blob: e25b8096053a70e144cdc594b2fbbf938f77da8e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
|
#!/bin/bash
#
# This script will run create a virtual provider
# and run tests on it.
#
# This script is triggered by .gitlab-ci.yml
#
# It depends on:
# * leap_platform: in ../..
# * test provider: in provider/
# * leap-platform-test: installed in path
# * AWS credentials as environment variables:
# * `AWS_ACCESS_KEY`
# * `AWS_SECRET_KEY`
# * ssh private key used to login to remove vm
# * `SSH_PRIVATE_KEY`
#
# exit if any commands returns non-zero status
set -e
# because the ci-build is running in a pipe we need to also set the following
# so exit codes will be caught correctly.
set -o pipefail
# we wrap the whole script in curly braces so we can pipe it all through ts to
# get timestamps. If we put it outside of the script, then we can't get proper
# pipefail results.
{
# leap_platform/tests/platform-ci
# shellcheck disable=SC2086
ROOTDIR=$(readlink -f "$(dirname $0)")
# leap_platform
PLATFORMDIR=$(readlink -f "${ROOTDIR}/../..")
LEAP_CMD() {
/usr/local/bin/bundle exec leap -v2 --yes "$@"
}
deploy() {
LEAP_CMD deploy "$TAG"
}
test() {
LEAP_CMD test "$TAG"
}
build_from_scratch() {
# leap_platform/tests/platform-ci/provider
PROVIDERDIR="${ROOTDIR}/provider"
/bin/echo "Provider directory: ${PROVIDERDIR}"
cd "$PROVIDERDIR"
# Create cloud.json needed for `leap vm` commands using AWS credentials
which jq || ( apt-get update -y && apt-get install jq -y )
/usr/bin/jq ".platform_ci.auth |= .+ {\"aws_access_key_id\":\"$AWS_ACCESS_KEY\", \"aws_secret_access_key\":\"$AWS_SECRET_KEY\"}" < cloud.json.template > cloud.json
[ -d "./tags" ] || mkdir "./tags"
/bin/echo "{\"environment\": \"$TAG\"}" | /usr/bin/json_pp > "${PROVIDERDIR}/tags/${TAG}.json"
pwd
LEAP_CMD vm status "$TAG"
# shellcheck disable=SC2086
LEAP_CMD vm add "$NAME" services:"$SERVICES" tags:"$TAG" $SEEDS
LEAP_CMD compile "$TAG"
LEAP_CMD vm status "$TAG"
LEAP_CMD node init "$TAG"
LEAP_CMD info "${TAG}"
}
run() {
echo "Cloning $1 repo: $2"
git clone -q --depth 1 "$2"
cd "$1"
git rev-parse HEAD
echo -n "Operating in the $1 directory: "
pwd
echo "Listing current node information..."
LEAP_CMD list
echo "Attempting a deploy..."
deploy
echo "Attempting to run tests..."
test
}
#
# Main
#
/bin/echo "CI directory: ${ROOTDIR}"
/bin/echo "Platform directory: ${PLATFORMDIR}"
# Ensure we don't output secret stuff to console even when running in verbose mode with -x
set +x
# Configure ssh keypair
[ -d ~/.ssh ] || /bin/mkdir ~/.ssh
/bin/echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
/bin/chmod 600 ~/.ssh/id_rsa
/bin/cp "${ROOTDIR}/provider/users/gitlab-runner/gitlab-runner_ssh.pub" ~/.ssh/id_rsa.pub
case "$CI_ENVIRONMENT_NAME" in
latest)
TAG='latest'
run ibex ssh://gitolite@leap.se/ibex
;;
production/mail)
TAG='demomail'
run bitmask ssh://gitolite@leap.se/bitmask
;;
production/vpn)
TAG='demovpn'
run bitmask ssh://gitolite@leap.se/bitmask
;;
*)
# create node(s) with unique id so we can run tests in parallel
NAME="citest${CI_BUILD_ID}"
# when using gitlab-runner locally, CI_BUILD_ID is always 1 which
# will conflict with running/terminating AWS instances in subsequent runs
# therefore we pick a random number in this case
[ "$CI_BUILD_ID" -eq "1" ] && NAME+="000${RANDOM}"
TAG='single'
SERVICES='couchdb,soledad,mx,webapp,tor,monitor'
SEEDS=''
build_from_scratch
# Deploy and test
deploy
test
# if everything succeeds, destroy the vm
LEAP_CMD vm rm "${TAG}"
[ -f "nodes/${NAME}.json" ] && /bin/rm "nodes/${NAME}.json"
;;
esac
} | /usr/bin/ts -s
|
