Add optional script execution in build container

The script file must exist in the root of the specified gitea-repo.
You also need to specify (and calculate) a sha256sum output
for that file. This needs to be added as KV pair to
the respective collection in :websites.
This commit is contained in:
erik 2022-11-11 13:08:55 +01:00
parent 8e847318fb
commit 2b2ca8dae7
9 changed files with 104 additions and 53 deletions

View file

@ -7,6 +7,8 @@ source /usr/local/bin/functions.sh
echo "Downloading website" echo "Downloading website"
get-and-unzip-website-data get-and-unzip-website-data
echo "Executing Custom Scripts, if applicable"
execute-scripts-when-existing
echo "Building website" echo "Building website"
build-and-extract-website build-and-extract-website
echo "Moving files" echo "Moving files"

View file

@ -6,9 +6,27 @@ function get-and-unzip-website-data() {
unzip $SOURCEDIR/$filename -d $BUILDDIR unzip $SOURCEDIR/$filename -d $BUILDDIR
} }
function execute-scripts-when-existing {
if [[ -e $BUILDDIR/$SCRIPTFILE ]]
then
checksum="$(sha256sum $BUILDDIR/$SCRIPTFILE)"
if [[ "$SHA256SUM" == "$checksum" ]]
then
/bin/bash $BUILDDIR/$SCRIPTFILE
else
printf "Provided SHA256 Sum does not match calculated sum. Exiting."
printf "Calculated SHA256: $checksum"
printf "Given SHA256: $SHA256SUM"
exit 1
fi
else
prinf "No script file provided, exiting."
exit 0
fi
}
function build-and-extract-website() { function build-and-extract-website() {
(cd $BUILDDIR; dir=$(ls); cd $dir; lein run;) (cd $BUILDDIR; dir=$(ls); cd $dir; lein run;)
# websiteartifactname=$(ls target/ | grep -Eo "*.+\.war"); unzip target/$websiteartifactname
} }
function move-website-files-to-target() { function move-website-files-to-target() {

View file

@ -11,13 +11,15 @@
[dda.c4k-common.base64 :as b64] [dda.c4k-common.base64 :as b64]
[dda.c4k-common.predicate :as pred] [dda.c4k-common.predicate :as pred]
[dda.c4k-website.ingress-cert :as ing] [dda.c4k-website.ingress-cert :as ing]
[clojure.string :as str])) [clojure.string :as str]
[clojure.string :as st]))
(defn fqdn-list? (defn fqdn-list?
[input] [input]
(every? true? (map pred/fqdn-string? input))) (every? true? (map pred/fqdn-string? input)))
(s/def ::unique-name string?) (s/def ::unique-name string?)
(s/def ::sha256sum-output string?)
(s/def ::issuer pred/letsencrypt-issuer?) (s/def ::issuer pred/letsencrypt-issuer?)
(s/def ::volume-size pred/integer-string?) (s/def ::volume-size pred/integer-string?)
(s/def ::authtoken pred/bash-env-string?) (s/def ::authtoken pred/bash-env-string?)
@ -28,7 +30,7 @@
(s/def ::username string?) (s/def ::username string?)
(def websitedata? (s/keys :req-un [::unique-name ::fqdns ::gitea-host ::gitea-repo ::branchname] (def websitedata? (s/keys :req-un [::unique-name ::fqdns ::gitea-host ::gitea-repo ::branchname]
:opt-un [::issuer ::volume-size])) :opt-un [::issuer ::volume-size ::sha256sum-output]))
(def websiteauth? (s/keys :req-un [::unique-name ::username ::authtoken])) (def websiteauth? (s/keys :req-un [::unique-name ::username ::authtoken]))
@ -43,6 +45,14 @@
(def config? (s/keys :req-un [::websites] (def config? (s/keys :req-un [::websites]
:opt-un [::issuer ::volume-size])) :opt-un [::issuer ::volume-size]))
(defn-spec get-hash-from-sha256sum-output string?
[sha256sum-output string?]
(first (st/split sha256sum-output #" ")))
(defn-spec get-file-name-from-sha256sum-output string?
[sha256sum-output string?]
(second (st/split sha256sum-output #" ")))
(defn-spec replace-dots-by-minus string? (defn-spec replace-dots-by-minus string?
[fqdn pred/fqdn-string?] [fqdn pred/fqdn-string?]
(str/replace fqdn #"\." "-")) (str/replace fqdn #"\." "-"))
@ -163,29 +173,28 @@
(replace-all-matching-subvalues-in-string-start "NAME" (replace-dots-by-minus unique-name)) (replace-all-matching-subvalues-in-string-start "NAME" (replace-dots-by-minus unique-name))
(cm/replace-all-matching-values-by-new-value "WEBSITESTORAGESIZE" (str volume-size "Gi"))))) (cm/replace-all-matching-values-by-new-value "WEBSITESTORAGESIZE" (str volume-size "Gi")))))
(defn-spec replace-build-data pred/map-or-seq?
[resource-file string?
config flattened-and-reduced-config?]
(let [{:keys [unique-name sha256sum-output]} config]
(->
(yaml/load-as-edn resource-file)
(assoc-in [:metadata :labels :app.kubernetes.part-of] (generate-app-name unique-name))
(cm/replace-all-matching-values-by-new-value "CHECK_SUM" (get-hash-from-sha256sum-output sha256sum-output))
(cm/replace-all-matching-values-by-new-value "SCRIPT_FILE" (get-file-name-from-sha256sum-output sha256sum-output))
(replace-all-matching-subvalues-in-string-start "NAME" (replace-dots-by-minus unique-name)))))
(defn-spec generate-website-build-cron pred/map-or-seq? (defn-spec generate-website-build-cron pred/map-or-seq?
[config flattened-and-reduced-config?] [config flattened-and-reduced-config?]
(let [{:keys [unique-name]} config] (replace-build-data "website/website-build-cron.yaml" config))
(->
(yaml/load-as-edn "website/website-build-cron.yaml")
(assoc-in [:metadata :labels :app.kubernetes.part-of] (generate-app-name unique-name))
(replace-all-matching-subvalues-in-string-start "NAME" (replace-dots-by-minus unique-name)))))
(defn-spec generate-website-initial-build-job pred/map-or-seq? (defn-spec generate-website-initial-build-job pred/map-or-seq?
[config flattened-and-reduced-config?] [config flattened-and-reduced-config?]
(let [{:keys [unique-name]} config] (replace-build-data "website/website-initial-build-job.yaml" config))
(->
(yaml/load-as-edn "website/website-initial-build-job.yaml")
(assoc-in [:metadata :labels :app.kubernetes.part-of] (generate-app-name unique-name))
(replace-all-matching-subvalues-in-string-start "NAME" (replace-dots-by-minus unique-name)))))
(defn-spec generate-website-build-deployment pred/map-or-seq? (defn-spec generate-website-build-deployment pred/map-or-seq?
[config flattened-and-reduced-config?] [config flattened-and-reduced-config?]
(let [{:keys [unique-name]} config] (replace-build-data "website/website-build-deployment.yaml" config))
(->
(yaml/load-as-edn "website/website-build-deployment.yaml")
(assoc-in [:metadata :labels :app.kubernetes.part-of] (generate-app-name unique-name))
(replace-all-matching-subvalues-in-string-start "NAME" (replace-dots-by-minus unique-name)))))
(defn-spec generate-website-build-secret pred/map-or-seq? (defn-spec generate-website-build-secret pred/map-or-seq?
[auth flattened-and-reduced-config?] [auth flattened-and-reduced-config?]

View file

@ -31,19 +31,20 @@
(cm/concat-vec (cm/concat-vec
(br/generate-input-field "issuer" "(Optional) Your issuer prod/staging:" "") (br/generate-input-field "issuer" "(Optional) Your issuer prod/staging:" "")
(br/generate-text-area (br/generate-text-area
"websites" "A collection containing fqdns and repo infos for each website:" "websites" "Contains fqdns, repo infos, an optional sha256sum-output for script execution for each website:"
"{:websites "{:websites
[{:unique-name \"test.io\", [{:unique-name \"test.io\",
:fqdns [\"test.de\" \"www.test.de\"], :fqdns [\"test.de\" \"www.test.de\"],
:gitea-host \"githost.de\", :gitea-host \"githost.de\",
:gitea-repo \"repo\", :gitea-repo \"repo\",
:branchname \"main\"} :branchname \"main\",
:sha256sum-output \"123456789ab123cd345de script-file-name.sh\"}
{:unique-name \"example.io \", {:unique-name \"example.io \",
:fqdns [\"example.org\" \"www.example.org\"], :fqdns [\"example.org\" \"www.example.org\"],
:gitea-host \"githost.org\", :gitea-host \"githost.org\",
:gitea-repo \"repo\", :gitea-repo \"repo\",
:branchname \"main\"}]}" :branchname \"main\"}]}"
"10"))) "11")))
(generate-group (generate-group
"credentials" "credentials"
(br/generate-text-area (br/generate-text-area

View file

@ -20,6 +20,11 @@ spec:
envFrom: envFrom:
- secretRef: - secretRef:
name: NAME-secret name: NAME-secret
env:
- name: SHA256SUM
value: CHECK_SUM
- name: SCRIPTFILE
value: SCRIPT_FILE
volumeMounts: volumeMounts:
- name: content-volume - name: content-volume
mountPath: /var/www/html/website mountPath: /var/www/html/website

View file

@ -26,6 +26,11 @@ spec:
envFrom: envFrom:
- secretRef: - secretRef:
name: NAME-secret name: NAME-secret
env:
- name: SHA256SUM
value: CHECK_SUM
- name: SCRIPTFILE
value: SCRIPT_FILE
volumeMounts: volumeMounts:
- name: content-volume - name: content-volume
mountPath: /var/www/html/website mountPath: /var/www/html/website

View file

@ -8,3 +8,4 @@ data:
AUTHTOKEN: TOKEN AUTHTOKEN: TOKEN
GITREPOURL: URL GITREPOURL: URL

View file

@ -15,6 +15,11 @@ spec:
envFrom: envFrom:
- secretRef: - secretRef:
name: NAME-secret name: NAME-secret
env:
- name: SHA256SUM
value: CHECK_SUM
- name: SCRIPTFILE
value: SCRIPT_FILE
volumeMounts: volumeMounts:
- name: content-volume - name: content-volume
mountPath: /var/www/html/website mountPath: /var/www/html/website

View file

@ -143,9 +143,7 @@
(deftest should-generate-website-build-cron (deftest should-generate-website-build-cron
(is (= {:apiVersion "batch/v1beta1", (is (= {:apiVersion "batch/v1beta1",
:kind "CronJob", :kind "CronJob",
:metadata { :metadata {:name "test-io-build-cron", :labels {:app.kubernetes.part-of "test-io-website"}},
:name "test-io-build-cron",
:labels {:app.kubernetes.part-of "test-io-website"}},
:spec :spec
{:schedule "0/7 * * * *", {:schedule "0/7 * * * *",
:successfulJobsHistoryLimit 1, :successfulJobsHistoryLimit 1,
@ -160,22 +158,24 @@
:imagePullPolicy "IfNotPresent", :imagePullPolicy "IfNotPresent",
:command ["/entrypoint.sh"], :command ["/entrypoint.sh"],
:envFrom [{:secretRef {:name "test-io-secret"}}], :envFrom [{:secretRef {:name "test-io-secret"}}],
:env [{:name "SHA256SUM", :value "123456789ab123cd345de"} {:name "SCRIPTFILE", :value "script-file-name.sh"}],
:volumeMounts [{:name "content-volume", :mountPath "/var/www/html/website"}]}], :volumeMounts [{:name "content-volume", :mountPath "/var/www/html/website"}]}],
:volumes [{:name "content-volume", :persistentVolumeClaim {:claimName "test-io-content-volume"}}], :volumes [{:name "content-volume", :persistentVolumeClaim {:claimName "test-io-content-volume"}}],
:restartPolicy "OnFailure"}}}}}} :restartPolicy "OnFailure"}}}}}}
(cut/generate-website-build-cron {:unique-name "test.io", (cut/generate-website-build-cron {:authtoken "abedjgbasdodj",
:gitea-host "gitea.evilorg", :gitea-host "gitlab.de",
:gitea-repo "none", :username "someuser",
:branchname "mablain", :fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"] :gitea-repo "repo",
:username "someuser" :sha256sum-output "123456789ab123cd345de script-file-name.sh",
:authtoken "abedjgbasdodj"})))) :issuer "staging",
:branchname "main",
:unique-name "test.io"}))))
(deftest should-generate-website-build-deployment (deftest should-generate-website-build-deployment
(is (= {:apiVersion "apps/v1", (is (= {:apiVersion "apps/v1",
:kind "Deployment", :kind "Deployment",
:metadata {:name "test-io-build-deployment", :metadata {:name "test-io-build-deployment", :labels {:app.kubernetes.part-of "test-io-website"}},
:labels {:app.kubernetes.part-of "test-io-website"}},
:spec :spec
{:replicas 0, {:replicas 0,
:selector {:matchLabels {:app "test-io-builder"}}, :selector {:matchLabels {:app "test-io-builder"}},
@ -190,15 +190,18 @@
:imagePullPolicy "IfNotPresent", :imagePullPolicy "IfNotPresent",
:command ["/entrypoint.sh"], :command ["/entrypoint.sh"],
:envFrom [{:secretRef {:name "test-io-secret"}}], :envFrom [{:secretRef {:name "test-io-secret"}}],
:env [{:name "SHA256SUM", :value "123456789ab123cd345de"} {:name "SCRIPTFILE", :value "script-file-name.sh"}],
:volumeMounts [{:name "content-volume", :mountPath "/var/www/html/website"}]}], :volumeMounts [{:name "content-volume", :mountPath "/var/www/html/website"}]}],
:volumes [{:name "content-volume", :persistentVolumeClaim {:claimName "test-io-content-volume"}}]}}}} :volumes [{:name "content-volume", :persistentVolumeClaim {:claimName "test-io-content-volume"}}]}}}}
(cut/generate-website-build-deployment {:unique-name "test.io", (cut/generate-website-build-deployment {:authtoken "abedjgbasdodj",
:gitea-host "gitea.evilorg", :gitea-host "gitlab.de",
:gitea-repo "none", :username "someuser",
:branchname "mablain", :fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"] :gitea-repo "repo",
:username "someuser" :sha256sum-output "123456789ab123cd345de script-file-name.sh",
:authtoken "abedjgbasdodj"})))) :issuer "staging",
:branchname "main",
:unique-name "test.io"}))))
(deftest should-generate-website-initial-build-job (deftest should-generate-website-initial-build-job
(is (= {:apiVersion "batch/v1", (is (= {:apiVersion "batch/v1",
@ -213,17 +216,19 @@
:imagePullPolicy "IfNotPresent", :imagePullPolicy "IfNotPresent",
:command ["/entrypoint.sh"], :command ["/entrypoint.sh"],
:envFrom [{:secretRef {:name "test-io-secret"}}], :envFrom [{:secretRef {:name "test-io-secret"}}],
:env [{:name "SHA256SUM", :value "123456789ab123cd345de"} {:name "SCRIPTFILE", :value "script-file-name.sh"}],
:volumeMounts [{:name "content-volume", :mountPath "/var/www/html/website"}]}], :volumeMounts [{:name "content-volume", :mountPath "/var/www/html/website"}]}],
:volumes [{:name "content-volume", :persistentVolumeClaim {:claimName "test-io-content-volume"}}], :volumes [{:name "content-volume", :persistentVolumeClaim {:claimName "test-io-content-volume"}}],
:restartPolicy "OnFailure"}}}} :restartPolicy "OnFailure"}}}}
(cut/generate-website-initial-build-job {:unique-name "test.io", (cut/generate-website-initial-build-job {:authtoken "abedjgbasdodj",
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
:gitea-host "gitlab.de", :gitea-host "gitlab.de",
:gitea-repo "repo",
:branchname "main",
:username "someuser", :username "someuser",
:authtoken "abedjgbasdodj", :fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
:issuer "staging"})))) :gitea-repo "repo",
:sha256sum-output "123456789ab123cd345de script-file-name.sh",
:issuer "staging",
:branchname "main",
:unique-name "test.io"}))))
(deftest should-generate-website-build-secret (deftest should-generate-website-build-secret
(is (= {:name-c1 "test-io-secret", (is (= {:name-c1 "test-io-secret",