feat: load SSH key
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed

This commit is contained in:
Aravinth Manivannan 2023-12-11 19:30:28 +05:30
parent 3da25ea1c3
commit 418c792e83
Signed by: realaravinth
GPG key ID: F8F50389936984FF
4 changed files with 99 additions and 10 deletions

View file

@ -3,13 +3,12 @@ steps:
image: python:3-bookworm
commands:
- apt-get update
- apt-get install -y ca-certificates curl gnupg tar wget libssl-dev python3-pip cython3 pipx apt-transport-https coreutils iputils-ping openssh-client libvirt-clients
- echo ${TEST_NODE_SSH_KEY} > /tmp/ssh-key && chmod 600 /tmp/ssh-key
- cat /tmp/ssh-key
- apt-get install -y ca-certificates curl gnupg tar wget libssl-dev python3-pip cython3 pipx apt-transport-https coreutils iputils-ping openssh-client libvirt-clients genisoimage
- make ci.init
- cat /tmp/ci-ssh-id
- eval "$(ssh-agent -s)"
- ssh-add /tmp/ssh-key
- ssh mcaptcha-ci@192.168.0.102 "echo f"
- virsh -c qemu+ssh://mcaptcha-ci@192.168.0.102/system?sshauth=privkey&no_verify=1 list
- ssh-add /tmp/ci-ssh-id
- ssh -o StrictHostKeyChecking=accept-new mcaptcha-ci@192.168.0.102 "echo f"
- install -m 0755 -d /etc/apt/keyrings
- curl -fsSL https://packages.opentofu.org/opentofu/tofu/gpgkey | gpg --no-tty --batch --dearmor -o /etc/apt/keyrings/opentofu.gpg
- chmod a+r /etc/apt/keyrings/opentofu.gpg
@ -19,7 +18,7 @@ steps:
- apt-get install -y tofu
- tofu -chdir=terraform/mcaptcha/ init
- tofu -chdir=terraform/mcaptcha/ plan -var-file="ci.tfvars" -out="mcaptcha"
- tofu -chdir=terraform/mcaptcha/ apply mcaptcha -var-file="ci.tfvars"
- tofu -chdir=terraform/mcaptcha/ apply "mcaptcha"
- cd ../../
- pipx install --include-deps ansible
- pipx ensurepath && echo $SHELL
@ -28,7 +27,7 @@ steps:
- pipx install --include-deps pytest-testinfra
- cd tests/cache/ && py.test --verbose base.py
- cd tests/mcaptcha/ && py.test --verbose base.py
- echo yes | tofu -chdir=terraform/mcaptcha/ destroy \
- echo yes | tofu destroy \
-var-file="ci.tfvars"
- shred /tmp/ssh-key && rm /tmp/ssh-key
- make ci.clean
secrets: [TEST_NODE_SSH_KEY]

View file

@ -134,5 +134,11 @@ test.cache: ## Test cache configuration
test.mcaptcha: ## Test mcaptcha configuration
$(call test_mcaptcha)
ci.init:
./scripts/ci.sh --init "$$TEST_NODE_SSH_KEY"
ci.clean:
./scripts/ci.sh --clean
help: ## Prints help for targets with comments
@cat $(MAKEFILE_LIST) | grep -E '^[a-zA-Z_-].+:.*?## .*$$' | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'

84
scripts/ci.sh Executable file
View file

@ -0,0 +1,84 @@
#!/bin/bash
# ci.sh: Helper script to automate deployment operations on CI/CD
# Copyright © 2022 Aravinth Manivannan <realaravinth@batsense.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
set -xEeuo pipefail
#source $(pwd)/scripts/lib.sh
readonly SSH_ID_FILE=/tmp/ci-ssh-id
match_arg() {
if [ $1 == $2 ] || [ $1 == $3 ]
then
return 0
else
return 1
fi
}
help() {
cat << EOF
USAGE: ci.sh [SUBCOMMAND]
Helper script to automate deployment operations on CI/CD
Subcommands
-c --clean cleanup secrets, SSH key and other runtime data
-i --init <SSH_PRIVATE_KEY> initialize environment, write SSH private to file
-h --help print this help menu
EOF
}
# $1: SSH private key
write_ssh(){
truncate --size 0 $SSH_ID_FILE
echo "$1" > $SSH_ID_FILE
chmod 600 $SSH_ID_FILE
}
clean() {
if [ -f $SSH_ID_FILE ]
then
shred $SSH_ID_FILE
rm $SSH_ID_FILE
fi
}
if (( "$#" < 1 ))
then
help
exit -1
fi
if match_arg $1 '-i' '--init'
then
if (( "$#" < 2 ))
then
help
exit -1
fi
write_ssh "$2"
elif match_arg $1 '-c' '--clean'
then
clean
elif match_arg $1 '-h' '--help'
then
help
else
help
fi

View file

@ -1,4 +1,4 @@
libvirt_uri = "qemu+ssh://mcaptcha-ci@192.168.0.102/system?keyfile=/tmp/ssh-key&sshauth=privkey&no_verify=1"
libvirt_uri = "qemu+ssh://mcaptcha-ci@192.168.0.102/system?keyfile=/tmp/ci-ssh-id&sshauth=privkey&no_verify=1"
#known_hosts_verify=ignore&keyfile=/tmp/ssh-key&sshauth=privkey&no_verify=1"
libvirt_pool_path = "/srv/libvirt/pool/mcaptcha_basic/"
libvirt_debian_src = "https://images.ci.mcaptcha.org/debian-12-generic-amd64.qcow2"