ndr_dev_support 6.1.5 → 6.1.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f9b372449b95e60ead7c4da7289b8d98de92a18c894fb79c14391fcf3d6370fe
-  data.tar.gz: 8847e9f85ba14c6268c49a1ee031411833674bcd506966b3a54aae03f283d95f
+  metadata.gz: 5895d92318201f2232d8f232f6d7a3ae590c02f67992a6615ec9e27f024d097b
+  data.tar.gz: bf60948987bbe9d71d418ba460082d04bb88190bc62fbb51f2f2681e88642d54
 SHA512:
-  metadata.gz: a5217032e0347fd837e0cf31f3dce1c173bf701a6c1f1b8f2c28762b37239c75bf01884e6c0de629c1668198aa978a278d4dc629fb8efdd070b60d84e0a6e230
-  data.tar.gz: 9b6f2ef06634b6fbe67cef8b196c55167456c8ab4cc513ab38c09ab0261c5ba13922da46bae3d3e4875c52ffa8396dcd1cbe204700ae63e0df49e38336eccca2
+  metadata.gz: 2a26d059ad0840e7290cb6c2f130944af19433c447e7a871c6b396243e7a9070e89594945bef3e7f85813488439e41ba0415c068810f59dca32288a78dee44f2
+  data.tar.gz: 3a549e3cfd26b724463a46998f737fdc1360c88de7646551ecfa3cecc4863338ed63bc13f140b92681dce22f83930cf88b881ccf5b57ada6d41fcffe50d3f496

data/CHANGELOG.md

@@ -1,6 +1,18 @@
 ## [Unreleased]
 * No unreleased changes
 
+## 6.1.8 / 2022-08-09
+### Fixed
+* Fixed ActiveSupport 7 deprecation messages
+
+## 6.1.7 / 2022-07-15
+### Added
+* Add `cd:credentials` rake task for continuous deployment of credentials
+
+## 6.1.6 / 2022-07-01
+### Added
+* capistrano: use DEPLOYER environment variable for non-interactive deployments
+
 ## 6.1.5 / 2022-06-24
 ### Fixed
 * audit:code should allow special characters in filenames

data/lib/ndr_dev_support/capistrano/ndr_model.rb

@@ -30,6 +30,8 @@ require_relative 'sysadmin_scripts'
 #   and SVN branches. To use the latter, be sure to set the `:repository_branches` variable
 #   to point at the root of the branches. Otherwise, just set `:repository` directly as normal.
 #
+#   Set environment variable DEPLOYER to deploy as a particular user instead of prompting.
+#
 Capistrano::Configuration.instance(:must_exist).load do
   # Paths that are symlinked for each release to the "shared" directory:
   set :shared_paths, %w[config/database.yml config/secrets.yml log tmp]
@@ -94,9 +96,14 @@ Capistrano::Configuration.instance(:must_exist).load do
 
       # Gather SSH credentials: (password is asked for by Net::SSH, if needed)
       set :use_sudo, false
-      set :user, Capistrano::CLI.ui.ask('Deploy as: ')
+      if ENV['DEPLOYER']
+        set :user, ENV['DEPLOYER']
+        Capistrano::CLI.ui.say "Deploy as: #{fetch(:user)}"
+      else
+        set :user, Capistrano::CLI.ui.ask('Deploy as: ')
+      end
 
-      # If no alternate user is specified, deploy to the crediental-holding user.
+      # If no alternate user is specified, deploy to the credential-holding user.
       set :application_user, fetch(:user) unless fetch(:application_user)
 
       # The home folder of the application user:

data/lib/ndr_dev_support/daemon/cd_credentials.rb

@@ -0,0 +1,157 @@
+require 'English'
+require_relative 'stoppable'
+require 'ndr_dev_support/slack_message_publisher'
+require 'shellwords'
+require 'with_clean_rbenv'
+
+module NdrDevSupport
+  module Daemon
+    # Wrapper around Capistrano based Continuous Deployment of application credentials
+    #
+    # Assumes there is a capistrano task "app:update_secrets" which can be used together
+    # with a target name, e.g. cap target app:update_secrets
+    # to update a capistrano target with secrets / credentials from one or more repositories.
+    # To use this daemon, a number of environment variables need to be set
+    # including CD_TARGETS and CD_URLS.
+    class CDCredentials
+      include Stoppable
+
+      def self.from_args(env)
+        name = env['WORKER_NAME'].to_s
+        cd_targets = env['CD_TARGETS'].to_s.split
+        cd_urls = env['CD_URLS'].to_s.split
+
+        new(name: name, cd_targets: cd_targets, cd_urls: cd_urls)
+      end
+
+      def initialize(name:, cd_targets:, cd_urls:)
+        super
+
+        # Worker name can be used for clear logging:
+        @name = name
+        raise ArgumentError, 'No WORKER_NAME specified!' if name.blank?
+
+        # Capistrano targets to use for deployments
+        @cd_targets = cd_targets
+        raise ArgumentError, 'No CD_TARGETS specified!' unless cd_targets&.present?
+
+        # URLs to watch for continuous deployment
+        @cd_urls = cd_urls
+        raise ArgumentError, 'No CD_URLS specified!' unless cd_urls&.present?
+      end
+
+      private
+
+      def run_once
+        log('running once...')
+
+        # Keep state, watch repositories for changes, maybe save state to disk?
+        if (revisions = check_for_new_revisions)
+          log("deploying with revisions #{revisions}...")
+          deploy_credentials # should also notify slack if any changes deployed, but not
+        else
+          log('nothing new to deploy')
+        end
+        log('completed single run.')
+      rescue => e
+        log(<<~MSG)
+          Unhandled exception! #{e.class}: #{e.message}
+          #{(e.backtrace || []).join("\n")}
+        MSG
+
+        raise e
+      end
+
+      # Check for new revisions, and cache the latest one.
+      # If there are new revisions in the repositories available since the last check,
+      # return a hash of repo -> latest revision
+      # If no revisions have changed, returns nil
+      def check_for_new_revisions
+        # TODO: implement this, by checking for updates to @cd_urls
+        # Stub implementation, pretends things always changed
+        { 'dummy_repo' => '0' }
+      end
+
+      # Deploy credentials to all targets. Should also notify slack if any changes deployed
+      def deploy_credentials
+        log("Deploying to #{@cd_targets.join(', ')}...")
+        @changed_targets = []
+        @unchanged_targets = []
+        @failed_targets = []
+        @cd_targets.each do |target|
+          deploy_to_target(target)
+        end
+        publish_results
+      end
+
+      # Deploy credentials to a single target.
+      def deploy_to_target(target)
+        WithCleanRbenv.with_clean_rbenv do
+          results = `rbenv exec bundle exec cap #{Shellwords.escape(target)} \
+                       app:update_secrets < /dev/null`.split("\n")
+          puts results
+          if $CHILD_STATUS.exitstatus.zero?
+            if results.include?('No changed secret files to upload')
+              @unchanged_targets << target
+              log("Unchanged target #{target}")
+            elsif results.grep(/^Uploaded [0-9]+ changed secret files: /).any?
+              @changed_targets << target
+              log("Changed target #{target}")
+            else
+              @failed_targets << target
+              log("Unparseable result deploying to target #{target}")
+            end
+          else
+            @failed_targets << target
+            log("Failed to deploy to target #{target}")
+          end
+        end
+      end
+
+      def publish_results
+        slack_publisher = NdrDevSupport::SlackMessagePublisher.new(ENV['SLACK_WEBHOOK_URL'],
+                                                                   username: 'Rake CI',
+                                                                   icon_emoji: ':robot_face:',
+                                                                   channel: ENV['SLACK_CHANNEL'])
+        slack_publisher.post(attachments: attachments)
+      end
+
+      # Status / warning messages for slack notifications
+      def attachments
+        attachments = []
+
+        if @failed_targets.any?
+          attachment = {
+            color: 'danger',
+            title: "#{@failed_targets.count} failed credential updates :rotating_light:",
+            text: "Failed targets: `#{@failed_targets.join(', ')}`",
+            footer: 'bundle exec cap target app:update_secrets',
+            mrkdwn_in: ['text']
+          }
+          attachments << attachment
+          puts attachment.inspect
+        end
+
+        if @changed_targets.any?
+          text = "Changed targets: `#{@changed_targets.join(', ')}`\n"
+          text << (if @unchanged_targets.any?
+                     "Unchanged targets: `#{@unchanged_targets.join(', ')}`"
+                   else
+                     'No unchanged targets'
+                   end)
+          attachment = {
+            color: 'good',
+            title: "#{@changed_targets.size} successful credential updates",
+            text: text,
+            footer: 'bundle exec cap target app:update_secrets',
+            mrkdwn_in: ['text']
+          }
+          attachments << attachment
+          puts attachment.inspect
+        end
+
+        attachments
+      end
+    end
+  end
+end

data/lib/ndr_dev_support/daemon/stoppable.rb

@@ -68,7 +68,8 @@ module NdrDevSupport
       end
 
       def log(message, level = :info)
-        tags    = "[#{Time.current.to_s(:db)}] [#{level.upcase}] [daemon: #{name} (#{Process.pid})]"
+        tags    = "[#{Time.current.to_formatted_s(:db)}] [#{level.upcase}] " \
+                  "[daemon: #{name} (#{Process.pid})]"
         message = "#{tags} #{message}"
 
         logger.send(level, message)

data/lib/ndr_dev_support/slack_message_publisher.rb

@@ -1,3 +1,5 @@
+require 'net/http'
+
 module NdrDevSupport
   # This Class publishes messages to Slack
   class SlackMessagePublisher

data/lib/ndr_dev_support/tasks.rb

@@ -1,5 +1,6 @@
 load 'tasks/audit_code.rake'
 load 'tasks/audit_bundle.rake'
+load 'tasks/cd/credentials.rake'
 load 'tasks/ci/brakeman.rake'
 load 'tasks/ci/bundle_audit.rake'
 load 'tasks/ci/commit_cop.rake'

data/lib/ndr_dev_support/version.rb

@@ -2,5 +2,5 @@
 # This defines the NdrDevSupport version. If you change it, rebuild and commit the gem.
 # Use "rake build" to build the gem, see rake -T for all bundler rake tasks (and our own).
 module NdrDevSupport
-  VERSION = '6.1.5'
+  VERSION = '6.1.8'
 end

data/lib/tasks/cd/credentials.rake

@@ -0,0 +1,9 @@
+namespace :cd do
+  desc 'Run Capistrano Continuous Deployment credentials server'
+  task :credentials do
+    require 'ndr_dev_support/daemon/cd_credentials'
+
+    worker = NdrDevSupport::Daemon::CDCredentials.from_args(ENV)
+    worker.run
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ndr_dev_support
 version: !ruby/object:Gem::Version
-  version: 6.1.5
+  version: 6.1.8
 platform: ruby
 authors:
 - NCRS Development Team
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-06-24 00:00:00.000000000 Z
+date: 2022-08-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: pry
@@ -422,6 +422,7 @@ files:
 - lib/ndr_dev_support/capistrano/standalone_gems.rb
 - lib/ndr_dev_support/capistrano/svn_cache.rb
 - lib/ndr_dev_support/capistrano/sysadmin_scripts.rb
+- lib/ndr_dev_support/daemon/cd_credentials.rb
 - lib/ndr_dev_support/daemon/ci_server.rb
 - lib/ndr_dev_support/daemon/stoppable.rb
 - lib/ndr_dev_support/integration_testing.rb
@@ -452,6 +453,7 @@ files:
 - lib/ndr_dev_support/version.rb
 - lib/tasks/audit_bundle.rake
 - lib/tasks/audit_code.rake
+- lib/tasks/cd/credentials.rake
 - lib/tasks/ci/brakeman.rake
 - lib/tasks/ci/bundle_audit.rake
 - lib/tasks/ci/commit_cop.rake