diff --git a/.gitignore b/.gitignore index 106a0e3..5efecd4 100644 --- a/.gitignore +++ b/.gitignore @@ -10,5 +10,10 @@ config*.edn /target pom.xml +# pybuilder ignores +.pybuilder +__pycache__ + # ide ignores .calva/ + diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d343408..12d0517 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -3,6 +3,10 @@ stages: - package - security - upload + - image + +services: + - docker:19.03.12-dind .cljs-job: &cljs image: node:lts-buster @@ -58,7 +62,7 @@ package: <<: *cljs stage: package script: - - shadow-cljs compile app + - shadow-cljs release app - chmod a+x target/mastodon-bot.js - sha256sum target/mastodon-bot.js > target/mastodon-bot.js.sha256 - sha512sum target/mastodon-bot.js > target/mastodon-bot.js.sha512 @@ -68,22 +72,22 @@ package: - target/mastodon-bot.js.sha256 - target/mastodon-bot.js.sha512 -sast: - variables: - SAST_EXCLUDED_ANALYZERS: - bandit, brakeman, flawfinder, gosec, kubesec, phpcs-security-audit, - pmd-apex, security-code-scan, sobelow, spotbugs - stage: security - before_script: - - mkdir -p builds && cp -r target/ builds/ -include: - - template: Security/SAST.gitlab-ci.yml +# sast: +# variables: +# SAST_EXCLUDED_ANALYZERS: +# bandit, brakeman, flawfinder, gosec, kubesec, phpcs-security-audit, +# pmd-apex, security-code-scan, sobelow, spotbugs +# stage: security +# before_script: +# - mkdir -p builds && cp -r target/ builds/ +# include: +# - template: Security/SAST.gitlab-ci.yml upload-cljs-prerelease: <<: *js-upload stage: upload - rules: - - if: '$CI_COMMIT_BRANCH == "master" && $CI_COMMIT_TAG == null' + # rules: + # - if: '$CI_COMMIT_BRANCH == "master" && $CI_COMMIT_TAG == null' script: - cp package.json target/npm-build/ - sed -i 's|SNAPSHOT|'$(date +"%Y%m%d%H%M%S")'|' ./target/npm-build/package.json @@ -92,8 +96,8 @@ upload-cljs-prerelease: upload-clj-prerelease: <<: *clj stage: upload - rules: - - if: '$CI_COMMIT_BRANCH == "master" && $CI_COMMIT_TAG == null' + # rules: + # - if: '$CI_COMMIT_BRANCH == "master" && $CI_COMMIT_TAG == null' script: - lein deploy clojars @@ -105,3 +109,11 @@ upload-js-release: script: - cp package.json target/npm-build/ - npm publish ./target/npm-build --access public + +build: + image: domaindrivenarchitecture/dda-devops-build:latest + stage: image + # rules: + # - if: '$CI_COMMIT_BRANCH == "master" && $CI_COMMIT_TAG != null' + script: + - cd infrastructure/docker && pyb image test publish \ No newline at end of file diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 027ace7..0000000 --- a/Dockerfile +++ /dev/null @@ -1,15 +0,0 @@ -FROM node:10-slim - -RUN apt-get update && apt-get install --assume-yes software-properties-common && \ - apt-get install --assume-yes git cron - -RUN npm install -g mastodon-bot - -RUN mkdir /config && touch /config/config.edn && touch /var/log/cron.log - -ADD poll.sh /poll.sh - -ENV MASTODON_BOT_CONFIG /config/config.edn -VOLUME /config - -CMD /poll.sh diff --git a/infrastructure/docker/build.py b/infrastructure/docker/build.py new file mode 100644 index 0000000..81aa7fc --- /dev/null +++ b/infrastructure/docker/build.py @@ -0,0 +1,49 @@ +from os import environ +from pybuilder.core import task, init +from ddadevops import * +import logging + +name = 'mastodon-bot' +MODULE = 'docker' +PROJECT_ROOT_PATH = '../..' + + +class MyBuild(DevopsDockerBuild): + pass + +@init +def initialize(project): + project.build_depends_on('ddadevops>=0.8.19') + stage = 'notused' + dockerhub_user = environ.get('DOCKERHUB_USER') + if not dockerhub_user: + dockerhub_user = gopass_field_from_path('meissa/web/docker.com', 'login') + dockerhub_password = environ.get('DOCKERHUB_PASSWORD') + if not dockerhub_password: + dockerhub_password = gopass_password_from_path('meissa/web/docker.com') + config = create_devops_docker_build_config( + stage, PROJECT_ROOT_PATH, MODULE, dockerhub_user, dockerhub_password) + build = MyBuild(project, config) + build.initialize_build_dir() + + +@task +def image(project): + build = get_devops_build(project) + build.image() + +@task +def drun(project): + build = get_devops_build(project) + build.drun() + +@task +def test(project): + build = get_devops_build(project) + build.test() + +@task +def publish(project): + build = get_devops_build(project) + build.dockerhub_login() + build.dockerhub_publish() diff --git a/infrastructure/docker/image/Dockerfile b/infrastructure/docker/image/Dockerfile new file mode 100644 index 0000000..c86f881 --- /dev/null +++ b/infrastructure/docker/image/Dockerfile @@ -0,0 +1,5 @@ +FROM node:lts-buster-slim + +RUN npm install -g mastodon-bot + +ENTRYPOINT mastodon-bot diff --git a/poll.sh b/infrastructure/docker/image/resources/poll.sh similarity index 100% rename from poll.sh rename to infrastructure/docker/image/resources/poll.sh diff --git a/infrastructure/docker/test/Dockerfile b/infrastructure/docker/test/Dockerfile new file mode 100644 index 0000000..0f14bc0 --- /dev/null +++ b/infrastructure/docker/test/Dockerfile @@ -0,0 +1,11 @@ +FROM mastodon-bot + +RUN mkdir -p /usr/share/man/man1 + +RUN apt update && apt -yq install apt-utils openjdk-11-jre-headless curl > /dev/null + +RUN curl -L -o /tmp/serverspec.jar https://github.com/DomainDrivenArchitecture/dda-serverspec-crate/releases/download/2.0.1/dda-serverspec-standalone.jar + +COPY serverspec.edn /tmp/serverspec.edn + +RUN java -jar /tmp/serverspec.jar /tmp/serverspec.edn -v diff --git a/infrastructure/docker/test/serverspec.edn b/infrastructure/docker/test/serverspec.edn new file mode 100644 index 0000000..66b29ea --- /dev/null +++ b/infrastructure/docker/test/serverspec.edn @@ -0,0 +1,2 @@ +{:command [{:cmd "mastodon-bot -h" + :exit-code 0}]}