API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 28th, 2018
142
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.60 KB | None | 0 0
raw download clone embed print report
  1.  
  2. .auto_devops: &auto_devops |
  3. # Auto DevOps variables and functions
  4. [[ "$TRACE" ]] && set -x
  5. auto_database_url=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${CI_ENVIRONMENT_SLUG}-postgres:5432/${POSTGRES_DB}
  6. export DATABASE_URL=${DATABASE_URL-$auto_database_url}
  7. export CI_APPLICATION_REPOSITORY=$CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG
  8. export CI_APPLICATION_TAG=$CI_COMMIT_SHA
  9. export CI_CONTAINER_NAME=ci_job_build_${CI_JOB_ID}
  10. export TILLER_NAMESPACE=$KUBE_NAMESPACE
  11.  
  12. function sast_container() {
  13. if [[ -n "$CI_REGISTRY_USER" ]]; then
  14. echo "Logging to GitLab Container Registry with CI credentials..."
  15. docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
  16. echo ""
  17. fi
  18.  
  19. docker run -d --name db arminc/clair-db:latest
  20. docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1
  21. apk add -U wget ca-certificates
  22. docker pull ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG}
  23. wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64
  24. mv clair-scanner_linux_amd64 clair-scanner
  25. chmod +x clair-scanner
  26. touch clair-whitelist.yml
  27. ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} || true
  28. }
  29.  
  30. function codeclimate() {
  31. cc_opts="--env CODECLIMATE_CODE="$PWD" \
  32. --volume "$PWD":/code \
  33. --volume /var/run/docker.sock:/var/run/docker.sock \
  34. --volume /tmp/cc:/tmp/cc"
  35.  
  36. docker run ${cc_opts} "codeclimate/codeclimate:${CODECLIMATE_VERSION}" init
  37. docker run ${cc_opts} "codeclimate/codeclimate:${CODECLIMATE_VERSION}" analyze -f json > codeclimate.json
  38. }
  39.  
  40. function sast() {
  41. case "$CI_SERVER_VERSION" in
  42. *-ee)
  43. # Extract "MAJOR.MINOR" from CI_SERVER_VERSION and generate "MAJOR-MINOR-stable"
  44. SAST_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
  45.  
  46. # Deprecation notice for CONFIDENCE_LEVEL variable
  47. if [ -z "$SAST_CONFIDENCE_LEVEL" -a "$CONFIDENCE_LEVEL" ]; then
  48. SAST_CONFIDENCE_LEVEL="$CONFIDENCE_LEVEL"
  49. echo "WARNING: CONFIDENCE_LEVEL is deprecated and MUST be replaced with SAST_CONFIDENCE_LEVEL"
  50. fi
  51.  
  52. docker run --env SAST_CONFIDENCE_LEVEL="${SAST_CONFIDENCE_LEVEL:-3}" \
  53. --env SAST_DISABLE_REMOTE_CHECKS="${SAST_DISABLE_REMOTE_CHECKS:-false}" \
  54. --volume "$PWD:/code" \
  55. --volume /var/run/docker.sock:/var/run/docker.sock \
  56. "registry.gitlab.com/gitlab-org/security-products/sast:$SAST_VERSION" /app/bin/run /code
  57. ;;
  58. *)
  59. echo "GitLab EE is required"
  60. ;;
  61. esac
  62. }
  63.  
  64. function deploy() {
  65. track="${1-stable}"
  66. name="$CI_ENVIRONMENT_SLUG"
  67.  
  68. if [[ "$track" != "stable" ]]; then
  69. name="$name-$track"
  70. fi
  71.  
  72. replicas="1"
  73. service_enabled="false"
  74. postgres_enabled="$POSTGRES_ENABLED"
  75. # canary uses stable db
  76. [[ "$track" == "canary" ]] && postgres_enabled="false"
  77.  
  78. env_track=$( echo $track | tr -s '[:lower:]' '[:upper:]' )
  79. env_slug=$( echo ${CI_ENVIRONMENT_SLUG//-/_} | tr -s '[:lower:]' '[:upper:]' )
  80.  
  81. if [[ "$track" == "stable" ]]; then
  82. # for stable track get number of replicas from `PRODUCTION_REPLICAS`
  83. eval new_replicas=\$${env_slug}_REPLICAS
  84. service_enabled="true"
  85. else
  86. # for all tracks get number of replicas from `CANARY_PRODUCTION_REPLICAS`
  87. eval new_replicas=\$${env_track}_${env_slug}_REPLICAS
  88. fi
  89. if [[ -n "$new_replicas" ]]; then
  90. replicas="$new_replicas"
  91. fi
  92.  
  93. if [[ "$CI_PROJECT_VISIBILITY" != "public" ]]; then
  94. secret_name='gitlab-registry'
  95. else
  96. secret_name=''
  97. fi
  98.  
  99. helm upgrade --install \
  100. --wait \
  101. --set service.enabled="$service_enabled" \
  102. --set releaseOverride="$CI_ENVIRONMENT_SLUG" \
  103. --set image.repository="$CI_APPLICATION_REPOSITORY" \
  104. --set image.tag="$CI_APPLICATION_TAG" \
  105. --set image.pullPolicy=IfNotPresent \
  106. --set image.secrets[0].name="$secret_name" \
  107. --set application.track="$track" \
  108. --set application.database_url="$DATABASE_URL" \
  109. --set service.url="$CI_ENVIRONMENT_URL" \
  110. --set replicaCount="$replicas" \
  111. --set postgresql.enabled="$postgres_enabled" \
  112. --set postgresql.nameOverride="postgres" \
  113. --set postgresql.postgresUser="$POSTGRES_USER" \
  114. --set postgresql.postgresPassword="$POSTGRES_PASSWORD" \
  115. --set postgresql.postgresDatabase="$POSTGRES_DB" \
  116. --namespace="$KUBE_NAMESPACE" \
  117. --version="$CI_PIPELINE_ID-$CI_JOB_ID" \
  118. "$name" \
  119. chart/
  120. }
  121.  
  122. function install_dependencies() {
  123. apk add -U openssl curl tar gzip bash ca-certificates git
  124. wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://raw.githubusercontent.com/sgerrand/alpine-pkg-glibc/master/sgerrand.rsa.pub
  125. wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.23-r3/glibc-2.23-r3.apk
  126. apk add glibc-2.23-r3.apk
  127. rm glibc-2.23-r3.apk
  128.  
  129. curl "https://kubernetes-helm.storage.googleapis.com/helm-v${HELM_VERSION}-linux-amd64.tar.gz" | tar zx
  130. mv linux-amd64/helm /usr/bin/
  131. helm version --client
  132.  
  133. curl -L -o /usr/bin/kubectl "https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/amd64/kubectl"
  134. chmod +x /usr/bin/kubectl
  135. kubectl version --client
  136. }
  137.  
  138. function setup_docker() {
  139. if ! docker info &>/dev/null; then
  140. if [ -z "$DOCKER_HOST" -a "$KUBERNETES_PORT" ]; then
  141. export DOCKER_HOST='tcp://localhost:2375'
  142. fi
  143. fi
  144. }
  145.  
  146. function setup_test_db() {
  147. if [ -z ${KUBERNETES_PORT+x} ]; then
  148. DB_HOST=postgres
  149. else
  150. DB_HOST=localhost
  151. fi
  152. export DATABASE_URL="postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${DB_HOST}:5432/${POSTGRES_DB}"
  153. }
  154.  
  155. function download_chart() {
  156. if [[ ! -d chart ]]; then
  157. auto_chart=${AUTO_DEVOPS_CHART:-gitlab/auto-deploy-app}
  158. auto_chart_name=$(basename $auto_chart)
  159. auto_chart_name=${auto_chart_name%.tgz}
  160. else
  161. auto_chart="chart"
  162. auto_chart_name="chart"
  163. fi
  164.  
  165. helm init --client-only
  166. helm repo add gitlab https://charts.gitlab.io
  167. if [[ ! -d "$auto_chart" ]]; then
  168. helm fetch ${auto_chart} --untar
  169. fi
  170. if [ "$auto_chart_name" != "chart" ]; then
  171. mv ${auto_chart_name} chart
  172. fi
  173.  
  174. helm dependency update chart/
  175. helm dependency build chart/
  176. }
  177.  
  178. function ensure_namespace() {
  179. kubectl describe namespace "$KUBE_NAMESPACE" || kubectl create namespace "$KUBE_NAMESPACE"
  180. }
  181.  
  182. function check_kube_domain() {
  183. if [ -z ${AUTO_DEVOPS_DOMAIN+x} ]; then
  184. echo "In order to deploy or use Review Apps, AUTO_DEVOPS_DOMAIN variable must be set"
  185. echo "You can do it in Auto DevOps project settings or defining a secret variable at group or project level"
  186. echo "You can also manually add it in .gitlab-ci.yml"
  187. false
  188. else
  189. true
  190. fi
  191. }
  192.  
  193. function build() {
  194.  
  195. if [[ -n "$CI_REGISTRY_USER" ]]; then
  196. echo "Logging to GitLab Container Registry with CI credentials..."
  197. docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
  198. echo ""
  199. fi
  200.  
  201. if [[ -f Dockerfile ]]; then
  202. echo "Building Dockerfile-based application..."
  203. docker build -t "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG" .
  204. else
  205. echo "Building Heroku-based application using gliderlabs/herokuish docker image..."
  206. docker run -i --name="$CI_CONTAINER_NAME" -v "$(pwd):/tmp/app:ro" gliderlabs/herokuish /bin/herokuish buildpack build
  207. docker commit "$CI_CONTAINER_NAME" "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG"
  208. docker rm "$CI_CONTAINER_NAME" >/dev/null
  209. echo ""
  210.  
  211. echo "Configuring $CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG docker image..."
  212. docker create --expose 5000 --env PORT=5000 --name="$CI_CONTAINER_NAME" "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG" /bin/herokuish procfile start web
  213. docker commit "$CI_CONTAINER_NAME" "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG"
  214. docker rm "$CI_CONTAINER_NAME" >/dev/null
  215. echo ""
  216. fi
  217.  
  218. echo "Pushing to GitLab Container Registry..."
  219. docker push "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG"
  220. echo ""
  221. }
  222.  
  223. function install_tiller() {
  224. echo "Checking Tiller..."
  225. helm init --upgrade
  226. kubectl rollout status -n "$TILLER_NAMESPACE" -w "deployment/tiller-deploy"
  227. if ! helm version --debug; then
  228. echo "Failed to init Tiller."
  229. return 1
  230. fi
  231. echo ""
  232. }
  233.  
  234. function create_secret() {
  235. echo "Create secret..."
  236. if [[ "$CI_PROJECT_VISIBILITY" == "public" ]]; then
  237. return
  238. fi
  239.  
  240. kubectl create secret -n "$KUBE_NAMESPACE" \
  241. docker-registry gitlab-registry \
  242. --docker-server="$CI_REGISTRY" \
  243. --docker-username="$CI_REGISTRY_USER" \
  244. --docker-password="$CI_REGISTRY_PASSWORD" \
  245. --docker-email="$GITLAB_USER_EMAIL" \
  246. -o yaml --dry-run | kubectl replace -n "$KUBE_NAMESPACE" --force -f -
  247. }
  248.  
  249. function dast() {
  250. export CI_ENVIRONMENT_URL=$(cat environment_url.txt)
  251.  
  252. mkdir /zap/wrk/
  253. /zap/zap-baseline.py -J gl-dast-report.json -t "$CI_ENVIRONMENT_URL" || true
  254. cp /zap/wrk/gl-dast-report.json .
  255. }
  256.  
  257. function performance() {
  258. export CI_ENVIRONMENT_URL=$(cat environment_url.txt)
  259.  
  260. mkdir gitlab-exporter
  261. wget -O gitlab-exporter/index.js https://gitlab.com/gitlab-org/gl-performance/raw/10-5/index.js
  262.  
  263. mkdir sitespeed-results
  264.  
  265. if [ -f .gitlab-urls.txt ]
  266. then
  267. sed -i -e 's@^@'"$CI_ENVIRONMENT_URL"'@' .gitlab-urls.txt
  268. docker run --shm-size=1g --rm -v "$(pwd)":/sitespeed.io sitespeedio/sitespeed.io:6.3.1 --plugins.add ./gitlab-exporter --outputFolder sitespeed-results .gitlab-urls.txt
  269. else
  270. docker run --shm-size=1g --rm -v "$(pwd)":/sitespeed.io sitespeedio/sitespeed.io:6.3.1 --plugins.add ./gitlab-exporter --outputFolder sitespeed-results "$CI_ENVIRONMENT_URL"
  271. fi
  272.  
  273. mv sitespeed-results/data/performance.json performance.json
  274. }
  275.  
  276. function persist_environment_url() {
  277. echo $CI_ENVIRONMENT_URL > environment_url.txt
  278. }
  279.  
  280. function delete() {
  281. track="${1-stable}"
  282. name="$CI_ENVIRONMENT_SLUG"
  283.  
  284. if [[ "$track" != "stable" ]]; then
  285. name="$name-$track"
  286. fi
  287.  
  288. if [[ -n "$(helm ls -q "^$name$")" ]]; then
  289. helm delete "$name"
  290. fi
  291. }
  292.  
  293. before_script:
  294. - *auto_devops
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!