feature/docker-action (#11)
Co-authored-by: kjuulh <contact@kjuulh.io> Reviewed-on: kjuulh/kraken#11
This commit is contained in:
parent
9696270d22
commit
1ff0014ad4
1
.gitignore
vendored
1
.gitignore
vendored
@ -1 +1,2 @@
|
|||||||
.cuddle/
|
.cuddle/
|
||||||
|
.env
|
||||||
|
8
_examples/actions/docker_action/Dockerfile
Normal file
8
_examples/actions/docker_action/Dockerfile
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
FROM debian:bullseye-slim
|
||||||
|
|
||||||
|
# Kraken relies on this path being the specified path
|
||||||
|
WORKDIR /src/work/
|
||||||
|
|
||||||
|
COPY entry.sh /src/script.sh
|
||||||
|
|
||||||
|
CMD [ "/src/script.sh" ]
|
5
_examples/actions/docker_action/entry.sh
Executable file
5
_examples/actions/docker_action/entry.sh
Executable file
@ -0,0 +1,5 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
echo "# README docker" > README.md
|
11
_examples/actions/docker_action/go.mod
Normal file
11
_examples/actions/docker_action/go.mod
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
module write_a_readme
|
||||||
|
|
||||||
|
go 1.19
|
||||||
|
|
||||||
|
require github.com/bitfield/script v0.20.2
|
||||||
|
|
||||||
|
require (
|
||||||
|
bitbucket.org/creachadair/shell v0.0.7 // indirect
|
||||||
|
github.com/itchyny/gojq v0.12.7 // indirect
|
||||||
|
github.com/itchyny/timefmt-go v0.1.3 // indirect
|
||||||
|
)
|
20
_examples/actions/docker_action/go.sum
Normal file
20
_examples/actions/docker_action/go.sum
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
bitbucket.org/creachadair/shell v0.0.7 h1:Z96pB6DkSb7F3Y3BBnJeOZH2gazyMTWlvecSD4vDqfk=
|
||||||
|
bitbucket.org/creachadair/shell v0.0.7/go.mod h1:oqtXSSvSYr4624lnnabXHaBsYW6RD80caLi2b3hJk0U=
|
||||||
|
github.com/bitfield/script v0.20.2 h1:4DexsRtBILVMEn3EZwHbtJdDqdk43sXI8gM3F04JXgs=
|
||||||
|
github.com/bitfield/script v0.20.2/go.mod h1:l3AZPVAtKQrL03bwh7nlNTUtgrgSWurpJSbtqspYrOA=
|
||||||
|
github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
||||||
|
github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
||||||
|
github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o=
|
||||||
|
github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
|
||||||
|
github.com/itchyny/gojq v0.12.7 h1:hYPTpeWfrJ1OT+2j6cvBScbhl0TkdwGM4bc66onUSOQ=
|
||||||
|
github.com/itchyny/gojq v0.12.7/go.mod h1:ZdvNHVlzPgUf8pgjnuDTmGfHA/21KoutQUJ3An/xNuw=
|
||||||
|
github.com/itchyny/timefmt-go v0.1.3 h1:7M3LGVDsqcd0VZH2U+x393obrzZisp7C0uEe921iRkU=
|
||||||
|
github.com/itchyny/timefmt-go v0.1.3/go.mod h1:0osSSCQSASBJMsIZnhAaF1C2fCBTJZXrnj37mG8/c+A=
|
||||||
|
github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
|
||||||
|
github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
|
||||||
|
golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||||
|
golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||||
|
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||||
|
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||||
|
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||||
|
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
11
_examples/actions/docker_action/kraken.yml
Normal file
11
_examples/actions/docker_action/kraken.yml
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
apiVersion: git.front.kjuulh.io/kjuulh/kraken/blob/main/schema/v1
|
||||||
|
name: write-a-readme
|
||||||
|
select:
|
||||||
|
repositories:
|
||||||
|
- git@git.front.kjuulh.io:kjuulh/kraken-test.git
|
||||||
|
# providers:
|
||||||
|
# - gitea: https://git.front.kjuulh.io
|
||||||
|
# organisation: "cibus"
|
||||||
|
actions:
|
||||||
|
- type: docker-build
|
||||||
|
entry: Dockerfile
|
@ -22,8 +22,8 @@ func CreateKrakenProcessCmd() *cobra.Command {
|
|||||||
Path string `json:"path"`
|
Path string `json:"path"`
|
||||||
}{
|
}{
|
||||||
Repository: "git@git.front.kjuulh.io:kjuulh/kraken.git",
|
Repository: "git@git.front.kjuulh.io:kjuulh/kraken.git",
|
||||||
Branch: "feature/gitea-integration",
|
Branch: "feature/docker-action",
|
||||||
Path: "_examples/actions/write_a_readme/",
|
Path: "_examples/actions/docker_action/",
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
|
@ -30,6 +30,18 @@ func (a *Action) Execute(ctx context.Context, area *storage.Area) error {
|
|||||||
|
|
||||||
zap.L().Debug("Execution done")
|
zap.L().Debug("Execution done")
|
||||||
|
|
||||||
|
case "docker-build":
|
||||||
|
zap.L().Debug("Building docker-build")
|
||||||
|
runCmd, err := builders.NewDockerBuild(zap.L()).Build(ctx, a.SchemaPath, action.Entry)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
err = runCmd(ctx, area.Path)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
|
||||||
default:
|
default:
|
||||||
return errors.New("could not determine action type")
|
return errors.New("could not determine action type")
|
||||||
}
|
}
|
||||||
|
95
internal/actions/builders/docker.go
Normal file
95
internal/actions/builders/docker.go
Normal file
@ -0,0 +1,95 @@
|
|||||||
|
package builders
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"crypto/rand"
|
||||||
|
"encoding/hex"
|
||||||
|
"errors"
|
||||||
|
"fmt"
|
||||||
|
"os"
|
||||||
|
"os/exec"
|
||||||
|
|
||||||
|
"go.uber.org/zap"
|
||||||
|
"go.uber.org/zap/zapio"
|
||||||
|
)
|
||||||
|
|
||||||
|
type DockerBuild struct {
|
||||||
|
logger *zap.Logger
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewDockerBuild(logger *zap.Logger) *DockerBuild {
|
||||||
|
return &DockerBuild{logger: logger}
|
||||||
|
}
|
||||||
|
|
||||||
|
type DockerRunCommand func(ctx context.Context, victimPath string) error
|
||||||
|
|
||||||
|
func (g *DockerBuild) Build(ctx context.Context, modulePath, entryPath string) (DockerRunCommand, error) {
|
||||||
|
g.logger.Debug("Building docker image", zap.String("actiondir", modulePath), zap.String("entry", entryPath))
|
||||||
|
|
||||||
|
if _, err := os.Stat(fmt.Sprintf("%s/%s", modulePath, entryPath)); os.IsNotExist(err) {
|
||||||
|
return nil, errors.New("could not find entry")
|
||||||
|
}
|
||||||
|
|
||||||
|
b := make([]byte, 20)
|
||||||
|
_, err := rand.Reader.Read(b)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
tag := hex.EncodeToString(b)
|
||||||
|
buildDockerCmd := fmt.Sprintf("(cd %s; docker build -f %s --tag kraken/%s .)", modulePath, entryPath, tag)
|
||||||
|
g.logger.Debug("Running command", zap.String("command", buildDockerCmd))
|
||||||
|
|
||||||
|
cmd := exec.CommandContext(
|
||||||
|
ctx,
|
||||||
|
"/bin/bash",
|
||||||
|
"-c",
|
||||||
|
buildDockerCmd,
|
||||||
|
)
|
||||||
|
|
||||||
|
debugwriter := &zapio.Writer{
|
||||||
|
Log: g.logger,
|
||||||
|
Level: zap.DebugLevel,
|
||||||
|
}
|
||||||
|
defer debugwriter.Close()
|
||||||
|
|
||||||
|
cmd.Stdout = debugwriter
|
||||||
|
cmd.Stderr = debugwriter
|
||||||
|
err = cmd.Start()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
err = cmd.Wait()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
g.logger.Debug("Docker image built!")
|
||||||
|
|
||||||
|
return func(ctx context.Context, victimPath string) error {
|
||||||
|
g.logger.Debug("Executing script", zap.String("victim", victimPath))
|
||||||
|
|
||||||
|
cmd := exec.CommandContext(
|
||||||
|
ctx,
|
||||||
|
"/bin/bash",
|
||||||
|
"-c",
|
||||||
|
fmt.Sprintf("docker run --rm -v %s/:/src/work/ kraken/%s", victimPath, tag),
|
||||||
|
)
|
||||||
|
|
||||||
|
runDockerWriter := &zapio.Writer{
|
||||||
|
Log: g.logger,
|
||||||
|
Level: zap.DebugLevel,
|
||||||
|
}
|
||||||
|
defer runDockerWriter.Close()
|
||||||
|
|
||||||
|
cmd.Stdout = runDockerWriter
|
||||||
|
cmd.Stderr = runDockerWriter
|
||||||
|
|
||||||
|
err = cmd.Start()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
return cmd.Wait()
|
||||||
|
}, nil
|
||||||
|
}
|
@ -168,6 +168,16 @@ func (pr *ProcessRepos) commit(ctx context.Context, area *storage.Area, repo *pr
|
|||||||
return fmt.Errorf("could not add file: %w", err)
|
return fmt.Errorf("could not add file: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
status, err := wt.Status()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
if status.IsClean() {
|
||||||
|
pr.logger.Info("Returning early, as no modifications are detected")
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
err = pr.git.Commit(ctx, repo)
|
err = pr.git.Commit(ctx, repo)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("could not get diff: %w", err)
|
return fmt.Errorf("could not get diff: %w", err)
|
||||||
@ -175,15 +185,6 @@ func (pr *ProcessRepos) commit(ctx context.Context, area *storage.Area, repo *pr
|
|||||||
|
|
||||||
dryrun := false
|
dryrun := false
|
||||||
if !dryrun {
|
if !dryrun {
|
||||||
status, err := wt.Status()
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
if status.IsClean() {
|
|
||||||
pr.logger.Info("Returning early, as no modifications are detected")
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
err = pr.git.Push(ctx, repo)
|
err = pr.git.Push(ctx, repo)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -2,7 +2,9 @@ package gitproviders
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"os"
|
||||||
"sync"
|
"sync"
|
||||||
|
|
||||||
"code.gitea.io/sdk/gitea"
|
"code.gitea.io/sdk/gitea"
|
||||||
@ -121,7 +123,15 @@ func (g *Gitea) getOrCreateClient(ctx context.Context, server string) (*gitea.Cl
|
|||||||
client, ok := g.giteaClients[server]
|
client, ok := g.giteaClients[server]
|
||||||
if !ok || client == nil {
|
if !ok || client == nil {
|
||||||
c, err := gitea.NewClient(server)
|
c, err := gitea.NewClient(server)
|
||||||
c.SetBasicAuth("kjuulh", "c0bd801cc9a7f2ed559ea45d603afc92f5443f19")
|
username, ok := os.LookupEnv("GITEA_USERNAME")
|
||||||
|
if !ok {
|
||||||
|
return nil, errors.New("missing environment variable GITEA_USERNAME")
|
||||||
|
}
|
||||||
|
apitoken, ok := os.LookupEnv("GITEA_API_TOKEN")
|
||||||
|
if !ok {
|
||||||
|
return nil, errors.New("missing environment variable GITEA_API_TOKEN")
|
||||||
|
}
|
||||||
|
c.SetBasicAuth(username, apitoken)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
@ -2,6 +2,7 @@ package providers
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
@ -63,12 +64,12 @@ func NewGit(logger *zap.Logger, gitConfig *GitConfig, openPGP *signer.OpenPGP) *
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (g *Git) GetOriginHEADForRepo(ctx context.Context, gitRepo *GitRepo) (string, error) {
|
func (g *Git) GetOriginHEADForRepo(ctx context.Context, gitRepo *GitRepo) (string, error) {
|
||||||
remote, err := gitRepo.repo.Remote("origin")
|
auth, err := g.GetAuth()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
|
|
||||||
auth, err := g.GetAuth()
|
remote, err := gitRepo.repo.Remote("origin")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
@ -82,11 +83,16 @@ func (g *Git) GetOriginHEADForRepo(ctx context.Context, gitRepo *GitRepo) (strin
|
|||||||
|
|
||||||
headRef := ""
|
headRef := ""
|
||||||
for _, ref := range refs {
|
for _, ref := range refs {
|
||||||
|
//g.logger.Debug(ref.String())
|
||||||
if !ref.Name().IsBranch() {
|
if !ref.Name().IsBranch() {
|
||||||
headRef = ref.Target().Short()
|
headRef = ref.Target().Short()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if headRef == "" {
|
||||||
|
return "", errors.New("no upstream HEAD branch could be found")
|
||||||
|
}
|
||||||
|
|
||||||
return headRef, nil
|
return headRef, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -107,7 +113,7 @@ func (g *Git) CloneBranch(ctx context.Context, storageArea *storage.Area, repoUr
|
|||||||
Auth: auth,
|
Auth: auth,
|
||||||
RemoteName: "origin",
|
RemoteName: "origin",
|
||||||
ReferenceName: plumbing.NewBranchReferenceName(branch),
|
ReferenceName: plumbing.NewBranchReferenceName(branch),
|
||||||
SingleBranch: true,
|
SingleBranch: false,
|
||||||
NoCheckout: false,
|
NoCheckout: false,
|
||||||
Depth: 1,
|
Depth: 1,
|
||||||
RecurseSubmodules: 1,
|
RecurseSubmodules: 1,
|
||||||
@ -118,7 +124,7 @@ func (g *Git) CloneBranch(ctx context.Context, storageArea *storage.Area, repoUr
|
|||||||
}
|
}
|
||||||
|
|
||||||
repo, err := git.PlainCloneContext(ctx, storageArea.Path, false, &cloneOptions)
|
repo, err := git.PlainCloneContext(ctx, storageArea.Path, false, &cloneOptions)
|
||||||
if err != nil {
|
if err != nil && !errors.Is(err, git.NoErrAlreadyUpToDate) {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -144,7 +150,7 @@ func (g *Git) Clone(ctx context.Context, storageArea *storage.Area, repoUrl stri
|
|||||||
Auth: auth,
|
Auth: auth,
|
||||||
RemoteName: "origin",
|
RemoteName: "origin",
|
||||||
ReferenceName: "refs/heads/main",
|
ReferenceName: "refs/heads/main",
|
||||||
SingleBranch: true,
|
SingleBranch: false,
|
||||||
NoCheckout: false,
|
NoCheckout: false,
|
||||||
Depth: 1,
|
Depth: 1,
|
||||||
RecurseSubmodules: 1,
|
RecurseSubmodules: 1,
|
||||||
@ -245,7 +251,7 @@ func (g *Git) CreateBranch(ctx context.Context, gitRepo *GitRepo) error {
|
|||||||
InsecureSkipTLS: false,
|
InsecureSkipTLS: false,
|
||||||
CABundle: []byte{},
|
CABundle: []byte{},
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil && !errors.Is(err, git.NoErrAlreadyUpToDate) {
|
||||||
return fmt.Errorf("could not pull from origin: %w", err)
|
return fmt.Errorf("could not pull from origin: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -287,12 +293,11 @@ func (g *Git) Push(ctx context.Context, gitRepo *GitRepo) error {
|
|||||||
Auth: auth,
|
Auth: auth,
|
||||||
Progress: g.getProgressWriter(),
|
Progress: g.getProgressWriter(),
|
||||||
Prune: false,
|
Prune: false,
|
||||||
Force: false,
|
Force: true,
|
||||||
InsecureSkipTLS: false,
|
InsecureSkipTLS: false,
|
||||||
CABundle: []byte{},
|
CABundle: []byte{},
|
||||||
RequireRemoteRefs: []config.RefSpec{},
|
RequireRemoteRefs: []config.RefSpec{},
|
||||||
})
|
})
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -20,7 +20,7 @@
|
|||||||
|
|
||||||
- [x] Setup a way to choose actions and predicates
|
- [x] Setup a way to choose actions and predicates
|
||||||
- [x] Allow instantiation of actions, kraken template repo etc.
|
- [x] Allow instantiation of actions, kraken template repo etc.
|
||||||
- [ ] Implement docker action
|
- [x] Implement docker action
|
||||||
- [ ] Providing query results
|
- [ ] Providing query results
|
||||||
- [x] Create pr for gitea provider
|
- [x] Create pr for gitea provider
|
||||||
- [ ] Think about some sort of isolation
|
- [ ] Think about some sort of isolation
|
||||||
|
@ -2,4 +2,6 @@
|
|||||||
|
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
|
export $(cat .env | xargs)
|
||||||
|
|
||||||
go run cmd/server/server.go start
|
go run cmd/server/server.go start
|
||||||
|
Loading…
Reference in New Issue
Block a user