From d61510994bbd7cdb48269b85b32f4620d9bc092d Mon Sep 17 00:00:00 2001 From: Devon Mackay Date: Fri, 7 Sep 2018 14:44:50 -0400 Subject: [PATCH 01/36] Add script to fix-up app dir owner --- script/fix_permissions | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100755 script/fix_permissions diff --git a/script/fix_permissions b/script/fix_permissions new file mode 100755 index 00000000..72d37519 --- /dev/null +++ b/script/fix_permissions @@ -0,0 +1,22 @@ +#!/bin/bash + +# script/fix_permissions: Updates the app directory with the correct user +# permissions (skipping node_modules since it is not +# required and very large) + +source "$(dirname "${0}")"/../script/include/global_header.inc.sh + +APP_USER="${1}" +APP_GROUP="${2}" + +if [ "${APP_USER}x" = "x" ] || [ "${APP_GROUP}x" = "x" ]; then + echo "ERROR: Missing username or groupname argument!" + echo "Received: *${APP_USER}:${APP_GROUP}*" + echo + exit 1 +fi + +for subdir in $(find . -type d -maxdepth 1 | grep -Ee '.[^/]' | grep -Fve 'node_modules') +do + chown "${APP_USER}:${APP_GROUP}" -R ${subdir} +done From 26a83df4445800c30cca4ce95f55ca2d114e12e0 Mon Sep 17 00:00:00 2001 From: Devon Mackay Date: Fri, 7 Sep 2018 14:48:34 -0400 Subject: [PATCH 02/36] Add default re-usable config bits --- .circleci/config.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 45770805..e6050ed3 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,4 +1,23 @@ version: 2.0 + +defaults: + sourceImage: &sourceImage registry.atat.codes:443/atat-app-builder:circleci-cd + sourceAuth: &sourceAuth + username: $REGISTRY_USERNAME + password: $REGISTRY_PASSWORD + appEnvironment: &appEnvironment + KEEP_EXISTING_VENV: true + PGHOST: localhost + PGUSER: root + PGDATABASE: circle_test + REDIS_URI: redis://localhost:6379 + dockerCmdEnvironment: &dockerCmdEnvironment + APP_USER: atst + APP_GROUP: atat + APP_DIR: /opt/atat/atst + CONTAINER_NAME: atst-container + REGISTRY_LOCATION: registry.atat.codes:443 + jobs: build: docker: From d77383ad9a2b3ce5e0acb611e88b9a36dd867e7b Mon Sep 17 00:00:00 2001 From: Devon Mackay Date: Fri, 7 Sep 2018 14:51:50 -0400 Subject: [PATCH 03/36] Convert to using workslow with separate jobs - Split build into app_setup and test jobs - Add workflow sequence info - Add DB reset to cibuild since it uses a fresh DB in a new build stage --- .circleci/config.yml | 69 +++++++++++++++++++++++++++++++++----------- script/cibuild | 3 ++ 2 files changed, 55 insertions(+), 17 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index e6050ed3..fbe792cb 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -19,18 +19,11 @@ defaults: REGISTRY_LOCATION: registry.atat.codes:443 jobs: - build: + app_setup: docker: - - image: registry.atat.codes:443/atat-app-builder:circleci - auth: - username: $REGISTRY_USERNAME - password: $REGISTRY_PASSWORD - environment: - KEEP_EXISTING_VENV: true - PGHOST: localhost - PGUSER: root - PGDATABASE: circle_test - REDIS_URI: redis://localhost:6379 + - image: *sourceImage + auth: *sourceAuth + environment: *appEnvironment - image: circleci/postgres:9.6.5-alpine-ram - image: circleci/redis:4-alpine3.8 steps: @@ -39,6 +32,8 @@ jobs: name: "Clone Submodules" command: | git submodule update --init --recursive + - attach_workspace: + at: . - restore_cache: name: "Load Cache: Pipenv References" keys: @@ -57,6 +52,10 @@ jobs: - yarn-v1-{{ .Branch }}-{{ checksum "yarn.lock" }} - yarn-v1-{{ .Branch }}- - yarn-v1- + - restore_cache: + name: "Load Cache: Node Modules" + keys: + - node-v1-{{ .Branch }}-{{ checksum "yarn.lock" }} - run: ./script/setup - save_cache: name: "Save Cache: Pipenv Refrences" @@ -73,12 +72,48 @@ jobs: paths: - ~/.cache/yarn key: yarn-v1-{{ .Branch }}-{{ checksum "yarn.lock" }} - - restore_cache: - keys: - - disa-crls - - run: ./script/sync-crls - save_cache: + name: "Save Cache: Node Modules" + paths: + - ./node_modules + key: node-v1-{{ .Branch }}-{{ checksum "yarn.lock" }} + - restore_cache: + name: "Load Cache: CRLs" + keys: + - disa-crls-v1 + - disa-crls + - run: + name: "Update CRLs" + command: ./script/sync-crls + - save_cache: + name: "Save Cache: CRLs" paths: - ./crl - key: disa-crls - - run: ./script/cibuild + key: disa-crls-v1-{{ .Branch }}-{{ epoch}} + - persist_to_workspace: + root: . + paths: + - . + + test: + docker: + - image: *sourceImage + auth: *sourceAuth + environment: *appEnvironment + - image: circleci/postgres:9.6.5-alpine-ram + - image: circleci/redis:4-alpine3.8 + steps: + - attach_workspace: + at: . + - run: + name: "Run Tests" + command: ./script/cibuild + +workflows: + version: 2 + run-tests: + jobs: + - app_setup + - test: + requires: + - app_setup diff --git a/script/cibuild b/script/cibuild index 1493008c..39afa18d 100755 --- a/script/cibuild +++ b/script/cibuild @@ -13,6 +13,9 @@ PYTHON_FILES="./app.py ./atst/** ./config" # Enable Python testing RUN_PYTHON_TESTS="true" +# Reset the DB, since the one script/setup created might not be persisted +RESET_DB="true" + # Check python formatting source ./script/format check From db522a2913f35ef7e2a1c180209be6b61954bfdc Mon Sep 17 00:00:00 2001 From: Devon Mackay Date: Fri, 7 Sep 2018 15:01:30 -0400 Subject: [PATCH 04/36] Add image building and pushing stage --- .circleci/config.yml | 57 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index fbe792cb..2f5b4703 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -109,6 +109,57 @@ jobs: name: "Run Tests" command: ./script/cibuild + build_and_push_image: + docker: + - image: *sourceImage + auth: *sourceAuth + environment: *dockerCmdEnvironment + steps: + - attach_workspace: + at: . + - setup_remote_docker: + version: 18.05.0-ce + - run: + name: "Generate the Target Image Name" + command: | + echo "export IMAGE_NAME=\"${REGISTRY_LOCATION}/atst-prod:$(git rev-parse --short HEAD)-circle\"" >> $BASH_ENV + echo $BASH_ENV | grep IMAGE_NAME + - run: + name: "Start a Fresh Container" + command: docker run -d --entrypoint='/bin/sh' -ti --name ${CONTAINER_NAME} alpine:3.8 + - run: + name: "Create the App Directory" + command: docker exec -t ${CONTAINER_NAME} mkdir -p ${APP_DIR} + - run: + name: "Copy Workspace Contents into the Container" + command: docker cp . ${CONTAINER_NAME}:${APP_DIR} + - run: + name: "Run Alpine Setup" + command: docker exec -t --workdir ${APP_DIR} ${CONTAINER_NAME} ./script/alpine_setup + - run: + name: "Run Fix Permissions" + command: docker exec -t --workdir ${APP_DIR} ${CONTAINER_NAME} ./script/fix_permissions ${APP_USER} ${APP_GROUP} + - run: + name: "Commit Container Changes to New Image" + command: | + docker commit \ + --change="ENV APP_USER \"${APP_USER}\"" \ + --change="ENV APP_GROUP \"${APP_GROUP}\"" \ + --change="ENV APP_DIR \"${APP_DIR}\"" \ + --change='ENTRYPOINT ["/usr/bin/dumb-init", "--"]' \ + --change="CMD [\"bash\", \"-c\", \"${APP_DIR}/script/uwsgi_server\"]" \ + --change="WORKDIR ${APP_DIR}" \ + --change="USER \"${APP_USER}\"" \ + ${CONTAINER_NAME} \ + ${IMAGE_NAME} + - run: + name: "Publish ATST Image" + command: | + docker image ls + docker login -u ${REGISTRY_USERNAME} -p ${REGISTRY_PASSWORD} ${REGISTRY_LOCATION} + docker push ${IMAGE_NAME} + docker logout + workflows: version: 2 run-tests: @@ -117,3 +168,9 @@ workflows: - test: requires: - app_setup + - build_and_push_image: + requires: + - test + filters: + branches: + only: circleci-cd From 2ec2a22db067d70bf81826d3affe18be788dd10b Mon Sep 17 00:00:00 2001 From: Devon Mackay Date: Fri, 7 Sep 2018 15:10:29 -0400 Subject: [PATCH 05/36] Remove IMAGE_NAME output since it does not work properly --- .circleci/config.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 2f5b4703..aeb15cb1 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -121,9 +121,7 @@ jobs: version: 18.05.0-ce - run: name: "Generate the Target Image Name" - command: | - echo "export IMAGE_NAME=\"${REGISTRY_LOCATION}/atst-prod:$(git rev-parse --short HEAD)-circle\"" >> $BASH_ENV - echo $BASH_ENV | grep IMAGE_NAME + command: echo "export IMAGE_NAME=\"${REGISTRY_LOCATION}/atst-prod:$(git rev-parse --short HEAD)-circle\"" >> $BASH_ENV - run: name: "Start a Fresh Container" command: docker run -d --entrypoint='/bin/sh' -ti --name ${CONTAINER_NAME} alpine:3.8 From 7e0b3ce520b571f0bf024e1e129bfc06ca3d5bab Mon Sep 17 00:00:00 2001 From: Devon Mackay Date: Mon, 10 Sep 2018 09:54:25 -0400 Subject: [PATCH 06/36] Adjust base64 params to be more portable (alpine compatible) --- deploy/kubernetes/atst-update-deploy.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/kubernetes/atst-update-deploy.sh b/deploy/kubernetes/atst-update-deploy.sh index f83bbe01..c7b92364 100755 --- a/deploy/kubernetes/atst-update-deploy.sh +++ b/deploy/kubernetes/atst-update-deploy.sh @@ -9,7 +9,7 @@ set -o nounset # set -o xtrace # Decode and save the K8S CA cert -echo "${K8S_CA_CRT}" | base64 --decode -i > "${HOME}/k8s_ca.crt" +echo "${K8S_CA_CRT}" | base64 -d - > "${HOME}/k8s_ca.crt" # Setup the local kubectl client kubectl config set-context travis \ @@ -22,7 +22,7 @@ kubectl config set-cluster atat-cluster \ --server="${K8S_ENDPOINT}" \ --certificate-authority="${HOME}/k8s_ca.crt" -kubectl config set-credentials atat-deployer --token=`echo ${K8S_USER_TOKEN} | base64 --decode` +kubectl config set-credentials atat-deployer --token="$(echo ${K8S_USER_TOKEN} | base64 -d -)" kubectl config use-context travis kubectl config current-context From 4a99889a675a71c2f1af29ed2d922fa0766ea53c Mon Sep 17 00:00:00 2001 From: Devon Mackay Date: Mon, 10 Sep 2018 09:59:31 -0400 Subject: [PATCH 07/36] Add script that checks the k8s deployment without changing anything --- deploy/kubernetes/atst-check-deploy.sh | 38 ++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100755 deploy/kubernetes/atst-check-deploy.sh diff --git a/deploy/kubernetes/atst-check-deploy.sh b/deploy/kubernetes/atst-check-deploy.sh new file mode 100755 index 00000000..3b2f588c --- /dev/null +++ b/deploy/kubernetes/atst-check-deploy.sh @@ -0,0 +1,38 @@ +#!/usr/bin/env bash +# + +set -o pipefail +set -o errexit +set -o nounset + +# Decode and save the K8S CA cert +echo "${K8S_CA_CRT}" | base64 -d - > "${HOME}/k8s_ca.crt" + +# Setup the local kubectl client +kubectl config set-context travis \ + --cluster=atat-cluster \ + --user=atat-deployer \ + --namespace=atat + +kubectl config set-cluster atat-cluster \ + --embed-certs=true \ + --server="${K8S_ENDPOINT}" \ + --certificate-authority="${HOME}/k8s_ca.crt" + +kubectl config set-credentials atat-deployer --token="$(echo ${K8S_USER_TOKEN} | base64 -d -)" + +kubectl config use-context travis +kubectl config current-context + +echo +echo "Current ATST Deployment Details:" +kubectl -n atat get deployment.apps/atst -o yaml + +# Remove the K8S CA file when the script exits +function cleanup { + printf "Cleaning up...\n" + rm -vf "${HOME}/k8s_ca.crt" + printf "Cleaning done." +} + +trap cleanup EXIT From d0cc4da9f05e25a4cb1bf944190814d02fac11a4 Mon Sep 17 00:00:00 2001 From: Devon Mackay Date: Mon, 10 Sep 2018 10:08:49 -0400 Subject: [PATCH 08/36] Add deploy stage to the build --- .circleci/config.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index aeb15cb1..00705302 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -158,6 +158,18 @@ jobs: docker push ${IMAGE_NAME} docker logout + deploy: + docker: + - image: *sourceImage + auth: *sourceAuth + environment: *dockerCmdEnvironment + steps: + - attach_workspace: + at: . + - run: + name: "Update Kubernetes Deployment" + command: ./deploy/kubernetes/atst-check-deploy.sh + workflows: version: 2 run-tests: @@ -172,3 +184,9 @@ workflows: filters: branches: only: circleci-cd + - deploy + requires: + - build_and_push_image + filters: + branches: + only: circleci-cd From b72269bf215a921fb916b07f3af163fd6b417e11 Mon Sep 17 00:00:00 2001 From: Devon Mackay Date: Mon, 10 Sep 2018 10:09:24 -0400 Subject: [PATCH 09/36] Change var name to match deploy script --- .circleci/config.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 00705302..9a4d6e68 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -16,7 +16,7 @@ defaults: APP_GROUP: atat APP_DIR: /opt/atat/atst CONTAINER_NAME: atst-container - REGISTRY_LOCATION: registry.atat.codes:443 + ATAT_DOCKER_REGISTRY_URL: registry.atat.codes:443 jobs: app_setup: @@ -121,7 +121,7 @@ jobs: version: 18.05.0-ce - run: name: "Generate the Target Image Name" - command: echo "export IMAGE_NAME=\"${REGISTRY_LOCATION}/atst-prod:$(git rev-parse --short HEAD)-circle\"" >> $BASH_ENV + command: echo "export IMAGE_NAME=\"${ATAT_DOCKER_REGISTRY_URL}/atst-prod:$(git rev-parse --short HEAD)-circle\"" >> $BASH_ENV - run: name: "Start a Fresh Container" command: docker run -d --entrypoint='/bin/sh' -ti --name ${CONTAINER_NAME} alpine:3.8 @@ -154,7 +154,7 @@ jobs: name: "Publish ATST Image" command: | docker image ls - docker login -u ${REGISTRY_USERNAME} -p ${REGISTRY_PASSWORD} ${REGISTRY_LOCATION} + docker login -u ${REGISTRY_USERNAME} -p ${REGISTRY_PASSWORD} ${ATAT_DOCKER_REGISTRY_URL} docker push ${IMAGE_NAME} docker logout From a07cc6d524a3ede06a14c053636ee8d93b5f2361 Mon Sep 17 00:00:00 2001 From: Devon Mackay Date: Mon, 10 Sep 2018 10:11:26 -0400 Subject: [PATCH 10/36] Fix syntax --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 9a4d6e68..44d12b59 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -184,7 +184,7 @@ workflows: filters: branches: only: circleci-cd - - deploy + - deploy: requires: - build_and_push_image filters: From bbea6d66b5b678023f877dda753871e358692d02 Mon Sep 17 00:00:00 2001 From: Devon Mackay Date: Mon, 10 Sep 2018 16:22:05 -0400 Subject: [PATCH 11/36] Variablize image name --- .circleci/config.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 44d12b59..b8e699df 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -15,8 +15,9 @@ defaults: APP_USER: atst APP_GROUP: atat APP_DIR: /opt/atat/atst - CONTAINER_NAME: atst-container ATAT_DOCKER_REGISTRY_URL: registry.atat.codes:443 + CONTAINER_NAME: atst-container + PROD_IMAGE_NAME: atst-prod jobs: app_setup: @@ -119,9 +120,12 @@ jobs: at: . - setup_remote_docker: version: 18.05.0-ce + - run: + name: "Export GIT_SHA" + command: echo "export GIT_SHA=$(git rev-parse --short HEAD)" >> $BASH_ENV - run: name: "Generate the Target Image Name" - command: echo "export IMAGE_NAME=\"${ATAT_DOCKER_REGISTRY_URL}/atst-prod:$(git rev-parse --short HEAD)-circle\"" >> $BASH_ENV + command: echo "export IMAGE_NAME=\"${ATAT_DOCKER_REGISTRY_URL}/${PROD_IMAGE_NAME}:${GIT_SHA}-circle\"" >> $BASH_ENV - run: name: "Start a Fresh Container" command: docker run -d --entrypoint='/bin/sh' -ti --name ${CONTAINER_NAME} alpine:3.8 From a9bdf45ac697351f55caa9fa7da92c49e5a9795d Mon Sep 17 00:00:00 2001 From: Devon Mackay Date: Wed, 12 Sep 2018 11:24:08 -0400 Subject: [PATCH 12/36] Finalize deploy and switch to master branch only --- .circleci/config.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index b8e699df..8673502c 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -172,7 +172,7 @@ jobs: at: . - run: name: "Update Kubernetes Deployment" - command: ./deploy/kubernetes/atst-check-deploy.sh + command: ./deploy/kubernetes/atst-update-deploy.sh workflows: version: 2 @@ -187,10 +187,10 @@ workflows: - test filters: branches: - only: circleci-cd + only: master - deploy: requires: - build_and_push_image filters: branches: - only: circleci-cd + only: master From bd3406f762ee61e047224683bef37ad0ab0f022c Mon Sep 17 00:00:00 2001 From: Devon Mackay Date: Wed, 12 Sep 2018 11:45:58 -0400 Subject: [PATCH 13/36] Disable Travis deployment --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 5ea87ca8..15b0d833 100644 --- a/.travis.yml +++ b/.travis.yml @@ -54,7 +54,7 @@ before_deploy: deploy: provider: script - script: deploy/kubernetes/atst-update-deploy.sh + script: echo "Deployment now handles by CircleCI" on: branch: master From 771db0dfddc67a52fa6c963d6c6e4ed51bed9506 Mon Sep 17 00:00:00 2001 From: Devon Mackay Date: Wed, 12 Sep 2018 11:47:28 -0400 Subject: [PATCH 14/36] Update image name --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 8673502c..10e843ac 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -125,7 +125,7 @@ jobs: command: echo "export GIT_SHA=$(git rev-parse --short HEAD)" >> $BASH_ENV - run: name: "Generate the Target Image Name" - command: echo "export IMAGE_NAME=\"${ATAT_DOCKER_REGISTRY_URL}/${PROD_IMAGE_NAME}:${GIT_SHA}-circle\"" >> $BASH_ENV + command: echo "export IMAGE_NAME=\"${ATAT_DOCKER_REGISTRY_URL}/${PROD_IMAGE_NAME}:${GIT_SHA}\"" >> $BASH_ENV - run: name: "Start a Fresh Container" command: docker run -d --entrypoint='/bin/sh' -ti --name ${CONTAINER_NAME} alpine:3.8 From fd4346a4dd475104079140cb1520a0494b1d2c32 Mon Sep 17 00:00:00 2001 From: Devon Mackay Date: Wed, 12 Sep 2018 11:48:55 -0400 Subject: [PATCH 15/36] Disable image push by Travis --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 15b0d833..b16c9c1b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -50,7 +50,7 @@ before_deploy: - remote_image_name="${ATAT_DOCKER_REGISTRY_URL}/${PROD_IMAGE_NAME}:${GIT_SHA}" - docker tag "${PROD_IMAGE_NAME}" "${remote_image_name}" - docker images - - docker push "${remote_image_name}" + #- docker push "${remote_image_name}" deploy: provider: script From 3c5ee0b65dc6151c4c38f2cd89062783c5425df8 Mon Sep 17 00:00:00 2001 From: Devon Mackay Date: Wed, 19 Sep 2018 11:33:10 -0400 Subject: [PATCH 16/36] Toggle CD on for the circleci-cd branch for testing --- .circleci/config.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 10e843ac..66646ce8 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -187,10 +187,10 @@ workflows: - test filters: branches: - only: master + only: circleci-cd - deploy: requires: - build_and_push_image filters: branches: - only: master + only: circleci-cd From 28d5544cef6b4459a3879d0556d7fbdd8a753457 Mon Sep 17 00:00:00 2001 From: Devon Mackay Date: Wed, 19 Sep 2018 12:02:42 -0400 Subject: [PATCH 17/36] Add GIT_SHA env var for use by atst-update-deploy.sh --- .circleci/config.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 66646ce8..b820a7d8 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -170,6 +170,9 @@ jobs: steps: - attach_workspace: at: . + - run: + name: "Export GIT_SHA" + command: echo "export GIT_SHA=$(git rev-parse --short HEAD)" >> $BASH_ENV - run: name: "Update Kubernetes Deployment" command: ./deploy/kubernetes/atst-update-deploy.sh From 38c86362b0dfa55020acc47724957717171584e7 Mon Sep 17 00:00:00 2001 From: Devon Mackay Date: Wed, 19 Sep 2018 12:24:45 -0400 Subject: [PATCH 18/36] Ensure system packages get copied to prod container --- .circleci/config.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index b820a7d8..05db3baa 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -17,6 +17,7 @@ defaults: APP_DIR: /opt/atat/atst ATAT_DOCKER_REGISTRY_URL: registry.atat.codes:443 CONTAINER_NAME: atst-container + PYTHON_SITE_PACKAGES_DIR: /usr/lib/python3.6/site-packages PROD_IMAGE_NAME: atst-prod jobs: @@ -138,6 +139,9 @@ jobs: - run: name: "Run Alpine Setup" command: docker exec -t --workdir ${APP_DIR} ${CONTAINER_NAME} ./script/alpine_setup + - run: + name: "Copy System Site Packages into the Container" + command: docker cp ${PYTHON_SITE_PACKAGES_DIR} ${CONTAINER_NAME}:${PYTHON_SITE_PACKAGES_DIR} - run: name: "Run Fix Permissions" command: docker exec -t --workdir ${APP_DIR} ${CONTAINER_NAME} ./script/fix_permissions ${APP_USER} ${APP_GROUP} From 3ebf047e70a722ed53169a1cad8c9d85d255ae0d Mon Sep 17 00:00:00 2001 From: Devon Mackay Date: Wed, 19 Sep 2018 12:32:03 -0400 Subject: [PATCH 19/36] Sync debugger config with app config --- deploy/kubernetes/atst-debugger.yml | 87 ++++++++++++++++++++++++++++- 1 file changed, 85 insertions(+), 2 deletions(-) diff --git a/deploy/kubernetes/atst-debugger.yml b/deploy/kubernetes/atst-debugger.yml index d86abd0f..381cc973 100644 --- a/deploy/kubernetes/atst-debugger.yml +++ b/deploy/kubernetes/atst-debugger.yml @@ -1,6 +1,8 @@ apiVersion: v1 kind: Pod metadata: + labels: + app: atst-debugger name: atst-debugger namespace: atat spec: @@ -8,7 +10,7 @@ spec: fsGroup: 101 containers: - name: atst-debugger - image: registry.atat.codes:443/atst-prod:a1916b1 + image: registry.atat.codes:443/atst-prod:beac5fb args: ["/bin/bash", "-c", "while true; do date; sleep 45; done"] envFrom: - configMapRef: @@ -17,19 +19,85 @@ spec: - name: atst-config mountPath: "/opt/atat/atst/atst-overrides.ini" subPath: atst-overrides.ini + - name: nginx-client-ca-bundle + mountPath: "/opt/atat/atst/ssl/server-certs/ca-chain.pem" + subPath: client-ca-bundle.pem - name: uwsgi-config mountPath: "/opt/atat/atst/uwsgi-config.ini" subPath: uwsgi-config.ini - name: uwsgi-socket-dir mountPath: "/var/run/uwsgi" + - name: atst-nginx + image: nginx:alpine + ports: + - containerPort: 8442 + name: http + - containerPort: 8443 + name: https + volumeMounts: + - name: nginx-auth-tls + mountPath: "/etc/ssl/private" + - name: nginx-client-ca-bundle + mountPath: "/etc/ssl/client-ca-bundle.pem" + subPath: client-ca-bundle.pem + - name: nginx-config + mountPath: "/etc/nginx/conf.d/atst.conf" + subPath: atst.conf + - name: nginx-dhparam + mountPath: "/etc/ssl/dhparam.pem" + subPath: dhparam.pem + - name: nginx-htpasswd + mountPath: "/etc/nginx/.htpasswd" + subPath: .htpasswd + - name: uwsgi-socket-dir + mountPath: "/var/run/uwsgi" + imagePullSecrets: + - name: regcred volumes: - name: atst-config secret: secretName: atst-config-ini items: - - key: atst-overrides.ini + - key: override.ini path: atst-overrides.ini mode: 0644 + - name: nginx-auth-tls + secret: + secretName: auth-atst-ingress-tls + items: + - key: tls.crt + path: auth.atat.crt + mode: 0644 + - key: tls.key + path: auth.atat.key + mode: 0640 + - name: nginx-client-ca-bundle + secret: + secretName: nginx-client-ca-bundle + items: + - key: client-ca-bundle.pem + path: client-ca-bundle.pem + mode: 0666 + - name: nginx-config + configMap: + name: atst-nginx + items: + - key: nginx-config + path: atst.conf + - name: nginx-dhparam + secret: + secretName: dhparam-4096 + items: + - key: dhparam.pem + path: dhparam.pem + mode: 0640 + - name: nginx-htpasswd + secret: + secretName: atst-nginx-htpasswd + items: + - key: htpasswd + path: .htpasswd + mode: 0640 - name: uwsgi-config configMap: name: atst-config @@ -41,3 +109,18 @@ spec: emptyDir: medium: Memory restartPolicy: Never +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: atst-debugger + name: atst-debugger + namespace: atat +spec: + ports: + - name: http + port: 80 + targetPort: 8442 + selector: + app: atst-debugger From 82517e67d7f85d3ae182430e2812f9a6708d0afe Mon Sep 17 00:00:00 2001 From: Devon Mackay Date: Wed, 19 Sep 2018 12:44:44 -0400 Subject: [PATCH 20/36] Fix site-packages reference --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 05db3baa..a839309a 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -141,7 +141,7 @@ jobs: command: docker exec -t --workdir ${APP_DIR} ${CONTAINER_NAME} ./script/alpine_setup - run: name: "Copy System Site Packages into the Container" - command: docker cp ${PYTHON_SITE_PACKAGES_DIR} ${CONTAINER_NAME}:${PYTHON_SITE_PACKAGES_DIR} + command: docker cp ${PYTHON_SITE_PACKAGES_DIR}/. ${CONTAINER_NAME}:${PYTHON_SITE_PACKAGES_DIR} - run: name: "Run Fix Permissions" command: docker exec -t --workdir ${APP_DIR} ${CONTAINER_NAME} ./script/fix_permissions ${APP_USER} ${APP_GROUP} From 1c5c75a0aceab9f4e5fd70d0e76d26b83449fa30 Mon Sep 17 00:00:00 2001 From: Devon Mackay Date: Wed, 19 Sep 2018 12:45:55 -0400 Subject: [PATCH 21/36] Fix resource names --- deploy/kubernetes/atst-debugger.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/kubernetes/atst-debugger.yml b/deploy/kubernetes/atst-debugger.yml index 381cc973..6708a02a 100644 --- a/deploy/kubernetes/atst-debugger.yml +++ b/deploy/kubernetes/atst-debugger.yml @@ -3,14 +3,14 @@ kind: Pod metadata: labels: app: atst-debugger - name: atst-debugger + name: atst-debugger-v1 namespace: atat spec: securityContext: fsGroup: 101 containers: - - name: atst-debugger - image: registry.atat.codes:443/atst-prod:beac5fb + - name: atst + image: registry.atat.codes:443/atst-prod:6329f8e args: ["/bin/bash", "-c", "while true; do date; sleep 45; done"] envFrom: - configMapRef: From 1a68458a12bab791627d5dfc13c2764acefa4a56 Mon Sep 17 00:00:00 2001 From: Devon Mackay Date: Wed, 19 Sep 2018 13:08:31 -0400 Subject: [PATCH 22/36] And also include /usr/bin, since the bin stubs for pip installed packages live there --- .circleci/config.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index a839309a..72e70848 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -17,6 +17,7 @@ defaults: APP_DIR: /opt/atat/atst ATAT_DOCKER_REGISTRY_URL: registry.atat.codes:443 CONTAINER_NAME: atst-container + USR_BIN_DIR: /usr/bin PYTHON_SITE_PACKAGES_DIR: /usr/lib/python3.6/site-packages PROD_IMAGE_NAME: atst-prod @@ -142,6 +143,9 @@ jobs: - run: name: "Copy System Site Packages into the Container" command: docker cp ${PYTHON_SITE_PACKAGES_DIR}/. ${CONTAINER_NAME}:${PYTHON_SITE_PACKAGES_DIR} + - run: + name: "Copy USR_BIN Contents into the Container" + command: docker cp ${USR_BIN_DIR}/. ${CONTAINER_NAME}:${USR_BIN_DIR} - run: name: "Run Fix Permissions" command: docker exec -t --workdir ${APP_DIR} ${CONTAINER_NAME} ./script/fix_permissions ${APP_USER} ${APP_GROUP} From 5a6f1de4ddaf0ce8ecfd82acb0dce54c1e9d6d14 Mon Sep 17 00:00:00 2001 From: Devon Mackay Date: Wed, 19 Sep 2018 13:21:34 -0400 Subject: [PATCH 23/36] Ensure app dir and files in its root are also chowned --- script/fix_permissions | 2 ++ 1 file changed, 2 insertions(+) diff --git a/script/fix_permissions b/script/fix_permissions index 72d37519..7645a0ab 100755 --- a/script/fix_permissions +++ b/script/fix_permissions @@ -16,6 +16,8 @@ if [ "${APP_USER}x" = "x" ] || [ "${APP_GROUP}x" = "x" ]; then exit 1 fi +chown "${APP_USER}:${APP_GROUP}" . +chown "${APP_USER}:${APP_GROUP}" * for subdir in $(find . -type d -maxdepth 1 | grep -Ee '.[^/]' | grep -Fve 'node_modules') do chown "${APP_USER}:${APP_GROUP}" -R ${subdir} From 7f81db599032c485b6b7bfd8a1852c04bacc50ac Mon Sep 17 00:00:00 2001 From: Devon Mackay Date: Wed, 19 Sep 2018 13:23:47 -0400 Subject: [PATCH 24/36] Style fixes --- script/fix_permissions | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/script/fix_permissions b/script/fix_permissions index 7645a0ab..1ec5acee 100755 --- a/script/fix_permissions +++ b/script/fix_permissions @@ -17,8 +17,8 @@ if [ "${APP_USER}x" = "x" ] || [ "${APP_GROUP}x" = "x" ]; then fi chown "${APP_USER}:${APP_GROUP}" . -chown "${APP_USER}:${APP_GROUP}" * +chown "${APP_USER}:${APP_GROUP}" ./* for subdir in $(find . -type d -maxdepth 1 | grep -Ee '.[^/]' | grep -Fve 'node_modules') do - chown "${APP_USER}:${APP_GROUP}" -R ${subdir} + chown "${APP_USER}:${APP_GROUP}" -R "${subdir}" done From f6fdb44a878fe65aeb0eaba6aa4d4288d945b54a Mon Sep 17 00:00:00 2001 From: Devon Mackay Date: Wed, 19 Sep 2018 13:24:40 -0400 Subject: [PATCH 25/36] Ensure permissions are preserved --- .circleci/config.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 72e70848..36586732 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -142,10 +142,10 @@ jobs: command: docker exec -t --workdir ${APP_DIR} ${CONTAINER_NAME} ./script/alpine_setup - run: name: "Copy System Site Packages into the Container" - command: docker cp ${PYTHON_SITE_PACKAGES_DIR}/. ${CONTAINER_NAME}:${PYTHON_SITE_PACKAGES_DIR} + command: docker cp -a ${PYTHON_SITE_PACKAGES_DIR}/. ${CONTAINER_NAME}:${PYTHON_SITE_PACKAGES_DIR} - run: name: "Copy USR_BIN Contents into the Container" - command: docker cp ${USR_BIN_DIR}/. ${CONTAINER_NAME}:${USR_BIN_DIR} + command: docker cp -a ${USR_BIN_DIR}/. ${CONTAINER_NAME}:${USR_BIN_DIR} - run: name: "Run Fix Permissions" command: docker exec -t --workdir ${APP_DIR} ${CONTAINER_NAME} ./script/fix_permissions ${APP_USER} ${APP_GROUP} From 43057e2fc024a1d8b0b0f0fdbe47b7271532befe Mon Sep 17 00:00:00 2001 From: Devon Mackay Date: Wed, 19 Sep 2018 14:19:01 -0400 Subject: [PATCH 26/36] Flush CRL cache --- .circleci/config.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 36586732..a9b1bea7 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -83,8 +83,7 @@ jobs: - restore_cache: name: "Load Cache: CRLs" keys: - - disa-crls-v1 - - disa-crls + - disa-crls-v2 - run: name: "Update CRLs" command: ./script/sync-crls @@ -92,7 +91,7 @@ jobs: name: "Save Cache: CRLs" paths: - ./crl - key: disa-crls-v1-{{ .Branch }}-{{ epoch}} + key: disa-crls-v2-{{ .Branch }}-{{ epoch}} - persist_to_workspace: root: . paths: From f684990666396d7ceca0a305d171b02919ee012c Mon Sep 17 00:00:00 2001 From: Devon Mackay Date: Fri, 21 Sep 2018 12:38:02 -0400 Subject: [PATCH 27/36] Set working directory to match final app location (fix venv issue) --- .circleci/config.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index a9b1bea7..cc4fb795 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,6 +1,7 @@ version: 2.0 defaults: + working_directory: &workingDirectory /opt/atat/atst sourceImage: &sourceImage registry.atat.codes:443/atat-app-builder:circleci-cd sourceAuth: &sourceAuth username: $REGISTRY_USERNAME @@ -29,6 +30,7 @@ jobs: environment: *appEnvironment - image: circleci/postgres:9.6.5-alpine-ram - image: circleci/redis:4-alpine3.8 + working_directory: *workingDirectory steps: - checkout - run: @@ -104,6 +106,7 @@ jobs: environment: *appEnvironment - image: circleci/postgres:9.6.5-alpine-ram - image: circleci/redis:4-alpine3.8 + working_directory: *workingDirectory steps: - attach_workspace: at: . @@ -116,6 +119,7 @@ jobs: - image: *sourceImage auth: *sourceAuth environment: *dockerCmdEnvironment + working_directory: *workingDirectory steps: - attach_workspace: at: . @@ -174,6 +178,7 @@ jobs: - image: *sourceImage auth: *sourceAuth environment: *dockerCmdEnvironment + working_directory: *workingDirectory steps: - attach_workspace: at: . From 2ba9745c2eb53184fc23745a30e006d003aaaf31 Mon Sep 17 00:00:00 2001 From: Devon Mackay Date: Fri, 21 Sep 2018 12:42:16 -0400 Subject: [PATCH 28/36] Add time limit for successfully deploying - Add config var for max wait time for a deployment - Move exit function and trap to the beginning of the script - Execute the rollout status command using timeout -- Use signal 2 (SIGINT; same pressing CTRL+C) -- Abort the command if it is still running when max time is reached -- If the command was aborted, rollback this deployment --- deploy/kubernetes/atst-update-deploy.sh | 28 ++++++++++++++++--------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/deploy/kubernetes/atst-update-deploy.sh b/deploy/kubernetes/atst-update-deploy.sh index c7b92364..a95fb262 100755 --- a/deploy/kubernetes/atst-update-deploy.sh +++ b/deploy/kubernetes/atst-update-deploy.sh @@ -8,6 +8,17 @@ set -o errexit set -o nounset # set -o xtrace +# Config +MAX_DEPLOY_WAIT='5m' + +# Remove the K8S CA file when the script exits +function cleanup { + printf "Cleaning up...\n" + rm -vf "${HOME}/k8s_ca.crt" + printf "Cleaning done." +} +trap cleanup EXIT + # Decode and save the K8S CA cert echo "${K8S_CA_CRT}" | base64 -d - > "${HOME}/k8s_ca.crt" @@ -31,13 +42,10 @@ kubectl config current-context kubectl -n atat set image deployment.apps/atst atst="${ATAT_DOCKER_REGISTRY_URL}/${PROD_IMAGE_NAME}:${GIT_SHA}" # Wait for deployment to finish -kubectl -n atat rollout status deployment/atst - -# Remove the K8S CA file when the script exits -function cleanup { - printf "Cleaning up...\n" - rm -vf "${HOME}/k8s_ca.crt" - printf "Cleaning done." -} - -trap cleanup EXIT +if ! timeout -s 2 "${MAX_DEPLOY_WAIT}" kubectl -n atat rollout status deployment/atst +then + # Deploy did not finish before max wait time; abort and rollback the deploy + kubectl -n atat rollout undo deployment/atst + # Exit with a non-zero return code + exit 2 +fi From 7dc87e5fe8348cc52fa8d02c669be01cef2cc306 Mon Sep 17 00:00:00 2001 From: Devon Mackay Date: Fri, 21 Sep 2018 12:47:49 -0400 Subject: [PATCH 29/36] Adjust timeout flags for Alpine specific version --- deploy/kubernetes/atst-update-deploy.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/kubernetes/atst-update-deploy.sh b/deploy/kubernetes/atst-update-deploy.sh index a95fb262..937db112 100755 --- a/deploy/kubernetes/atst-update-deploy.sh +++ b/deploy/kubernetes/atst-update-deploy.sh @@ -9,7 +9,7 @@ set -o nounset # set -o xtrace # Config -MAX_DEPLOY_WAIT='5m' +MAX_DEPLOY_WAIT='300' # Remove the K8S CA file when the script exits function cleanup { @@ -42,7 +42,7 @@ kubectl config current-context kubectl -n atat set image deployment.apps/atst atst="${ATAT_DOCKER_REGISTRY_URL}/${PROD_IMAGE_NAME}:${GIT_SHA}" # Wait for deployment to finish -if ! timeout -s 2 "${MAX_DEPLOY_WAIT}" kubectl -n atat rollout status deployment/atst +if ! timeout -t "${MAX_DEPLOY_WAIT}" -s INT kubectl -n atat rollout status deployment/atst then # Deploy did not finish before max wait time; abort and rollback the deploy kubectl -n atat rollout undo deployment/atst From d52e92fddf4124f80759147e07f305b21c72b1a3 Mon Sep 17 00:00:00 2001 From: Devon Mackay Date: Fri, 21 Sep 2018 15:58:21 -0400 Subject: [PATCH 30/36] Convert to only deploying master branch --- .circleci/config.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index cc4fb795..12efb38b 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -202,10 +202,10 @@ workflows: - test filters: branches: - only: circleci-cd + only: master - deploy: requires: - build_and_push_image filters: branches: - only: circleci-cd + only: master From c9bd3a43289d02581f08ba8661cf56c6efcdf49e Mon Sep 17 00:00:00 2001 From: Devon Mackay Date: Mon, 24 Sep 2018 11:23:39 -0400 Subject: [PATCH 31/36] Only generat IMAGE_NAME if it is undefined --- deploy/kubernetes/atst-update-deploy.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/deploy/kubernetes/atst-update-deploy.sh b/deploy/kubernetes/atst-update-deploy.sh index 937db112..75b3f6d6 100755 --- a/deploy/kubernetes/atst-update-deploy.sh +++ b/deploy/kubernetes/atst-update-deploy.sh @@ -11,6 +11,11 @@ set -o nounset # Config MAX_DEPLOY_WAIT='300' +if [ "${IMAGE_NAME}x" = "x" ] +then + IMAGE_NAME="${ATAT_DOCKER_REGISTRY_URL}/${PROD_IMAGE_NAME}:${GIT_SHA}" +fi + # Remove the K8S CA file when the script exits function cleanup { printf "Cleaning up...\n" @@ -39,7 +44,7 @@ kubectl config use-context travis kubectl config current-context # Update the ATST deployment -kubectl -n atat set image deployment.apps/atst atst="${ATAT_DOCKER_REGISTRY_URL}/${PROD_IMAGE_NAME}:${GIT_SHA}" +kubectl -n atat set image deployment.apps/atst atst="${IMAGE_NAME}" # Wait for deployment to finish if ! timeout -t "${MAX_DEPLOY_WAIT}" -s INT kubectl -n atat rollout status deployment/atst From b077ad9bacd0af5c6ca73cedf9283dd09fc7c8a6 Mon Sep 17 00:00:00 2001 From: Devon Mackay Date: Mon, 24 Sep 2018 11:24:07 -0400 Subject: [PATCH 32/36] Make circleci image name unique --- .circleci/config.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 12efb38b..1e8d8b3d 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -130,7 +130,7 @@ jobs: command: echo "export GIT_SHA=$(git rev-parse --short HEAD)" >> $BASH_ENV - run: name: "Generate the Target Image Name" - command: echo "export IMAGE_NAME=\"${ATAT_DOCKER_REGISTRY_URL}/${PROD_IMAGE_NAME}:${GIT_SHA}\"" >> $BASH_ENV + command: echo "export IMAGE_NAME=\"${ATAT_DOCKER_REGISTRY_URL}/${PROD_IMAGE_NAME}:${GIT_SHA}-circleci\"" >> $BASH_ENV - run: name: "Start a Fresh Container" command: docker run -d --entrypoint='/bin/sh' -ti --name ${CONTAINER_NAME} alpine:3.8 @@ -185,6 +185,9 @@ jobs: - run: name: "Export GIT_SHA" command: echo "export GIT_SHA=$(git rev-parse --short HEAD)" >> $BASH_ENV + - run: + name: "Generate the Target Image Name" + command: echo "export IMAGE_NAME=\"${ATAT_DOCKER_REGISTRY_URL}/${PROD_IMAGE_NAME}:${GIT_SHA}-circleci\"" >> $BASH_ENV - run: name: "Update Kubernetes Deployment" command: ./deploy/kubernetes/atst-update-deploy.sh From 2e4a8520a9a1f8a21ac5d2148f9902755663a850 Mon Sep 17 00:00:00 2001 From: Patrick Smith Date: Mon, 15 Oct 2018 15:04:58 -0400 Subject: [PATCH 33/36] Deploy this branch --- .circleci/config.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 1e8d8b3d..8d4815d0 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -86,7 +86,7 @@ jobs: name: "Load Cache: CRLs" keys: - disa-crls-v2 - - run: + - run: name: "Update CRLs" command: ./script/sync-crls - save_cache: @@ -205,10 +205,10 @@ workflows: - test filters: branches: - only: master + only: circleci-cd-rebased - deploy: requires: - build_and_push_image filters: branches: - only: master + only: circleci-cd-rebased From 0f658d50367afedafe9b684bfbee3bcf5d075ad8 Mon Sep 17 00:00:00 2001 From: Patrick Smith Date: Mon, 15 Oct 2018 15:30:45 -0400 Subject: [PATCH 34/36] Add build step to generate build info --- .circleci/config.yml | 3 +++ script/generate_build_info.sh | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 8d4815d0..d23e3aa2 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -94,6 +94,9 @@ jobs: paths: - ./crl key: disa-crls-v2-{{ .Branch }}-{{ epoch}} + - run: + name: "Generate build info" + command: ./script/generate_build_info.sh - persist_to_workspace: root: . paths: diff --git a/script/generate_build_info.sh b/script/generate_build_info.sh index c40ef269..e660b933 100755 --- a/script/generate_build_info.sh +++ b/script/generate_build_info.sh @@ -111,7 +111,7 @@ cat > ${STATIC_DIR}/buildinfo.html < - + From 1f07b0fa33ccacab19572c7a9416b300f9a2d013 Mon Sep 17 00:00:00 2001 From: Patrick Smith Date: Mon, 15 Oct 2018 16:04:19 -0400 Subject: [PATCH 35/36] Revert "Deploy this branch" This reverts commit 2e4a8520a9a1f8a21ac5d2148f9902755663a850. `master` will now be deployed. --- .circleci/config.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index d23e3aa2..c22dbf93 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -86,7 +86,7 @@ jobs: name: "Load Cache: CRLs" keys: - disa-crls-v2 - - run: + - run: name: "Update CRLs" command: ./script/sync-crls - save_cache: @@ -208,10 +208,10 @@ workflows: - test filters: branches: - only: circleci-cd-rebased + only: master - deploy: requires: - build_and_push_image filters: branches: - only: circleci-cd-rebased + only: master From 714569eda4d6c017d1b1d85d69b8033c7fc7446c Mon Sep 17 00:00:00 2001 From: Patrick Smith Date: Tue, 16 Oct 2018 10:30:14 -0400 Subject: [PATCH 36/36] Get rid of deployment steps on Travis --- .travis.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/.travis.yml b/.travis.yml index b16c9c1b..d5167828 100644 --- a/.travis.yml +++ b/.travis.yml @@ -45,13 +45,6 @@ script: - docker container stop current-atst-tester - docker run --add-host "postgreshost:${postgres_ip}" --add-host "redishost:${redis_ip}" "${TESTER_IMAGE2_NAME}" -before_deploy: - - docker build --tag "${PROD_IMAGE_NAME}" . -f deploy/docker/prod/Dockerfile - - remote_image_name="${ATAT_DOCKER_REGISTRY_URL}/${PROD_IMAGE_NAME}:${GIT_SHA}" - - docker tag "${PROD_IMAGE_NAME}" "${remote_image_name}" - - docker images - #- docker push "${remote_image_name}" - deploy: provider: script script: echo "Deployment now handles by CircleCI"
BuildInfo (${BUILT_BY}BuildInfo (${BUILT_BY})
Container Image Creation Time: