From 20667709b2b91deb54f5c6f530facf9525133a27 Mon Sep 17 00:00:00 2001 From: Dan Anglin Date: Fri, 10 Jul 2020 07:22:39 +0100 Subject: [PATCH] ci: test environment docker image for CI pipelines This commit includes a Dockerfile for building a test environment for future CI pipelines. This commit also refactors the GitLab CI pipeline files by splitting the jobs into different files: - .gitlab-ci.yml: Global CI pipeline file. - .gitlab/ci/test-env.gitlab-ci.yml: Jobs to test and publish the docker image for the test environment. - .gitlab/ci/playbook.gitlab-ci.yml: Jobs to test and publish the docker image for the pleroma playbook - .gitlab/ci/templates/docker.gitlab-ci.yml: Template jobs for testing and publishing docker images. Part of dananglin/pleroma-ansible-playbook#17 --- .gitignore | 1 - .gitlab-ci.yml | 84 +++-------------------- .gitlab/ci/playbook.gitlab-ci.yml | 60 ++++++++++++++++ .gitlab/ci/templates/docker.gitlab-ci.yml | 29 ++++++++ .gitlab/ci/test-env.gitlab-ci.yml | 39 +++++++++++ Makefile | 5 +- test/pleroma_test_env/.dockerignore | 2 + test/pleroma_test_env/Dockerfile | 30 ++++++++ test/pleroma_test_env/files/admin-sudoers | 1 + test/pleroma_test_env/files/entrypoint | 14 ++++ 10 files changed, 188 insertions(+), 77 deletions(-) create mode 100644 .gitlab/ci/playbook.gitlab-ci.yml create mode 100644 .gitlab/ci/templates/docker.gitlab-ci.yml create mode 100644 .gitlab/ci/test-env.gitlab-ci.yml create mode 100644 test/pleroma_test_env/.dockerignore create mode 100644 test/pleroma_test_env/Dockerfile create mode 100644 test/pleroma_test_env/files/admin-sudoers create mode 100755 test/pleroma_test_env/files/entrypoint diff --git a/.gitignore b/.gitignore index 79fdf95..a9278d4 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,5 @@ inventories/* !inventories/.gitkeep -site.yml vapid-private-key.pem library/__pycache__/ diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index aa4510b..c3c502b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,79 +1,15 @@ --- +workflow: + rules: + - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' + - if: '$CI_COMMIT_TAG' + - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' + stages: - test - publish -.use-python: - image: python:3.7.6-slim-buster - -.docker-build-setup: - image: docker:19.03.8 - services: - - docker:19.03.8-dind - -.install-make: &install-make -- apk add --no-cache make - -test:dockerfile-lint: - stage: test - image: hadolint/hadolint:v1.17.5-alpine - script: - - hadolint ./Dockerfile - only: - refs: - - merge_requests - changes: - - Dockerfile - except: - refs: - - master - -test:docker-image-build: - stage: test - extends: .docker-build-setup - script: - - *install-make - - export IMAGE_DATE=$(date -Iseconds) - - make image - only: - refs: - - merge_requests - changes: - - Dockerfile - except: - refs: - - master - -test:custom-modules: - stage: test - extends: .use-python - before_script: - - apt-get update && apt-get install make - - pip install ansible==2.9.6 - script: - - make test_modules_unit - only: - refs: - - merge_requests - changes: - - library/* - except: - refs: - - master - -publish:docker-image: - stage: publish - extends: .docker-build-setup - before_script: - - docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY} - after_script: - - docker logout ${CI_REGISTRY} - script: - - *install-make - - export IMAGE_DATE=$(date -Iseconds) - - make publish - only: - - /^v[0-9]+(.[0-9]+){2}$/ - variables: - IMAGE_NAME: ${CI_REGISTRY}/${CI_PROJECT_PATH}/playbook - IMAGE_TAG: ${CI_COMMIT_REF_NAME} +include: +- local: '/.gitlab/ci/templates/docker.gitlab-ci.yml' +- local: '/.gitlab/ci/test-env.gitlab-ci.yml' +- local: '/.gitlab/ci/playbook.gitlab-ci.yml' diff --git a/.gitlab/ci/playbook.gitlab-ci.yml b/.gitlab/ci/playbook.gitlab-ci.yml new file mode 100644 index 0000000..2d50ed8 --- /dev/null +++ b/.gitlab/ci/playbook.gitlab-ci.yml @@ -0,0 +1,60 @@ +--- +.use-python: + image: python:3.7.6-slim-buster + +.playbook-docker-vars: + variables: + DOCKERFILE: "Dockerfile" + IMAGE_NAME: ${CI_REGISTRY}/${CI_PROJECT_PATH}/playbook + IMAGE_TAG: ${CI_COMMIT_REF_NAME} + +.playbook-docker-test-rules: + rules: + - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' + changes: + - "Dockerfile" + when: always + +test:playbook:dockerfile-lint: + extends: + - .dockerfile-lint + - .playbook-docker-vars + - .playbook-docker-test-rules + +test:playbook:docker-build: + extends: + - .dockerbuild-test + - .playbook-docker-vars + - .playbook-docker-test-rules + script: + - export IMAGE_DATE=$(date -Iseconds) + - export BUILD_ARGS="--build-arg BUILD_TAG=${IMAGE_TAG} --build-arg BUILD_TIME=${IMAGE_DATE}" + - make image + +test:playbook:custom-modules: + stage: test + extends: .use-python + before_script: + - apt-get update && apt-get install make + - pip install ansible==2.9.7 + script: + - make test_modules_unit + only: + refs: + - merge_requests + changes: + - library/* + except: + refs: + - master + +publish:playbook:docker-image: + extends: + - .docker-publish + - .playbook-docker-vars + script: + - export IMAGE_DATE=$(date -Iseconds) + - export BUILD_ARGS="--build-arg BUILD_TAG=${IMAGE_TAG} --build-arg BUILD_TIME=${IMAGE_DATE}" + - make publish + only: + - /^v[0-9]+(.[0-9]+){2}$/ diff --git a/.gitlab/ci/templates/docker.gitlab-ci.yml b/.gitlab/ci/templates/docker.gitlab-ci.yml new file mode 100644 index 0000000..c854335 --- /dev/null +++ b/.gitlab/ci/templates/docker.gitlab-ci.yml @@ -0,0 +1,29 @@ +--- +.install-make: &install-make + - apk add --no-cache make + +.docker-build-setup: + image: docker:19.03.8 + services: + - docker:19.03.8-dind + +.dockerfile-lint: + stage: test + image: hadolint/hadolint:v1.18.0-alpine + script: + - hadolint ${DOCKERFILE} + +.dockerbuild-test: + stage: test + extends: .docker-build-setup + before_script: + - *install-make + +.docker-publish: + stage: publish + extends: .docker-build-setup + before_script: + - *install-make + - docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY} + after_script: + - docker logout ${CI_REGISTRY} diff --git a/.gitlab/ci/test-env.gitlab-ci.yml b/.gitlab/ci/test-env.gitlab-ci.yml new file mode 100644 index 0000000..846db38 --- /dev/null +++ b/.gitlab/ci/test-env.gitlab-ci.yml @@ -0,0 +1,39 @@ +--- +.test-env-docker-vars: + variables: + IMAGE_NAME: ${CI_REGISTRY}/${CI_PROJECT_PATH}/test-environment + IMAGE_TAG: ${CI_COMMIT_SHORT_SHA} + DOCKERFILE: "test/pleroma_test_env/Dockerfile" + DOCKER_CONTEXT: "test/pleroma_test_env" + BUILD_ARGS: "--build-arg TEST_ENV_PASSWORD=${TEST_ENV_PASSWORD}" + +.test-env-test-rules: + rules: + - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' + changes: + - "test/pleroma_test_env/Dockerfile" + when: always + +test:test-env:dockerfile-lint: + extends: + - .dockerfile-lint + - .test-env-docker-vars + - .test-env-test-rules + +test:test-env:docker-build: + extends: + - .dockerbuild-test + - .test-env-docker-vars + - .test-env-test-rules + script: + - make image + +publish:test-env:docker-image: + extends: + - .docker-publish + - .test-env-docker-vars + script: + - make publish + rules: + - if: '$CI_PIPELINE_SOURCE == "web"' + when: always diff --git a/Makefile b/Makefile index 26727ea..9ada07e 100644 --- a/Makefile +++ b/Makefile @@ -2,7 +2,8 @@ VAPID_PRIVATE_KEY_FILE := vapid-private-key.pem INVENTORY ?= "hosts.yml" PLAYBOOK_TAGS ?= "all" PLAYBOOK_FILE ?= "playbook.yml" -DOCKERFILE = Dockerfile +DOCKERFILE ?= Dockerfile +DOCKER_CONTEXT ?= . IMAGE_NAME ?= pleroma-ansible-playbook IMAGE_TAG ?= latest IMAGE_DATE ?= nil @@ -37,7 +38,7 @@ test_modules_unit: @find ./library -mindepth 1 -maxdepth 1 -type f -name test_*.py | xargs python3 image: - @docker build --build-arg BUILD_TAG=$(IMAGE_TAG) --build-arg BUILD_TIME=$(IMAGE_DATE) -f $(DOCKERFILE) -t $(DOCKER_IMAGE) . + @docker build $(BUILD_ARGS) -f $(DOCKERFILE) -t $(DOCKER_IMAGE) $(DOCKER_CONTEXT) publish: image @docker push $(DOCKER_IMAGE) diff --git a/test/pleroma_test_env/.dockerignore b/test/pleroma_test_env/.dockerignore new file mode 100644 index 0000000..9a2bc6f --- /dev/null +++ b/test/pleroma_test_env/.dockerignore @@ -0,0 +1,2 @@ +* +!files diff --git a/test/pleroma_test_env/Dockerfile b/test/pleroma_test_env/Dockerfile new file mode 100644 index 0000000..5193ca0 --- /dev/null +++ b/test/pleroma_test_env/Dockerfile @@ -0,0 +1,30 @@ +FROM dockage/alpine:3.10-openrc + +ARG TEST_ENV_UID=1100 +ARG TEST_ENV_USER=admin +ARG TEST_ENV_PASSWORD +ARG SSH_DIR=/home/admin/.ssh +SHELL ["/bin/ash", "-eo", "pipefail", "-c"] + +RUN apk add --no-cache \ + bash=5.0.0-r0 \ + openssh=8.1_p1-r0 \ + sudo=1.8.27-r2 \ + python3=3.7.7-r0 \ + && \ + adduser -u ${TEST_ENV_UID} -s /bin/bash -D ${TEST_ENV_USER} && \ + echo ${TEST_ENV_USER}:${TEST_ENV_PASSWORD} | chpasswd && \ + mkdir ${SSH_DIR} && \ + chown ${TEST_ENV_USER}:${TEST_ENV_USER} ${SSH_DIR} && chmod 0700 ${SSH_DIR} && \ + touch ${SSH_DIR}/authorized_keys && \ + chown ${TEST_ENV_USER}:${TEST_ENV_USER} ${SSH_DIR}/authorized_keys && \ + chmod 0600 ${SSH_DIR}/authorized_keys && \ + rc-status && \ + touch /run/openrc/softlevel + +COPY files/entrypoint /entrypoint +COPY files/admin-sudoers /etc/sudoers.d/admin + +EXPOSE 22 80 443 + +CMD ["/entrypoint"] diff --git a/test/pleroma_test_env/files/admin-sudoers b/test/pleroma_test_env/files/admin-sudoers new file mode 100644 index 0000000..2135746 --- /dev/null +++ b/test/pleroma_test_env/files/admin-sudoers @@ -0,0 +1 @@ +admin ALL=(ALL) NOPASSWD: ALL diff --git a/test/pleroma_test_env/files/entrypoint b/test/pleroma_test_env/files/entrypoint new file mode 100755 index 0000000..934a852 --- /dev/null +++ b/test/pleroma_test_env/files/entrypoint @@ -0,0 +1,14 @@ +#!/usr/bin/env bash + +set euo -pipefail + +# Add authorized keys +if ! [ -z "${AUTHORIZED_KEYS}" ]; then + echo ${AUTHORIZED_KEYS} > /home/admin/.ssh/authorized_keys +fi + +# Start SSH service +rc-service sshd start + +# Sleep and wait +sleep 30d