api_deploy 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.dockerignore +1 -0
- data/.gitattributes +1 -0
- data/.gitignore +37 -0
- data/.vault_pass.py +4 -0
- data/Dockerfile +29 -0
- data/Gemfile +12 -0
- data/Gemfile.lock +73 -0
- data/Jenkinsfile +14 -0
- data/Makefile +38 -0
- data/README.md +38 -0
- data/Rakefile +9 -0
- data/api_deploy.gemspec +16 -0
- data/bin/api_deploy +6 -0
- data/bin/apply_restrictions +7 -0
- data/bin/bitbucket +7 -0
- data/bin/get_all_repo_sizes +18 -0
- data/bin/ldap +7 -0
- data/config/defaults.json +21 -0
- data/config/vault +0 -0
- data/lib/api.rb +45 -0
- data/lib/api_deploy.rb +5 -0
- data/lib/artifactory_api.rb +13 -0
- data/lib/bitbucket.rb +68 -0
- data/lib/bitbucket/project.rb +34 -0
- data/lib/bitbucket/repository.rb +66 -0
- data/lib/config_store.rb +40 -0
- data/lib/github.rb +13 -0
- data/lib/ldap.rb +115 -0
- data/lib/libraries.rb +10 -0
- data/lib/log.rb +13 -0
- data/lib/octopus_api.rb +56 -0
- data/lib/teamcity_api.rb +40 -0
- data/spec/data/defaults.json +16 -0
- data/spec/data/overrides.json +5 -0
- data/spec/lib/api_spec.rb +52 -0
- data/spec/lib/artifactory_api_spec.rb +10 -0
- data/spec/lib/config_spec.rb +30 -0
- data/spec/lib/log_spec.rb +15 -0
- data/spec/lib/octopus_api_spec.rb +95 -0
- data/spec/lib/teamcity_api_spec.rb +20 -0
- data/spec/spec_helper.rb +2 -0
- metadata +224 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 4356024b83ed5522e9d629fadd46d4f9748c8272
|
4
|
+
data.tar.gz: 903189ec8f159c851a7f2a62f8db0a158240e242
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 28a04b7beadb8c10581ff3d065c81a5b5004239380c6c56751dcaf8a83332f652985a2058391eb21aa1f63ea67d6c8b864ebc605d98a96522c21b471fe09c90e
|
7
|
+
data.tar.gz: 4ffc454e8dcb6b52e7339be99d694248dacc2ec15679d56d6d6b67cb22e3ecf444f5ae1c7dc4e2398cc669e2010d28610b1f01cce933f3a1dc2418a338359dbb
|
data/.dockerignore
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
Dockerfile
|
data/.gitattributes
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
*vault binary
|
data/.gitignore
ADDED
@@ -0,0 +1,37 @@
|
|
1
|
+
*.gem
|
2
|
+
*.swp
|
3
|
+
*.rbc
|
4
|
+
/.config
|
5
|
+
config/overrides*
|
6
|
+
/coverage/
|
7
|
+
/InstalledFiles
|
8
|
+
/pkg/
|
9
|
+
/spec/reports/
|
10
|
+
/test/tmp/
|
11
|
+
/test/version_tmp/
|
12
|
+
/tmp/
|
13
|
+
|
14
|
+
## Specific to RubyMotion:
|
15
|
+
.dat*
|
16
|
+
.repl_history
|
17
|
+
build/
|
18
|
+
|
19
|
+
## Documentation cache and generated files:
|
20
|
+
/.yardoc/
|
21
|
+
/_yardoc/
|
22
|
+
/doc/
|
23
|
+
/rdoc/
|
24
|
+
|
25
|
+
## Environment normalisation:
|
26
|
+
/.bundle/
|
27
|
+
/vendor/bundle
|
28
|
+
/lib/bundler/man/
|
29
|
+
|
30
|
+
# for a library or gem, you might want to ignore these files since the code is
|
31
|
+
# intended to run in multiple environments; otherwise, check them in:
|
32
|
+
# Gemfile.lock
|
33
|
+
# .ruby-version
|
34
|
+
# .ruby-gemset
|
35
|
+
|
36
|
+
# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
|
37
|
+
.rvmrc
|
data/.vault_pass.py
ADDED
data/Dockerfile
ADDED
@@ -0,0 +1,29 @@
|
|
1
|
+
# ruby dependencies and ansible
|
2
|
+
#FROM docker.artifactory.yoox.net/ruby:2.4.0-alpine
|
3
|
+
FROM ruby:2.4-alpine
|
4
|
+
RUN apk add --update --no-cache make ansible less
|
5
|
+
|
6
|
+
# takes VP as --build-arg for vault pass
|
7
|
+
ARG VP=''
|
8
|
+
|
9
|
+
# creates workdir
|
10
|
+
ENV APP_PATH /app/
|
11
|
+
RUN mkdir $APP_PATH
|
12
|
+
WORKDIR $APP_PATH
|
13
|
+
|
14
|
+
# decrypts vault in machine
|
15
|
+
COPY config/vault vault
|
16
|
+
COPY .vault_pass.py .
|
17
|
+
RUN mkdir ~/.config/
|
18
|
+
RUN ansible-vault view --vault-password-file=.vault_pass.py vault > ~/.config/api_deploy_overrides.json
|
19
|
+
|
20
|
+
# setup gem deps
|
21
|
+
COPY Gemfile* $APP_PATH
|
22
|
+
RUN bundle config build.nokogiri --use-system-libraries
|
23
|
+
RUN bundle install
|
24
|
+
|
25
|
+
# copy in app
|
26
|
+
COPY . $APP_PATH
|
27
|
+
|
28
|
+
# set LOG_LEVEL to verbose
|
29
|
+
#ENV LOG_LEVEL info
|
data/Gemfile
ADDED
data/Gemfile.lock
ADDED
@@ -0,0 +1,73 @@
|
|
1
|
+
GEM
|
2
|
+
remote: https://rubygems.org/
|
3
|
+
specs:
|
4
|
+
addressable (2.4.0)
|
5
|
+
artifactory (2.7.0)
|
6
|
+
coderay (1.1.1)
|
7
|
+
descendants_tracker (0.0.4)
|
8
|
+
thread_safe (~> 0.3, >= 0.3.1)
|
9
|
+
diff-lcs (1.3)
|
10
|
+
faraday (0.9.2)
|
11
|
+
multipart-post (>= 1.2, < 3)
|
12
|
+
github_api (0.14.5)
|
13
|
+
addressable (~> 2.4.0)
|
14
|
+
descendants_tracker (~> 0.0.4)
|
15
|
+
faraday (~> 0.8, < 0.10)
|
16
|
+
hashie (>= 3.4)
|
17
|
+
oauth2 (~> 1.0)
|
18
|
+
hashie (3.5.5)
|
19
|
+
jwt (1.5.6)
|
20
|
+
little-plugger (1.1.4)
|
21
|
+
logging (2.1.0)
|
22
|
+
little-plugger (~> 1.1)
|
23
|
+
multi_json (~> 1.10)
|
24
|
+
method_source (0.8.2)
|
25
|
+
multi_json (1.12.1)
|
26
|
+
multi_xml (0.6.0)
|
27
|
+
multipart-post (2.0.0)
|
28
|
+
net-ldap (0.16.0)
|
29
|
+
oauth2 (1.3.1)
|
30
|
+
faraday (>= 0.8, < 0.12)
|
31
|
+
jwt (~> 1.0)
|
32
|
+
multi_json (~> 1.3)
|
33
|
+
multi_xml (~> 0.5)
|
34
|
+
rack (>= 1.2, < 3)
|
35
|
+
pry (0.10.4)
|
36
|
+
coderay (~> 1.1.0)
|
37
|
+
method_source (~> 0.8.1)
|
38
|
+
slop (~> 3.4)
|
39
|
+
rack (2.0.1)
|
40
|
+
require_all (1.4.0)
|
41
|
+
rspec (3.5.0)
|
42
|
+
rspec-core (~> 3.5.0)
|
43
|
+
rspec-expectations (~> 3.5.0)
|
44
|
+
rspec-mocks (~> 3.5.0)
|
45
|
+
rspec-core (3.5.4)
|
46
|
+
rspec-support (~> 3.5.0)
|
47
|
+
rspec-expectations (3.5.0)
|
48
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
49
|
+
rspec-support (~> 3.5.0)
|
50
|
+
rspec-mocks (3.5.0)
|
51
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
52
|
+
rspec-support (~> 3.5.0)
|
53
|
+
rspec-support (3.5.0)
|
54
|
+
slop (3.6.0)
|
55
|
+
thread_safe (0.3.6)
|
56
|
+
|
57
|
+
PLATFORMS
|
58
|
+
ruby
|
59
|
+
x64-mingw32
|
60
|
+
|
61
|
+
DEPENDENCIES
|
62
|
+
artifactory
|
63
|
+
faraday
|
64
|
+
github_api
|
65
|
+
hashie
|
66
|
+
logging
|
67
|
+
net-ldap
|
68
|
+
pry
|
69
|
+
require_all
|
70
|
+
rspec
|
71
|
+
|
72
|
+
BUNDLED WITH
|
73
|
+
1.14.2
|
data/Jenkinsfile
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
#!/usr/bin/env groovy
|
2
|
+
env.dockerTag = env.BUILD_TAG.toLowerCase()
|
3
|
+
|
4
|
+
properties([pipelineTriggers([cron('H 23 * * *')])])
|
5
|
+
|
6
|
+
stage("apply_restrictions"){
|
7
|
+
node(){
|
8
|
+
withCredentials([usernamePassword( credentialsId: 'vault_jenkins_cred_ansible_api_deploy_vault_password',
|
9
|
+
usernameVariable: 'UNUSED', passwordVariable: 'VP')]) {
|
10
|
+
checkout scm
|
11
|
+
sh "make apply_restrictions"
|
12
|
+
}
|
13
|
+
}
|
14
|
+
}
|
data/Makefile
ADDED
@@ -0,0 +1,38 @@
|
|
1
|
+
.PHONY: all
|
2
|
+
all: shell
|
3
|
+
|
4
|
+
setup:
|
5
|
+
dockerTag := "localtest-$(shell date +%s)"
|
6
|
+
|
7
|
+
shell: build
|
8
|
+
@docker run --rm -it ${dockerTag} /bin/sh
|
9
|
+
|
10
|
+
build:
|
11
|
+
@docker build -f Dockerfile --build-arg VP=${VP} -t ${dockerTag} .
|
12
|
+
|
13
|
+
run: build
|
14
|
+
@docker run -e VP=${VP} --rm --name ${dockerTag} -t ${dockerTag} ./bin/${command}
|
15
|
+
|
16
|
+
run_interactive: build
|
17
|
+
@docker run -e VP=${VP} --rm --name ${dockerTag} -it ${dockerTag} ./bin/${command}
|
18
|
+
|
19
|
+
test: build
|
20
|
+
docker run --rm --name ${dockerTag} -t ${dockerTag} rake
|
21
|
+
|
22
|
+
apply_restrictions:
|
23
|
+
make run command=apply_restrictions
|
24
|
+
|
25
|
+
ruby:
|
26
|
+
make run_interactive command=api_deploy
|
27
|
+
|
28
|
+
ldap:
|
29
|
+
make run_interactive command=ldap
|
30
|
+
|
31
|
+
bb:
|
32
|
+
make run_interactive command=bitbucket
|
33
|
+
|
34
|
+
get_all_repo_sizes:
|
35
|
+
make run_interactive command=get_all_repo_sizes
|
36
|
+
|
37
|
+
edit_config_vault:
|
38
|
+
ansible-vault edit --vault-password-file=.vault_pass.py config/vault
|
data/README.md
ADDED
@@ -0,0 +1,38 @@
|
|
1
|
+
# ApiDeploy
|
2
|
+
|
3
|
+
## Console tools
|
4
|
+
|
5
|
+
### LDAP
|
6
|
+
Opens a ruby shell with a ldap query object
|
7
|
+
```
|
8
|
+
$> VP='vault_pass' NAP_BIND_USER='' NAP_BIND_PASS='' YOOX_BIND_USER='' YOOX_BIND_PASS='' make ldap
|
9
|
+
|
10
|
+
[1] pry(main)> ldap.user 'hawkinsf'
|
11
|
+
....
|
12
|
+
|
13
|
+
[1] pry(main)> ldap.group 'cicd'
|
14
|
+
...
|
15
|
+
```
|
16
|
+
|
17
|
+
### Shell
|
18
|
+
Opens a bash shell in the api_deployer
|
19
|
+
```
|
20
|
+
$> VP='vault_pass' make shell
|
21
|
+
|
22
|
+
$>
|
23
|
+
```
|
24
|
+
|
25
|
+
### Interactive
|
26
|
+
Opens a ruby shell in the api_deployer
|
27
|
+
```
|
28
|
+
$> VP='vault_pass' make interactive
|
29
|
+
|
30
|
+
[1] pry(main)>
|
31
|
+
```
|
32
|
+
|
33
|
+
### Apply restrictions
|
34
|
+
Applies bitbucket repo restrictions
|
35
|
+
```
|
36
|
+
$> VP='vault_pass' make apply_restrictions
|
37
|
+
...
|
38
|
+
```
|
data/Rakefile
ADDED
data/api_deploy.gemspec
ADDED
@@ -0,0 +1,16 @@
|
|
1
|
+
Gem::Specification.new do |s|
|
2
|
+
s.name = 'api_deploy'
|
3
|
+
s.version = '0.1.0'
|
4
|
+
s.licenses = ['MIT']
|
5
|
+
s.summary = "gem for yoox-nap api deployment"
|
6
|
+
s.description = "can also be run as a server"
|
7
|
+
s.authors = ["Felix Hawkins"]
|
8
|
+
s.email = 'felix@whimsicaldoodles.com'
|
9
|
+
s.homepage = 'https://rubygems.org/gems/example'
|
10
|
+
s.require_paths = ['lib']
|
11
|
+
s.files = `git ls-files`.split("\n")
|
12
|
+
|
13
|
+
%w{ require_all rspec github_api faraday artifactory logging thin hashie net-ldap pry}.each do |gem|
|
14
|
+
s.add_runtime_dependency gem
|
15
|
+
end
|
16
|
+
end
|
data/bin/api_deploy
ADDED
data/bin/bitbucket
ADDED
@@ -0,0 +1,18 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
$: << 'lib'
|
4
|
+
require 'libraries'
|
5
|
+
|
6
|
+
g = GithubApi.new
|
7
|
+
|
8
|
+
list = g.api.repos.list(per_page: 10000)
|
9
|
+
sizes = {}
|
10
|
+
list.each_page do |page|
|
11
|
+
page.each do |page|
|
12
|
+
sizes[page[:name]] = page[:size]
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
sorted = sizes.sort_by {|k,v| v }
|
17
|
+
|
18
|
+
require 'pry';binding.pry
|
data/bin/ldap
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
{
|
2
|
+
"teamcity":{
|
3
|
+
"url":"http://teamcity.yoox.net/httpAuth/app/rest",
|
4
|
+
"user":"continuous_integration",
|
5
|
+
"pass":"PASSWORD"
|
6
|
+
},
|
7
|
+
"artifactory":{
|
8
|
+
"url":"http://artifactory.yoox.net/artifactory",
|
9
|
+
"user":"continuous_integration",
|
10
|
+
"pass":"PASSWORD"
|
11
|
+
},
|
12
|
+
"octopus":{
|
13
|
+
"url":"http://octopus3.yoox.net/api",
|
14
|
+
"api_key":"APIKEY"
|
15
|
+
},
|
16
|
+
"bitbucket":{
|
17
|
+
"url":"https://git.yoox.net/",
|
18
|
+
"user":"administrator",
|
19
|
+
"pass":"PASSWORD"
|
20
|
+
}
|
21
|
+
}
|
data/config/vault
ADDED
Binary file
|
data/lib/api.rb
ADDED
@@ -0,0 +1,45 @@
|
|
1
|
+
module API
|
2
|
+
attr_reader :api
|
3
|
+
|
4
|
+
def create_api(config)
|
5
|
+
@api = Faraday.new(url: config.url) do |connection|
|
6
|
+
connection.ssl[:verify] = false
|
7
|
+
connection.adapter :net_http
|
8
|
+
if config.api_key
|
9
|
+
connection.headers['X-Octopus-ApiKey'] = config.api_key
|
10
|
+
else
|
11
|
+
connection.basic_auth(config.user, config.pass)
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
def request(method, url, query=nil, type="json", parse=true)
|
17
|
+
if query
|
18
|
+
Log.warn "request url: #{method.upcase} #{api.url_prefix}#{url}"
|
19
|
+
Log.info "request body: #{query}"
|
20
|
+
response = api.send(method) do |request|
|
21
|
+
request.url url
|
22
|
+
request.body = query
|
23
|
+
request.headers['Content-Type'] = "application/#{type}"
|
24
|
+
end
|
25
|
+
else
|
26
|
+
Log.warn "request url: #{method.upcase} #{api.url_prefix}#{url}"
|
27
|
+
response = api.send(method) do |request|
|
28
|
+
request.url url
|
29
|
+
request.headers['Content-Type'] = "application/#{type}"
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
Log.warn "response code: #{response.status}"
|
34
|
+
Log.info "response body: #{response.body}"
|
35
|
+
parse ? parsed_response(response) : response
|
36
|
+
end
|
37
|
+
|
38
|
+
def parsed_response(resp)
|
39
|
+
if resp.headers['content-type'] =~ /application\/json/
|
40
|
+
JSON.parse(resp.body)
|
41
|
+
else
|
42
|
+
resp
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
data/lib/api_deploy.rb
ADDED
@@ -0,0 +1,13 @@
|
|
1
|
+
class ArtifactoryApi
|
2
|
+
include Artifactory::Resource
|
3
|
+
attr_reader :api
|
4
|
+
|
5
|
+
def initialize
|
6
|
+
@api = Artifactory::Client.new(
|
7
|
+
endpoint: ConfigStore.artifactory.url,
|
8
|
+
username: ConfigStore.artifactory.user,
|
9
|
+
password: ConfigStore.artifactory.pass
|
10
|
+
)
|
11
|
+
end
|
12
|
+
|
13
|
+
end
|