diff options
Diffstat (limited to 'playbooks/roles/ci/templates/volumes')
5 files changed, 99 insertions, 0 deletions
diff --git a/playbooks/roles/ci/templates/volumes/laminar/.gitkeep b/playbooks/roles/ci/templates/volumes/laminar/.gitkeep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/playbooks/roles/ci/templates/volumes/laminar/.gitkeep diff --git a/playbooks/roles/ci/templates/volumes/laminar/jobs/build_image.run b/playbooks/roles/ci/templates/volumes/laminar/jobs/build_image.run new file mode 100755 index 0000000..ed7bf21 --- /dev/null +++ b/playbooks/roles/ci/templates/volumes/laminar/jobs/build_image.run @@ -0,0 +1,36 @@ +#!/bin/bash +# usage: laminarc queue build_publish_image registry="oci.liz.coffee" \ +# repo="src/cgit" tag="latest" remote="ssh://src.liz.coffee:2222/cgit" \ +# rev="<sha>" image_file="Dockerfile" + +set -e + +declare -a args=("$registry" "$repo" "$tag" "$remote" "$rev" "$image_file") +for arg in "${args[@]}" +do + if [[ ! "$arg" =~ ^[[:alnum:]:_\.\/\-]*$ ]]; then + echo "Invalid argument format. Don't be sneaky snek (-_-)." + exit 1 + fi +done + +log "Logging into registry $registry" +registry_username="$(get_secret $registry | jq -r ".login.username")" +get_secret $registry | jq -r ".login.password" \ + | docker login --username "$registry_username" --password-stdin "$registry" + +log "Cloning remote $remote" +r=$(echo "build-$(date --iso-8601=seconds)") +git clone "$remote" "$r" && cd "$r" +git checkout "$rev" + +image_tag="$registry/$repo:$tag" +log "Building image $image_tag" +env -i HOME="$HOME" bash -l -c "docker build . -t '$image_tag' -f '$image_file'" + +log "Pushing $image_tag" +docker push "$image_tag" + +cd - +rm -rf "$r" +docker logout "$registry" diff --git a/playbooks/roles/ci/templates/volumes/laminar/jobs/playbook.run b/playbooks/roles/ci/templates/volumes/laminar/jobs/playbook.run new file mode 100755 index 0000000..181a050 --- /dev/null +++ b/playbooks/roles/ci/templates/volumes/laminar/jobs/playbook.run @@ -0,0 +1,25 @@ +#!/bin/bash +# usage: laminarc queue playbook remote="ssh://src.liz.coffee:2222/infra" playbooks="deploy.yml playbooks/labdns.yml" + +set -e + +declare -a args=("$remote" "$playbooks") +for arg in "${args[@]}" +do + if [[ ! "$arg" =~ ^[[:alnum:]:_\ \.\/\-]*$ ]]; then + echo "Invalid argument format. Don't be sneaky snek (-_-)." + exit 1 + fi +done + +log "Cloning remote $remote" +r=$(echo "ansible-$(date --iso-8601=seconds)") +git clone "$remote" "$r" && cd "$r" + +get_secret "ansible_secrets" | jq -r '.notes' > secrets.yml +private_key=$(get_secret "ssh_key" | jq -r '.notes') + +env -i HOME="$HOME" ssh-agent bash -c "ssh-add <(echo \"$private_key\") && ansible-playbook -e @secrets.yml $playbooks" + +cd - +rm -rf "$r" diff --git a/playbooks/roles/ci/templates/volumes/laminar/scripts/get_secret b/playbooks/roles/ci/templates/volumes/laminar/scripts/get_secret new file mode 100755 index 0000000..2774651 --- /dev/null +++ b/playbooks/roles/ci/templates/volumes/laminar/scripts/get_secret @@ -0,0 +1,35 @@ +#!/bin/bash + +bw config server "https://{{ passwd_domain }}" +bw login --apikey --quiet +bw unlock --passwordenv BW_PASSWORD --quiet + +# https://github.com/bitwarden/clients/issues/3366 +function bw_get() { + local pwd + local count + local organisation=${2:-notnull} + + count=$(bw list items --pretty --organizationid ${organisation} | jq -r '[.[] | select(.name=="'$1'")] | length') + + if [[ "$count" -gt 1 ]]; then + echo "Multiple items found" + return 1 + fi + + if [[ "$count" -lt 1 ]]; then + echo "No items found" + return 1 + fi + + pwd=$(bw list items --pretty --organizationid ${organisation} | jq -r '.[] | select(.name=="'$1'")') + if [[ -z "$pwd" ]]; then + echo "Password not found" + return 1 + fi + + echo "$pwd" +} + +bw_get $@ +bw --quiet lock diff --git a/playbooks/roles/ci/templates/volumes/laminar/scripts/log b/playbooks/roles/ci/templates/volumes/laminar/scripts/log new file mode 100755 index 0000000..180fa33 --- /dev/null +++ b/playbooks/roles/ci/templates/volumes/laminar/scripts/log @@ -0,0 +1,3 @@ +#!/bin/bash + +echo `date +"%d-%m-%Y %H:%M:%S"` " - " "${@}" |