def receive(stack):
token = request.headers.get("X-Gitlab-Token")
body = request.json
if not validate_token(token, body):
abort(403)
project = Project(body["project"]["path_with_namespace"].split("/")[-1])
logger = Logger(f"{BUILD_LOGS + project.name}.log")
logger.open()
if not os.path.exists(project.path):
logger.pipe(
sh(
"git",
"clone",
body["project"]["git_ssh_url"],
project.path,
))
logger.pipe(sh("git", "fetch", cwd=project.path))
logger.pipe(sh("git", "checkout", body["after"], cwd=project.path))
process = Process(
target=HANDLERS.get(stack, run_dockerfile_deploy),
kwargs={
"project": project,
"stack": stack,
"logger": logger,
},
)
process.start()
return f"Started deploy for {project.name}. See build status at /logs/{project.name}/build."
def run_pypi_deploy(project, stack, logger):
logger.write(f"Running pypi deploy for {project.name}.")
shutil.copy(f"{SECRETS}.pypirc", project.path)
logger.pipe(sh("make", "pypi", cwd=project.path))
os.remove(f"{project.path}/.pypirc")
project.path = project.path + "docs/_build/dirhtml/"
run_dockerfile_deploy(project, "cdn", logger)
def _do_nginx_deploy(self, service, domain, force_wildcard=False, force_provision=False, proxy_set_header={}):
"""Adds an nginx proxy from the ``domain`` to the ``service``
:param service: the name of the service to point to
:type service: str
:param domain: the url to proxy
:type domain: str
:param force_wildcard: forcibly use a wildcard SSL certificate only\
(defaults to ``False``)
:type force_wildcard: bool
:param force_provision: forcibly provision a certificate even if\
another match exists (defaults to ``False``)
:type force_provision: bool
:param proxy_set_header: a dictionary of proxy headers to pass into\
nginx
:type proxy_set_header: dict
Note that if ``force_wildcard`` and ``force_provision`` are both ``True``,\
then a certificate will be provisioned for ``domain`` as well as ``*.domain``.
"""
self.print("Doing nginx deploy...")
if os.path.exists(f"{self.confs}/{domain}.conf"):
self.print(f"An nginx config for {domain} already exists!")
self.print("Nothing to do.")
return
socket = f"{self.socks}/{service}.sock"
with open(f"{self.confs}/{domain}.conf", "w") as out:
out.write(
self.nginx.gen_config_with_sock(
domain, socket, logs_pre=f"{self.logs}/{service}-", proxy_set_header=proxy_set_header,
)
)
out = utils.sh("nginx", "-s", "reload", stream=False)
self.print(out)
self.print("Installing or provisioning certificate, as needed...")
cert = self.certbot.cert_else_false(domain, force_wildcard)
if cert and not force_provision:
self.print(f"Found a matching certificate! Installing...")
self.certbot.attach_cert(cert, domain, logger=self.print)
else:
wildcard = force_provision and force_wildcard
self.print(f"Provisioning a new {'wildcard' if wildcard else ''} certificate...")
domains = [domain]
if wildcard:
domains.append(f"*.{domain}")
self.certbot.run_bot(domains, logger=self.print)
if wildcard:
self.print("Installing wildcard certificate...")
cert = self.certbot.cert_else_false(f"*.{domain}", force_wildcard)
if cert:
self.certbot.attach_cert(cert, domain, logger=self.print)
else:
self.print("Something went wrong when provisioning/installing the wildcard certificate!")
self.print(f"Couldn't secure {domain}.")
self.print(f"Done! Sucessfully proxied {domain} to {service}.")
def _fix_permissions(self, service, port):
"""Wait for the socket binding to complete, then make the
socket visible to nginx
:param service: the name of the service
:type service: str
:param port: the port to be bound
:type port: str
"""
path = f"{self.socks}/{service}.sock"
while not os.path.exists(path):
time.sleep(1)
out = sh("chmod", "666", path, stream=False)
self.dna.print(out)
self.dna.print(f"Bound {service}:{port} to {service}.sock.")
def remove_domain(self, service, domain):
"""Remove ``domain`` from ``service``, if it is bound to it
:param service: the name of the service
:type service: str
:param domain: the url to unbind from the service
:type domain: str
.. note:: Relevant ``nginx`` configs will be deleted, but not\
``certbot`` certificates.
"""
if self.db.remove_domain_from_service(domain, service):
os.remove(f"{self.confs}/{domain}.conf")
out = utils.sh("nginx", "-s", "reload", stream=False)
self.propagate_services()
return True
return False
def delete_service(self, service):
"""Unproxy all domains attached to ``service``, unbind ``service`` from socat,
stop and delete the ``service``'s Docker container, and remove it from the
database.
:param service: the name of the service
:type service: str
"""
service = self.get_service_info(service)
if not service:
return
for domain in service.domains:
os.remove(f"{self.confs}/{domain.url}.conf")
out = utils.sh("nginx", "-s", "reload", stream=False)
self.print(out)
self.socat.unbind(service.name, service.port)
self.docker.wipe_container(service.name)
self.db.delete_service(service)
self.propagate_services()