Merge pull request #48 from dod-ccpo/cibuild

CIbuild and publish
This commit is contained in:
Devon 2018-07-05 10:57:58 -04:00 committed by GitHub
commit 3635e4b9c3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 182 additions and 11 deletions

27
.dockerignore Normal file
View File

@ -0,0 +1,27 @@
# Files to exclude from COPY and ADD commands when
# building a docker image from this directory
# Exclude Docker build related files
Dockerfile
.dockerignore
# Exclude the git directory and gitignore file
.git
.gitignore
# Skip any existing logs
log/*
# Skip LICENSE, README, etc.
LICENSE
*.md
# Skip pipenv/virtualenv related things
.envrc
.venv
# Skip ansible-container stuff
ansible*
container.yml
meta.yml
requirements.yml

View File

@ -1,10 +1,29 @@
sudo: required
language: python
python:
- "3.6"
python: "3.6"
services: docker
env:
global:
- TESTER_IMAGE_NAME=atst-tester
- PROD_IMAGE_NAME=atst-prod
before_install:
- pip install pipenv
- pipenv install --dev --skip-lock
- gem install sass
- npm install
- docker login -u $ATAT_DOCKER_REGISTRY_USERNAME -p $ATAT_DOCKER_REGISTRY_PASSWORD $ATAT_DOCKER_REGISTRY_URL
- docker build --tag "${TESTER_IMAGE_NAME}" . -f docker/tester/Dockerfile
script:
- python -m pytest
- docker run "${TESTER_IMAGE_NAME}"
before_deploy:
- docker build --tag "${PROD_IMAGE_NAME}" . -f docker/prod/Dockerfile
- git_sha="$(git rev-parse --short HEAD)"
- remote_image_name="${ATAT_DOCKER_REGISTRY_URL}/${PROD_IMAGE_NAME}:${git_sha}"
- docker tag "${PROD_IMAGE_NAME}" "${remote_image_name}"
- docker images
- docker push "${remote_image_name}"
deploy:
provider: script
script: echo "** Image push only for now... stay tuned! **"
on:
branch: master

View File

@ -12,6 +12,7 @@ pendulum = "*"
redis = "*"
[dev-packages]
bandit = "*"
pytest = "==3.6.0"
pytest-tornado = "==0.5.0"
ipython = "*"

46
docker/prod/Dockerfile Normal file
View File

@ -0,0 +1,46 @@
FROM python:3.6.5-alpine
### Very low chance of changing
###############################
# Overridable default config
ARG APP_USER=atst
ARG APP_GROUP=atat
ARG APP_DIR=/opt/atat/atst
ARG APP_PORT=8000
ARG SITE_PACKAGES_DIR=/usr/local/lib/python3.6/site-packages
ENV APP_USER "${APP_USER}"
ENV APP_GROUP "${APP_GROUP}"
ENV APP_DIR "${APP_DIR}"
ENV SKIP_PIPENV true
# Set port to open
EXPOSE "${APP_PORT}"
# Use dumb-init for proper signal handling
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
# Default command is to launch the server
CMD ["bash", "-c", "${APP_DIR}/script/server"]
### Items that will change almost every build
#############################################
# Copy installed python packages from the tester image
COPY --from=atst-tester:latest "${SITE_PACKAGES_DIR}" "${SITE_PACKAGES_DIR}"
# Copy the app directory contents from the tester image (includes node modules)
COPY --from=atst-tester:latest "${APP_DIR}" "${APP_DIR}"
# Set working dir
WORKDIR ${APP_DIR}
# Add required system packages and app user
RUN set -x ; \
script/alpine_setup "${APP_USER}" "${APP_GROUP}"
# Update file ownership
RUN set -x ; \
for subdir in $(find . -type d -maxdepth 1 | grep -Ee '.[^/]' | grep -Fve 'node_modules'); do chown atst:atat -R ${subdir}; done
# Run as the unprivileged APP user
USER "${APP_USER}"

40
docker/tester/Dockerfile Normal file
View File

@ -0,0 +1,40 @@
FROM registry.atat.codes:443/atat-app-builder:latest
### Very low chance of changing
###############################
ARG APP_USER=atst
ARG APP_GROUP=atat
ARG APP_DIR=/opt/atat/atst
ARG CIBUILD=true
ENV APP_DIR "${APP_DIR}"
ENV SKIP_PIPENV true
# Use dumb-init for proper signal handling
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
# Default command is to run all the tests
CMD ["bash", "-c", "${APP_DIR}/script/cibuild"]
# Create application directory
RUN set -x ; \
mkdir -p ${APP_DIR}
# Set working dir
WORKDIR ${APP_DIR}
# Copy over alpine setup script
COPY script/alpine_setup ./script/
# Add required system packages and app user
RUN set -x ; \
script/alpine_setup "${APP_USER}" "${APP_GROUP}"
### Items that will change almost every build
#############################################
# Copy over the rest of the app source
COPY . .
# Install app dependencies
RUN set -x ; \
script/setup

22
script/alpine_setup Executable file
View File

@ -0,0 +1,22 @@
#!/bin/sh
# script/alpine_setup: Adds all the system packages, directors, users, etc.
# required to run the application on Alpine
# If a command fails, exit the script
set -e
# Ensure we are in the app root directory (not the /script directory)
cd "$(dirname "${0}")/.."
APP_USER=${1}
APP_GROUP=${2}
apk update
apk upgrade
apk add bash
apk add dumb-init
addgroup -g 8000 -S "${APP_GROUP}"
adduser -u 8010 -D -S -G "${APP_GROUP}" "${APP_USER}"

View File

@ -28,5 +28,9 @@ pipenv install ${PIPENV_INSTALL_FLAGS}
# Install uswds node module and dependencies
npm install
# Relink uswds fonts into the /static directory
rm -f ./static/fonts
ln -s ../node_modules/uswds/src/fonts ./static/fonts
# Precompile assets for deployment
${WEBASSETS_CMD} -m atst.assets build

16
script/cibuild Executable file
View File

@ -0,0 +1,16 @@
#!/bin/bash
# script/cibuild: Run CI related checks and tests
# If a command fails, exit the script
set -e
# Ensure we are in the app root directory (not the /script directory)
cd "$(dirname "${0}")/.."
# Run lint/style checks and unit tests
script/test
# Run static code analysis security checks
# (excluding the tests and node_modules subdirs)
bandit -r . -x node_modules,tests

View File

@ -23,7 +23,3 @@ fi
# Install application dependencies
script/bootstrap
# Symlink uswds fonts into the /static directory
rm -f ./static/fonts
ln -s ../node_modules/uswds/src/fonts ./static/fonts