Compare commits
12 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 6e55bc1ed2 | |||
| 622e269bd3 | |||
| abbff95371 | |||
| f109faa5db | |||
| 159a0027ff | |||
| ca3d31de38 | |||
| bd45a49691 | |||
| 9009120546 | |||
| 51b87b720b | |||
| 41045a0973 | |||
| c3eda11c05 | |||
| 88419c8985 |
@ -4,7 +4,6 @@ pipeline {
|
||||
string(name: 'servicename', description: "service name")
|
||||
string(name: 'svcdesc', description: "service description")
|
||||
string(name: 'targetHost', description: "system to live on", defaultValue: "moloryb.lan")
|
||||
booleanParam(name: 'database', description: "service has a database", defaultValue: true)
|
||||
}
|
||||
environment {
|
||||
SUDOER_ALLOCES = credentials('a674f816-2b35-4d60-ba60-7b66e86f3c5c')
|
||||
@ -16,7 +15,7 @@ pipeline {
|
||||
GITEA_USR='jenkins'
|
||||
}
|
||||
stages {
|
||||
stage("environment setup") {
|
||||
stage("environment setup") { //my environment, here.
|
||||
steps {
|
||||
script {
|
||||
if (servicename.isEmpty()) {
|
||||
@ -124,52 +123,39 @@ pipeline {
|
||||
git -c core.sshCommand="ssh -i '$PK'\" clone ssh://git@gitea.arg.rip:8022/greyn/${servicename}.git
|
||||
#fyi, future me: pushd is useless here, it pops out. Like it's loading a script and exiting.
|
||||
"""
|
||||
script { //there's no "if" "step" so any "if" must be in a "script" step
|
||||
if(database){
|
||||
sh """#!/bin/bash
|
||||
script {
|
||||
sh """#!/bin/bash
|
||||
|
||||
pushd ${servicename}
|
||||
dbstartline=\$(sed -n '/---dbstart---/=' Jenkinsfile)
|
||||
dbendline=\$(sed -n '/---dbend---/=' Jenkinsfile)
|
||||
echo \"yes db.\"
|
||||
pushd ${servicename}
|
||||
|
||||
sed -i \"\${dbstartline}d;\${dbendline}d\" Jenkinsfile
|
||||
databaseString="Host=${targetHost};Database=${servicename};Username=${servicename};Password=${env.pw_productiondatabase};IncludeErrorDetail=true;"
|
||||
|
||||
databasecredsid=\$(uuidgen)
|
||||
httpBasicAuth=\"http://${env.JENKINS_USR}:${env.JENKINS_PSW}@alloces.lan:8080/\"
|
||||
echo \"\${httpBasicAuth}\"
|
||||
urlGetData=\"crumbIssuer/api/xml?xpath=concat(//crumbRequestField,\\":\\",//crumb)\"
|
||||
databasecredsid=\$(uuidgen)
|
||||
httpBasicAuth=\"http://${env.JENKINS_USR}:${env.JENKINS_PSW}@alloces.lan:8080/\"
|
||||
urlGetData=\"crumbIssuer/api/xml?xpath=concat(//crumbRequestField,\\":\\",//crumb)\"
|
||||
CRUMB=\$(curl -s -c cookies.txt \"\${httpBasicAuth}\${urlGetData}\")
|
||||
curl -H \$CRUMB -X POST \"http://${env.JENKINS_USR}:${env.JENKINS_PSW}@alloces.lan:8080/job/gitea.arg.rip/job/${servicename}/credentials/store/folder/domain/_/createCredentials\" \
|
||||
--data-urlencode 'json={
|
||||
"": "0",
|
||||
"credentials": {
|
||||
"scope": "GLOBAL",
|
||||
"id": "'"\$databasecredsid"'",
|
||||
"secret": "\$databaseString",
|
||||
"description": "database connection string",
|
||||
"\$class": "com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl"
|
||||
}
|
||||
}'
|
||||
credsStr="productiondatabase_connectionString=credentials(\\"\$databasecredsid\\")"
|
||||
sed -i "s/productiondatabase_connectionString=creds/\$credsStr/" Jenkinsfile
|
||||
|
||||
CRUMB=\$(curl -s -c cookies.txt \"\${httpBasicAuth}\${urlGetData}\")
|
||||
echo "crumb anyway. \$CRUMB"
|
||||
curl -H \$CRUMB -X POST \"http://${env.JENKINS_USR}:${env.JENKINS_PSW}@alloces.lan:8080/job/gitea.arg.rip/job/${servicename}/credentials/store/folder/domain/_/createCredentials\" \
|
||||
--data-urlencode 'json={
|
||||
"": "0",
|
||||
"credentials": {
|
||||
"scope": "GLOBAL",
|
||||
"id": "'"\$databasecredsid"'",
|
||||
"secret": "Host=${targetHost};Database=${servicename};Username=${servicename};Password=${env.pw_productiondatabase};IncludeErrorDetail=true;",
|
||||
"description": "database connection string",
|
||||
"\$class": "com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl"
|
||||
}
|
||||
}'
|
||||
credsStr="productiondatabase_connectionString=credentials(\\"\$databasecredsid\\")"
|
||||
sed -i "s/productiondatabase_connectionString=creds/\$credsStr/" Jenkinsfile
|
||||
rm cookies.txt
|
||||
git add .
|
||||
git commit -m \"set up for database\"
|
||||
|
||||
cp appsettings.sample.json appsettings.json
|
||||
sed -i "s/\\"DBConnectionString\\" *: *\\"[^\\"]*\\"/\\"DBConnectionString\\":\\"\${databaseString}\\"/" appsettings.json
|
||||
"""
|
||||
|
||||
rm cookies.txt
|
||||
git add .
|
||||
git commit -m \"set up for database\"
|
||||
"""
|
||||
}
|
||||
else{
|
||||
sh """#!/bin/bash
|
||||
echo \"no db\"
|
||||
pushd ${servicename}
|
||||
sed -i '\${dbstartline},\${dbendline}d;' Jenkinsfile
|
||||
git add .
|
||||
git commit -m "stripped database lines"
|
||||
"""
|
||||
}
|
||||
|
||||
sh """#!/bin/bash
|
||||
|
||||
@ -192,11 +178,11 @@ pipeline {
|
||||
|
||||
certCredsId=\$(uuidgen)
|
||||
|
||||
# you git cloned ${servicename}. that's why it "already exists".
|
||||
ssh-keygen -t ed25519 -f "${servicename}-ssh" -N ""
|
||||
#chmod 600 \"${servicename}-ssh\"
|
||||
#chmod 600 \"${servicename}-ssh.pub\"
|
||||
privatekeycontent=\$(cat ${servicename}-ssh)
|
||||
privatekeycontent=\$(cat ${servicename}-ssh)\$'\\n'
|
||||
privatekeycontent="\$privatekeycontent
|
||||
"
|
||||
echo "private key content: \$privatekeycontent hopefully newline isn't the issue."
|
||||
pubkeycontent=\$(cat ${servicename}-ssh.pub)
|
||||
CRUMB=\$(curl -s 'http://${env.JENKINS_USR}:${env.JENKINS_PSW}@alloces.lan:8080/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)')
|
||||
echo \$CRUMB
|
||||
@ -205,7 +191,7 @@ pipeline {
|
||||
"": "0",
|
||||
"credentials": {
|
||||
"scope": "GLOBAL",
|
||||
"id": "'"\$usernameCredsId"'",
|
||||
"id": "'"\$certCredsId"'",
|
||||
"username": "${servicename}",
|
||||
"password": "",
|
||||
"privateKeySource": {
|
||||
@ -224,7 +210,9 @@ pipeline {
|
||||
pushd ${servicename}
|
||||
|
||||
linuxServiceAccountStr="linuxServiceAccount=credentials(\\"\$usernameCredsId\\")"
|
||||
linuxServiceAccountIDStr="linuxServiceAccountID=\\"\$certCredsId\\""
|
||||
sed -i "s/linuxServiceAccount=creds/\$linuxServiceAccountStr/" Jenkinsfile
|
||||
sed -i "s/linuxServiceAccountID=string/\$linuxServiceAccountIDStr/" Jenkinsfile
|
||||
sed -i 's/targetHost=string/targetHost="${targetHost}"/' Jenkinsfile
|
||||
git add .
|
||||
git commit -m "linux account, service host"
|
||||
@ -260,7 +248,6 @@ pipeline {
|
||||
}
|
||||
}
|
||||
stage("db init"){
|
||||
when { expression { return params.database } }
|
||||
steps {
|
||||
//i'm pretty sure "update" with nothing will init?
|
||||
//meaning we don't have to init, first update will init
|
||||
@ -286,6 +273,9 @@ pipeline {
|
||||
stage("initial service setup"){
|
||||
steps{
|
||||
sh """#!/bin/bash
|
||||
ssh -i "${servicename}-ssh" -tt ${servicename}@${targetHost} "mkdir -p ~/dist"
|
||||
scp -i "${servicename}-ssh" ${servicename}/appsettings.json ${servicename}@${targetHost}:~/dist/appsettings.json
|
||||
|
||||
ssh -i "${servicename}-ssh" -tt ${servicename}@${targetHost} "mkdir -p ~/.config/systemd/user/"
|
||||
scp -i "${servicename}-ssh" ${servicename}/${servicename}.service ${servicename}@${targetHost}:~/.config/systemd/user/${servicename}.service
|
||||
|
||||
@ -295,7 +285,6 @@ pipeline {
|
||||
}
|
||||
}
|
||||
}
|
||||
/*
|
||||
post {
|
||||
failure {
|
||||
matrixSendMessage https:true, hostname: 'greyn.club', port:8448, accessTokenCredentialsId: '040b63d1-2f14-4692-badb-114bddd7c5a5', roomId: '!QmOCACetHdGDlNFsZP:greyn.club', body: '1-click service failed :(', formattedBody: "1-click service <b>failed</b> :("
|
||||
@ -305,5 +294,4 @@ pipeline {
|
||||
//TODO: archiveArtifacts the password data, then store them somewhere
|
||||
}
|
||||
}
|
||||
*/
|
||||
}
|
||||
@ -1 +1,156 @@
|
||||
//TODO
|
||||
pipeline {
|
||||
agent any
|
||||
parameters {
|
||||
string(name: 'videoname', description: "video name")
|
||||
string(name: 'videodesc', description: "video description")
|
||||
}
|
||||
environment {
|
||||
JENKINSONGITEA=credentials('d0e86441-2157-405f-8539-a9a9010c6ecf')
|
||||
JENKINSONMATRIXTOKEN=credentials('17d18fd7-29eb-4957-9532-ce42aaa9b4ec')
|
||||
GITEAONMATRIXTOKEN=credentials('10bc888a-cb19-456e-b793-f85ee465d58e')
|
||||
}
|
||||
|
||||
stages {
|
||||
stage("environment setup") {
|
||||
steps{
|
||||
script{
|
||||
if (videoname.isEmpty()) {
|
||||
error("videoname mandatory")
|
||||
}
|
||||
if (videoname.contains(' ')) {
|
||||
error("videoname cannot have spaces. try dashes.")
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
stage("create gitea project"){
|
||||
steps{
|
||||
script{
|
||||
env.giteaCreateEvent=sh(returnStdout: true, script: """
|
||||
curl -X 'POST' \
|
||||
'https://gitea.arg.rip/api/v1/repos/beefhavers/_videotemplate/generate' \
|
||||
-H 'accept: application/json' \
|
||||
-H 'Authorization: token ${env.JENKINSONGITEA}' \
|
||||
-H 'Content-Type: application/json' \
|
||||
-d '{
|
||||
"description": "${videodesc}",
|
||||
"git_content": true,
|
||||
"git_hooks": true,
|
||||
"labels": true,
|
||||
"name": "${videoname}",
|
||||
"owner": "beefhavers",
|
||||
"private": false,
|
||||
"protected_branch": true,
|
||||
"topics": true,
|
||||
"webhooks": true
|
||||
}'
|
||||
""").trim()
|
||||
if (!env.giteaCreateEvent?.trim()) {
|
||||
error "couldn't make gitea repo, apparently"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
stage("create matrix room"){
|
||||
steps{
|
||||
script{
|
||||
env.roomcreationevent=sh(returnStdout: true, script: """
|
||||
curl -X 'POST' \
|
||||
'https://greyn.club:8448/_matrix/client/v3/createRoom' \
|
||||
-H 'accept: application/json' \
|
||||
-H 'Authorization: Bearer ${JENKINSONMATRIXTOKEN}' \
|
||||
-H 'Content-Type: application/json' \
|
||||
-d '{
|
||||
"creation_content": {
|
||||
"m.federate": false
|
||||
},
|
||||
"name": "${videoname}",
|
||||
"preset": "public_chat",
|
||||
"invite": ["@adam:greyn.club", "@gitea:greyn.club"],
|
||||
"topic": "https://gitea.arg.rip/beefhavers/${videoname}"
|
||||
}'
|
||||
"""
|
||||
).trim()
|
||||
if (!env.roomcreationevent?.trim()) {
|
||||
error "couldn't make matrix room, apparently"
|
||||
}
|
||||
echo "roomcreationevent:"
|
||||
echo env.roomcreationevent
|
||||
def jsonObj = readJSON text: env.roomcreationevent
|
||||
env.room_id =jsonObj.room_id
|
||||
if(!env.room_id?.trim()){
|
||||
error "couldn't make matrix room, apparently"
|
||||
}
|
||||
|
||||
env.spaceaddevent=sh(returnStdout: true, script: """
|
||||
curl -X 'PUT' 'https://greyn.club:8448/_matrix/client/r0/rooms/!xLgVvcqtVzquTkCQGx:greyn.club/state/m.space.child/${env.room_id}' \
|
||||
-H 'accept: application/json' \
|
||||
-H 'Authorization: Bearer ${JENKINSONMATRIXTOKEN}' \
|
||||
-H 'Content-Type: application/json' \
|
||||
-d '{
|
||||
"via": ["greyn.club"]
|
||||
}'
|
||||
""").trim()
|
||||
echo "spaceaddevent:"
|
||||
echo env.spaceaddevent
|
||||
|
||||
env.elevatePrivsEvent=sh(returnStdout: true, script: """
|
||||
curl -X 'PUT' 'https://greyn.club:8448/_matrix/client/v3/rooms/${env.room_id}/state/m.room.power_levels' \
|
||||
-H 'accept: application/json' \
|
||||
-H 'Authorization: Bearer ${JENKINSONMATRIXTOKEN}' \
|
||||
-H 'Content-Type: application/json' \
|
||||
-d '{
|
||||
"users": {
|
||||
"@adam:greyn.club": 100,
|
||||
"@jenkins:greyn.club": 50
|
||||
}
|
||||
}'
|
||||
""").trim()
|
||||
echo "elevatePrivsEvent:"
|
||||
echo env.elevatePrivsEvent
|
||||
}
|
||||
}
|
||||
}
|
||||
stage("link gitea webhook"){
|
||||
steps{
|
||||
sh """
|
||||
curl -X 'GET' 'https://gitea.arg.rip/api/v1/repos/beefhavers/${videoname}/hooks' \
|
||||
-H 'accept: application/json' \
|
||||
-H 'authorization: token ${env.JENKINSONGITEA}' \
|
||||
>reporesponse.json
|
||||
|
||||
cat reporesponse.json
|
||||
cat reporesponse.json | jq '.[] | select(.type=="matrix")' >matrixhook.json
|
||||
cat matrixhook.json
|
||||
|
||||
"""
|
||||
|
||||
sh """
|
||||
echo '{
|
||||
"active": true,
|
||||
"authorization_header": "Bearer ${env.GITEAONMATRIXTOKEN}",
|
||||
"branch_filter": "*",
|
||||
"config": {
|
||||
"content_type": "json",' >request.json
|
||||
echo "\\"url\\": \\"https://greyn.club:8448/_matrix/client/r0/rooms/\$(echo ${env.room_id} | sed 's/!/%21/')/send/m.room.message\\"" >>request.json
|
||||
echo "}," >>request.json
|
||||
echo "\\"events\\": \$(cat matrixhook.json | jq .[0].events)" >>request.json
|
||||
echo '}' >>request.json
|
||||
|
||||
cat request.json
|
||||
"""
|
||||
sh """
|
||||
curl -X 'PATCH' "https://gitea.arg.rip/api/v1/repos/beefhavers/${videoname}/hooks/\$(cat matrixhook.json | jq .[0].id)" \
|
||||
-H 'accept: application/json' \
|
||||
-H 'authorization: token ${env.JENKINSONGITEA}' \
|
||||
-H 'Content-Type: application/json' \
|
||||
-d @request.json
|
||||
|
||||
rm request.json
|
||||
rm reporesponse.json
|
||||
rm matrixhook.json
|
||||
"""
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -9,11 +9,6 @@ function restofscript(){
|
||||
sudo -u postgres psql -c "create database $servicename;"
|
||||
sudo -u postgres psql -c "create user $servicename with encrypted password '$pw_productiondatabase';"
|
||||
sudo -u postgres psql -c "grant all privileges on database $servicename to $servicename;"
|
||||
|
||||
sudo -u postgres psql -c "create database $service_dev;"
|
||||
sudo -u postgres psql -c "create user $service_dev with encrypted password '$pw_developmentdatabase';"
|
||||
sudo -u postgres psql -c "grant all privileges on database $service_dev to $service_dev;"
|
||||
|
||||
}
|
||||
|
||||
echo "${SUDOER_PSW}" | sudo -S bash -c "$(declare -f restofscript); restofscript"
|
||||
|
||||
@ -9,7 +9,7 @@ function restofscript(){
|
||||
echo "${USERNAMETOADD}:${PASSWORDTOADD}" | chpasswd
|
||||
loginctl enable-linger ${USERNAMETOADD}
|
||||
mkdir /home/${USERNAMETOADD}/.ssh
|
||||
touch /home/${USERNAMETOADD}/authorized_keys
|
||||
touch /home/${USERNAMETOADD}/.ssh/authorized_keys
|
||||
cat ssh.pub >> /home/${USERNAMETOADD}/.ssh/authorized_keys
|
||||
chmod 600 /home/${USERNAMETOADD}/authorized_keys
|
||||
chown -R "${USERNAMETOADD}:${USERNAMETOADD}" /home/${USERNAMETOADD}/.ssh
|
||||
|
||||
Loading…
Reference in New Issue
Block a user