This commit is contained in:
parent
3da25ea1c3
commit
418c792e83
4 changed files with 99 additions and 10 deletions
|
@ -3,13 +3,12 @@ steps:
|
|||
image: python:3-bookworm
|
||||
commands:
|
||||
- apt-get update
|
||||
- apt-get install -y ca-certificates curl gnupg tar wget libssl-dev python3-pip cython3 pipx apt-transport-https coreutils iputils-ping openssh-client libvirt-clients
|
||||
- echo ${TEST_NODE_SSH_KEY} > /tmp/ssh-key && chmod 600 /tmp/ssh-key
|
||||
- cat /tmp/ssh-key
|
||||
- apt-get install -y ca-certificates curl gnupg tar wget libssl-dev python3-pip cython3 pipx apt-transport-https coreutils iputils-ping openssh-client libvirt-clients genisoimage
|
||||
- make ci.init
|
||||
- cat /tmp/ci-ssh-id
|
||||
- eval "$(ssh-agent -s)"
|
||||
- ssh-add /tmp/ssh-key
|
||||
- ssh mcaptcha-ci@192.168.0.102 "echo f"
|
||||
- virsh -c qemu+ssh://mcaptcha-ci@192.168.0.102/system?sshauth=privkey&no_verify=1 list
|
||||
- ssh-add /tmp/ci-ssh-id
|
||||
- ssh -o StrictHostKeyChecking=accept-new mcaptcha-ci@192.168.0.102 "echo f"
|
||||
- install -m 0755 -d /etc/apt/keyrings
|
||||
- curl -fsSL https://packages.opentofu.org/opentofu/tofu/gpgkey | gpg --no-tty --batch --dearmor -o /etc/apt/keyrings/opentofu.gpg
|
||||
- chmod a+r /etc/apt/keyrings/opentofu.gpg
|
||||
|
@ -19,7 +18,7 @@ steps:
|
|||
- apt-get install -y tofu
|
||||
- tofu -chdir=terraform/mcaptcha/ init
|
||||
- tofu -chdir=terraform/mcaptcha/ plan -var-file="ci.tfvars" -out="mcaptcha"
|
||||
- tofu -chdir=terraform/mcaptcha/ apply mcaptcha -var-file="ci.tfvars"
|
||||
- tofu -chdir=terraform/mcaptcha/ apply "mcaptcha"
|
||||
- cd ../../
|
||||
- pipx install --include-deps ansible
|
||||
- pipx ensurepath && echo $SHELL
|
||||
|
@ -28,7 +27,7 @@ steps:
|
|||
- pipx install --include-deps pytest-testinfra
|
||||
- cd tests/cache/ && py.test --verbose base.py
|
||||
- cd tests/mcaptcha/ && py.test --verbose base.py
|
||||
- echo yes | tofu -chdir=terraform/mcaptcha/ destroy \
|
||||
- echo yes | tofu destroy \
|
||||
-var-file="ci.tfvars"
|
||||
- shred /tmp/ssh-key && rm /tmp/ssh-key
|
||||
- make ci.clean
|
||||
secrets: [TEST_NODE_SSH_KEY]
|
||||
|
|
6
Makefile
6
Makefile
|
@ -134,5 +134,11 @@ test.cache: ## Test cache configuration
|
|||
test.mcaptcha: ## Test mcaptcha configuration
|
||||
$(call test_mcaptcha)
|
||||
|
||||
ci.init:
|
||||
./scripts/ci.sh --init "$$TEST_NODE_SSH_KEY"
|
||||
|
||||
ci.clean:
|
||||
./scripts/ci.sh --clean
|
||||
|
||||
help: ## Prints help for targets with comments
|
||||
@cat $(MAKEFILE_LIST) | grep -E '^[a-zA-Z_-].+:.*?## .*$$' | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
|
||||
|
|
84
scripts/ci.sh
Executable file
84
scripts/ci.sh
Executable file
|
@ -0,0 +1,84 @@
|
|||
#!/bin/bash
|
||||
# ci.sh: Helper script to automate deployment operations on CI/CD
|
||||
# Copyright © 2022 Aravinth Manivannan <realaravinth@batsense.net>
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License as
|
||||
# published by the Free Software Foundation, either version 3 of the
|
||||
# License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
set -xEeuo pipefail
|
||||
#source $(pwd)/scripts/lib.sh
|
||||
|
||||
readonly SSH_ID_FILE=/tmp/ci-ssh-id
|
||||
|
||||
match_arg() {
|
||||
if [ $1 == $2 ] || [ $1 == $3 ]
|
||||
then
|
||||
return 0
|
||||
else
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
help() {
|
||||
cat << EOF
|
||||
USAGE: ci.sh [SUBCOMMAND]
|
||||
Helper script to automate deployment operations on CI/CD
|
||||
|
||||
Subcommands
|
||||
|
||||
-c --clean cleanup secrets, SSH key and other runtime data
|
||||
-i --init <SSH_PRIVATE_KEY> initialize environment, write SSH private to file
|
||||
-h --help print this help menu
|
||||
EOF
|
||||
}
|
||||
|
||||
# $1: SSH private key
|
||||
write_ssh(){
|
||||
truncate --size 0 $SSH_ID_FILE
|
||||
echo "$1" > $SSH_ID_FILE
|
||||
chmod 600 $SSH_ID_FILE
|
||||
}
|
||||
|
||||
|
||||
clean() {
|
||||
if [ -f $SSH_ID_FILE ]
|
||||
then
|
||||
shred $SSH_ID_FILE
|
||||
rm $SSH_ID_FILE
|
||||
fi
|
||||
}
|
||||
|
||||
if (( "$#" < 1 ))
|
||||
then
|
||||
help
|
||||
exit -1
|
||||
fi
|
||||
|
||||
|
||||
if match_arg $1 '-i' '--init'
|
||||
then
|
||||
if (( "$#" < 2 ))
|
||||
then
|
||||
help
|
||||
exit -1
|
||||
fi
|
||||
write_ssh "$2"
|
||||
elif match_arg $1 '-c' '--clean'
|
||||
then
|
||||
clean
|
||||
elif match_arg $1 '-h' '--help'
|
||||
then
|
||||
help
|
||||
else
|
||||
help
|
||||
fi
|
|
@ -1,4 +1,4 @@
|
|||
libvirt_uri = "qemu+ssh://mcaptcha-ci@192.168.0.102/system?keyfile=/tmp/ssh-key&sshauth=privkey&no_verify=1"
|
||||
libvirt_uri = "qemu+ssh://mcaptcha-ci@192.168.0.102/system?keyfile=/tmp/ci-ssh-id&sshauth=privkey&no_verify=1"
|
||||
#known_hosts_verify=ignore&keyfile=/tmp/ssh-key&sshauth=privkey&no_verify=1"
|
||||
libvirt_pool_path = "/srv/libvirt/pool/mcaptcha_basic/"
|
||||
libvirt_debian_src = "https://images.ci.mcaptcha.org/debian-12-generic-amd64.qcow2"
|
||||
|
|
Loading…
Reference in a new issue