-
Notifications
You must be signed in to change notification settings - Fork 1
/
tasks
executable file
·122 lines (112 loc) · 4.43 KB
/
tasks
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
#!/bin/bash
set -Eeuo pipefail
RELEASER_VERSION="2.1.3"
DOCKER_OPS_VERSION="2.0.1"
SECRET_OPS_VERSION="0.8.0"
SECRET_OPS_FILE="ops/secret-ops"
SECRET_OPS_TAR_FILE="ops/secret-ops-${SECRET_OPS_VERSION}.tar.gz"
RELEASER_FILE="ops/releaser-${RELEASER_VERSION}"
DOCKER_OPS_FILE="ops/docker-ops-${DOCKER_OPS_VERSION}"
VAULT_ADDR="https://vault.kudulab.io:8200"
mkdir -p ops
if [[ ! -f $RELEASER_FILE ]];then
wget --quiet -O $RELEASER_FILE https://github.com/kudulab/releaser/releases/download/${RELEASER_VERSION}/releaser
fi
source $RELEASER_FILE
if [[ ! -f $DOCKER_OPS_FILE ]];then
wget --quiet -O $DOCKER_OPS_FILE https://github.com/kudulab/docker-ops/releases/download/${DOCKER_OPS_VERSION}/docker-ops
fi
source $DOCKER_OPS_FILE
if [[ ! -f $SECRET_OPS_TAR_FILE ]];then
wget --quiet -O $SECRET_OPS_TAR_FILE https://github.com/kudulab/secret-ops/releases/download/${SECRET_OPS_VERSION}/secret-ops.tar.gz
tar -xf $SECRET_OPS_TAR_FILE -C ops
fi
source $SECRET_OPS_FILE
image_name="kudulab/aws-dojo"
image_registry="dockerhub"
image_dir="./image"
imagerc_filename="imagerc"
function docker_login {
if [ -n "$DOCKERHUB_TOKEN" ]; then
echo "$DOCKERHUB_TOKEN" | docker login -u "$DOCKERHUB_USERNAME" --password-stdin
return
fi
echo "Warning: docker environment variables not found: falling back to Vault for authentication." >&2
vault_user_path=$USER
if [ $vault_user_path == "go" ]; then
vault_user_path="gocd"
fi
dockerhub_user=$(vault read -field=user secret/$vault_user_path/dockerhub)
vault read -field=password secret/$vault_user_path/dockerhub | docker login --username $dockerhub_user --password-stdin
}
function setup_github_credentials {
if [ -z "$GITHUB_CREDENTIALS" ]; then
echo "Error: GITHUB_CREDENTIALS not set" >&2
exit 1
fi
# GITHUB_CREDENTIALS should be in format of account-name:api-key
# example HTTPS URL: https://github.com/user/repo.git
# example SSH URL: [email protected]:user/repo.git
OLD_URL=$(git remote get-url origin)
NEW_URL=$(echo $OLD_URL | sed "s|[email protected]:|https://[email protected]/|g")
git remote set-url origin $NEW_URL
echo "GitHub new remote was set"
}
command="$1"
set +u
case "${command}" in
set_version)
set +u
releaser::bump_changelog_version "$2" "$3"
;;
verify_version)
releaser::verify_release_ready
;;
build_local)
image_tag=$(git rev-parse HEAD)
# build image and push to a test registry
docker_ops::docker_build "${image_dir}" "${imagerc_filename}" "${image_name}" "${image_tag}" "${image_registry}"
;;
build)
docker_login
./tasks build_local
docker_ops::push "${image_dir}" "${imagerc_filename}"
;;
itest)
docker_ops::ensure_pulled_image "${image_dir}" "${imagerc_filename}"
echo "Testing image: ${KUDU_DOCKER_IMAGE_URL}"
echo "DOJO_DOCKER_IMAGE=\"${KUDU_DOCKER_IMAGE_URL}\"" > ./Dojofile.to_be_tested
echo "DOJO_IDENTITY_OUTER=\"$(pwd)/test/integration/identities/aws_secrets\"" >> ./Dojofile.to_be_tested
echo "DOJO_WORK_OUTER=$(pwd)/test/integration/test_dojo_work" >> ./Dojofile.to_be_tested
time bats "$(pwd)/test/integration/end_user"
;;
example)
docker_ops::ensure_pulled_image "${image_dir}" "${imagerc_filename}"
echo "Testing image: ${KUDU_DOCKER_IMAGE_URL}"
echo "DOJO_DOCKER_IMAGE=\"${KUDU_DOCKER_IMAGE_URL}\"" > ./Dojofile.example
echo "DOJO_IDENTITY_OUTER=\"$(pwd)/test/integration/identities/aws_secrets\"" >> ./Dojofile.example
echo "DOJO_WORK_OUTER=$(pwd)/test/integration/test_dojo_work" >> ./Dojofile.example
dojo -c ./Dojofile.example
;;
release)
./tasks verify_version
setup_github_credentials
releaser::git_tag_from_changelog
;;
publish)
docker_login
version=$(releaser::get_last_version_from_whole_changelog "${changelog_file}")
docker_ops::ensure_pulled_image "${image_dir}" "${imagerc_filename}"
docker_ops::retag_push "${image_dir}" "${imagerc_filename}" "${image_name}" "${version}" "${image_registry}"
;;
generate_vault_token)
vault_token=$(vault token create -orphan -ttl=48h -policy=gocd -field token -metadata gocd_renew=true)
secured_token_gocd=$(secret_ops::encrypt_with_gocd_top "${vault_token}")
echo "Generated token: ${vault_token} and encrypted by GoCD server"
secret_ops::insert_vault_token_gocd_yaml "${secured_token_gocd}"
;;
*)
echo "Invalid command: '${command}'"
exit 1
;;
esac