Add optional script execution in build container

The script file must exist in the root of the specified gitea-repo.
You also need to specify (and calculate) a sha256sum output
for that file. This needs to be added as KV pair to
the respective collection in :websites.
This commit is contained in:
erik 2022-11-11 13:08:55 +01:00
parent 8e847318fb
commit 2b2ca8dae7
9 changed files with 104 additions and 53 deletions

View file

@ -7,6 +7,8 @@ source /usr/local/bin/functions.sh
echo "Downloading website"
get-and-unzip-website-data
echo "Executing Custom Scripts, if applicable"
execute-scripts-when-existing
echo "Building website"
build-and-extract-website
echo "Moving files"

View file

@ -6,9 +6,27 @@ function get-and-unzip-website-data() {
unzip $SOURCEDIR/$filename -d $BUILDDIR
}
function execute-scripts-when-existing {
if [[ -e $BUILDDIR/$SCRIPTFILE ]]
then
checksum="$(sha256sum $BUILDDIR/$SCRIPTFILE)"
if [[ "$SHA256SUM" == "$checksum" ]]
then
/bin/bash $BUILDDIR/$SCRIPTFILE
else
printf "Provided SHA256 Sum does not match calculated sum. Exiting."
printf "Calculated SHA256: $checksum"
printf "Given SHA256: $SHA256SUM"
exit 1
fi
else
prinf "No script file provided, exiting."
exit 0
fi
}
function build-and-extract-website() {
(cd $BUILDDIR; dir=$(ls); cd $dir; lein run;)
# websiteartifactname=$(ls target/ | grep -Eo "*.+\.war"); unzip target/$websiteartifactname
}
function move-website-files-to-target() {

View file

@ -11,13 +11,15 @@
[dda.c4k-common.base64 :as b64]
[dda.c4k-common.predicate :as pred]
[dda.c4k-website.ingress-cert :as ing]
[clojure.string :as str]))
[clojure.string :as str]
[clojure.string :as st]))
(defn fqdn-list?
[input]
(every? true? (map pred/fqdn-string? input)))
(s/def ::unique-name string?)
(s/def ::sha256sum-output string?)
(s/def ::issuer pred/letsencrypt-issuer?)
(s/def ::volume-size pred/integer-string?)
(s/def ::authtoken pred/bash-env-string?)
@ -28,7 +30,7 @@
(s/def ::username string?)
(def websitedata? (s/keys :req-un [::unique-name ::fqdns ::gitea-host ::gitea-repo ::branchname]
:opt-un [::issuer ::volume-size]))
:opt-un [::issuer ::volume-size ::sha256sum-output]))
(def websiteauth? (s/keys :req-un [::unique-name ::username ::authtoken]))
@ -43,6 +45,14 @@
(def config? (s/keys :req-un [::websites]
:opt-un [::issuer ::volume-size]))
(defn-spec get-hash-from-sha256sum-output string?
[sha256sum-output string?]
(first (st/split sha256sum-output #" ")))
(defn-spec get-file-name-from-sha256sum-output string?
[sha256sum-output string?]
(second (st/split sha256sum-output #" ")))
(defn-spec replace-dots-by-minus string?
[fqdn pred/fqdn-string?]
(str/replace fqdn #"\." "-"))
@ -163,29 +173,28 @@
(replace-all-matching-subvalues-in-string-start "NAME" (replace-dots-by-minus unique-name))
(cm/replace-all-matching-values-by-new-value "WEBSITESTORAGESIZE" (str volume-size "Gi")))))
(defn-spec replace-build-data pred/map-or-seq?
[resource-file string?
config flattened-and-reduced-config?]
(let [{:keys [unique-name sha256sum-output]} config]
(->
(yaml/load-as-edn resource-file)
(assoc-in [:metadata :labels :app.kubernetes.part-of] (generate-app-name unique-name))
(cm/replace-all-matching-values-by-new-value "CHECK_SUM" (get-hash-from-sha256sum-output sha256sum-output))
(cm/replace-all-matching-values-by-new-value "SCRIPT_FILE" (get-file-name-from-sha256sum-output sha256sum-output))
(replace-all-matching-subvalues-in-string-start "NAME" (replace-dots-by-minus unique-name)))))
(defn-spec generate-website-build-cron pred/map-or-seq?
[config flattened-and-reduced-config?]
(let [{:keys [unique-name]} config]
(->
(yaml/load-as-edn "website/website-build-cron.yaml")
(assoc-in [:metadata :labels :app.kubernetes.part-of] (generate-app-name unique-name))
(replace-all-matching-subvalues-in-string-start "NAME" (replace-dots-by-minus unique-name)))))
(replace-build-data "website/website-build-cron.yaml" config))
(defn-spec generate-website-initial-build-job pred/map-or-seq?
[config flattened-and-reduced-config?]
(let [{:keys [unique-name]} config]
(->
(yaml/load-as-edn "website/website-initial-build-job.yaml")
(assoc-in [:metadata :labels :app.kubernetes.part-of] (generate-app-name unique-name))
(replace-all-matching-subvalues-in-string-start "NAME" (replace-dots-by-minus unique-name)))))
(replace-build-data "website/website-initial-build-job.yaml" config))
(defn-spec generate-website-build-deployment pred/map-or-seq?
[config flattened-and-reduced-config?]
(let [{:keys [unique-name]} config]
(->
(yaml/load-as-edn "website/website-build-deployment.yaml")
(assoc-in [:metadata :labels :app.kubernetes.part-of] (generate-app-name unique-name))
(replace-all-matching-subvalues-in-string-start "NAME" (replace-dots-by-minus unique-name)))))
(replace-build-data "website/website-build-deployment.yaml" config))
(defn-spec generate-website-build-secret pred/map-or-seq?
[auth flattened-and-reduced-config?]

View file

@ -31,19 +31,20 @@
(cm/concat-vec
(br/generate-input-field "issuer" "(Optional) Your issuer prod/staging:" "")
(br/generate-text-area
"websites" "A collection containing fqdns and repo infos for each website:"
"websites" "Contains fqdns, repo infos, an optional sha256sum-output for script execution for each website:"
"{:websites
[{:unique-name \"test.io\",
:fqdns [\"test.de\" \"www.test.de\"],
:gitea-host \"githost.de\",
:gitea-repo \"repo\",
:branchname \"main\"}
:branchname \"main\",
:sha256sum-output \"123456789ab123cd345de script-file-name.sh\"}
{:unique-name \"example.io \",
:fqdns [\"example.org\" \"www.example.org\"],
:gitea-host \"githost.org\",
:gitea-repo \"repo\",
:branchname \"main\"}]}"
"10")))
"11")))
(generate-group
"credentials"
(br/generate-text-area

View file

@ -20,6 +20,11 @@ spec:
envFrom:
- secretRef:
name: NAME-secret
env:
- name: SHA256SUM
value: CHECK_SUM
- name: SCRIPTFILE
value: SCRIPT_FILE
volumeMounts:
- name: content-volume
mountPath: /var/www/html/website

View file

@ -26,6 +26,11 @@ spec:
envFrom:
- secretRef:
name: NAME-secret
env:
- name: SHA256SUM
value: CHECK_SUM
- name: SCRIPTFILE
value: SCRIPT_FILE
volumeMounts:
- name: content-volume
mountPath: /var/www/html/website

View file

@ -8,3 +8,4 @@ data:
AUTHTOKEN: TOKEN
GITREPOURL: URL

View file

@ -15,6 +15,11 @@ spec:
envFrom:
- secretRef:
name: NAME-secret
env:
- name: SHA256SUM
value: CHECK_SUM
- name: SCRIPTFILE
value: SCRIPT_FILE
volumeMounts:
- name: content-volume
mountPath: /var/www/html/website

View file

@ -143,9 +143,7 @@
(deftest should-generate-website-build-cron
(is (= {:apiVersion "batch/v1beta1",
:kind "CronJob",
:metadata {
:name "test-io-build-cron",
:labels {:app.kubernetes.part-of "test-io-website"}},
:metadata {:name "test-io-build-cron", :labels {:app.kubernetes.part-of "test-io-website"}},
:spec
{:schedule "0/7 * * * *",
:successfulJobsHistoryLimit 1,
@ -160,22 +158,24 @@
:imagePullPolicy "IfNotPresent",
:command ["/entrypoint.sh"],
:envFrom [{:secretRef {:name "test-io-secret"}}],
:env [{:name "SHA256SUM", :value "123456789ab123cd345de"} {:name "SCRIPTFILE", :value "script-file-name.sh"}],
:volumeMounts [{:name "content-volume", :mountPath "/var/www/html/website"}]}],
:volumes [{:name "content-volume", :persistentVolumeClaim {:claimName "test-io-content-volume"}}],
:restartPolicy "OnFailure"}}}}}}
(cut/generate-website-build-cron {:unique-name "test.io",
:gitea-host "gitea.evilorg",
:gitea-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]
:username "someuser"
:authtoken "abedjgbasdodj"}))))
(cut/generate-website-build-cron {:authtoken "abedjgbasdodj",
:gitea-host "gitlab.de",
:username "someuser",
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
:gitea-repo "repo",
:sha256sum-output "123456789ab123cd345de script-file-name.sh",
:issuer "staging",
:branchname "main",
:unique-name "test.io"}))))
(deftest should-generate-website-build-deployment
(is (= {:apiVersion "apps/v1",
:kind "Deployment",
:metadata {:name "test-io-build-deployment",
:labels {:app.kubernetes.part-of "test-io-website"}},
:metadata {:name "test-io-build-deployment", :labels {:app.kubernetes.part-of "test-io-website"}},
:spec
{:replicas 0,
:selector {:matchLabels {:app "test-io-builder"}},
@ -190,15 +190,18 @@
:imagePullPolicy "IfNotPresent",
:command ["/entrypoint.sh"],
:envFrom [{:secretRef {:name "test-io-secret"}}],
:env [{:name "SHA256SUM", :value "123456789ab123cd345de"} {:name "SCRIPTFILE", :value "script-file-name.sh"}],
:volumeMounts [{:name "content-volume", :mountPath "/var/www/html/website"}]}],
:volumes [{:name "content-volume", :persistentVolumeClaim {:claimName "test-io-content-volume"}}]}}}}
(cut/generate-website-build-deployment {:unique-name "test.io",
:gitea-host "gitea.evilorg",
:gitea-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]
:username "someuser"
:authtoken "abedjgbasdodj"}))))
(cut/generate-website-build-deployment {:authtoken "abedjgbasdodj",
:gitea-host "gitlab.de",
:username "someuser",
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
:gitea-repo "repo",
:sha256sum-output "123456789ab123cd345de script-file-name.sh",
:issuer "staging",
:branchname "main",
:unique-name "test.io"}))))
(deftest should-generate-website-initial-build-job
(is (= {:apiVersion "batch/v1",
@ -213,17 +216,19 @@
:imagePullPolicy "IfNotPresent",
:command ["/entrypoint.sh"],
:envFrom [{:secretRef {:name "test-io-secret"}}],
:env [{:name "SHA256SUM", :value "123456789ab123cd345de"} {:name "SCRIPTFILE", :value "script-file-name.sh"}],
:volumeMounts [{:name "content-volume", :mountPath "/var/www/html/website"}]}],
:volumes [{:name "content-volume", :persistentVolumeClaim {:claimName "test-io-content-volume"}}],
:restartPolicy "OnFailure"}}}}
(cut/generate-website-initial-build-job {:unique-name "test.io",
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
:gitea-host "gitlab.de",
:gitea-repo "repo",
:branchname "main",
:username "someuser",
:authtoken "abedjgbasdodj",
:issuer "staging"}))))
(cut/generate-website-initial-build-job {:authtoken "abedjgbasdodj",
:gitea-host "gitlab.de",
:username "someuser",
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
:gitea-repo "repo",
:sha256sum-output "123456789ab123cd345de script-file-name.sh",
:issuer "staging",
:branchname "main",
:unique-name "test.io"}))))
(deftest should-generate-website-build-secret
(is (= {:name-c1 "test-io-secret",