From 22b5691d99cda5dd728969b3c8580f7bd52a4494 Mon Sep 17 00:00:00 2001 From: adam Date: Tue, 19 Nov 2024 11:49:50 -0500 Subject: [PATCH] passed linting --- scripts/1clickservice.groovy | 197 ++++++++++++++++++----------------- 1 file changed, 100 insertions(+), 97 deletions(-) diff --git a/scripts/1clickservice.groovy b/scripts/1clickservice.groovy index b744733..4a08cc2 100644 --- a/scripts/1clickservice.groovy +++ b/scripts/1clickservice.groovy @@ -4,7 +4,7 @@ pipeline { string(name: 'servicename', description: "service name") string(name: 'svcdesc', description: "service description") string(name: 'targetHost', description: "system to live on", defaultValue: "alloces") - boolean(name: 'database', description: "service has a database", defaultValue: true) + booleanParam(name: 'database', description: "service has a database", defaultValue: true) } environment { pw_linuxserviceaccount="" @@ -26,19 +26,19 @@ pipeline { } switch (targetHost) { - case "alloces": + case "alloces.lan": SUDOER=credentials('a674f816-2b35-4d60-ba60-7b66e86f3c5c') SUDOERSSH=credentials('2c48e1a9-22b2-455c-9959-6b29e86d3fb5') break default: - error("target host not recognized. btw: no .lan, all lowercase.") + error("target host not recognized. btw: yes .lan, all lowercase.") } - sh env.pw_linuxserviceaccount=$(mktemp -u XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX) + env.pw_linuxserviceaccount=sh(returnStdout: true, script: "mktemp -u XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX") echo env.pw_linuxserviceaccount - sh env.pw_productiondatabase=$(mktemp -u XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX) + env.pw_productiondatabase=sh(returnStdout: true, script: "mktemp -u XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX") echo env.pw_productiondatabase - sh env.pw_developmentdatabase=$(mktemp -u XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX) + env.pw_developmentdatabase=sh(returnStdout: true, script: "mktemp -u XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX") echo env.pw_developmentdatabase } } @@ -82,7 +82,7 @@ pipeline { while [ -z "$strRes" ]; do sleep 5; - strRes=$(curl -X GET -s -u ${env.JENKINS_USR}:${env.JENKINS_PSW} \ + strRes=\$(curl -X GET -s -u ${env.JENKINS_USR}:${env.JENKINS_PSW} \ alloces.lan:8080/job/gitea.arg.rip/api/json | jq '.jobs.[] | select(.name=="${env.servicename}")') done """ @@ -92,99 +92,101 @@ pipeline { git clone 'ssh://git@gitea.arg.rip:8022/greyn/${servicename}.git' pushd ${servicename} - dbstartline=$(sed -n '/---dbstart---]/=' Jenkinsfile) - dbendline=$(sed -n '/---dbend---/=' Jenkinsfile) + dbstartline=\$(sed -n '/---dbstart---]/=' Jenkinsfile) + dbendline=\$(sed -n '/---dbend---/=' Jenkinsfile) """ - if(params.database){ + script { //there's no "if" "step" so any "if" must be in a "script" step + if(params.database){ + sh """ + sed -i -e '${dbstartline}d;${dbendline}d;' Jenkinsfile + + databasecredsid=\$(uuidgen) + + CRUMB=\$(curl -s 'http://${env.JENKINS_USR}:${env.JENKINS_PSW}@alloces.lan:8080/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)') + echo $CRUMB + curl -H $CRUMB -X POST 'http://${env.JENKINS_USR}:${env.JENKINS_PSW}@alloces.lan:8080/job/gitea.arg.rip/job/${servicename}/credentials/store/folder/domain/greyn%20services/createCredentials' \ + --data-urlencode 'json={ + "": "0", + "credentials": { + "scope": "GLOBAL", + "id": "$databasecredsid", + "secret": "Host=${targetHost};Database=${servicename};Username=${servicename};Password=${env.pw_productiondatabase};IncludeErrorDetail=true;", + "description": "database connection string", + "\$class": "com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl" + } + }' + sed -i 's/productiondatabase_connectionString=creds/productiondatabase_connectionString=credentials('$databasecredsid')/' Jenkinsfile + + git add . + git commit -m "set up for database" + """ + } + else{ + sh """ + sed -i -e '${dbstartline},${dbendline}d;' Jenkinsfile + git add . + git commit -m "stripped database lines" + """ + } + sh """ - sed -i -e '${dbstartline}d;${dbendline}d;' Jenkinsfile + popd - databasecredsid=$(uuidgen) + env.usernameCredsId=\$(uuidgen) - CRUMB=$(curl -s 'http://${env.JENKINS_USR}:${env.JENKINS_PSW}@alloces.lan:8080/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)') + CRUMB=\$(curl -s 'http://${env.JENKINS_USR}:${env.JENKINS_PSW}@alloces.lan:8080/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)') echo $CRUMB curl -H $CRUMB -X POST 'http://${env.JENKINS_USR}:${env.JENKINS_PSW}@alloces.lan:8080/job/gitea.arg.rip/job/${servicename}/credentials/store/folder/domain/greyn%20services/createCredentials' \ --data-urlencode 'json={ "": "0", "credentials": { "scope": "GLOBAL", - "id": "$databasecredsid", - "secret": "Host=${targetHost};Database=${servicename};Username=${servicename};Password=${env.pw_productiondatabase};IncludeErrorDetail=true;", - "description": "database connection string", - "$class": "com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl" + "id": "$env.usernameCredsId", + "username": "${servicename}", + "password": "${env.pw_linuxserviceaccount}", + "description": "service account login", + "\$class": "com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl" } }' - sed -i 's/productiondatabase_connectionString=creds/productiondatabase_connectionString=credentials('$databasecredsid')/' Jenkinsfile - git add . - git commit -m "set up for database" + certCredsId=\$(uuidgen) + + + ssh-keygen -t ed25519 -f "${servicename}" -N "" + privatekeycontent=\$(cat ${servicename})) + pubkeycontent=\$(cat ${servicename}.pub)) + CRUMB=\$(url -s 'http://${env.JENKINS_USR}:${env.JENKINS_PSW}@alloces.lan:8080/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)') + echo $CRUMB + curl -H $CRUMB -X POST 'http://${env.JENKINS_USR}:${env.JENKINS_PSW}@alloces.lan:8080/job/gitea.arg.rip/job/${servicename}/credentials/store/folder/domain/greyn%20services/createCredentials' \ + --data-urlencode 'json={ + "": "0", + "credentials": { + "scope": "GLOBAL", + "id": "$env.usernameCredsId", + "username": "${servicename}", + "password": "", + "privateKeySource": { + "stapler-class": "com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey$DirectEntryPrivateKeySource", + "privateKey": "$privatekeycontent", + }, + "description": "${servicename}", + "stapler-class": "com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey" + }, + "description": "service account ssh", + "\$class": "com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey" + } + }' + privatekeycontent= + + sed -i 's/linuxServiceAccount=creds/linuxServiceAccount=credentials('${env.usernameCredsId}')/' Jenkinsfile + sed -i 's/targetHost=string/targetHost="${targetHost}"/' Jenkinsfile + """ - } - else{ sh """ - sed -i -e '${dbstartline},${dbendline}d;' Jenkinsfile - git add . - git commit -m "stripped database lines" + git push + popd """ } - - sh """ - popd - - env.usernameCredsId=$(uuidgen) - - CRUMB=$(curl -s 'http://${env.JENKINS_USR}:${env.JENKINS_PSW}@alloces.lan:8080/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)') - echo $CRUMB - curl -H $CRUMB -X POST 'http://${env.JENKINS_USR}:${env.JENKINS_PSW}@alloces.lan:8080/job/gitea.arg.rip/job/${servicename}/credentials/store/folder/domain/greyn%20services/createCredentials' \ - --data-urlencode 'json={ - "": "0", - "credentials": { - "scope": "GLOBAL", - "id": "$env.usernameCredsId", - "username": "${servicename}", - "password": "${env.pw_linuxserviceaccount}", - "description": "service account login", - "$class": "com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl" - } - }' - - certCredsId=$(uuidgen) - - - ssh-keygen -t ed25519 -f "${servicename}" -N "" - privatekeycontent=$(cat ${servicename})) - pubkeycontent=$(cat ${servicename}.pub)) - CRUMB=$(curl -s 'http://${env.JENKINS_USR}:${env.JENKINS_PSW}@alloces.lan:8080/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)') - echo $CRUMB - curl -H $CRUMB -X POST 'http://${env.JENKINS_USR}:${env.JENKINS_PSW}@alloces.lan:8080/job/gitea.arg.rip/job/${servicename}/credentials/store/folder/domain/greyn%20services/createCredentials' \ - --data-urlencode 'json={ - "": "0", - "credentials": { - "scope": "GLOBAL", - "id": "$env.usernameCredsId", - "username": "${servicename}", - "password": "", - "privateKeySource": { - "stapler-class": "com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey$DirectEntryPrivateKeySource", - "privateKey": "$privatekeycontent", - }, - "description": "${servicename}", - "stapler-class": "com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey" - }, - "description": "service account ssh", - "$class": "com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey" - } - }' - privatekeycontent= - - sed -i 's/linuxServiceAccount=creds/linuxServiceAccount=credentials('${env.usernameCredsId}')/' Jenkinsfile - sed -i 's/targetHost=string/targetHost="${targetHost}"/' Jenkinsfile - - """ - sh """ - git push - popd - """ } } } @@ -193,7 +195,7 @@ pipeline { script { sshagent([SUDOERSSH]) { - ssh $SUDOER_USR@${targetHost} username=${servicename} password=${env.pw_linuxserviceaccount} pubkeycontent=${env.pubkeycontent} 'echo "$SUDOER_PSW" | sudo -Sv && bash -s' << 'ENDSSH' + sh """ssh -tt ${SUDOER_USR}@${targetHost} username=${servicename} password=${env.pw_linuxserviceaccount} pubkeycontent=${env.pubkeycontent} 'echo "$SUDOER_PSW" | sudo -Sv && bash -s' << 'ENDSSH' useradd -m -s /bin/bash $username echo "$username:$password" | chpasswd loginctl enable-linger $username @@ -204,6 +206,7 @@ pipeline { popd chown -R $username:$username .ssh ENDSSH + """ } } } @@ -216,7 +219,7 @@ pipeline { script { sshagent([SUDOERSSH]) { - ssh SUDOER_USR@${targetHost} servicename=$servicename pw_productiondatabase=${env.pw_productiondatabase} pw_developmentdatabase=${env.pw_developmentdatabase} 'echo "$SUDOER_PSW" | sudo -Sv && bash -s' << 'ENDSSH' + sh """ssh -tt SUDOER_USR@${targetHost} servicename=$servicename pw_productiondatabase=${env.pw_productiondatabase} pw_developmentdatabase=${env.pw_developmentdatabase} 'echo "$SUDOER_PSW" | sudo -Sv && bash -s' << 'ENDSSH' sudo -u postgres psql && bash -s << 'ENDPSQL' create database $servicename; create user $servicename with encrypted password '$pw_productiondatabase'; @@ -230,7 +233,7 @@ pipeline { grant all privileges on database $service_dev to $service_dev; ENDPSQL - ENDSSH + ENDSSH""" } } } @@ -240,24 +243,24 @@ pipeline { sshagent([SUDOERSSH]) { sh 'scp $servicename.service $servicename@${targetHost}:~/.config/systemd/user/$servicename.service' - ssh SUDOER_USR@${targetHost} servicename=$servicename pw_productiondatabase=${env.pw_productiondatabase} pw_developmentdatabase=${env.pw_developmentdatabase} 'echo "$SUDOER_PSW" | sudo -Sv && bash -s' << 'ENDSSH' + sh """ssh -tt SUDOER_USR@${targetHost} servicename=$servicename pw_productiondatabase=${env.pw_productiondatabase} pw_developmentdatabase=${env.pw_developmentdatabase} 'echo "$SUDOER_PSW" | sudo -Sv && bash -s' << 'ENDSSH' sudo -u ${servicename} && bash -s << 'ENDASSERVICE' systemctl --user daemon-reload systemctl --user enable $servicename.service ENDASSERVICE - ENDSSH + ENDSSH""" } } } - post { - failure { - matrixSendMessage hostname: 'https://greyn.club:8448', accessTokenCredentialsId: '040b63d1-2f14-4692-badb-114bddd7c5a5', roomId: '!QmOCACetHdGDlNFsZP:greyn.club', body: '1-click service failed :(' - - } - success { - matrixSendMessage hostname: 'https://greyn.club:8448', accessTokenCredentialsId: '040b63d1-2f14-4692-badb-114bddd7c5a5', roomId: '!QmOCACetHdGDlNFsZP:greyn.club', body: '1-click service success! go pick up the credentials!' - //TODO: archiveArtifacts the password data - } + } + post { + failure { + matrixSendMessage hostname: 'https://greyn.club:8448', accessTokenCredentialsId: '040b63d1-2f14-4692-badb-114bddd7c5a5', roomId: '!QmOCACetHdGDlNFsZP:greyn.club', body: '1-click service failed :(' + + } + success { + matrixSendMessage hostname: 'https://greyn.club:8448', accessTokenCredentialsId: '040b63d1-2f14-4692-badb-114bddd7c5a5', roomId: '!QmOCACetHdGDlNFsZP:greyn.club', body: '1-click service success! go pick up the credentials!' + //TODO: archiveArtifacts the password data, then store them somewhere } } } \ No newline at end of file