def createTask(taskId, gitKey, gitAddress): """ fortify 命令行调用 fortify 使用手册 HPE_SCA_Guide_16.20.pdf :param taskId: :param gitKey: :param gitAddress: :return: """ clonePath = os.path.join(BASE_DIR, "gitClone") outputPath = os.path.join(BASE_DIR, "reports") if not os.path.exists(clonePath): os.mkdir(clonePath) if not os.path.exists(outputPath): os.mkdir(outputPath) fortifyLogMsg(taskId=taskId, msg=u"拉取代码" + gitAddress, code=1) localPath = gitAddress.replace("http://", "").replace("https://", "").replace("/", "_").split("?")[0] localPath = localPath.replace("git@", "").replace(":", "_").replace(".git", "") localPath = os.path.join(clonePath, localPath) buildName = "_".join(localPath.split("_")[1:]) try: if gitKey and gitAddress: from gittle.auth import GittleAuth # https://github.com/FriendCode/gittle/issues/18 authkey = GittleAuth(pkey=gitKey) if not os.path.exists(localPath): Gittle.clone(gitAddress, local_path=localPath, auth=authkey) else: repo = Gittle(localPath, origin_uri=gitAddress, auth=authkey) repo.pull() else: if not os.path.exists(localPath): Gittle.clone(gitAddress, localPath) else: repo = Gittle(localPath, gitAddress) repo.pull() except Exception, e: # raise e fortifyLogMsg(taskId, u"任务拉取代码遇到异常" + str(e.message), "", code=2) return "" # 结束任务
def auth(self, *args, **kwargs): self.authenticator = GittleAuth(*args, **kwargs) return self.authenticator
def post(self): #authuserList=['jino'] #if not self.get_current_user() in authuserList: # self.write('unauthorized users') # return parser = CappConfig(CONF) self.set_header('Content-Type', 'text/plain') #sid=self.request.arguments['sid'] cid = self.get_argument('cid', None) if not cid: self.write('ERROR:invalid branch') return sid = self.get_argument('sid', None) if not sid: self.write('ERROR:invalid server') return dst = get_srvlist(sid) servname = parser.get('REPO', '%s.servname' % dst) host = parser.get('SERVER', '%s.hostname' % servname) user = parser.get('SERVER', '%s.username' % servname) pwds = parser.get('SERVER', '%s.password' % servname) keyd = parser.get('PATH', 'keysdire') pkey = os.path.join(keyd, parser.get('SERVER', '%s.pkeyfile' % servname)) if not os.path.exists(pkey): self.write('ERROR:pkeyfile not exists or chmod 600 %s user %s' % (pkey, getpass.getuser())) return if int(oct(os.stat(pkey).st_mode)[-3:]) != 600: self.write('MESSAGE:pls chmod 600 %s user %s' % (pkey, getpass.getuser())) return bpre = parser.get('SERVER', '%s.branchpx' % servname) port = int(parser.get('SERVER', '%s.port' % servname)) sdir = parser.get('REPO', '%s.syncdirs' % dst) item = parser.get('REPO', '%s.projitem' % dst) cper = parser.get('REPO', '%s.permissi' % dst) if not re.match(bpre.replace(',', '|'), cid): self.write('ERROR:branch not right') return #for b in bpre.split(','): # if not re.match(b,cid): # self.write('ERROR:branch not right') # return workdirs = parser.get('PATH', 'workdirs') verconfile = os.path.join(workdirs, 'vercnf') verconf = CappConfig(verconfile) try: vers = verconf.get('REPO', '%s.versions' % dst) except: vers = '' dskey = os.path.join(keyd, parser.get('PATH', 'deploykf')) if not os.path.exists(dskey): self.write('ERROR:deploykf not exists or chmod 600 %s user %s' % (dskey, getpass.getuser())) return if int(oct(os.stat(dskey).st_mode)[-3:]) != 600: self.write('MESSAGE:pls chmod 600 %s user %s' % (dskey, getpass.getuser())) return try: authk = GittleAuth(pkey=dskey) except: self.write("ERROR:deploy key valid") return try: repo = Gittle(os.path.join(workdirs, dst), origin_uri=repo_url[item], auth=authk) except: try: repo = Gittle.clone(repo_url[item], os.path.join(workdirs, dst), auth=authk) except: self.write( 'ERROR:deploy key not permission or confdirs cannot write') return try: repo.switch_branch('master') repo.pull_from(repo_url[item], cid) repo.switch_branch(cid) lastcommit = repo.commit_info(0, 1, cid)[0] self.write('%s\t%s\n%s\n' % (lastcommit['summary'][:60], lastcommit['sha'][:8], lastcommit['committer']['name'])) except: try: rmtree(os.path.join(workdirs, dst)) repo = Gittle.clone(repo_url[item], os.path.join(workdirs, dst), auth=authk) repo.switch_branch('master') repo.pull_from(repo_url[item], cid) repo.switch_branch(cid) lastcommit = repo.commit_info(0, 1, cid)[0] self.write('%s\t%s\n%s\n' % (lastcommit['summary'][:60], lastcommit['sha'][:8], lastcommit['committer']['name'])) except Exception as e: self.write('confdirs cannot write') return parser2 = CappConfig(parser.get('PATH', 'excludef')) try: parser2.items('%s%s%s' % (servname, item, dst)) except: self.write('ERROR:excludef no section %s%s%s' % (servname, item, dst)) return self.write('SETP1 \tstart:\n') for sfile, dfile in parser2.items('%s%s%s' % (servname, item, dst)): ssdir = os.path.join(parser.get('PATH', 'confdirs'), '%s%s%s' % (servname, item, dst)) ddir = os.path.join(workdirs, dst) if dfile.startswith('/'): dfile = dfile[1:] err, out = rsync(os.path.join(ssdir, sfile), os.path.join(ddir, dfile)) if len(err) is 0: reChar = re.compile( 'send*.*list|send*.*sec|total size*.*|rsync:') self.write('%s' % reChar.sub('', out)) else: reChar = re.compile('rsync error:*.*|rsync: link_stat|rsync:') self.write('ERROR:%s' % reChar.sub('', err)) return self.write('SETP1 \tend.\n') conflist = os.path.join(ddir, '.git/conflist') if os.path.exists(conflist): rsync_arg = '--exclude=.git --exclude-from=%s' % os.path.join( ddir, '.git/conflist') else: rsync_arg = '--exclude=.git' local_dir = '%s/' % ddir remote_dir = '%s@%s:%s' % (user, host, sdir) err, _ = sshto(host, int(port), user, pwds, pkey).exe_cmdOne('') if err: self.write('ERROR:target server auth failure') return only_com = False try: precmd, aftcmd = parser.get('REPO', '%s.cmdexecu' % dst).split(',') except: precmd = parser.get('REPO', '%s.cmdexecu' % dst) aftcmd = '' if os.path.isfile(precmd): precmd = open(precmd).read() if os.path.isfile(aftcmd): aftcmd = open(aftcmd).read() if self.get_argument('check', None) is None: if not self.get_current_user()['username'] + '|c' in cper: if precmd: precmd_err, precmd_out = sshto(host, int(port), user, pwds, pkey).exe_cmdOne(precmd) if len(precmd_err) is 0: self.write('EXEC PRE:\n%s\n' % precmd_out) else: self.write('ERROR: exec pre\n%s\n' % precmd_err) return err2, out2 = rsync(local_dir, remote_dir, arg=rsync_arg, pkey=pkey) if aftcmd: aftcmd_err, aftcmd_out = sshto(host, int(port), user, pwds, pkey).exe_cmdOne(aftcmd) if len(aftcmd_err) is 0: self.write('EXEC AFT:\n%s\n' % aftcmd_out) else: self.write('ERROR: exec aft\n%s\n' % aftcmd_err) if out2: config = ConfigParser.RawConfigParser() if vers: vers = vers.split(',') if len(vers) == 1: vers.append(cid) vers[1] = vers[0] vers[0] = cid config.read(verconfile) config.set('REPO', '%s.versions' % dst, ','.join(vers)) with open(verconfile, 'w') as configfile: config.write(configfile) else: config.read(verconfile) config.set('REPO', '%s.versions' % dst, cid) config.write(open(verconfile, 'w')) else: self.write('ERROR:no publishing rights\n') return else: self.write('EXEC PRE:\n%s\n' % precmd) err2, out2 = rsync(local_dir, remote_dir, arg=rsync_arg, pkey=pkey, check=True) self.write('EXEC AFT:\n%s\n' % aftcmd) only_com = True if len(err2) is 0: reChar = re.compile('send*.*list|send*.*sec|total size*.*|rsync:') self.write('SETP2 \tstart:\n') self.write('%s' % reChar.sub('', out2)) self.write('SETP2 \tend.\n') else: reChar = re.compile('rsync error:*.*|rsync: link_stat|rsync:') self.write('%s' % reChar.sub('', err2)) if only_com: self.write('MESSAGE:only for comparison is not pub\n') return