commit f1f2838191ba0da85e77339cc134a5a3f557b554
parent 6627a79a4bbe90166864b0bfbc75f1a21a5811ff
Author: Devan Carpenter <devan@taler.net>
Date: Thu, 22 Aug 2024 14:30:34 -0500
add CI and Containerfile to test the deployment
Diffstat:
5 files changed, 115 insertions(+), 0 deletions(-)
diff --git a/Containerfile b/Containerfile
@@ -0,0 +1,26 @@
+FROM docker.io/library/debian:bookworm
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update -yqq && \
+ apt-get install -yqq \
+ ansible \
+ cron \
+ git \
+ locales \
+ openssh-server \
+ python3 \
+ python3-debian \
+ systemd \
+ whois # mkpasswd provided by whois package
+
+RUN mkdir -p /etc/ansible/facts.d
+
+#####################################################################
+## WARNING: THIS ALLOWS FOR COMPLETELY UNAUTHENTICATED SSH SESSIONS #
+####### FOR TESTING ENVIRONMENT ONLY! ###############################
+RUN echo "root:$(mkpasswd -s </dev/null)" | chpasswd -e
+RUN sed -i'' -e's/^#PermitRootLogin prohibit-password$/PermitRootLogin yes/' /etc/ssh/sshd_config \
+ && sed -i'' -e's/^#PasswordAuthentication yes$/PasswordAuthentication yes/' /etc/ssh/sshd_config \
+ && sed -i'' -e's/^#PermitEmptyPasswords no$/PermitEmptyPasswords yes/' /etc/ssh/sshd_config \
+ && sed -i'' -e's/^UsePAM yes/UsePAM no/' /etc/ssh/sshd_config
diff --git a/contrib/ci/Containerfile b/contrib/ci/Containerfile
@@ -0,0 +1,7 @@
+# This containerfile is used when no job-specific one exists.
+FROM quay.io/podman/stable:v5.2.3
+
+RUN dnf update -yq && \
+ dnf install -yq \
+ ansible #\
+ #systemd
diff --git a/contrib/ci/ci.sh b/contrib/ci/ci.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+set -exvuo pipefail
+
+# Requires podman
+# Fails if not found in PATH
+OCI_RUNTIME=$(which podman)
+REPO_NAME=$(basename "${PWD}")
+JOB_NAME="${1}"
+JOB_ARCH=$((grep CONTAINER_ARCH contrib/ci/jobs/${JOB_NAME}/config.ini | cut -d' ' -f 3) || echo "${2:-amd64}")
+JOB_CONTAINER=$((grep CONTAINER_NAME contrib/ci/jobs/${JOB_NAME}/config.ini | cut -d' ' -f 3) || echo "localhost/${REPO_NAME}:${JOB_ARCH}")
+CONTAINER_BUILD=$((grep CONTAINER_BUILD contrib/ci/jobs/${JOB_NAME}/config.ini | cut -d' ' -f 3) || echo "True")
+CONTAINERFILE="contrib/ci/jobs/${JOB_NAME}/Containerfile"
+
+if ! [[ -f "$CONTAINERFILE" ]]; then
+ CONTAINERFILE="contrib/ci/$JOB_ARCH.Containerfile"
+fi;
+if ! [[ -f "$CONTAINERFILE" ]]; then
+ CONTAINERFILE="$(dirname "$CONTAINERFILE")/Containerfile"
+fi;
+
+echo "Image name: ${JOB_CONTAINER}
+Containerfile: ${CONTAINERFILE}"
+
+if [ "${CONTAINER_BUILD}" = "True" ] ; then
+ "${OCI_RUNTIME}" build \
+ --arch "${JOB_ARCH}" \
+ -t "${JOB_CONTAINER}" \
+ -f "$CONTAINERFILE" .
+fi
+
+"${OCI_RUNTIME}" run \
+ --rm \
+ -ti \
+ --arch "${JOB_ARCH}" \
+ --env CI_COMMIT_REF="$(git rev-parse HEAD)" \
+ --volume "${PWD}":/workdir \
+ --cap-add SYS_ADMIN,CAP_SYS_CHROOT \
+ --workdir /workdir \
+ "${JOB_CONTAINER}" \
+ contrib/ci/jobs/"${JOB_NAME}"/job.sh
+
+top_dir=$(dirname "${BASH_SOURCE[0]}")
+
+#"${top_dir}"/build.sh
diff --git a/contrib/ci/jobs/001-build/build.sh b/contrib/ci/jobs/001-build/build.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+set -exuo pipefail
+
+#### WARNING: THIS SCRIPT IS INTENED TO BE RUN INSIDE OF A CONTAINER
+
+
+# Print some debug info
+id ; cat /proc/self/uid_map ; mount | grep cgroup || true
+
+# Hack to make podman adapt to being nested
+rm -f /etc/containers/storage.conf
+
+# Build our image
+podman build -f Containerfile -t ansible-taler-test
+
+# Run in background (-d) with systemd init
+podman run \
+ --privileged \
+ --tmpfs /sys \
+ --rm \
+ --name ansible-taler-test \
+ -d localhost/ansible-taler-test sh -c "id ; cat /proc/self/uid_map ; mount | grep cgroup; exec /usr/sbin/init --show-status"
+
+# Print to log that container is running
+podman ps
+
+# TOFU SSH host keys (so we don't get user prompt)
+echo "StrictHostKeyChecking=accept-new" > ~/.ssh/config
+
+# Run our playbook(s)
+# NOTE: Trailing comma is correct (and required) in agument for -i flag
+ansible-playbook --verbose -i 127.0.0.1:22, --user root playbooks/play.yml
diff --git a/contrib/ci/jobs/001-build/job.sh b/contrib/ci/jobs/001-build/job.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+set -exuo pipefail
+
+job_dir=$(dirname "${BASH_SOURCE[0]}")
+
+"${job_dir}"/build.sh
