From 1ab2561658e22d4105ae93522832e726ad649184 Mon Sep 17 00:00:00 2001
From: Teake Nutma <t.a.nutma@rug.nl>
Date: Thu, 9 Jun 2022 13:56:56 +0200
Subject: [PATCH] Add ci-tools docker image and fix linting job
---
.gitlab-ci.yml | 18 +++++----
dockerfiles/ci-tools/Dockerfile | 38 +++++++++++++++++++
dockerfiles/ci-tools/entrypoint.sh | 25 ++++++++++++
.../python-gitlab-set-private-token.sh | 16 ++++++++
dockerfiles/ci-tools/ssh-addkey.sh | 16 ++++++++
dockerfiles/docker-builder/Dockerfile | 2 +
6 files changed, 108 insertions(+), 7 deletions(-)
create mode 100644 dockerfiles/ci-tools/Dockerfile
create mode 100755 dockerfiles/ci-tools/entrypoint.sh
create mode 100755 dockerfiles/ci-tools/python-gitlab-set-private-token.sh
create mode 100755 dockerfiles/ci-tools/ssh-addkey.sh
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 5180c6f..b2ae923 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -8,16 +8,20 @@ workflow:
- if: $CI_COMMIT_REF_PROTECTED == 'true'
- if: $CI_MERGE_REQUEST_ID
-# TODO: replace with https://docs.gitlab.com/ee/api/lint.html
-#lint:
-# stage: lint
-# image: node:lts-alpine
-# script:
-# - npm install -g gitlab-ci-lint
-# - find . \( -name '*.yaml' -o -name '*.yml' \) -print -exec gitlab-ci-lint --url https://gitlab.astro-wise.org "{}" \;
+lint:
+ stage: lint
+ # Note: the ci-tools image has to be build and pushed manually once to bootstrap this job
+ # since this job comes before the build_containers job.
+ image: ${CI_REGISTRY_IMAGE}/ci-tools:master
+ script:
+ # Note: we cannot use the GitLab API https://docs.gitlab.com/ee/api/lint.html
+ # for this since that does not support local includes.
+ - shopt -s globstar dotglob
+ - check-jsonschema --builtin-schema vendor.gitlab-ci **/*.yml
build_containers:
stage: build
+ # Note: the docker-builder image has to be build and pushed manually once to bootstrap this job.
image: ${CI_REGISTRY_IMAGE}/docker-builder:master
script:
# Find the directories that contain a file named 'Dockerfile'
diff --git a/dockerfiles/ci-tools/Dockerfile b/dockerfiles/ci-tools/Dockerfile
new file mode 100644
index 0000000..3003d8a
--- /dev/null
+++ b/dockerfiles/ci-tools/Dockerfile
@@ -0,0 +1,38 @@
+FROM python:3
+
+LABEL description="Various tools that come in handy during (GitLab) CI"
+
+# Install via apt
+RUN apt-get update && apt-get -y install \
+ jq \
+ rsync \
+ s-nail \
+ gettext \
+ && apt-get clean
+# Install via pip
+RUN pip install \
+ check-jsonschema \
+ black==22.3.0 \
+ autopep8 \
+ python-gitlab \
+ python-compare-ast \
+ coverage-fixpaths
+
+# Install Gitlab release-cli
+RUN curl --location --output /usr/local/bin/release-cli "https://gitlab.com/gitlab-org/release-cli/-/releases/permalink/latest/downloads/bin/release-cli-linux-amd64" \
+ && chmod +x /usr/local/bin/release-cli
+
+# Install git-scripts
+RUN git clone https://gitlab.astro-wise.org/omegacen/git-scripts.git ~/git-scripts \
+ && mv ~/git-scripts/bin/* /usr/local/bin/ \
+ && rm -rf ~/git-scripts
+
+# Install ssh-addkey
+RUN mkdir -p ~/.ssh
+RUN echo "Host *\n\tStrictHostKeyChecking no" > ~/.ssh/config
+COPY ssh-addkey.sh /usr/local/bin/ssh-addkey
+COPY python-gitlab-set-private-token.sh /usr/local/bin/python-gitlab-set-private-token
+
+COPY entrypoint.sh /usr/local/bin/entrypoint
+ENTRYPOINT [ "/bin/bash", "/usr/local/bin/entrypoint" ]
+CMD [ "/bin/bash" ]
diff --git a/dockerfiles/ci-tools/entrypoint.sh b/dockerfiles/ci-tools/entrypoint.sh
new file mode 100755
index 0000000..d6cc6d7
--- /dev/null
+++ b/dockerfiles/ci-tools/entrypoint.sh
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+# Propagate GitLab CI variables to Git.
+if [ -n "${GITLAB_USER_EMAIL}" ]; then
+ git config --global user.email "${GITLAB_USER_EMAIL}"
+fi
+if [ -n "${GITLAB_USER_NAME}" ]; then
+ git config --global user.name "${GITLAB_USER_NAME}"
+fi
+
+# Set python-gitlab configuration.
+if [ -n "${GITLAB_CI}" ]; then
+ cat << EOF > ~/.python-gitlab.cfg
+[global]
+default = current-ci-server
+
+[current-ci-server]
+url = ${CI_SERVER_URL}
+job_token = ${CI_JOB_TOKEN}
+api_version = 4
+EOF
+fi
+
+# Run whatever the user wants to.
+exec "$@"
\ No newline at end of file
diff --git a/dockerfiles/ci-tools/python-gitlab-set-private-token.sh b/dockerfiles/ci-tools/python-gitlab-set-private-token.sh
new file mode 100755
index 0000000..d7a895d
--- /dev/null
+++ b/dockerfiles/ci-tools/python-gitlab-set-private-token.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+if [ -z "${GITLAB_CI}" ]; then
+ echo "Not running during GitLab CI, exiting."
+ exit 1
+fi
+
+cat << EOF > ~/.python-gitlab.cfg
+[global]
+default = current-ci-server
+
+[current-ci-server]
+url = ${CI_SERVER_URL}
+private_token = $1
+api_version = 4
+EOF
\ No newline at end of file
diff --git a/dockerfiles/ci-tools/ssh-addkey.sh b/dockerfiles/ci-tools/ssh-addkey.sh
new file mode 100755
index 0000000..5218ddb
--- /dev/null
+++ b/dockerfiles/ci-tools/ssh-addkey.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+# Find a non-existing filename for the private key
+fileprefix="${HOME}/.ssh/id_"
+i=0
+while [[ -e ${fileprefix}${i} ]] ; do
+ (( i++ ))
+done
+file="${fileprefix}${i}"
+
+# Put the key in the file and make it read-only
+echo "$1" > "${file}"
+chmod 600 "${file}"
+
+# Make SSH aware of the private key
+echo -e "\tIdentityFile ${file}" >> ~/.ssh/config
\ No newline at end of file
diff --git a/dockerfiles/docker-builder/Dockerfile b/dockerfiles/docker-builder/Dockerfile
index fef215a..5fed2fb 100644
--- a/dockerfiles/docker-builder/Dockerfile
+++ b/dockerfiles/docker-builder/Dockerfile
@@ -1,5 +1,7 @@
FROM gcr.io/kaniko-project/executor:debug
+LABEL description="Convenience wrapper around kaniko for building images in GitLab CI"
+
RUN mkdir -p /kaniko/.docker
COPY entrypoint.sh /usr/local/bin/entrypoint
COPY buildimage.sh /usr/local/bin/buildimage
--
GitLab