-
Notifications
You must be signed in to change notification settings - Fork 0
/
tasks
executable file
·165 lines (153 loc) · 4.88 KB
/
tasks
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
#!/bin/bash
set -Eeo pipefail
RELEASER_VERSION="2.1.3"
SECRET_OPS_VERSION="0.8.0"
SECRET_OPS_FILE="ops/secret-ops"
SECRET_OPS_TAR_FILE="ops/secret-ops-${SECRET_OPS_VERSION}.tar.gz"
RELEASER_FILE="ops/releaser-${RELEASER_VERSION}"
mkdir -p ops
if [[ ! -f $RELEASER_FILE ]];then
wget --quiet -O $RELEASER_FILE https://github.com/kudulab/releaser/releases/download/${RELEASER_VERSION}/releaser
fi
source $RELEASER_FILE
if [[ ! -f $SECRET_OPS_TAR_FILE ]];then
wget --quiet -O $SECRET_OPS_TAR_FILE https://github.com/kudulab/secret-ops/releases/download/${SECRET_OPS_VERSION}/secret-ops.tar.gz
tar -xf $SECRET_OPS_TAR_FILE -C ops
fi
source $SECRET_OPS_FILE
KUDU_SERVICE="www"
function read_from_vault_or_die {
local vault_key=$1
local field=$2
echo "Trying to read from vault: ${vault_key}." >&2
if [ -z "$VAULT_TOKEN" ]; then
echo "VAULT_TOKEN is not set. Will try from file" >&2
fi
if [ -z "$VAULT_ADDR" ]; then
echo "Failed reading from vault: VAULT_ADDR is not set." >&2
exit 1
fi
vault kv get --field=$field secret/public_blog/${vault_key}
if [ $? != 0 ]; then
echo "Failed reading from vault: ${vault_key}" >&2
exit 1
else
echo "Successfully read from vault: ${vault_key}" >&2
fi
}
function tf_ops {
operation=$1
cd terraform/
terraform init -backend-config key=terraform/kudu-${KUDU_SERVICE}/terraform.tfstate
if [[ "${operation}" == "create" ]]; then
terraform plan -out="kudu_deployment.tfplan"
elif [[ "${operation}" == "destroy" ]]; then
terraform plan -out="kudu_deployment.tfplan" -destroy
fi
terraform apply kudu_deployment.tfplan
}
function verify_submodules_cloned {
submodules_refs=$(git submodule status | awk '{print $3}')
if [[ "${submodules_refs}" == "" ]]; then
echo "Error! Git submodules not cloned"
exit 1
fi
}
function setup_github_credentials {
if [ -z "$GITHUB_CREDENTIALS" ]; then
echo "Error: GITHUB_CREDENTIALS not set" >&2
exit 1
fi
# GITHUB_CREDENTIALS should be in format of account-name:api-key
# example HTTPS URL: https://github.com/user/repo.git
# example SSH URL: [email protected]:user/repo.git
OLD_URL=$(git remote get-url origin)
NEW_URL=$(echo $OLD_URL | sed "s|[email protected]:|https://[email protected]/|g")
git remote set-url origin $NEW_URL
echo "GitHub new remote was set"
}
command="$1"
case "${command}" in
_set_dns)
tf_ops "create"
;;
set_dns)
# AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY from vault
AWS_ACCESS_KEY_ID=$(read_from_vault_or_die "aws" "key_id")
AWS_SECRET_ACCESS_KEY=$(read_from_vault_or_die "aws" "secret_key")
export AWS_ACCESS_KEY_ID
export AWS_SECRET_ACCESS_KEY
dojo -c terraform/Dojofile "./tasks _set_dns"
;;
generate_vault_token)
vault_token=$(vault token create -orphan -renewable=true -period=72h -policy=gocd -field token -metadata gocd_renew=true)
secured_token_gocd=$(secret_ops::encrypt_with_gocd_top "${vault_token}")
echo "Generated token: ${vault_token} and encrypted by GoCD server"
secret_ops::insert_vault_token_gocd_yaml "${secured_token_gocd}"
;;
set_version)
set +u
releaser::bump_changelog_version "$2" "$3"
;;
live_preview)
verify_submodules_cloned
cd src
dojo "hugo server -D --bind 0.0.0.0 --baseURL http://localhost:1313"
;;
generate)
if [[ -z "${KUDU_ENVIRONMENT}" ]]; then
echo "KUDU_ENVIRONMENT is not set"
exit 1
fi
if [[ "${KUDU_ENVIRONMENT}" == "development" ]]; then
base_url="//workstation:8088/"
elif [[ "${KUDU_ENVIRONMENT}" == "testing" ]]; then
base_url="//localhost:8088/"
elif [[ "${KUDU_ENVIRONMENT}" == "production" ]]; then
base_url="https://kudulab.io/"
else
echo "Unsupported KUDU_ENVIRONMENT=${KUDU_ENVIRONMENT}, exit 1"
exit 1
fi
cd src
rm -rf public/*
dojo "hugo --baseUrl=${base_url}"
;;
demo_host)
verify_submodules_cloned
docker run -d -p 8088:80 --name www-host\
-v "${PWD}/src/public":/usr/local/apache2/htdocs/\
httpd:2.4.29-alpine
;;
test)
time bats "$(pwd)/test/integration/bats"
;;
cleanup)
docker stop www-host; docker rm www-host
;;
release)
releaser::verify_release_ready
setup_github_credentials
releaser::git_tag_from_changelog
;;
publish)
git_ref=$(git log -1 --pretty='format:%H')
git clone [email protected]:kudulab/kudulab.github.io.git kudulab.github.io
cd kudulab.github.io
# remove everything but for .git directory
for a_file in *; do
rm -rf "${a_file}"
done
cp -r ../src/public/* .
echo "kudulab.io" > CNAME
setup_github_credentials
git add .
git commit -m "generated from git ref: ${git_ref}" || true
git push
;;
*)
echo "Invalid command: '${command}'"
exit 1
;;
esac
set +e