blob: e2485c0adcf78caafe1d1910de7a3ece006d0b97 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
|
#!/bin/bash
#
# This script will run create a virtual provider
# and run tests on it.
#
# This script is triggered by .gitlab-ci.yml
#
# It depends on:
# * leap_platform: in ../..
# * test provider: in provider/
# * leap-platform-test: installed in path
# * AWS credentials as environment variables:
# * `AWS_ACCESS_KEY`
# * `AWS_SECRET_KEY`
# * ssh private key used to login to remove vm
# * `SSH_PRIVATE_KEY`
#
# exit if any commands returns non-zero status
set -e
# because the ci-build is running in a pipe we need to also set the following
# so exit codes will be caught correctly.
set -o pipefail
# Check if scipt is run in debug mode so we can hide secrets
if [[ "$-" =~ 'x' ]]
then
echo 'Running with xtrace enabled!'
xtrace=true
else
echo 'Running with xtrace disabled!'
xtrace=false
fi
# leap_platform/tests/platform-ci
# shellcheck disable=SC2086
ROOTDIR=$(readlink -f "$(dirname $0)")
# leap_platform
PLATFORMDIR=$(readlink -f "${ROOTDIR}/../..")
# In the gitlab CI pipeline leap is installed in a different
# stage by bundle. To debug you can run a single CI job locally
# so we install leap_cli as gem here.
if /usr/local/bin/bundle exec leap >/dev/null 2>&1
then
LEAP_CMD() {
/usr/local/bin/bundle exec leap -v2 --yes "$@"
}
else
sudo gem install leap_cli
LEAP_CMD() {
leap -v2 --yes "$@"
}
fi
fail() {
echo "$*"
exit 1
}
deploy() {
LEAP_CMD deploy "$TAG"
}
test() {
LEAP_CMD test "$TAG"
}
build_from_scratch() {
# leap_platform/tests/platform-ci/provider
PROVIDERDIR="${ROOTDIR}/provider"
/bin/echo "Provider directory: ${PROVIDERDIR}"
cd "$PROVIDERDIR"
# Create cloud.json needed for `leap vm` commands using AWS credentials
which jq || ( apt-get update -y && apt-get install jq -y )
# Dsiable xtrace
set +x
[ -z "$AWS_ACCESS_KEY" ] && fail "\$AWS_ACCESS_KEY is not set - please provide it as env variable."
[ -z "$AWS_SECRET_KEY" ] && fail "\$AWS_SECRET_KEY is not set - please provide it as env variable."
[ -z "$SSH_PRIVATE_KEY" ] && fail "\$SSH_PRIVATE_KEY is not set - please provide it as env variable."
/usr/bin/jq ".platform_ci.auth |= .+ {\"aws_access_key_id\":\"$AWS_ACCESS_KEY\", \"aws_secret_access_key\":\"$AWS_SECRET_KEY\"}" < cloud.json.template > cloud.json
# Enable xtrace again only if it was set at beginning of script
[[ $xtrace == true ]] && set -x
[ -d "./tags" ] || mkdir "./tags"
/bin/echo "{\"environment\": \"$TAG\"}" | /usr/bin/json_pp > "${PROVIDERDIR}/tags/${TAG}.json"
pwd
# remove old cached nodes
echo "Removing old cached nodes..."
find nodes -name 'citest*' -exec rm {} \;
echo "Listing current VM status..."
LEAP_CMD vm status "$TAG"
# shellcheck disable=SC2086
echo "Adding VM $NAME with the services: $SERVICES and the tags: $TAG"
LEAP_CMD vm add "$NAME" services:"$SERVICES" tags:"$TAG"
echo "Compiling $TAG..."
LEAP_CMD compile "$TAG"
echo "Listing current VM status for TAG: $TAG..."
LEAP_CMD vm status "$TAG"
echo "Running leap list..."
LEAP_CMD list
echo "Running leap node init on TAG: $TAG"
LEAP_CMD node init "$TAG"
echo "Running leap info on $TAG"
LEAP_CMD info "${TAG}"
}
run() {
echo "Cloning $1 repo: $2"
git clone -q --depth 1 "$2"
cd "$1"
git rev-parse HEAD
echo -n "Operating in the $1 directory: "
pwd
echo "Listing current node information..."
LEAP_CMD list
echo "Attempting a deploy..."
deploy
echo "Attempting to run tests..."
test
}
#
# Main
#
/bin/echo "CI directory: ${ROOTDIR}"
/bin/echo "Platform directory: ${PLATFORMDIR}"
# Ensure we don't output secret stuff to console even when running in verbose mode with -x
set +x
# Configure ssh keypair
[ -d ~/.ssh ] || /bin/mkdir ~/.ssh
/bin/echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
/bin/chmod 600 ~/.ssh/id_rsa
/bin/cp "${ROOTDIR}/provider/users/gitlab-runner/gitlab-runner_ssh.pub" ~/.ssh/id_rsa.pub
# Enable xtrace again only if it was set at beginning of script
[[ $xtrace == true ]] && set -x
case "$CI_ENVIRONMENT_NAME" in
staging)
TAG='latest'
run ibex ssh://gitolite@leap.se/ibex
;;
production/demo/mail)
TAG='demomail'
run bitmask ssh://gitolite@leap.se/bitmask
;;
production/demo/vpn)
TAG='demovpn'
run bitmask ssh://gitolite@leap.se/bitmask
;;
*)
# create node(s) with unique id so we can run tests in parallel
NAME="citest${CI_BUILD_ID:-0}"
# when using gitlab-runner locally, CI_BUILD_ID is always 1 which
# will conflict with running/terminating AWS instances in subsequent runs
# therefore we pick a random number in this case
[ "${CI_BUILD_ID:-0}" -eq "1" ] && NAME+="000${RANDOM}"
TAG='single'
SERVICES='couchdb,soledad,mx,webapp,tor,monitor'
build_from_scratch
# Deploy and test
deploy
test
# if everything succeeds, destroy the vm
LEAP_CMD vm rm "${TAG}"
[ -f "nodes/${NAME}.json" ] && /bin/rm "nodes/${NAME}.json"
;;
esac
|