def createTask(taskId, gitKey, gitAddress):
"""
fortify 命令行调用
fortify 使用手册 HPE_SCA_Guide_16.20.pdf
:param taskId:
:param gitKey:
:param gitAddress:
:return:
"""
clonePath = os.path.join(BASE_DIR, "gitClone")
outputPath = os.path.join(BASE_DIR, "reports")
if not os.path.exists(clonePath):
os.mkdir(clonePath)
if not os.path.exists(outputPath):
os.mkdir(outputPath)
fortifyLogMsg(taskId=taskId, msg=u"拉取代码" + gitAddress, code=1)
localPath = gitAddress.replace("http://", "").replace("https://", "").replace("/", "_").split("?")[0]
localPath = localPath.replace("git@", "").replace(":", "_").replace(".git", "")
localPath = os.path.join(clonePath, localPath)
buildName = "_".join(localPath.split("_")[1:])
try:
if gitKey and gitAddress:
from gittle.auth import GittleAuth
# https://github.com/FriendCode/gittle/issues/18
authkey = GittleAuth(pkey=gitKey)
if not os.path.exists(localPath):
Gittle.clone(gitAddress, local_path=localPath, auth=authkey)
else:
repo = Gittle(localPath, origin_uri=gitAddress, auth=authkey)
repo.pull()
else:
if not os.path.exists(localPath):
Gittle.clone(gitAddress, localPath)
else:
repo = Gittle(localPath, gitAddress)
repo.pull()
except Exception, e:
# raise e
fortifyLogMsg(taskId, u"任务拉取代码遇到异常" + str(e.message), "", code=2)
return "" # 结束任务
def auth(self, *args, **kwargs):
self.authenticator = GittleAuth(*args, **kwargs)
return self.authenticator
def post(self):
#authuserList=['jino']
#if not self.get_current_user() in authuserList:
# self.write('unauthorized users')
# return
parser = CappConfig(CONF)
self.set_header('Content-Type', 'text/plain')
#sid=self.request.arguments['sid']
cid = self.get_argument('cid', None)
if not cid:
self.write('ERROR:invalid branch')
return
sid = self.get_argument('sid', None)
if not sid:
self.write('ERROR:invalid server')
return
dst = get_srvlist(sid)
servname = parser.get('REPO', '%s.servname' % dst)
host = parser.get('SERVER', '%s.hostname' % servname)
user = parser.get('SERVER', '%s.username' % servname)
pwds = parser.get('SERVER', '%s.password' % servname)
keyd = parser.get('PATH', 'keysdire')
pkey = os.path.join(keyd, parser.get('SERVER',
'%s.pkeyfile' % servname))
if not os.path.exists(pkey):
self.write('ERROR:pkeyfile not exists or chmod 600 %s user %s' %
(pkey, getpass.getuser()))
return
if int(oct(os.stat(pkey).st_mode)[-3:]) != 600:
self.write('MESSAGE:pls chmod 600 %s user %s' %
(pkey, getpass.getuser()))
return
bpre = parser.get('SERVER', '%s.branchpx' % servname)
port = int(parser.get('SERVER', '%s.port' % servname))
sdir = parser.get('REPO', '%s.syncdirs' % dst)
item = parser.get('REPO', '%s.projitem' % dst)
cper = parser.get('REPO', '%s.permissi' % dst)
if not re.match(bpre.replace(',', '|'), cid):
self.write('ERROR:branch not right')
return
#for b in bpre.split(','):
# if not re.match(b,cid):
# self.write('ERROR:branch not right')
# return
workdirs = parser.get('PATH', 'workdirs')
verconfile = os.path.join(workdirs, 'vercnf')
verconf = CappConfig(verconfile)
try:
vers = verconf.get('REPO', '%s.versions' % dst)
except:
vers = ''
dskey = os.path.join(keyd, parser.get('PATH', 'deploykf'))
if not os.path.exists(dskey):
self.write('ERROR:deploykf not exists or chmod 600 %s user %s' %
(dskey, getpass.getuser()))
return
if int(oct(os.stat(dskey).st_mode)[-3:]) != 600:
self.write('MESSAGE:pls chmod 600 %s user %s' %
(dskey, getpass.getuser()))
return
try:
authk = GittleAuth(pkey=dskey)
except:
self.write("ERROR:deploy key valid")
return
try:
repo = Gittle(os.path.join(workdirs, dst),
origin_uri=repo_url[item],
auth=authk)
except:
try:
repo = Gittle.clone(repo_url[item],
os.path.join(workdirs, dst),
auth=authk)
except:
self.write(
'ERROR:deploy key not permission or confdirs cannot write')
return
try:
repo.switch_branch('master')
repo.pull_from(repo_url[item], cid)
repo.switch_branch(cid)
lastcommit = repo.commit_info(0, 1, cid)[0]
self.write('%s\t%s\n%s\n' %
(lastcommit['summary'][:60], lastcommit['sha'][:8],
lastcommit['committer']['name']))
except:
try:
rmtree(os.path.join(workdirs, dst))
repo = Gittle.clone(repo_url[item],
os.path.join(workdirs, dst),
auth=authk)
repo.switch_branch('master')
repo.pull_from(repo_url[item], cid)
repo.switch_branch(cid)
lastcommit = repo.commit_info(0, 1, cid)[0]
self.write('%s\t%s\n%s\n' %
(lastcommit['summary'][:60], lastcommit['sha'][:8],
lastcommit['committer']['name']))
except Exception as e:
self.write('confdirs cannot write')
return
parser2 = CappConfig(parser.get('PATH', 'excludef'))
try:
parser2.items('%s%s%s' % (servname, item, dst))
except:
self.write('ERROR:excludef no section %s%s%s' %
(servname, item, dst))
return
self.write('SETP1 \tstart:\n')
for sfile, dfile in parser2.items('%s%s%s' % (servname, item, dst)):
ssdir = os.path.join(parser.get('PATH', 'confdirs'),
'%s%s%s' % (servname, item, dst))
ddir = os.path.join(workdirs, dst)
if dfile.startswith('/'): dfile = dfile[1:]
err, out = rsync(os.path.join(ssdir, sfile),
os.path.join(ddir, dfile))
if len(err) is 0:
reChar = re.compile(
'send*.*list|send*.*sec|total size*.*|rsync:')
self.write('%s' % reChar.sub('', out))
else:
reChar = re.compile('rsync error:*.*|rsync: link_stat|rsync:')
self.write('ERROR:%s' % reChar.sub('', err))
return
self.write('SETP1 \tend.\n')
conflist = os.path.join(ddir, '.git/conflist')
if os.path.exists(conflist):
rsync_arg = '--exclude=.git --exclude-from=%s' % os.path.join(
ddir, '.git/conflist')
else:
rsync_arg = '--exclude=.git'
local_dir = '%s/' % ddir
remote_dir = '%s@%s:%s' % (user, host, sdir)
err, _ = sshto(host, int(port), user, pwds, pkey).exe_cmdOne('')
if err:
self.write('ERROR:target server auth failure')
return
only_com = False
try:
precmd, aftcmd = parser.get('REPO', '%s.cmdexecu' % dst).split(',')
except:
precmd = parser.get('REPO', '%s.cmdexecu' % dst)
aftcmd = ''
if os.path.isfile(precmd): precmd = open(precmd).read()
if os.path.isfile(aftcmd): aftcmd = open(aftcmd).read()
if self.get_argument('check', None) is None:
if not self.get_current_user()['username'] + '|c' in cper:
if precmd:
precmd_err, precmd_out = sshto(host, int(port), user, pwds,
pkey).exe_cmdOne(precmd)
if len(precmd_err) is 0:
self.write('EXEC PRE:\n%s\n' % precmd_out)
else:
self.write('ERROR: exec pre\n%s\n' % precmd_err)
return
err2, out2 = rsync(local_dir,
remote_dir,
arg=rsync_arg,
pkey=pkey)
if aftcmd:
aftcmd_err, aftcmd_out = sshto(host, int(port), user, pwds,
pkey).exe_cmdOne(aftcmd)
if len(aftcmd_err) is 0:
self.write('EXEC AFT:\n%s\n' % aftcmd_out)
else:
self.write('ERROR: exec aft\n%s\n' % aftcmd_err)
if out2:
config = ConfigParser.RawConfigParser()
if vers:
vers = vers.split(',')
if len(vers) == 1: vers.append(cid)
vers[1] = vers[0]
vers[0] = cid
config.read(verconfile)
config.set('REPO', '%s.versions' % dst, ','.join(vers))
with open(verconfile, 'w') as configfile:
config.write(configfile)
else:
config.read(verconfile)
config.set('REPO', '%s.versions' % dst, cid)
config.write(open(verconfile, 'w'))
else:
self.write('ERROR:no publishing rights\n')
return
else:
self.write('EXEC PRE:\n%s\n' % precmd)
err2, out2 = rsync(local_dir,
remote_dir,
arg=rsync_arg,
pkey=pkey,
check=True)
self.write('EXEC AFT:\n%s\n' % aftcmd)
only_com = True
if len(err2) is 0:
reChar = re.compile('send*.*list|send*.*sec|total size*.*|rsync:')
self.write('SETP2 \tstart:\n')
self.write('%s' % reChar.sub('', out2))
self.write('SETP2 \tend.\n')
else:
reChar = re.compile('rsync error:*.*|rsync: link_stat|rsync:')
self.write('%s' % reChar.sub('', err2))
if only_com:
self.write('MESSAGE:only for comparison is not pub\n')
return
