: content-volume mountPath: /var/www/html/website diff --git a/src/test/cljc/dda/c4k_website/website_test.cljc b/src/test/cljc/dda/c4k_website/website_test.cljc index 33bba0e..65ca044 100644 --- a/src/test/cljc/dda/c4k_website/website_test.cljc +++ b/src/test/cljc/dda/c4k_website/website_test.cljc @@ -143,9 +143,7 @@ (deftest should-generate-website-build-cron (is (= {:apiVersion "batch/v1beta1", :kind "CronJob", - :metadata { - :name "test-io-build-cron", - :labels {:app.kubernetes.part-of "test-io-website"}}, + :metadata {:name "test-io-build-cron", :labels {:app.kubernetes.part-of "test-io-website"}}, :spec {:schedule "0/7 * * * *", :successfulJobsHistoryLimit 1, @@ -160,22 +158,24 @@ :imagePullPolicy "IfNotPresent", :command ["/entrypoint.sh"], :envFrom [{:secretRef {:name "test-io-secret"}}], + :env [{:name "SHA256SUM", :value "123456789ab123cd345de"} {:name "SCRIPTFILE", :value "script-file-name.sh"}], :volumeMounts [{:name "content-volume", :mountPath "/var/www/html/website"}]}], :volumes [{:name "content-volume", :persistentVolumeClaim {:claimName "test-io-content-volume"}}], :restartPolicy "OnFailure"}}}}}} - (cut/generate-website-build-cron {:unique-name "test.io", - :gitea-host "gitea.evilorg", - :gitea-repo "none", - :branchname "mablain", - :fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"] - :username "someuser" - :authtoken "abedjgbasdodj"})))) + (cut/generate-website-build-cron {:authtoken "abedjgbasdodj", + :gitea-host "gitlab.de", + :username "someuser", + :fqdns ["test.de" "test.org" "www.test.de" "www.test.org"], + :gitea-repo "repo", + :sha256sum-output "123456789ab123cd345de script-file-name.sh", + :issuer "staging", + :branchname "main", + :unique-name "test.io"})))) (deftest should-generate-website-build-deployment (is (= {:apiVersion "apps/v1", :kind "Deployment", - :metadata {:name "test-io-build-deployment", - :labels {:app.kubernetes.part-of "test-io-website"}}, + :metadata {:name "test-io-build-deployment", :labels {:app.kubernetes.part-of "test-io-website"}}, :spec {:replicas 0, :selector {:matchLabels {:app "test-io-builder"}}, @@ -190,15 +190,18 @@ :imagePullPolicy "IfNotPresent", :command ["/entrypoint.sh"], :envFrom [{:secretRef {:name "test-io-secret"}}], + :env [{:name "SHA256SUM", :value "123456789ab123cd345de"} {:name "SCRIPTFILE", :value "script-file-name.sh"}], :volumeMounts [{:name "content-volume", :mountPath "/var/www/html/website"}]}], :volumes [{:name "content-volume", :persistentVolumeClaim {:claimName "test-io-content-volume"}}]}}}} - (cut/generate-website-build-deployment {:unique-name "test.io", - :gitea-host "gitea.evilorg", - :gitea-repo "none", - :branchname "mablain", - :fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"] - :username "someuser" - :authtoken "abedjgbasdodj"})))) + (cut/generate-website-build-deployment {:authtoken "abedjgbasdodj", + :gitea-host "gitlab.de", + :username "someuser", + :fqdns ["test.de" "test.org" "www.test.de" "www.test.org"], + :gitea-repo "repo", + :sha256sum-output "123456789ab123cd345de script-file-name.sh", + :issuer "staging", + :branchname "main", + :unique-name "test.io"})))) (deftest should-generate-website-initial-build-job (is (= {:apiVersion "batch/v1", @@ -213,17 +216,19 @@ :imagePullPolicy "IfNotPresent", :command ["/entrypoint.sh"], :envFrom [{:secretRef {:name "test-io-secret"}}], + :env [{:name "SHA256SUM", :value "123456789ab123cd345de"} {:name "SCRIPTFILE", :value "script-file-name.sh"}], :volumeMounts [{:name "content-volume", :mountPath "/var/www/html/website"}]}], :volumes [{:name "content-volume", :persistentVolumeClaim {:claimName "test-io-content-volume"}}], :restartPolicy "OnFailure"}}}} - (cut/generate-website-initial-build-job {:unique-name "test.io", - :fqdns ["test.de" "test.org" "www.test.de" "www.test.org"], - :gitea-host "gitlab.de", - :gitea-repo "repo", - :branchname "main", - :username "someuser", - :authtoken "abedjgbasdodj", - :issuer "staging"})))) + (cut/generate-website-initial-build-job {:authtoken "abedjgbasdodj", + :gitea-host "gitlab.de", + :username "someuser", + :fqdns ["test.de" "test.org" "www.test.de" "www.test.org"], + :gitea-repo "repo", + :sha256sum-output "123456789ab123cd345de script-file-name.sh", + :issuer "staging", + :branchname "main", + :unique-name "test.io"})))) (deftest should-generate-website-build-secret (is (= {:name-c1 "test-io-secret",