Compare commits

...

2 Commits

Author SHA1 Message Date
25a2dc093e future scripts
All checks were successful
gitea.arg.rip/deployment/pipeline/head This commit looks good
2024-11-17 15:02:19 -05:00
b297a2345a i think I have it mostly figured out, still TODOs 2024-11-17 15:01:57 -05:00
4 changed files with 50 additions and 28 deletions

View File

@ -1,40 +1,54 @@
pipeline { pipeline {
agent any agent any
parameters { parameters {
string(name: 'svcname', description: "service name") string(name: 'servicename', description: "service name")
string(name: 'svcdesc', description: "service description") string(name: 'svcdesc', description: "service description")
boolean(name: 'database', description: "service has a database", defaultValue: false) boolean(name: 'database', description: "service has a database", defaultValue: true)
} }
environment {
pw_linuxserviceaccount=""
pw_productiondatabase=""
pw_developmentdatabase=""
ALLOCES = credentials('//TODO: its usually a uuid')
}
stages { stages {
stage("type strengthening") { stage("type strengthening") {
steps { steps {
script { script {
if (svcname.isEmpty()) { if (servicename.isEmpty()) {
error("svcname mandatory") error("servicename mandatory")
} }
if (servicename.contains(' ')) {
error("servicename cannot have spaces. try dashes.")
}
sh env.pw_linuxserviceaccount=$(mktemp -u XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)
sh env.pw_productiondatabase=$(mktemp -u XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)
sh env.pw_developmentdatabase=$(mktemp -u XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)
//TODO: save them somewhere. probably better to not lock myself out of these accounts from moment 0
} }
//TODO: generate password for the service account
//TODO: generate password for prod DB
//TODO: generate password for dev DB
//TODO: save them somewhere. probably better to not lock myself out of these accounts from moment 0
} }
} }
stage("gitea project"){ stage("gitea project"){
steps{ steps{
script { //TODO: clone _template-service. Must be under greyn.
//TODO: clone _template-service //TODO: if not database version, strip out database stuff
//TODO: if not database version, strip out database stuff }
} }
stage("jenkins pipeline"){
steps{
//TODO: tell jenkins to scan greyn pipeline
//TODO: find this new service in jenkins
//TODO: add the shared secrets to jenkins
} }
} }
stage("service account"){ stage("service account"){
steps{ steps{
script { script {
//jenkins, the user trying to SSH, must be able to ssh in and sudo //jenkins, the user trying to SSH, must be able to ssh in and sudo
ssh user@host username=$svcname svcpw=$ARG2 'echo "rootpass" | sudo -Sv && bash -s' << 'ENDSSH' ssh user@host username=$servicename password=${env.pw_linuxserviceaccount} 'echo "$ALLOCES_PSW" | sudo -Sv && bash -s' << 'ENDSSH'
#commands to run on remote host
useradd -m -s /bin/bash $username useradd -m -s /bin/bash $username
echo "$username:$password" | chpasswd echo "$username:$password" | chpasswd
loginctl enable-linger $username
ENDSSH ENDSSH
} }
} }
@ -45,16 +59,19 @@ pipeline {
//i'm pretty sure "update" with nothing will init? //i'm pretty sure "update" with nothing will init?
//meaning we don't have to init, first update will init //meaning we don't have to init, first update will init
script { script {
ssh user@host username=$svcname svcpw=$ARG2 'echo "rootpass" | sudo -Sv && bash -s' << 'ENDSSH' ssh user@host servicename=$servicename pw_productiondatabase=${env.pw_productiondatabase} pw_developmentdatabase=${env.pw_developmentdatabase} 'echo "$ALLOCES_PSW" | sudo -Sv && bash -s' << 'ENDSSH'
sudo -u postgres psql && bash -s << 'ENDPSQL'
sudo -u postgres psql create database $servicename;
postgres=# create database mydb; create user $servicename with encrypted password '$pw_productiondatabase';
postgres=# create user myuser with encrypted password 'mypass'; grant all privileges on database $servicename to $servicename;
postgres=# grant all privileges on database mydb to myuser; ENDPSQL
postgres=# create database mydb_dev; service_dev="${servicename}_dev"
postgres=# create user myuser_dev with encrypted password 'myotherpass'; sudo -u postgres psql && bash -s << 'ENDPSQL'
postgres=# grant all privileges on database mydb_dev to myuser_dev; create database $service_dev;
create user $service_dev with encrypted password '$pw_developmentdatabase';
grant all privileges on database $service_dev to $service_dev;
ENDPSQL
ENDSSH ENDSSH
} }
@ -62,9 +79,11 @@ pipeline {
} }
stage("initial service setup"){ stage("initial service setup"){
steps{ steps{
script { sh 'scp $servicename.service user@server:~/.config/systemd/user/$servicename.service'
//TODO ssh user@host servicename=$servicename svcpw=$ARG2 'echo "$ALLOCES_PSW" | sudo -Sv && bash -s' << 'ENDSSH'
} systemctl --user daemon-reload
systemctl --user enable $servicename.service
ENDSSH
} }
} }
} }

View File

@ -0,0 +1 @@
//TODO

View File

@ -0,0 +1 @@
//TODO

1
scripts/nupkg.groovy Normal file
View File

@ -0,0 +1 @@
//TODO