compose-hook 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.drone.yml +46 -0
- data/.gitignore +1 -0
- data/.rspec +1 -0
- data/.rubocop.yml +148 -0
- data/Gemfile +8 -0
- data/Gemfile.lock +110 -0
- data/LICENSE +21 -0
- data/README.md +23 -0
- data/VERSION +1 -0
- data/bin/compose-hook +9 -0
- data/bin/compose-payload +25 -0
- data/bin/install_webhook +11 -0
- data/compose-hook.gemspec +41 -0
- data/config.ru +5 -0
- data/lib/compose-hook.rb +9 -0
- data/lib/compose_hook/payload.rb +39 -0
- data/lib/compose_hook/webhook.rb +81 -0
- data/stages.yml +2 -0
- data/templates/webhook.service +13 -0
- metadata +276 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: e9a8865abb92f4d9916b9f007a066da7061623976bd520d0ee5dad4cf0e4564d
|
4
|
+
data.tar.gz: ea8dd4da5e6cd2dd4430d9d95cce2e3e3693f6cebf7542f4330b2c176f951254
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: ab7ab971dd554908b7f268201ecd6f5da5332b7750db790188001a211c1cb152136ee3dcda0e0440c276034f7b9027265564d98eb36ada6cbc1c3764f7e3419f
|
7
|
+
data.tar.gz: e7cd153333d508b66136c099a3ff3c9e90f970e3f117dff97cf17e8e9da5e77be24f786cd35d9975da377f1448f49ab5506bce584c1dacc7591a2cc99cf38292
|
data/.drone.yml
ADDED
@@ -0,0 +1,46 @@
|
|
1
|
+
---
|
2
|
+
kind: pipeline
|
3
|
+
name: default
|
4
|
+
|
5
|
+
steps:
|
6
|
+
- name: Run rspec
|
7
|
+
image: ruby:2.6.5
|
8
|
+
commands:
|
9
|
+
- gem update bundler
|
10
|
+
- bundle --jobs $(nproc)
|
11
|
+
- bundle exec rspec
|
12
|
+
|
13
|
+
- name: Bump and tag
|
14
|
+
image: quay.io/openware/sdk-tools:1.0.0-1288533
|
15
|
+
environment:
|
16
|
+
BOT_NAME: Kite
|
17
|
+
BOT_EMAIL: kite-bot@heliostech.fr
|
18
|
+
BOT_USERNAME: kite-bot
|
19
|
+
BRANCH_NAME: ${DRONE_BRANCH}
|
20
|
+
REPO_NAME: ${DRONE_REPO}
|
21
|
+
GITHUB_API_KEY:
|
22
|
+
from_secret: kite_bot_key
|
23
|
+
commands:
|
24
|
+
- BUNDLE_GEMFILE=/sdk/Gemfile bundle exec rake --rakefile=/sdk/Rakefile ci:prebuild
|
25
|
+
when:
|
26
|
+
branch:
|
27
|
+
- master
|
28
|
+
|
29
|
+
- name: Publish to RubyGems
|
30
|
+
image: ruby:2.6
|
31
|
+
environment:
|
32
|
+
RUBYGEMS_API_KEY:
|
33
|
+
from_secret: rubygems_api_key
|
34
|
+
commands:
|
35
|
+
- mkdir ~/.gem
|
36
|
+
- |
|
37
|
+
echo "---\n:rubygems_api_key: $RUBYGEMS_API_KEY" > ~/.gem/credentials
|
38
|
+
- chmod 0600 ~/.gem/credentials
|
39
|
+
- gem update bundler
|
40
|
+
- bundle --jobs $(nproc)
|
41
|
+
- bundle exec gem build compose-hook.gemspec
|
42
|
+
- bundle exec gem push compose-hook-0.1.0.gem
|
43
|
+
|
44
|
+
trigger:
|
45
|
+
event:
|
46
|
+
- push
|
data/.gitignore
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
*.gem
|
data/.rspec
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
--require spec_helper
|
data/.rubocop.yml
ADDED
@@ -0,0 +1,148 @@
|
|
1
|
+
# Commonly used screens these days easily fit more than 80 characters.
|
2
|
+
Metrics/LineLength:
|
3
|
+
Max: 120
|
4
|
+
|
5
|
+
# Too short methods lead to extraction of single-use methods, which can make
|
6
|
+
# the code easier to read (by naming things), but can also clutter the class
|
7
|
+
Metrics/MethodLength:
|
8
|
+
Max: 20
|
9
|
+
|
10
|
+
# The guiding principle of classes is SRP, SRP can't be accurately measured by LoC
|
11
|
+
Metrics/ClassLength:
|
12
|
+
Max: 1500
|
13
|
+
|
14
|
+
# No space makes the method definition shorter and differentiates
|
15
|
+
# from a regular assignment.
|
16
|
+
Layout/SpaceAroundEqualsInParameterDefault:
|
17
|
+
EnforcedStyle: no_space
|
18
|
+
|
19
|
+
# Single quotes being faster is hardly measurable and only affects parse time.
|
20
|
+
# Enforcing double quotes reduces the times where you need to change them
|
21
|
+
# when introducing an interpolation. Use single quotes only if their semantics
|
22
|
+
# are needed.
|
23
|
+
Style/StringLiterals:
|
24
|
+
EnforcedStyle: double_quotes
|
25
|
+
|
26
|
+
# We do not need to support Ruby 1.9, so this is good to use.
|
27
|
+
Style/SymbolArray:
|
28
|
+
Enabled: true
|
29
|
+
|
30
|
+
# Most readable form.
|
31
|
+
Layout/AlignHash:
|
32
|
+
EnforcedHashRocketStyle: table
|
33
|
+
EnforcedColonStyle: table
|
34
|
+
|
35
|
+
# Mixing the styles looks just silly.
|
36
|
+
Style/HashSyntax:
|
37
|
+
EnforcedStyle: ruby19_no_mixed_keys
|
38
|
+
|
39
|
+
# has_key? and has_value? are far more readable than key? and value?
|
40
|
+
Style/PreferredHashMethods:
|
41
|
+
Enabled: false
|
42
|
+
|
43
|
+
# String#% is by far the least verbose and only object oriented variant.
|
44
|
+
Style/FormatString:
|
45
|
+
EnforcedStyle: percent
|
46
|
+
|
47
|
+
Style/CollectionMethods:
|
48
|
+
Enabled: true
|
49
|
+
PreferredMethods:
|
50
|
+
# inject seems more common in the community.
|
51
|
+
reduce: "inject"
|
52
|
+
|
53
|
+
|
54
|
+
# Either allow this style or don't. Marking it as safe with parenthesis
|
55
|
+
# is silly. Let's try to live without them for now.
|
56
|
+
Style/ParenthesesAroundCondition:
|
57
|
+
AllowSafeAssignment: false
|
58
|
+
Lint/AssignmentInCondition:
|
59
|
+
AllowSafeAssignment: false
|
60
|
+
|
61
|
+
# A specialized exception class will take one or more arguments and construct the message from it.
|
62
|
+
# So both variants make sense.
|
63
|
+
Style/RaiseArgs:
|
64
|
+
Enabled: false
|
65
|
+
|
66
|
+
# Indenting the chained dots beneath each other is not supported by this cop,
|
67
|
+
# see https://github.com/bbatsov/rubocop/issues/1633
|
68
|
+
Layout/MultilineOperationIndentation:
|
69
|
+
Enabled: false
|
70
|
+
|
71
|
+
# Fail is an alias of raise. Avoid aliases, it's more cognitive load for no gain.
|
72
|
+
# The argument that fail should be used to abort the program is wrong too,
|
73
|
+
# there's Kernel#abort for that.
|
74
|
+
Style/SignalException:
|
75
|
+
EnforcedStyle: only_raise
|
76
|
+
|
77
|
+
# Suppressing exceptions can be perfectly fine, and be it to avoid to
|
78
|
+
# explicitly type nil into the rescue since that's what you want to return,
|
79
|
+
# or suppressing LoadError for optional dependencies
|
80
|
+
Lint/HandleExceptions:
|
81
|
+
Enabled: false
|
82
|
+
|
83
|
+
Layout/SpaceInsideBlockBraces:
|
84
|
+
# The space here provides no real gain in readability while consuming
|
85
|
+
# horizontal space that could be used for a better parameter name.
|
86
|
+
# Also {| differentiates better from a hash than { | does.
|
87
|
+
SpaceBeforeBlockParameters: false
|
88
|
+
|
89
|
+
# No trailing space differentiates better from the block:
|
90
|
+
# foo} means hash, foo } means block.
|
91
|
+
Layout/SpaceInsideHashLiteralBraces:
|
92
|
+
EnforcedStyle: no_space
|
93
|
+
|
94
|
+
# { ... } for multi-line blocks is okay, follow Weirichs rule instead:
|
95
|
+
# https://web.archive.org/web/20140221124509/http://onestepback.org/index.cgi/Tech/Ruby/BraceVsDoEnd.rdoc
|
96
|
+
Style/BlockDelimiters:
|
97
|
+
Enabled: false
|
98
|
+
|
99
|
+
# do / end blocks should be used for side effects,
|
100
|
+
# methods that run a block for side effects and have
|
101
|
+
# a useful return value are rare, assign the return
|
102
|
+
# value to a local variable for those cases.
|
103
|
+
Style/MethodCalledOnDoEndBlock:
|
104
|
+
Enabled: true
|
105
|
+
|
106
|
+
# Enforcing the names of variables? To single letter ones? Just no.
|
107
|
+
Style/SingleLineBlockParams:
|
108
|
+
Enabled: false
|
109
|
+
|
110
|
+
# Shadowing outer local variables with block parameters is often useful
|
111
|
+
# to not reinvent a new name for the same thing, it highlights the relation
|
112
|
+
# between the outer variable and the parameter. The cases where it's actually
|
113
|
+
# confusing are rare, and usually bad for other reasons already, for example
|
114
|
+
# because the method is too long.
|
115
|
+
Lint/ShadowingOuterLocalVariable:
|
116
|
+
Enabled: false
|
117
|
+
|
118
|
+
# Check with yard instead.
|
119
|
+
Style/Documentation:
|
120
|
+
Enabled: false
|
121
|
+
|
122
|
+
# This is just silly. Calling the argument `other` in all cases makes no sense.
|
123
|
+
Naming/BinaryOperatorParameterName:
|
124
|
+
Enabled: false
|
125
|
+
|
126
|
+
# There are valid cases, for example debugging Cucumber steps,
|
127
|
+
# also they'll fail CI anyway
|
128
|
+
Lint/Debugger:
|
129
|
+
Enabled: false
|
130
|
+
|
131
|
+
# Style preference
|
132
|
+
Style/MethodDefParentheses:
|
133
|
+
Enabled: false
|
134
|
+
|
135
|
+
Style/TrailingCommaInArrayLiteral:
|
136
|
+
Enabled: false
|
137
|
+
|
138
|
+
Style/TrailingCommaInHashLiteral:
|
139
|
+
Enabled: false
|
140
|
+
|
141
|
+
Style/ClassAndModuleChildren:
|
142
|
+
EnforcedStyle: compact
|
143
|
+
|
144
|
+
Layout/IndentHeredoc:
|
145
|
+
Enabled: false
|
146
|
+
|
147
|
+
Style/MethodCallWithoutArgsParentheses:
|
148
|
+
Enabled: false
|
data/Gemfile
ADDED
data/Gemfile.lock
ADDED
@@ -0,0 +1,110 @@
|
|
1
|
+
PATH
|
2
|
+
remote: .
|
3
|
+
specs:
|
4
|
+
compose-hook (0.1.0)
|
5
|
+
faraday
|
6
|
+
jwt (~> 2.2)
|
7
|
+
puma
|
8
|
+
rack
|
9
|
+
sinatra
|
10
|
+
|
11
|
+
GEM
|
12
|
+
remote: https://rubygems.org/
|
13
|
+
specs:
|
14
|
+
ast (2.4.0)
|
15
|
+
bump (0.8.0)
|
16
|
+
byebug (11.1.1)
|
17
|
+
coderay (1.1.2)
|
18
|
+
diff-lcs (1.3)
|
19
|
+
docile (1.3.2)
|
20
|
+
faraday (1.0.0)
|
21
|
+
multipart-post (>= 1.2, < 3)
|
22
|
+
io-console (0.5.5)
|
23
|
+
irb (1.2.1)
|
24
|
+
reline (>= 0.0.1)
|
25
|
+
jaro_winkler (1.5.4)
|
26
|
+
json (2.3.0)
|
27
|
+
jwt (2.2.1)
|
28
|
+
method_source (0.9.2)
|
29
|
+
multipart-post (2.1.1)
|
30
|
+
mustermann (1.1.1)
|
31
|
+
ruby2_keywords (~> 0.0.1)
|
32
|
+
nio4r (2.5.2)
|
33
|
+
parallel (1.19.1)
|
34
|
+
parser (2.7.0.2)
|
35
|
+
ast (~> 2.4.0)
|
36
|
+
pry (0.12.2)
|
37
|
+
coderay (~> 1.1.0)
|
38
|
+
method_source (~> 0.9.0)
|
39
|
+
pry-byebug (3.8.0)
|
40
|
+
byebug (~> 11.0)
|
41
|
+
pry (~> 0.10)
|
42
|
+
puma (4.3.1)
|
43
|
+
nio4r (~> 2.0)
|
44
|
+
rack (2.1.2)
|
45
|
+
rack-protection (2.0.8.1)
|
46
|
+
rack
|
47
|
+
rack-test (1.1.0)
|
48
|
+
rack (>= 1.0, < 3)
|
49
|
+
rainbow (3.0.0)
|
50
|
+
rake (10.5.0)
|
51
|
+
reline (0.1.2)
|
52
|
+
io-console (~> 0.5)
|
53
|
+
rspec (3.9.0)
|
54
|
+
rspec-core (~> 3.9.0)
|
55
|
+
rspec-expectations (~> 3.9.0)
|
56
|
+
rspec-mocks (~> 3.9.0)
|
57
|
+
rspec-core (3.9.1)
|
58
|
+
rspec-support (~> 3.9.1)
|
59
|
+
rspec-expectations (3.9.0)
|
60
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
61
|
+
rspec-support (~> 3.9.0)
|
62
|
+
rspec-mocks (3.9.1)
|
63
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
64
|
+
rspec-support (~> 3.9.0)
|
65
|
+
rspec-support (3.9.2)
|
66
|
+
rubocop (0.79.0)
|
67
|
+
jaro_winkler (~> 1.5.1)
|
68
|
+
parallel (~> 1.10)
|
69
|
+
parser (>= 2.7.0.1)
|
70
|
+
rainbow (>= 2.2.2, < 4.0)
|
71
|
+
ruby-progressbar (~> 1.7)
|
72
|
+
unicode-display_width (>= 1.4.0, < 1.7)
|
73
|
+
rubocop-github (0.14.0)
|
74
|
+
rubocop (~> 0.59)
|
75
|
+
ruby-progressbar (1.10.1)
|
76
|
+
ruby2_keywords (0.0.2)
|
77
|
+
simplecov (0.17.1)
|
78
|
+
docile (~> 1.1)
|
79
|
+
json (>= 1.8, < 3)
|
80
|
+
simplecov-html (~> 0.10.0)
|
81
|
+
simplecov-html (0.10.2)
|
82
|
+
simplecov-json (0.2)
|
83
|
+
json
|
84
|
+
simplecov
|
85
|
+
sinatra (2.0.8.1)
|
86
|
+
mustermann (~> 1.0)
|
87
|
+
rack (~> 2.0)
|
88
|
+
rack-protection (= 2.0.8.1)
|
89
|
+
tilt (~> 2.0)
|
90
|
+
tilt (2.0.10)
|
91
|
+
unicode-display_width (1.6.1)
|
92
|
+
|
93
|
+
PLATFORMS
|
94
|
+
ruby
|
95
|
+
|
96
|
+
DEPENDENCIES
|
97
|
+
bump
|
98
|
+
bundler
|
99
|
+
compose-hook!
|
100
|
+
irb
|
101
|
+
pry-byebug
|
102
|
+
rack-test
|
103
|
+
rake (~> 10.0)
|
104
|
+
rspec (~> 3.0)
|
105
|
+
rubocop-github
|
106
|
+
simplecov
|
107
|
+
simplecov-json
|
108
|
+
|
109
|
+
BUNDLED WITH
|
110
|
+
2.1.4
|
data/LICENSE
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
MIT License
|
2
|
+
|
3
|
+
Copyright (c) 2020 Openware
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
13
|
+
copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
21
|
+
SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,23 @@
|
|
1
|
+
# Compose-hook
|
2
|
+
|
3
|
+
Simple application to update a service managed by compose using a webhook.
|
4
|
+
The trigger is secured with a shared secret.
|
5
|
+
|
6
|
+
## Usage
|
7
|
+
|
8
|
+
Install the gem:
|
9
|
+
```
|
10
|
+
gem install compose-hook
|
11
|
+
```
|
12
|
+
|
13
|
+
Install the systemd service on the target machine:
|
14
|
+
```
|
15
|
+
bin/install_webhook
|
16
|
+
```
|
17
|
+
|
18
|
+
Test your installation with a payload
|
19
|
+
```
|
20
|
+
compose-payload *service* *docker image* *url*
|
21
|
+
```
|
22
|
+
|
23
|
+
Made with :heart: at [openware](https://www.openware.com/)
|
data/VERSION
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
0.1.0
|
data/bin/compose-hook
ADDED
data/bin/compose-payload
ADDED
@@ -0,0 +1,25 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
# frozen_string_literal: true
|
4
|
+
|
5
|
+
$LOAD_PATH << File.join(File.dirname(__FILE__), "../lib")
|
6
|
+
|
7
|
+
require 'faraday'
|
8
|
+
require 'compose-hook'
|
9
|
+
|
10
|
+
abort 'Usage: payload *service* *image* *url*' unless ARGV.length == 3
|
11
|
+
|
12
|
+
secret = ENV['WEBHOOK_JWT_SECRET']
|
13
|
+
abort 'WEBHOOK_JWT_SECRET not set' if secret.to_s.empty?
|
14
|
+
coder = ComposeHook::Payload.new(secret: secret)
|
15
|
+
|
16
|
+
jwt = coder.generate!(service: ARGV[0], image: ARGV[1])
|
17
|
+
url = "#{ARGV[2]}/deploy/#{jwt}"
|
18
|
+
|
19
|
+
response = Faraday::Connection.new.get(url) do |request|
|
20
|
+
request.options.timeout = 300
|
21
|
+
end
|
22
|
+
|
23
|
+
pp response.body
|
24
|
+
|
25
|
+
fail unless response.status == 200
|
data/bin/install_webhook
ADDED
@@ -0,0 +1,11 @@
|
|
1
|
+
#!/bin/bash
|
2
|
+
SECRET=$(ruby -rsecurerandom -e 'puts SecureRandom.hex(20)')
|
3
|
+
|
4
|
+
sed s/GENERATED_HMAC_SECRET/${SECRET}/g templates/webhook.service > webhook.service
|
5
|
+
sed -i s#TARGET_DIRECTORY#${PWD}#g webhook.service
|
6
|
+
|
7
|
+
echo "Generated Secret: ${SECRET}"
|
8
|
+
|
9
|
+
sudo mv ./webhook.service /etc/systemd/system/webhook.service
|
10
|
+
sudo systemctl daemon-reload
|
11
|
+
sudo systemctl start webhook
|
@@ -0,0 +1,41 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
lib = File.expand_path("lib", __dir__)
|
4
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
5
|
+
|
6
|
+
Gem::Specification.new do |spec|
|
7
|
+
spec.name = "compose-hook"
|
8
|
+
spec.version = File.read(File.join(File.dirname(__FILE__), "VERSION")).strip
|
9
|
+
spec.authors = ["Danylo P.", "Camille M.", "Valentine S."]
|
10
|
+
spec.email = ["hello@heliostech.fr"]
|
11
|
+
|
12
|
+
spec.summary = "Docker compose webhook"
|
13
|
+
spec.description = "Simple webhook application to update a service using docker compose"
|
14
|
+
spec.homepage = "https://www.openware.com"
|
15
|
+
|
16
|
+
# Specify which files should be added to the gem when it is released.
|
17
|
+
# The `git ls-files -z` loads the files in the RubyGem that have been added into git.
|
18
|
+
spec.files = Dir.chdir(File.expand_path(__dir__)) do
|
19
|
+
`git ls-files -z`.split("\x0").reject {|f| f.match(%r{^(test|spec|features)/}) }
|
20
|
+
end
|
21
|
+
spec.bindir = "bin"
|
22
|
+
spec.executables = spec.files.grep(%r{^bin/}) {|f| File.basename(f) }
|
23
|
+
spec.require_paths = ["lib"]
|
24
|
+
|
25
|
+
spec.add_dependency "faraday"
|
26
|
+
spec.add_dependency "jwt", "~> 2.2"
|
27
|
+
spec.add_dependency "puma"
|
28
|
+
spec.add_dependency "rack"
|
29
|
+
spec.add_dependency "sinatra"
|
30
|
+
|
31
|
+
spec.add_development_dependency "bump"
|
32
|
+
spec.add_development_dependency "bundler"
|
33
|
+
spec.add_development_dependency "irb"
|
34
|
+
spec.add_development_dependency "pry-byebug"
|
35
|
+
spec.add_development_dependency "rake", "~> 10.0"
|
36
|
+
spec.add_development_dependency "rspec", "~> 3.0"
|
37
|
+
spec.add_development_dependency "rack-test"
|
38
|
+
spec.add_development_dependency "rubocop-github"
|
39
|
+
spec.add_development_dependency "simplecov"
|
40
|
+
spec.add_development_dependency "simplecov-json"
|
41
|
+
end
|
data/config.ru
ADDED
data/lib/compose-hook.rb
ADDED
@@ -0,0 +1,39 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module ComposeHook
|
4
|
+
class Error < StandardError
|
5
|
+
end
|
6
|
+
|
7
|
+
class Payload
|
8
|
+
def initialize(params)
|
9
|
+
@secret = params[:secret]
|
10
|
+
@expire = params[:expire] || 600
|
11
|
+
|
12
|
+
raise ComposeHook::Error.new if @secret.to_s.empty?
|
13
|
+
raise ComposeHook::Error.new unless @expire.positive?
|
14
|
+
end
|
15
|
+
|
16
|
+
def generate!(params)
|
17
|
+
raise ComposeHook::Error.new if params[:service].to_s.empty?
|
18
|
+
raise ComposeHook::Error.new if params[:image].to_s.empty?
|
19
|
+
|
20
|
+
iat = params[:iat] || Time.now.to_i
|
21
|
+
token = params.merge(
|
22
|
+
'iat': iat,
|
23
|
+
'exp': iat + @expire
|
24
|
+
)
|
25
|
+
|
26
|
+
JWT.encode(token, @secret, "HS256")
|
27
|
+
end
|
28
|
+
|
29
|
+
def decode!(token)
|
30
|
+
JWT.decode(token, @secret, true, algorithm: "HS256").first
|
31
|
+
end
|
32
|
+
|
33
|
+
def safe_decode(token)
|
34
|
+
decode!(token)
|
35
|
+
rescue JWT::ExpiredSignature, JWT::ImmatureSignature, JWT::VerificationError, JWT::DecodeError
|
36
|
+
nil
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
@@ -0,0 +1,81 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
class ComposeHook::WebHook < Sinatra::Base
|
4
|
+
class RequestError < StandardError; end
|
5
|
+
class ServerError < StandardError; end
|
6
|
+
|
7
|
+
CONFIG_PATH = "compose/docker-compose.yml"
|
8
|
+
STAGES_PATH = "/home/deploy/webhook/stages.yml"
|
9
|
+
|
10
|
+
set :show_exceptions, false
|
11
|
+
|
12
|
+
def initialize
|
13
|
+
super
|
14
|
+
secret = ENV["WEBHOOK_JWT_SECRET"]
|
15
|
+
raise "WEBHOOK_JWT_SECRET is not set" if secret.to_s.empty?
|
16
|
+
|
17
|
+
@decoder = ComposeHook::Payload.new(secret: secret)
|
18
|
+
end
|
19
|
+
|
20
|
+
def update_config(service, image)
|
21
|
+
config = YAML.load_file(CONFIG_PATH)
|
22
|
+
raise RequestError.new("Unknown service") if config["services"][service].nil?
|
23
|
+
|
24
|
+
config["services"][service]["image"] = image
|
25
|
+
File.open(CONFIG_PATH, "w") {|f| f.write config.to_yaml }
|
26
|
+
end
|
27
|
+
|
28
|
+
before do
|
29
|
+
content_type "application/json"
|
30
|
+
end
|
31
|
+
|
32
|
+
get "/deploy/ping" do
|
33
|
+
"pong"
|
34
|
+
end
|
35
|
+
|
36
|
+
get "/deploy/:token" do |token|
|
37
|
+
begin
|
38
|
+
decoded = @decoder.safe_decode(token)
|
39
|
+
return answer(400, "invalid token") unless decoded
|
40
|
+
|
41
|
+
stages = YAML.load_file(STAGES_PATH)
|
42
|
+
|
43
|
+
service = decoded["service"]
|
44
|
+
image = decoded["image"]
|
45
|
+
hostname = request.host
|
46
|
+
stage_path = stages.find {|s| s["domain"] == hostname }["path"]
|
47
|
+
|
48
|
+
return answer(400, "service is not specified") unless service
|
49
|
+
return answer(400, "image is not specified") unless image
|
50
|
+
return answer(404, "invalid domain") unless stage_path
|
51
|
+
return answer(400, "invalid image") if (%r(^(([-_\w\.]){,20}(\/|:))+([-\w\.]{,20})$) =~ image).nil?
|
52
|
+
|
53
|
+
system "docker image pull #{image}"
|
54
|
+
|
55
|
+
unless $CHILD_STATUS.success?
|
56
|
+
system("docker image inspect #{image} > /dev/null")
|
57
|
+
return answer(404, "invalid image") unless $CHILD_STATUS.success?
|
58
|
+
end
|
59
|
+
|
60
|
+
Dir.chdir(stage_path) do
|
61
|
+
update_config(service, image)
|
62
|
+
system "docker-compose up -Vd #{service}"
|
63
|
+
raise ServerError.new("could not restart container") unless $CHILD_STATUS.success?
|
64
|
+
end
|
65
|
+
|
66
|
+
return answer(200, "service #{service} updated with image #{image}")
|
67
|
+
rescue RequestError => e
|
68
|
+
return answer(400, e.to_s)
|
69
|
+
rescue ServerError => e
|
70
|
+
return answer(500, e.to_s)
|
71
|
+
end
|
72
|
+
end
|
73
|
+
|
74
|
+
def answer(response_status, message)
|
75
|
+
status response_status
|
76
|
+
|
77
|
+
{
|
78
|
+
message: message
|
79
|
+
}.to_json
|
80
|
+
end
|
81
|
+
end
|
data/stages.yml
ADDED
@@ -0,0 +1,13 @@
|
|
1
|
+
[Unit]
|
2
|
+
Description=Compose Webhook service
|
3
|
+
|
4
|
+
[Service]
|
5
|
+
User=deploy
|
6
|
+
Environment="WEBHOOK_JWT_SECRET=GENERATED_HMAC_SECRET"
|
7
|
+
ExecStart=/bin/bash -c "source ~/.rvm/scripts/rvm; compose-hook"
|
8
|
+
Type=simple
|
9
|
+
Restart=always
|
10
|
+
WorkingDirectory=TARGET_DIRECTORY
|
11
|
+
|
12
|
+
[Install]
|
13
|
+
WantedBy=multi-user.target
|
metadata
ADDED
@@ -0,0 +1,276 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: compose-hook
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Danylo P.
|
8
|
+
- Camille M.
|
9
|
+
- Valentine S.
|
10
|
+
autorequire:
|
11
|
+
bindir: bin
|
12
|
+
cert_chain: []
|
13
|
+
date: 2020-01-30 00:00:00.000000000 Z
|
14
|
+
dependencies:
|
15
|
+
- !ruby/object:Gem::Dependency
|
16
|
+
name: faraday
|
17
|
+
requirement: !ruby/object:Gem::Requirement
|
18
|
+
requirements:
|
19
|
+
- - ">="
|
20
|
+
- !ruby/object:Gem::Version
|
21
|
+
version: '0'
|
22
|
+
type: :runtime
|
23
|
+
prerelease: false
|
24
|
+
version_requirements: !ruby/object:Gem::Requirement
|
25
|
+
requirements:
|
26
|
+
- - ">="
|
27
|
+
- !ruby/object:Gem::Version
|
28
|
+
version: '0'
|
29
|
+
- !ruby/object:Gem::Dependency
|
30
|
+
name: jwt
|
31
|
+
requirement: !ruby/object:Gem::Requirement
|
32
|
+
requirements:
|
33
|
+
- - "~>"
|
34
|
+
- !ruby/object:Gem::Version
|
35
|
+
version: '2.2'
|
36
|
+
type: :runtime
|
37
|
+
prerelease: false
|
38
|
+
version_requirements: !ruby/object:Gem::Requirement
|
39
|
+
requirements:
|
40
|
+
- - "~>"
|
41
|
+
- !ruby/object:Gem::Version
|
42
|
+
version: '2.2'
|
43
|
+
- !ruby/object:Gem::Dependency
|
44
|
+
name: puma
|
45
|
+
requirement: !ruby/object:Gem::Requirement
|
46
|
+
requirements:
|
47
|
+
- - ">="
|
48
|
+
- !ruby/object:Gem::Version
|
49
|
+
version: '0'
|
50
|
+
type: :runtime
|
51
|
+
prerelease: false
|
52
|
+
version_requirements: !ruby/object:Gem::Requirement
|
53
|
+
requirements:
|
54
|
+
- - ">="
|
55
|
+
- !ruby/object:Gem::Version
|
56
|
+
version: '0'
|
57
|
+
- !ruby/object:Gem::Dependency
|
58
|
+
name: rack
|
59
|
+
requirement: !ruby/object:Gem::Requirement
|
60
|
+
requirements:
|
61
|
+
- - ">="
|
62
|
+
- !ruby/object:Gem::Version
|
63
|
+
version: '0'
|
64
|
+
type: :runtime
|
65
|
+
prerelease: false
|
66
|
+
version_requirements: !ruby/object:Gem::Requirement
|
67
|
+
requirements:
|
68
|
+
- - ">="
|
69
|
+
- !ruby/object:Gem::Version
|
70
|
+
version: '0'
|
71
|
+
- !ruby/object:Gem::Dependency
|
72
|
+
name: sinatra
|
73
|
+
requirement: !ruby/object:Gem::Requirement
|
74
|
+
requirements:
|
75
|
+
- - ">="
|
76
|
+
- !ruby/object:Gem::Version
|
77
|
+
version: '0'
|
78
|
+
type: :runtime
|
79
|
+
prerelease: false
|
80
|
+
version_requirements: !ruby/object:Gem::Requirement
|
81
|
+
requirements:
|
82
|
+
- - ">="
|
83
|
+
- !ruby/object:Gem::Version
|
84
|
+
version: '0'
|
85
|
+
- !ruby/object:Gem::Dependency
|
86
|
+
name: bump
|
87
|
+
requirement: !ruby/object:Gem::Requirement
|
88
|
+
requirements:
|
89
|
+
- - ">="
|
90
|
+
- !ruby/object:Gem::Version
|
91
|
+
version: '0'
|
92
|
+
type: :development
|
93
|
+
prerelease: false
|
94
|
+
version_requirements: !ruby/object:Gem::Requirement
|
95
|
+
requirements:
|
96
|
+
- - ">="
|
97
|
+
- !ruby/object:Gem::Version
|
98
|
+
version: '0'
|
99
|
+
- !ruby/object:Gem::Dependency
|
100
|
+
name: bundler
|
101
|
+
requirement: !ruby/object:Gem::Requirement
|
102
|
+
requirements:
|
103
|
+
- - ">="
|
104
|
+
- !ruby/object:Gem::Version
|
105
|
+
version: '0'
|
106
|
+
type: :development
|
107
|
+
prerelease: false
|
108
|
+
version_requirements: !ruby/object:Gem::Requirement
|
109
|
+
requirements:
|
110
|
+
- - ">="
|
111
|
+
- !ruby/object:Gem::Version
|
112
|
+
version: '0'
|
113
|
+
- !ruby/object:Gem::Dependency
|
114
|
+
name: irb
|
115
|
+
requirement: !ruby/object:Gem::Requirement
|
116
|
+
requirements:
|
117
|
+
- - ">="
|
118
|
+
- !ruby/object:Gem::Version
|
119
|
+
version: '0'
|
120
|
+
type: :development
|
121
|
+
prerelease: false
|
122
|
+
version_requirements: !ruby/object:Gem::Requirement
|
123
|
+
requirements:
|
124
|
+
- - ">="
|
125
|
+
- !ruby/object:Gem::Version
|
126
|
+
version: '0'
|
127
|
+
- !ruby/object:Gem::Dependency
|
128
|
+
name: pry-byebug
|
129
|
+
requirement: !ruby/object:Gem::Requirement
|
130
|
+
requirements:
|
131
|
+
- - ">="
|
132
|
+
- !ruby/object:Gem::Version
|
133
|
+
version: '0'
|
134
|
+
type: :development
|
135
|
+
prerelease: false
|
136
|
+
version_requirements: !ruby/object:Gem::Requirement
|
137
|
+
requirements:
|
138
|
+
- - ">="
|
139
|
+
- !ruby/object:Gem::Version
|
140
|
+
version: '0'
|
141
|
+
- !ruby/object:Gem::Dependency
|
142
|
+
name: rake
|
143
|
+
requirement: !ruby/object:Gem::Requirement
|
144
|
+
requirements:
|
145
|
+
- - "~>"
|
146
|
+
- !ruby/object:Gem::Version
|
147
|
+
version: '10.0'
|
148
|
+
type: :development
|
149
|
+
prerelease: false
|
150
|
+
version_requirements: !ruby/object:Gem::Requirement
|
151
|
+
requirements:
|
152
|
+
- - "~>"
|
153
|
+
- !ruby/object:Gem::Version
|
154
|
+
version: '10.0'
|
155
|
+
- !ruby/object:Gem::Dependency
|
156
|
+
name: rspec
|
157
|
+
requirement: !ruby/object:Gem::Requirement
|
158
|
+
requirements:
|
159
|
+
- - "~>"
|
160
|
+
- !ruby/object:Gem::Version
|
161
|
+
version: '3.0'
|
162
|
+
type: :development
|
163
|
+
prerelease: false
|
164
|
+
version_requirements: !ruby/object:Gem::Requirement
|
165
|
+
requirements:
|
166
|
+
- - "~>"
|
167
|
+
- !ruby/object:Gem::Version
|
168
|
+
version: '3.0'
|
169
|
+
- !ruby/object:Gem::Dependency
|
170
|
+
name: rack-test
|
171
|
+
requirement: !ruby/object:Gem::Requirement
|
172
|
+
requirements:
|
173
|
+
- - ">="
|
174
|
+
- !ruby/object:Gem::Version
|
175
|
+
version: '0'
|
176
|
+
type: :development
|
177
|
+
prerelease: false
|
178
|
+
version_requirements: !ruby/object:Gem::Requirement
|
179
|
+
requirements:
|
180
|
+
- - ">="
|
181
|
+
- !ruby/object:Gem::Version
|
182
|
+
version: '0'
|
183
|
+
- !ruby/object:Gem::Dependency
|
184
|
+
name: rubocop-github
|
185
|
+
requirement: !ruby/object:Gem::Requirement
|
186
|
+
requirements:
|
187
|
+
- - ">="
|
188
|
+
- !ruby/object:Gem::Version
|
189
|
+
version: '0'
|
190
|
+
type: :development
|
191
|
+
prerelease: false
|
192
|
+
version_requirements: !ruby/object:Gem::Requirement
|
193
|
+
requirements:
|
194
|
+
- - ">="
|
195
|
+
- !ruby/object:Gem::Version
|
196
|
+
version: '0'
|
197
|
+
- !ruby/object:Gem::Dependency
|
198
|
+
name: simplecov
|
199
|
+
requirement: !ruby/object:Gem::Requirement
|
200
|
+
requirements:
|
201
|
+
- - ">="
|
202
|
+
- !ruby/object:Gem::Version
|
203
|
+
version: '0'
|
204
|
+
type: :development
|
205
|
+
prerelease: false
|
206
|
+
version_requirements: !ruby/object:Gem::Requirement
|
207
|
+
requirements:
|
208
|
+
- - ">="
|
209
|
+
- !ruby/object:Gem::Version
|
210
|
+
version: '0'
|
211
|
+
- !ruby/object:Gem::Dependency
|
212
|
+
name: simplecov-json
|
213
|
+
requirement: !ruby/object:Gem::Requirement
|
214
|
+
requirements:
|
215
|
+
- - ">="
|
216
|
+
- !ruby/object:Gem::Version
|
217
|
+
version: '0'
|
218
|
+
type: :development
|
219
|
+
prerelease: false
|
220
|
+
version_requirements: !ruby/object:Gem::Requirement
|
221
|
+
requirements:
|
222
|
+
- - ">="
|
223
|
+
- !ruby/object:Gem::Version
|
224
|
+
version: '0'
|
225
|
+
description: Simple webhook application to update a service using docker compose
|
226
|
+
email:
|
227
|
+
- hello@heliostech.fr
|
228
|
+
executables:
|
229
|
+
- compose-hook
|
230
|
+
- compose-payload
|
231
|
+
- install_webhook
|
232
|
+
extensions: []
|
233
|
+
extra_rdoc_files: []
|
234
|
+
files:
|
235
|
+
- ".drone.yml"
|
236
|
+
- ".gitignore"
|
237
|
+
- ".rspec"
|
238
|
+
- ".rubocop.yml"
|
239
|
+
- Gemfile
|
240
|
+
- Gemfile.lock
|
241
|
+
- LICENSE
|
242
|
+
- README.md
|
243
|
+
- VERSION
|
244
|
+
- bin/compose-hook
|
245
|
+
- bin/compose-payload
|
246
|
+
- bin/install_webhook
|
247
|
+
- compose-hook.gemspec
|
248
|
+
- config.ru
|
249
|
+
- lib/compose-hook.rb
|
250
|
+
- lib/compose_hook/payload.rb
|
251
|
+
- lib/compose_hook/webhook.rb
|
252
|
+
- stages.yml
|
253
|
+
- templates/webhook.service
|
254
|
+
homepage: https://www.openware.com
|
255
|
+
licenses: []
|
256
|
+
metadata: {}
|
257
|
+
post_install_message:
|
258
|
+
rdoc_options: []
|
259
|
+
require_paths:
|
260
|
+
- lib
|
261
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
262
|
+
requirements:
|
263
|
+
- - ">="
|
264
|
+
- !ruby/object:Gem::Version
|
265
|
+
version: '0'
|
266
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
267
|
+
requirements:
|
268
|
+
- - ">="
|
269
|
+
- !ruby/object:Gem::Version
|
270
|
+
version: '0'
|
271
|
+
requirements: []
|
272
|
+
rubygems_version: 3.0.3
|
273
|
+
signing_key:
|
274
|
+
specification_version: 4
|
275
|
+
summary: Docker compose webhook
|
276
|
+
test_files: []
|