Commit 9f511088 authored by Brian Lee's avatar Brian Lee

Merge branch 'minor-fixes-and-improvements' into 'master'

Minor fixes and improvements

See merge request !19
parents f909deff e95232c5
Pipeline #17108549 (#) failed with stage
in 4 minutes and 46 seconds
# Cangelog
## 3.3.1
* [executor/docker] Add support to busybox based image and use addgroup instead of usermod
* [FIX] broken --docker-login=enabled & improve contextual information message
* [module/dockerimg] file moved to ercom/docker project
* [CA] Fill CI_SERVER_TLS_CA_FILE with local CA certs on local worstation
## 3.3.0
* [env-setup] Improve ca-certificates setup part
* [modules/dockerimg] Update dockerimg module
......
......@@ -631,7 +631,7 @@ to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
cilib4gitlab
citbx4gitlab - CI toolbox for Gitlab
Copyright (C) 2017 ERCOM - Emeric Verschuur <emeric@mbedsys.org>
This program is free software: you can redistribute it and/or modify
......@@ -652,7 +652,7 @@ Also add information on how to contact you by electronic and paper mail.
If the program does terminal interaction, make it output a short
notice like this when it starts in an interactive mode:
cilib4gitlab
citbx4gitlab - CI toolbox for Gitlab
Copyright (C) 2017 ERCOM - Emeric Verschuur <emeric@mbedsys.org>
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
......
citbx_module_dockerimg_define() {
local prj_name=$(git remote -v \
| gawk '
match($0, /^origin\s.*:[\/]*(.*)\.git\s.*$/, ret) {
print ret[1];
exit;
}
match($0, /^origin\s.*:[\/]*(.*)\s.*$/, ret) {
print ret[1];
exit;
}')
local declare_opts=()
if [ -n "$prj_name" ]; then
declare_opts+=(-x "\"\$CI_REGISTRY/$prj_name\"")
fi
bashopts_declare -n CI_REGISTRY_IMAGE -l image-name -d "Registry image name" -t string "${declare_opts[@]}"
bashopts_declare -n CI_COMMIT_TAG -l image-tag -d "Image tag" -t string -v "test"
bashopts_declare -n USE_LOCAL_DOCKER -l use-local-docker -d "Use the local docker instance instead of the dind service" -t boolean
CITBX_UID=0
CITBX_JOB_SHELL=${CITBX_JOB_SHELL:-/bin/sh}
citbx_export CI_REGISTRY_IMAGE CI_COMMIT_TAG
}
citbx_module_dockerimg_setup() {
bashopts_process_option -n CI_REGISTRY_IMAGE -r
if [ "$USE_LOCAL_DOCKER" == "true" ]; then
CITBX_DISABLED_SERVICES+=(docker)
fi
pattern='\bdocker\b'
if [[ "${CITBX_DISABLED_SERVICES[*]}" =~ $pattern ]]; then
DOCKER_HOST="unix:///var/run/docker.sock"
citbx_export DOCKER_HOST
fi
}
......@@ -15,7 +15,12 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
CITBX_VERSION=3.3.0
CITBX_VERSION=3.3.1
############################################################
# ### COMMON PART ###
# All environments: Gitlab-CI runner & local workstation
############################################################
# display a message
print_log() {
......@@ -176,7 +181,10 @@ citbx_job_finish() {
print_note "Job execution time: $(date +"%H hour(s) %M minute(s) and %S second(s)" -ud @$(($(date +%s) - $CITBX_JOB_START_TIME)))"
}
# If running inside the suitable runner / on gitlab runner
############################################################
# ### GITLAB-RUNNER PART ###
# If running inside the suitable docker / on gitlab runner
############################################################
if [ "$GITLAB_CI" == "true" ]; then
# Load job
citbx_local
......@@ -217,6 +225,12 @@ if [ "$GITLAB_CI" == "true" ]; then
exit 0
fi
############################################################
# ### WORKSTATION PART ###
# The following line until the end of this file
# is specific and only applicable to the local workstation
############################################################
# Force use citbx_run_ext_job to run another job
if [ "$CITBX" == "true" ]; then
print_critical "You cannot call another CI script (i.e. other external job) into a CI script" \
......@@ -614,6 +628,8 @@ $(for j in "${CITBX_JOB_LIST[@]}"; do echo " $j"; done | sort -u)"
esac
if [ -n "$CITBX_BASHCOMP" ]; then
# ### BASH completion specific part ###
# Used only by the bashcomp tool to generate completion words
case "$CITBX_BASHCOMP" in
opts)
for o in "${bashopts_optprop_short_opt[@]}"; do
......@@ -674,9 +690,11 @@ fi
if [ -n "$CI_REGISTRY" ] \
&& ( ( [ -z "$(jq -r '."auths"."'$CI_REGISTRY'" | select(.auth != null)' $HOME/.docker/config.json 2> /dev/null)" ] \
&& [ "$CITBX_DOCKER_LOGIN_MODE" == "auto" ] ) \
|| [ "$CITBX_DOCKER_LOGIN_MODE" == "true" ] ); then
print_info "You are not authenticated against the gitlab docker registry" \
"> Please enter your gitlab user id and password:"
|| [ "$CITBX_DOCKER_LOGIN_MODE" == "enabled" ] ); then
print_info "You seem to be not authenticated against the gitlab docker registry" \
"> You can disable this feature by using --docker-login=disabled" \
"> Or force this feature permanently by setting CITBX_DEFAULT_DOCKER_LOGIN_MODE into $CITBX_ABS_DIR/citbx.properties" \
"Please enter your gitlab user id and password:"
docker login $CI_REGISTRY
fi
......@@ -763,6 +781,7 @@ if [ "$CITBX_GIT_CLEAN" == "true" ]; then
fi
fi
# TODO: seems to be not needed anymore with recent git version
if [ "$CITBX_GIT_LFS_ENABLED" == "true" ]; then
git lfs pull
if [ "$GIT_SUBMODULE_STRATEGY" != "none" ]; then
......@@ -774,8 +793,21 @@ fi
CI_COMMIT_REF_NAME=${CI_COMMIT_REF_NAME:-$(cd $CI_PROJECT_DIR && git rev-parse --abbrev-ref HEAD)}
CITBX_JOB_DOCKER_RUN_ARGS+=(-e CI_COMMIT_REF_NAME="$CI_COMMIT_REF_NAME")
# If not set, fill the CI_SERVER_TLS_CA_FILE with local CA certificates
if ! [[ -v CITBX_TLS_CA_SEARCH_DIR_LIST ]]; then
CITBX_TLS_CA_SEARCH_DIR_LIST=("/usr/local/share/ca-certificates/")
fi
if ! [[ -v CI_SERVER_TLS_CA_FILE ]]; then
CI_SERVER_TLS_CA_FILE="$(
for dir in "${CITBX_TLS_CA_SEARCH_DIR_LIST[@]}"; do
test ! -d "$dir" \
|| find "$dir" -iregex '.*\.\(pem\|crt\)$' -exec openssl x509 -in '{}' \;
done
)"
fi
# Add variable to the environment list
CITBX_ENV_EXPORT_LIST+=(CI_JOB_NAME CI_REGISTRY CI_PROJECT_DIR)
CITBX_ENV_EXPORT_LIST+=(CI_JOB_NAME CI_REGISTRY CI_PROJECT_DIR CI_SERVER_TLS_CA_FILE)
if [ "$CITBX_DEBUG_SCRIPT_ENABLED" == "true" ]; then
citbx_before_script="set -x"
......@@ -828,18 +860,29 @@ case "$CITBX_JOB_EXECUTOR" in
if [ -f "$HOME/.docker/config.json" ]; then
CITBX_JOB_DOCKER_RUN_ARGS+=(-v $HOME/.docker/config.json:$HOME/.docker/config.json:ro)
fi
CITBX_COMMANDS="
useradd -o -u $CITBX_UID -s /bin/sh -d $HOME -M ci-user;
chown $CITBX_UID:$CITBX_UID $HOME
for g in ${CITBX_USER_GROUPS[*]}; do usermod -a -G \$g ci-user 2> /dev/null || true; done;
CITBX_COMMANDS='
if which useradd > /dev/null 2>&1; then
useradd -o -u '"$CITBX_UID"' -s /bin/sh -d '"$HOME"' -M ci-user;
elif readlink -f "$(which adduser)" | grep -q /busybox$ > /dev/null 2>&1; then
busybox adduser -u '"$CITBX_UID"' -s /bin/sh -h '"$HOME"' -H -D ci-user
else
echo "[!!] No usual tool found to add an user"
exit 1
fi
chown '"$CITBX_UID"':'"$CITBX_UID"' '"$HOME"'
for group in '"${CITBX_USER_GROUPS[*]}"'; do
if grep -q ^$group /etc/group; then
addgroup ci-user $group > /dev/null;
fi;
done;
if [ -f /etc/sudoers ]; then
sed -i \"/^ci-user /d\" /etc/sudoers;
echo \"ci-user ALL=(ALL) NOPASSWD:ALL\" >> /etc/sudoers;
sed -i "/^ci-user /d" /etc/sudoers;
echo "ci-user ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers;
fi;
echo \"export PATH=\\\"\$PATH\\\"\" >> \"$HOME/.bashrc\"
su ci-user -s $CITBX_JOB_SHELL $( test "$CITBX_RUN_SHELL" == "true" \
|| echo "-c $CITBX_JOB_SCRIPT" );
"
echo "export PATH=\"$PATH\"" >> "'"$HOME"'/.bashrc"
su ci-user -s '"$CITBX_JOB_SHELL"' '"$( test "$CITBX_RUN_SHELL" == "true" \
|| echo "-c $CITBX_JOB_SCRIPT" )"';
'
fi
if [ -n "$CITBX_DOCKER_USER" ]; then
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment