Loading .gitlab/ci/shellcheck.gitlab-ci.yml +2 −2 Original line number Diff line number Diff line Loading @@ -3,7 +3,7 @@ test-shellcheck: image: koalaman/shellcheck-alpine:stable needs: [] script: - shellcheck src/bin/auto-deploy test/verify-deployment-database - shellcheck src/bin/auto-deploy test/verify-deployment-database test/verify-application-secret test-shfmt: stage: test Loading @@ -12,4 +12,4 @@ test-shfmt: entrypoint: ["/bin/sh", "-c"] needs: [] script: - shfmt -i 2 -ci -l -d src/bin/* - shfmt -i 2 -ci -l -d src/bin/auto-deploy test/verify-deployment-database test/verify-application-secret .gitlab/ci/test.gitlab-ci.yml +3 −0 Original line number Diff line number Diff line Loading @@ -395,10 +395,13 @@ test-create-application-secret: KUBE_NAMESPACE: default CI_ENVIRONMENT_SLUG: production K8S_SECRET_CODE: 12345 K8S_SECRET_CODE_MULTILINE: "12345 NEW LINE" script: - auto-deploy create_application_secret "stable" - kubectl get secrets -n $KUBE_NAMESPACE - kubectl get secrets production-secret -n $KUBE_NAMESPACE - ./test/verify-application-secret test-delete: extends: test-deploy Loading Dockerfile +1 −0 Original line number Diff line number Diff line Loading @@ -13,6 +13,7 @@ RUN apk add --no-cache openssl curl tar gzip bash jq \ && curl -sSL -o /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub \ && curl -sSL -O https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-${GLIBC_VERSION}.apk \ && apk add glibc-${GLIBC_VERSION}.apk \ && apk add ruby jq \ && rm glibc-${GLIBC_VERSION}.apk RUN ln -s /build/bin/* /usr/local/bin/ src/bin/auto-deploy +7 −7 Original line number Diff line number Diff line Loading @@ -418,22 +418,22 @@ function delete() { # function create_application_secret() { local track="${1-stable}" local k8s_secrets_file # shellcheck disable=SC2155 # declare and assign separately to avoid masking return values. export APPLICATION_SECRET_NAME=$(application_secret_name "$track") env | sed -n "s/^K8S_SECRET_\(.*\)$/\1/p" >k8s_prefixed_variables k8s_secrets_file=$(mktemp) kubectl create secret \ -n "$KUBE_NAMESPACE" generic "$APPLICATION_SECRET_NAME" \ --from-env-file k8s_prefixed_variables -o yaml --dry-run | kubectl replace -n "$KUBE_NAMESPACE" --force -f - /build/bin/auto-deploy-application-secrets-yaml "$k8s_secrets_file" kubectl replace -f "$k8s_secrets_file" -n "$KUBE_NAMESPACE" --force # shellcheck disable=SC2002 # useless cat, prefer cmd < file # shellcheck disable=SC2155 # declare and assign separately to avoid masking return values. export APPLICATION_SECRET_CHECKSUM=$(cat k8s_prefixed_variables | sha256sum | cut -d ' ' -f 1) export APPLICATION_SECRET_CHECKSUM=$(cat "$k8s_secrets_file" | sha256sum | cut -d ' ' -f 1) rm k8s_prefixed_variables rm "$k8s_secrets_file" } function application_secret_name() { Loading src/bin/auto-deploy-application-secrets-yaml 0 → 100755 +21 −0 Original line number Diff line number Diff line #!/usr/bin/ruby require 'yaml' require 'base64' prefix_regex = /^K8S_SECRET_/ File.open(ARGV[0], 'w') { |file| data = ENV .select { |k, v| k =~ prefix_regex } .transform_keys { |k| k.sub(prefix_regex, '') } .transform_values {|v| Base64.strict_encode64 v } kube_config = { 'apiVersion' => 'v1', 'kind' => 'Secret', 'metadata' => { 'name' => ENV['APPLICATION_SECRET_NAME'] }, 'type' => 'Opaque', 'data' => data } file.write kube_config.to_yaml } No newline at end of file Loading
.gitlab/ci/shellcheck.gitlab-ci.yml +2 −2 Original line number Diff line number Diff line Loading @@ -3,7 +3,7 @@ test-shellcheck: image: koalaman/shellcheck-alpine:stable needs: [] script: - shellcheck src/bin/auto-deploy test/verify-deployment-database - shellcheck src/bin/auto-deploy test/verify-deployment-database test/verify-application-secret test-shfmt: stage: test Loading @@ -12,4 +12,4 @@ test-shfmt: entrypoint: ["/bin/sh", "-c"] needs: [] script: - shfmt -i 2 -ci -l -d src/bin/* - shfmt -i 2 -ci -l -d src/bin/auto-deploy test/verify-deployment-database test/verify-application-secret
.gitlab/ci/test.gitlab-ci.yml +3 −0 Original line number Diff line number Diff line Loading @@ -395,10 +395,13 @@ test-create-application-secret: KUBE_NAMESPACE: default CI_ENVIRONMENT_SLUG: production K8S_SECRET_CODE: 12345 K8S_SECRET_CODE_MULTILINE: "12345 NEW LINE" script: - auto-deploy create_application_secret "stable" - kubectl get secrets -n $KUBE_NAMESPACE - kubectl get secrets production-secret -n $KUBE_NAMESPACE - ./test/verify-application-secret test-delete: extends: test-deploy Loading
Dockerfile +1 −0 Original line number Diff line number Diff line Loading @@ -13,6 +13,7 @@ RUN apk add --no-cache openssl curl tar gzip bash jq \ && curl -sSL -o /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub \ && curl -sSL -O https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-${GLIBC_VERSION}.apk \ && apk add glibc-${GLIBC_VERSION}.apk \ && apk add ruby jq \ && rm glibc-${GLIBC_VERSION}.apk RUN ln -s /build/bin/* /usr/local/bin/
src/bin/auto-deploy +7 −7 Original line number Diff line number Diff line Loading @@ -418,22 +418,22 @@ function delete() { # function create_application_secret() { local track="${1-stable}" local k8s_secrets_file # shellcheck disable=SC2155 # declare and assign separately to avoid masking return values. export APPLICATION_SECRET_NAME=$(application_secret_name "$track") env | sed -n "s/^K8S_SECRET_\(.*\)$/\1/p" >k8s_prefixed_variables k8s_secrets_file=$(mktemp) kubectl create secret \ -n "$KUBE_NAMESPACE" generic "$APPLICATION_SECRET_NAME" \ --from-env-file k8s_prefixed_variables -o yaml --dry-run | kubectl replace -n "$KUBE_NAMESPACE" --force -f - /build/bin/auto-deploy-application-secrets-yaml "$k8s_secrets_file" kubectl replace -f "$k8s_secrets_file" -n "$KUBE_NAMESPACE" --force # shellcheck disable=SC2002 # useless cat, prefer cmd < file # shellcheck disable=SC2155 # declare and assign separately to avoid masking return values. export APPLICATION_SECRET_CHECKSUM=$(cat k8s_prefixed_variables | sha256sum | cut -d ' ' -f 1) export APPLICATION_SECRET_CHECKSUM=$(cat "$k8s_secrets_file" | sha256sum | cut -d ' ' -f 1) rm k8s_prefixed_variables rm "$k8s_secrets_file" } function application_secret_name() { Loading
src/bin/auto-deploy-application-secrets-yaml 0 → 100755 +21 −0 Original line number Diff line number Diff line #!/usr/bin/ruby require 'yaml' require 'base64' prefix_regex = /^K8S_SECRET_/ File.open(ARGV[0], 'w') { |file| data = ENV .select { |k, v| k =~ prefix_regex } .transform_keys { |k| k.sub(prefix_regex, '') } .transform_values {|v| Base64.strict_encode64 v } kube_config = { 'apiVersion' => 'v1', 'kind' => 'Secret', 'metadata' => { 'name' => ENV['APPLICATION_SECRET_NAME'] }, 'type' => 'Opaque', 'data' => data } file.write kube_config.to_yaml } No newline at end of file
