From 240addaf02ca3bee00ffbddd1929784e83a03577 Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Wed, 5 Aug 2020 08:30:16 +0100 Subject: [PATCH] fix: split jsonnet into libaries --- .drone/drone-home.jsonnet | 146 ++-------------------------- .drone/drone-home.yml | 9 +- .drone/lib/images.libsonnet | 57 +++++++++++ .drone/lib/public-secrets.libsonnet | 5 + .drone/lib/secret-secrets.libsonnet | 4 + .drone/lib/util.libsonnet | 60 ++++++++++++ .drone/package.json | 9 ++ .drone/yarn-error.log | 37 +++++++ .drone/yarn.lock | 8 ++ .gitignore | 1 + docker/Dockerfile | 2 +- 11 files changed, 195 insertions(+), 143 deletions(-) create mode 100644 .drone/lib/images.libsonnet create mode 100644 .drone/lib/public-secrets.libsonnet create mode 100644 .drone/lib/secret-secrets.libsonnet create mode 100644 .drone/lib/util.libsonnet create mode 100644 .drone/package.json create mode 100644 .drone/yarn-error.log create mode 100644 .drone/yarn.lock diff --git a/.drone/drone-home.jsonnet b/.drone/drone-home.jsonnet index 88a4f57..bb5b5e8 100644 --- a/.drone/drone-home.jsonnet +++ b/.drone/drone-home.jsonnet @@ -1,142 +1,8 @@ -local publicSecrets = [ - 'ssh-host', - 'ssh-user', - 'ssh-root-user', -]; -local secretSecrets = [ - 'ssh-password', -]; -local util = { - // the head of an array - head(array): array[0], - // the tail of an array - tail(array): std.makeArray( - std.length(array) -1, - function(x) array[x + 1], - ), - // compose an array of functions - compose(functions): - local compose(functions) = - if std.length(functions) == 0 - then - local ret(object) = object; - ret - else - local ret(object) = compose( - util.tail( - functions, - ) - )( - util.head( - functions, - )(object) - ); - ret; - compose(functions), - fromSecret(secret): { - from_secret: secret, - }, - secret(secret): std.asciiLower( - std.strReplace( - secret, - '_', - '-', - ), - ), - environment(secret): std.asciiUpper( - std.strReplace( - secret, - '-', - '_', - ), - ), - env(secret): std.asciiLower( - std.strReplace( - secret, - '-', - '_', - ), - ), - envSet(env): function(step) step { - environment +: { - [util.environment(env)]: util.fromSecret( - util.secret(env) - ), - }, - settings +: { - envs +: [ - util.env(env), - ], - }, - }, - printEnv(file, env): function(step) util.compose([ - util.envSet(env), - function(step) step { - settings +: { - script +: [ - 'echo "export %(environment)s=\'$${%(environment)s}\'" >> %(file)s # "%(secret)s"' % { - environment: util.environment(env), - file: file, - secret: util.secret(env), - }, - ], - }, - }, - ])(step), -}; -local images = { - docker: { - name: 'docker', - image: 'docker:dind', - }, - scp(target): { - name: 'scp', - image: 'appleboy/drone-scp', - settings: { - host: { - from_secret: 'ssh-host', - }, - username: { - from_secret: 'ssh-user', - }, - password: { - from_secret: 'ssh-password', - }, - port: { - from_secret: 'ssh-port', - }, - command_timeout: '2m', - target: target, - source: [ - '.', - ], - }, - }, - ssh: { - image: 'appleboy/drone-ssh', - settings: { - host: util.fromSecret("ssh-host"), - port: util.fromSecret("ssh-port"), - username: util.fromSecret("ssh-user"), - password: util.fromSecret("ssh-password"), - envs: [ - 'drone_tag', - 'drone_commit', - 'drone_build_number', - 'drone_repo_name', - 'drone_repo_namespace', - ], - script: [], - }, - }, - wait(delay): { - image: 'alpine', - name: 'wait', - commands: [ - 'sleep %s' % delay, - ], - } -}; +local images = import 'lib/images.libsonnet'; +local util = import 'lib/util.libsonnet'; +local compose = import 'node_modules/@sigyl/jsonnet-compose/compose.libsonnet'; +local secretSecrets = import 'lib/secret-secrets.libsonnet'; +local publicSecrets = import 'lib/public-secrets.libsonnet'; [ { kind: 'pipeline', @@ -178,7 +44,7 @@ local images = { '/stack/squid' ), images.wait(15), - util.compose( + compose( std.map( function(s) util.envSet(s), publicSecrets + secretSecrets diff --git a/.drone/drone-home.yml b/.drone/drone-home.yml index 8b871c8..a24f59c 100644 --- a/.drone/drone-home.yml +++ b/.drone/drone-home.yml @@ -14,8 +14,8 @@ steps: command_timeout: 2m host: from_secret: ssh-host - password: - from_secret: ssh-password + key: + from_secret: ssh-key port: from_secret: ssh-port source: @@ -42,6 +42,7 @@ steps: - ssh_user - ssh_root_user - ssh_password + - ssh_key host: from_secret: ssh-host password: @@ -66,11 +67,15 @@ steps: - echo "$${SSH_ROOT_USER}" - export SSH_PASSWORD="$${SSH_PASSWORD}" - echo "$${SSH_PASSWORD}" + - export SSH_KEY="$${SSH_KEY}" + - echo "$${SSH_KEY}" username: from_secret: ssh-user environment: SSH_HOST: from_secret: ssh-host + SSH_KEY: + from_secret: ssh-key SSH_PASSWORD: from_secret: ssh-password SSH_ROOT_USER: diff --git a/.drone/lib/images.libsonnet b/.drone/lib/images.libsonnet new file mode 100644 index 0000000..775a01e --- /dev/null +++ b/.drone/lib/images.libsonnet @@ -0,0 +1,57 @@ +local util = import 'util.libsonnet'; +{ + docker: { + name: 'docker', + image: 'docker:dind', + }, + scp(target): { + name: 'scp', + image: 'appleboy/drone-scp', + settings: { + host: { + from_secret: 'ssh-host', + }, + username: { + from_secret: 'ssh-user', + }, + /*password: { + from_secret: 'ssh-password', + },*/ + key: { + from_secret: 'ssh-key', + }, + port: { + from_secret: 'ssh-port', + }, + command_timeout: '2m', + target: target, + source: [ + '.', + ], + }, + }, + ssh: { + image: 'appleboy/drone-ssh', + settings: { + host: util.fromSecret("ssh-host"), + port: util.fromSecret("ssh-port"), + username: util.fromSecret("ssh-user"), + password: util.fromSecret("ssh-password"), + envs: [ + 'drone_tag', + 'drone_commit', + 'drone_build_number', + 'drone_repo_name', + 'drone_repo_namespace', + ], + script: [], + }, + }, + wait(delay): { + image: 'alpine', + name: 'wait', + commands: [ + 'sleep %s' % delay, + ], + } +} \ No newline at end of file diff --git a/.drone/lib/public-secrets.libsonnet b/.drone/lib/public-secrets.libsonnet new file mode 100644 index 0000000..37e5556 --- /dev/null +++ b/.drone/lib/public-secrets.libsonnet @@ -0,0 +1,5 @@ +[ + 'ssh-host', + 'ssh-user', + 'ssh-root-user', +] diff --git a/.drone/lib/secret-secrets.libsonnet b/.drone/lib/secret-secrets.libsonnet new file mode 100644 index 0000000..63b1d2d --- /dev/null +++ b/.drone/lib/secret-secrets.libsonnet @@ -0,0 +1,4 @@ +[ + 'ssh-password', + 'ssh-key', +] diff --git a/.drone/lib/util.libsonnet b/.drone/lib/util.libsonnet new file mode 100644 index 0000000..30d22d7 --- /dev/null +++ b/.drone/lib/util.libsonnet @@ -0,0 +1,60 @@ +local compose = import '../node_modules/@sigyl/jsonnet-compose/compose.libsonnet'; +{ + // the head of an array + head(array): array[0], + // the tail of an array + tail(array): std.makeArray( + std.length(array) -1, + function(x) array[x + 1], + ), + fromSecret(secret): { + from_secret: secret, + }, + secret(secret): std.asciiLower( + std.strReplace( + secret, + '_', + '-', + ), + ), + environment(secret): std.asciiUpper( + std.strReplace( + secret, + '-', + '_', + ), + ), + env(secret): std.asciiLower( + std.strReplace( + secret, + '-', + '_', + ), + ), + envSet(env): function(step) step { + environment +: { + [$.environment(env)]: $.fromSecret( + $.secret(env) + ), + }, + settings +: { + envs +: [ + $.env(env), + ], + }, + }, + printEnv(file, env): function(step) compose([ + $.envSet(env), + function(step) step { + settings +: { + script +: [ + 'echo "export %(environment)s=\'$${%(environment)s}\'" >> %(file)s # "%(secret)s"' % { + environment: $.environment(env), + file: file, + secret: $.secret(env), + }, + ], + }, + }, + ])(step), +} \ No newline at end of file diff --git a/.drone/package.json b/.drone/package.json new file mode 100644 index 0000000..4ca14e6 --- /dev/null +++ b/.drone/package.json @@ -0,0 +1,9 @@ +{ + "private": true, + "scripts": { + "build": "drone jsonnet --source drone-home.jsonnet --target drone-home.yml --stream" + }, + "dependencies": { + "@sigyl/jsonnet-compose": "^0.0.2" + } +} diff --git a/.drone/yarn-error.log b/.drone/yarn-error.log new file mode 100644 index 0000000..55c6505 --- /dev/null +++ b/.drone/yarn-error.log @@ -0,0 +1,37 @@ +Arguments: + /usr/bin/node /home/giles/.yarn/bin/yarn.js + +PATH: + /home/giles/.yarn/bin:/home/giles/.config/yarn/global/node_modules/.bin:/home/giles/.cargo/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/usr/local/go/bin + +Yarn version: + 1.22.4 + +Node version: + 11.14.0 + +Platform: + linux x64 + +Trace: + Error: self signed certificate in certificate chain + at TLSSocket.onConnectSecure (_tls_wrap.js:1176:34) + at TLSSocket.emit (events.js:193:13) + at TLSSocket._finishInit (_tls_wrap.js:667:8) + +npm manifest: + { + "private": true, + "scripts": { + "build": "drone jsonnet --source drone-home.jsonnet --target drone-home.yml --stream" + }, + "dependencies": { + "@sigyl/jsonnet-compose": "^0.0.2" + } + } + +yarn manifest: + No manifest + +Lockfile: + No lockfile diff --git a/.drone/yarn.lock b/.drone/yarn.lock new file mode 100644 index 0000000..e7bd21e --- /dev/null +++ b/.drone/yarn.lock @@ -0,0 +1,8 @@ +# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. +# yarn lockfile v1 + + +"@sigyl/jsonnet-compose@^0.0.2": + version "0.0.2" + resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-compose/-/jsonnet-compose-0.0.2.tgz#8900a21e8cd8109929b6042703f8645aacb9bcda" + integrity sha512-wWS3CgPeNi/o1pcS6n/4pafxlMD0KC9/RKMZr/ySmzeGNRW++sPuKuxajYse2TNd47uNDdeUSnk4aEeEIKL0zA== diff --git a/.gitignore b/.gitignore index e81986e..54a14b2 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ myCA/*.pem +node_modules diff --git a/docker/Dockerfile b/docker/Dockerfile index 5f041ea..ebe0a65 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -16,7 +16,7 @@ ADD . /apps/ RUN chown -R nobody:nogroup /apps/ RUN mkdir -p /apps/squid/var/lib/ RUN /apps/squid/libexec/ssl_crtd -c -s /apps/squid/var/lib/ssl_db -M 4MB -RUN /apps/squid/sbin/squid -N -f /apps/squid.cache.conf -f +RUN /apps/squid/sbin/squid -N -f /apps/squid.cache.conf -z RUN chown -R nobody:nogroup /apps/ EXPOSE 3128