Add optional script execution in build container
The script file must exist in the root of the specified gitea-repo. You also need to specify (and calculate) a sha256sum output for that file. This needs to be added as KV pair to the respective collection in :websites.
This commit is contained in:
parent
8e847318fb
commit
2b2ca8dae7
9 changed files with 104 additions and 53 deletions
|
@ -7,6 +7,8 @@ source /usr/local/bin/functions.sh
|
|||
|
||||
echo "Downloading website"
|
||||
get-and-unzip-website-data
|
||||
echo "Executing Custom Scripts, if applicable"
|
||||
execute-scripts-when-existing
|
||||
echo "Building website"
|
||||
build-and-extract-website
|
||||
echo "Moving files"
|
||||
|
|
|
@ -6,9 +6,27 @@ function get-and-unzip-website-data() {
|
|||
unzip $SOURCEDIR/$filename -d $BUILDDIR
|
||||
}
|
||||
|
||||
function execute-scripts-when-existing {
|
||||
if [[ -e $BUILDDIR/$SCRIPTFILE ]]
|
||||
then
|
||||
checksum="$(sha256sum $BUILDDIR/$SCRIPTFILE)"
|
||||
if [[ "$SHA256SUM" == "$checksum" ]]
|
||||
then
|
||||
/bin/bash $BUILDDIR/$SCRIPTFILE
|
||||
else
|
||||
printf "Provided SHA256 Sum does not match calculated sum. Exiting."
|
||||
printf "Calculated SHA256: $checksum"
|
||||
printf "Given SHA256: $SHA256SUM"
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
prinf "No script file provided, exiting."
|
||||
exit 0
|
||||
fi
|
||||
}
|
||||
|
||||
function build-and-extract-website() {
|
||||
(cd $BUILDDIR; dir=$(ls); cd $dir; lein run;)
|
||||
# websiteartifactname=$(ls target/ | grep -Eo "*.+\.war"); unzip target/$websiteartifactname
|
||||
}
|
||||
|
||||
function move-website-files-to-target() {
|
||||
|
|
|
@ -11,13 +11,15 @@
|
|||
[dda.c4k-common.base64 :as b64]
|
||||
[dda.c4k-common.predicate :as pred]
|
||||
[dda.c4k-website.ingress-cert :as ing]
|
||||
[clojure.string :as str]))
|
||||
[clojure.string :as str]
|
||||
[clojure.string :as st]))
|
||||
|
||||
(defn fqdn-list?
|
||||
[input]
|
||||
(every? true? (map pred/fqdn-string? input)))
|
||||
|
||||
(s/def ::unique-name string?)
|
||||
(s/def ::sha256sum-output string?)
|
||||
(s/def ::issuer pred/letsencrypt-issuer?)
|
||||
(s/def ::volume-size pred/integer-string?)
|
||||
(s/def ::authtoken pred/bash-env-string?)
|
||||
|
@ -28,7 +30,7 @@
|
|||
(s/def ::username string?)
|
||||
|
||||
(def websitedata? (s/keys :req-un [::unique-name ::fqdns ::gitea-host ::gitea-repo ::branchname]
|
||||
:opt-un [::issuer ::volume-size]))
|
||||
:opt-un [::issuer ::volume-size ::sha256sum-output]))
|
||||
|
||||
(def websiteauth? (s/keys :req-un [::unique-name ::username ::authtoken]))
|
||||
|
||||
|
@ -43,6 +45,14 @@
|
|||
(def config? (s/keys :req-un [::websites]
|
||||
:opt-un [::issuer ::volume-size]))
|
||||
|
||||
(defn-spec get-hash-from-sha256sum-output string?
|
||||
[sha256sum-output string?]
|
||||
(first (st/split sha256sum-output #" ")))
|
||||
|
||||
(defn-spec get-file-name-from-sha256sum-output string?
|
||||
[sha256sum-output string?]
|
||||
(second (st/split sha256sum-output #" ")))
|
||||
|
||||
(defn-spec replace-dots-by-minus string?
|
||||
[fqdn pred/fqdn-string?]
|
||||
(str/replace fqdn #"\." "-"))
|
||||
|
@ -163,29 +173,28 @@
|
|||
(replace-all-matching-subvalues-in-string-start "NAME" (replace-dots-by-minus unique-name))
|
||||
(cm/replace-all-matching-values-by-new-value "WEBSITESTORAGESIZE" (str volume-size "Gi")))))
|
||||
|
||||
(defn-spec replace-build-data pred/map-or-seq?
|
||||
[resource-file string?
|
||||
config flattened-and-reduced-config?]
|
||||
(let [{:keys [unique-name sha256sum-output]} config]
|
||||
(->
|
||||
(yaml/load-as-edn resource-file)
|
||||
(assoc-in [:metadata :labels :app.kubernetes.part-of] (generate-app-name unique-name))
|
||||
(cm/replace-all-matching-values-by-new-value "CHECK_SUM" (get-hash-from-sha256sum-output sha256sum-output))
|
||||
(cm/replace-all-matching-values-by-new-value "SCRIPT_FILE" (get-file-name-from-sha256sum-output sha256sum-output))
|
||||
(replace-all-matching-subvalues-in-string-start "NAME" (replace-dots-by-minus unique-name)))))
|
||||
|
||||
(defn-spec generate-website-build-cron pred/map-or-seq?
|
||||
[config flattened-and-reduced-config?]
|
||||
(let [{:keys [unique-name]} config]
|
||||
(->
|
||||
(yaml/load-as-edn "website/website-build-cron.yaml")
|
||||
(assoc-in [:metadata :labels :app.kubernetes.part-of] (generate-app-name unique-name))
|
||||
(replace-all-matching-subvalues-in-string-start "NAME" (replace-dots-by-minus unique-name)))))
|
||||
(replace-build-data "website/website-build-cron.yaml" config))
|
||||
|
||||
(defn-spec generate-website-initial-build-job pred/map-or-seq?
|
||||
[config flattened-and-reduced-config?]
|
||||
(let [{:keys [unique-name]} config]
|
||||
(->
|
||||
(yaml/load-as-edn "website/website-initial-build-job.yaml")
|
||||
(assoc-in [:metadata :labels :app.kubernetes.part-of] (generate-app-name unique-name))
|
||||
(replace-all-matching-subvalues-in-string-start "NAME" (replace-dots-by-minus unique-name)))))
|
||||
(replace-build-data "website/website-initial-build-job.yaml" config))
|
||||
|
||||
(defn-spec generate-website-build-deployment pred/map-or-seq?
|
||||
[config flattened-and-reduced-config?]
|
||||
(let [{:keys [unique-name]} config]
|
||||
(->
|
||||
(yaml/load-as-edn "website/website-build-deployment.yaml")
|
||||
(assoc-in [:metadata :labels :app.kubernetes.part-of] (generate-app-name unique-name))
|
||||
(replace-all-matching-subvalues-in-string-start "NAME" (replace-dots-by-minus unique-name)))))
|
||||
(replace-build-data "website/website-build-deployment.yaml" config))
|
||||
|
||||
(defn-spec generate-website-build-secret pred/map-or-seq?
|
||||
[auth flattened-and-reduced-config?]
|
||||
|
|
|
@ -31,19 +31,20 @@
|
|||
(cm/concat-vec
|
||||
(br/generate-input-field "issuer" "(Optional) Your issuer prod/staging:" "")
|
||||
(br/generate-text-area
|
||||
"websites" "A collection containing fqdns and repo infos for each website:"
|
||||
"websites" "Contains fqdns, repo infos, an optional sha256sum-output for script execution for each website:"
|
||||
"{:websites
|
||||
[{:unique-name \"test.io\",
|
||||
:fqdns [\"test.de\" \"www.test.de\"],
|
||||
:gitea-host \"githost.de\",
|
||||
:gitea-repo \"repo\",
|
||||
:branchname \"main\"}
|
||||
:branchname \"main\",
|
||||
:sha256sum-output \"123456789ab123cd345de script-file-name.sh\"}
|
||||
{:unique-name \"example.io \",
|
||||
:fqdns [\"example.org\" \"www.example.org\"],
|
||||
:gitea-host \"githost.org\",
|
||||
:gitea-repo \"repo\",
|
||||
:branchname \"main\"}]}"
|
||||
"10")))
|
||||
"11")))
|
||||
(generate-group
|
||||
"credentials"
|
||||
(br/generate-text-area
|
||||
|
|
|
@ -20,6 +20,11 @@ spec:
|
|||
envFrom:
|
||||
- secretRef:
|
||||
name: NAME-secret
|
||||
env:
|
||||
- name: SHA256SUM
|
||||
value: CHECK_SUM
|
||||
- name: SCRIPTFILE
|
||||
value: SCRIPT_FILE
|
||||
volumeMounts:
|
||||
- name: content-volume
|
||||
mountPath: /var/www/html/website
|
||||
|
|
|
@ -26,6 +26,11 @@ spec:
|
|||
envFrom:
|
||||
- secretRef:
|
||||
name: NAME-secret
|
||||
env:
|
||||
- name: SHA256SUM
|
||||
value: CHECK_SUM
|
||||
- name: SCRIPTFILE
|
||||
value: SCRIPT_FILE
|
||||
volumeMounts:
|
||||
- name: content-volume
|
||||
mountPath: /var/www/html/website
|
||||
|
|
|
@ -8,3 +8,4 @@ data:
|
|||
AUTHTOKEN: TOKEN
|
||||
GITREPOURL: URL
|
||||
|
||||
|
|
@ -15,6 +15,11 @@ spec:
|
|||
envFrom:
|
||||
- secretRef:
|
||||
name: NAME-secret
|
||||
env:
|
||||
- name: SHA256SUM
|
||||
value: CHECK_SUM
|
||||
- name: SCRIPTFILE
|
||||
value: SCRIPT_FILE
|
||||
volumeMounts:
|
||||
- name: content-volume
|
||||
mountPath: /var/www/html/website
|
||||
|
|
|
@ -143,9 +143,7 @@
|
|||
(deftest should-generate-website-build-cron
|
||||
(is (= {:apiVersion "batch/v1beta1",
|
||||
:kind "CronJob",
|
||||
:metadata {
|
||||
:name "test-io-build-cron",
|
||||
:labels {:app.kubernetes.part-of "test-io-website"}},
|
||||
:metadata {:name "test-io-build-cron", :labels {:app.kubernetes.part-of "test-io-website"}},
|
||||
:spec
|
||||
{:schedule "0/7 * * * *",
|
||||
:successfulJobsHistoryLimit 1,
|
||||
|
@ -160,22 +158,24 @@
|
|||
:imagePullPolicy "IfNotPresent",
|
||||
:command ["/entrypoint.sh"],
|
||||
:envFrom [{:secretRef {:name "test-io-secret"}}],
|
||||
:env [{:name "SHA256SUM", :value "123456789ab123cd345de"} {:name "SCRIPTFILE", :value "script-file-name.sh"}],
|
||||
:volumeMounts [{:name "content-volume", :mountPath "/var/www/html/website"}]}],
|
||||
:volumes [{:name "content-volume", :persistentVolumeClaim {:claimName "test-io-content-volume"}}],
|
||||
:restartPolicy "OnFailure"}}}}}}
|
||||
(cut/generate-website-build-cron {:unique-name "test.io",
|
||||
:gitea-host "gitea.evilorg",
|
||||
:gitea-repo "none",
|
||||
:branchname "mablain",
|
||||
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]
|
||||
:username "someuser"
|
||||
:authtoken "abedjgbasdodj"}))))
|
||||
(cut/generate-website-build-cron {:authtoken "abedjgbasdodj",
|
||||
:gitea-host "gitlab.de",
|
||||
:username "someuser",
|
||||
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
|
||||
:gitea-repo "repo",
|
||||
:sha256sum-output "123456789ab123cd345de script-file-name.sh",
|
||||
:issuer "staging",
|
||||
:branchname "main",
|
||||
:unique-name "test.io"}))))
|
||||
|
||||
(deftest should-generate-website-build-deployment
|
||||
(is (= {:apiVersion "apps/v1",
|
||||
:kind "Deployment",
|
||||
:metadata {:name "test-io-build-deployment",
|
||||
:labels {:app.kubernetes.part-of "test-io-website"}},
|
||||
:metadata {:name "test-io-build-deployment", :labels {:app.kubernetes.part-of "test-io-website"}},
|
||||
:spec
|
||||
{:replicas 0,
|
||||
:selector {:matchLabels {:app "test-io-builder"}},
|
||||
|
@ -190,15 +190,18 @@
|
|||
:imagePullPolicy "IfNotPresent",
|
||||
:command ["/entrypoint.sh"],
|
||||
:envFrom [{:secretRef {:name "test-io-secret"}}],
|
||||
:env [{:name "SHA256SUM", :value "123456789ab123cd345de"} {:name "SCRIPTFILE", :value "script-file-name.sh"}],
|
||||
:volumeMounts [{:name "content-volume", :mountPath "/var/www/html/website"}]}],
|
||||
:volumes [{:name "content-volume", :persistentVolumeClaim {:claimName "test-io-content-volume"}}]}}}}
|
||||
(cut/generate-website-build-deployment {:unique-name "test.io",
|
||||
:gitea-host "gitea.evilorg",
|
||||
:gitea-repo "none",
|
||||
:branchname "mablain",
|
||||
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]
|
||||
:username "someuser"
|
||||
:authtoken "abedjgbasdodj"}))))
|
||||
(cut/generate-website-build-deployment {:authtoken "abedjgbasdodj",
|
||||
:gitea-host "gitlab.de",
|
||||
:username "someuser",
|
||||
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
|
||||
:gitea-repo "repo",
|
||||
:sha256sum-output "123456789ab123cd345de script-file-name.sh",
|
||||
:issuer "staging",
|
||||
:branchname "main",
|
||||
:unique-name "test.io"}))))
|
||||
|
||||
(deftest should-generate-website-initial-build-job
|
||||
(is (= {:apiVersion "batch/v1",
|
||||
|
@ -213,17 +216,19 @@
|
|||
:imagePullPolicy "IfNotPresent",
|
||||
:command ["/entrypoint.sh"],
|
||||
:envFrom [{:secretRef {:name "test-io-secret"}}],
|
||||
:env [{:name "SHA256SUM", :value "123456789ab123cd345de"} {:name "SCRIPTFILE", :value "script-file-name.sh"}],
|
||||
:volumeMounts [{:name "content-volume", :mountPath "/var/www/html/website"}]}],
|
||||
:volumes [{:name "content-volume", :persistentVolumeClaim {:claimName "test-io-content-volume"}}],
|
||||
:restartPolicy "OnFailure"}}}}
|
||||
(cut/generate-website-initial-build-job {:unique-name "test.io",
|
||||
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
|
||||
:gitea-host "gitlab.de",
|
||||
:gitea-repo "repo",
|
||||
:branchname "main",
|
||||
:username "someuser",
|
||||
:authtoken "abedjgbasdodj",
|
||||
:issuer "staging"}))))
|
||||
(cut/generate-website-initial-build-job {:authtoken "abedjgbasdodj",
|
||||
:gitea-host "gitlab.de",
|
||||
:username "someuser",
|
||||
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
|
||||
:gitea-repo "repo",
|
||||
:sha256sum-output "123456789ab123cd345de script-file-name.sh",
|
||||
:issuer "staging",
|
||||
:branchname "main",
|
||||
:unique-name "test.io"}))))
|
||||
|
||||
(deftest should-generate-website-build-secret
|
||||
(is (= {:name-c1 "test-io-secret",
|
||||
|
|
Loading…
Reference in a new issue