def receive(stack): token = request.headers.get("X-Gitlab-Token") body = request.json if not validate_token(token, body): abort(403) project = Project(body["project"]["path_with_namespace"].split("/")[-1]) logger = Logger(f"{BUILD_LOGS + project.name}.log") logger.open() if not os.path.exists(project.path): logger.pipe( sh( "git", "clone", body["project"]["git_ssh_url"], project.path, )) logger.pipe(sh("git", "fetch", cwd=project.path)) logger.pipe(sh("git", "checkout", body["after"], cwd=project.path)) process = Process( target=HANDLERS.get(stack, run_dockerfile_deploy), kwargs={ "project": project, "stack": stack, "logger": logger, }, ) process.start() return f"Started deploy for {project.name}. See build status at /logs/{project.name}/build."
def run_pypi_deploy(project, stack, logger): logger.write(f"Running pypi deploy for {project.name}.") shutil.copy(f"{SECRETS}.pypirc", project.path) logger.pipe(sh("make", "pypi", cwd=project.path)) os.remove(f"{project.path}/.pypirc") project.path = project.path + "docs/_build/dirhtml/" run_dockerfile_deploy(project, "cdn", logger)
def _do_nginx_deploy(self, service, domain, force_wildcard=False, force_provision=False, proxy_set_header={}): """Adds an nginx proxy from the ``domain`` to the ``service`` :param service: the name of the service to point to :type service: str :param domain: the url to proxy :type domain: str :param force_wildcard: forcibly use a wildcard SSL certificate only\ (defaults to ``False``) :type force_wildcard: bool :param force_provision: forcibly provision a certificate even if\ another match exists (defaults to ``False``) :type force_provision: bool :param proxy_set_header: a dictionary of proxy headers to pass into\ nginx :type proxy_set_header: dict Note that if ``force_wildcard`` and ``force_provision`` are both ``True``,\ then a certificate will be provisioned for ``domain`` as well as ``*.domain``. """ self.print("Doing nginx deploy...") if os.path.exists(f"{self.confs}/{domain}.conf"): self.print(f"An nginx config for {domain} already exists!") self.print("Nothing to do.") return socket = f"{self.socks}/{service}.sock" with open(f"{self.confs}/{domain}.conf", "w") as out: out.write( self.nginx.gen_config_with_sock( domain, socket, logs_pre=f"{self.logs}/{service}-", proxy_set_header=proxy_set_header, ) ) out = utils.sh("nginx", "-s", "reload", stream=False) self.print(out) self.print("Installing or provisioning certificate, as needed...") cert = self.certbot.cert_else_false(domain, force_wildcard) if cert and not force_provision: self.print(f"Found a matching certificate! Installing...") self.certbot.attach_cert(cert, domain, logger=self.print) else: wildcard = force_provision and force_wildcard self.print(f"Provisioning a new {'wildcard' if wildcard else ''} certificate...") domains = [domain] if wildcard: domains.append(f"*.{domain}") self.certbot.run_bot(domains, logger=self.print) if wildcard: self.print("Installing wildcard certificate...") cert = self.certbot.cert_else_false(f"*.{domain}", force_wildcard) if cert: self.certbot.attach_cert(cert, domain, logger=self.print) else: self.print("Something went wrong when provisioning/installing the wildcard certificate!") self.print(f"Couldn't secure {domain}.") self.print(f"Done! Sucessfully proxied {domain} to {service}.")
def _fix_permissions(self, service, port): """Wait for the socket binding to complete, then make the socket visible to nginx :param service: the name of the service :type service: str :param port: the port to be bound :type port: str """ path = f"{self.socks}/{service}.sock" while not os.path.exists(path): time.sleep(1) out = sh("chmod", "666", path, stream=False) self.dna.print(out) self.dna.print(f"Bound {service}:{port} to {service}.sock.")
def remove_domain(self, service, domain): """Remove ``domain`` from ``service``, if it is bound to it :param service: the name of the service :type service: str :param domain: the url to unbind from the service :type domain: str .. note:: Relevant ``nginx`` configs will be deleted, but not\ ``certbot`` certificates. """ if self.db.remove_domain_from_service(domain, service): os.remove(f"{self.confs}/{domain}.conf") out = utils.sh("nginx", "-s", "reload", stream=False) self.propagate_services() return True return False
def delete_service(self, service): """Unproxy all domains attached to ``service``, unbind ``service`` from socat, stop and delete the ``service``'s Docker container, and remove it from the database. :param service: the name of the service :type service: str """ service = self.get_service_info(service) if not service: return for domain in service.domains: os.remove(f"{self.confs}/{domain.url}.conf") out = utils.sh("nginx", "-s", "reload", stream=False) self.print(out) self.socat.unbind(service.name, service.port) self.docker.wipe_container(service.name) self.db.delete_service(service) self.propagate_services()