From ae304a373169f3f66d255aa814a077c54a91990a Mon Sep 17 00:00:00 2001 From: JP Bochi Date: Fri, 21 Sep 2018 13:00:05 -0600 Subject: [PATCH 01/12] adds awscli to toolbox --- .dockerignore | 1 + .gitignore | 1 + toolbox/Dockerfile | 5 +++-- 3 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 .dockerignore diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..4dbe29f --- /dev/null +++ b/.dockerignore @@ -0,0 +1 @@ +/.cache/ diff --git a/.gitignore b/.gitignore index b2d5389..d5acbea 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,7 @@ *.tfstate *.tfstate.backup .terraform/ +.cache/ .DS_Store .idea/* *.tfvars diff --git a/toolbox/Dockerfile b/toolbox/Dockerfile index e8109bd..5cc5c4d 100644 --- a/toolbox/Dockerfile +++ b/toolbox/Dockerfile @@ -1,9 +1,10 @@ FROM alpine:3.8 -RUN apk --update add bash git openssh curl \ - && wget https://github.com/rackspace-infrastructure-automation/tfenv/archive/v0.6.0.zip -O - | unzip -d /var/opt - \ +RUN apk --update add bash git openssh curl py-pip +Run wget https://github.com/rackspace-infrastructure-automation/tfenv/archive/v0.6.0.zip -O - | unzip -d /var/opt - \ && chmod +x /var/opt/tfenv-0.6.0/bin/* /var/opt/tfenv-0.6.0/libexec/* \ && ln -s /var/opt/tfenv-0.6.0/bin/* /usr/local/bin +RUN pip install --upgrade pip && pip install --progress-bar=off awscli RUN tfenv install 0.11.8 RUN tfenv install 0.11.7 From a2e8d227329a45dddbe57aacaba0d9b7bc769f7e Mon Sep 17 00:00:00 2001 From: JP Bochi Date: Fri, 21 Sep 2018 13:02:29 -0600 Subject: [PATCH 02/12] escrows applied git revision --- repository_template/bin/apply.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/repository_template/bin/apply.sh b/repository_template/bin/apply.sh index 7e7f458..209eecb 100755 --- a/repository_template/bin/apply.sh +++ b/repository_template/bin/apply.sh @@ -22,3 +22,8 @@ for LAYER in $CHANGED_LAYERS; do echo "terraform apply $LAYER" (cd "$LAYERS_DIR/$LAYER" && terraform apply -input=false -no-color "$WORKSPACE_DIR/terraform.$LAYER.plan") done + +# escrows applied revision +REVISION=${CIRCLE_SHA1:-$(git rev-parse HEAD)} +echo $REVISION > tf-applied-revision.sha +aws s3 cp ./tf-applied-revision.sha "s3://${TF_STATE_BUCKET}/" \ No newline at end of file From 769236d406f0bffb87dc5fa07fbea71040ccef74 Mon Sep 17 00:00:00 2001 From: JP Bochi Date: Mon, 24 Sep 2018 09:41:49 -0600 Subject: [PATCH 03/12] tries comparing to s3 tf-applied-revision.sha file when applying from master --- repository_template/bin/variables.sh | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) mode change 100644 => 100755 repository_template/bin/variables.sh diff --git a/repository_template/bin/variables.sh b/repository_template/bin/variables.sh old mode 100644 new mode 100755 index bfcb50e..4d4405b --- a/repository_template/bin/variables.sh +++ b/repository_template/bin/variables.sh @@ -23,10 +23,13 @@ then echo $MODULES fi +find_changed_layers() { + git diff --name-only "$1" -- "$LAYERS_DIR" | awk -F "/" '{print $2}' | sort -n | uniq +} + # populate current layer info LAYERS_DIR="$WORKING_DIR/layers" -if [ -d "$LAYERS_DIR" ] -then +if [ -d "$LAYERS_DIR" ]; then LAYERS=$(find "$LAYERS_DIR"/* -maxdepth 0 -type d -exec basename '{}' \; | sort -n) echo "Layers found: " @@ -36,7 +39,19 @@ then if [ -f "$WORKSPACE_DIR/changed_layers" ]; then CHANGED_LAYERS=$(cat "$WORKSPACE_DIR/changed_layers") else - CHANGED_LAYERS=$(git diff --name-only "$MASTER_REF" -- "$LAYERS_DIR" | awk -F "/" '{print $2}' | sort -n | uniq) + MASTER_REF=$(git rev-parse remotes/origin/master) + GIT_BRANCH=${CIRCLE_BRANCH:-$(git rev-parse --abbrev-ref HEAD)} + if [ "$GIT_BRANCH" = 'master' ]; then + if [ -z "$(aws s3 ls s3://${TF_STATE_BUCKET}/tf-applied-revision.sha)" ]; then + CHANGED_LAYERS=$LAYERS + else + REVISION=${CIRCLE_SHA1:-$(git rev-parse HEAD)} + aws s3 cp "s3://${TF_STATE_BUCKET}/tf-applied-revision.sha" ./last-tf-applied-revision.sha > /dev/null + CHANGED_LAYERS=$(find_changed_layers "$(cat ./last-tf-applied-revision.sha)") + fi + else + CHANGED_LAYERS=$(find_changed_layers "$MASTER_REF") + fi echo $CHANGED_LAYERS > "$WORKSPACE_DIR/changed_layers" fi From 8563a46925c55319e7aab60a663bf00f6dc77edf Mon Sep 17 00:00:00 2001 From: JP Bochi Date: Mon, 24 Sep 2018 10:11:28 -0600 Subject: [PATCH 04/12] shows more info messages --- repository_template/bin/variables.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/repository_template/bin/variables.sh b/repository_template/bin/variables.sh index 4d4405b..16c8475 100755 --- a/repository_template/bin/variables.sh +++ b/repository_template/bin/variables.sh @@ -15,8 +15,7 @@ mkdir -p "$WORKSPACE_DIR" # populate current module info MODULES_DIR="$WORKING_DIR/modules" -if [ -d "$MODULES_DIR" ] -then +if [ -d "$MODULES_DIR" ]; then MODULES=$(find "$MODULES_DIR"/* -maxdepth 0 -type d -exec basename '{}' \; | sort -n) echo "Modules found: " @@ -24,6 +23,7 @@ then fi find_changed_layers() { + echo "Comparing current git revision to: $1" git diff --name-only "$1" -- "$LAYERS_DIR" | awk -F "/" '{print $2}' | sort -n | uniq } @@ -43,6 +43,7 @@ if [ -d "$LAYERS_DIR" ]; then GIT_BRANCH=${CIRCLE_BRANCH:-$(git rev-parse --abbrev-ref HEAD)} if [ "$GIT_BRANCH" = 'master' ]; then if [ -z "$(aws s3 ls s3://${TF_STATE_BUCKET}/tf-applied-revision.sha)" ]; then + echo "No tf-applied-revision.sha file found in s3://${TF_STATE_BUCKET}. Considering all layers changed." CHANGED_LAYERS=$LAYERS else REVISION=${CIRCLE_SHA1:-$(git rev-parse HEAD)} From 693591d2db6011514d24549f3014ae5480cbc51b Mon Sep 17 00:00:00 2001 From: JP Bochi Date: Mon, 24 Sep 2018 10:16:15 -0600 Subject: [PATCH 05/12] prefers comparing to s3://.../tf-applied-revision.sha even if from a non-master branch --- repository_template/bin/variables.sh | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/repository_template/bin/variables.sh b/repository_template/bin/variables.sh index 16c8475..ad10ab2 100755 --- a/repository_template/bin/variables.sh +++ b/repository_template/bin/variables.sh @@ -41,17 +41,16 @@ if [ -d "$LAYERS_DIR" ]; then else MASTER_REF=$(git rev-parse remotes/origin/master) GIT_BRANCH=${CIRCLE_BRANCH:-$(git rev-parse --abbrev-ref HEAD)} - if [ "$GIT_BRANCH" = 'master' ]; then - if [ -z "$(aws s3 ls s3://${TF_STATE_BUCKET}/tf-applied-revision.sha)" ]; then + if [ -z "$(aws s3 ls s3://${TF_STATE_BUCKET}/tf-applied-revision.sha)" ]; then + if [ "$GIT_BRANCH" = 'master' ]; then echo "No tf-applied-revision.sha file found in s3://${TF_STATE_BUCKET}. Considering all layers changed." CHANGED_LAYERS=$LAYERS else - REVISION=${CIRCLE_SHA1:-$(git rev-parse HEAD)} - aws s3 cp "s3://${TF_STATE_BUCKET}/tf-applied-revision.sha" ./last-tf-applied-revision.sha > /dev/null - CHANGED_LAYERS=$(find_changed_layers "$(cat ./last-tf-applied-revision.sha)") + CHANGED_LAYERS=$(find_changed_layers "$MASTER_REF") fi else - CHANGED_LAYERS=$(find_changed_layers "$MASTER_REF") + aws s3 cp "s3://${TF_STATE_BUCKET}/tf-applied-revision.sha" ./last-tf-applied-revision.sha > /dev/null + CHANGED_LAYERS=$(find_changed_layers "$(cat ./last-tf-applied-revision.sha)") fi echo $CHANGED_LAYERS > "$WORKSPACE_DIR/changed_layers" fi From 91e84365ab85539856c72f582c115729bb541554 Mon Sep 17 00:00:00 2001 From: JP Bochi Date: Mon, 24 Sep 2018 10:19:00 -0600 Subject: [PATCH 06/12] echoes to stderr to allow function output to be usable --- repository_template/bin/variables.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/repository_template/bin/variables.sh b/repository_template/bin/variables.sh index ad10ab2..7a3d6e9 100755 --- a/repository_template/bin/variables.sh +++ b/repository_template/bin/variables.sh @@ -23,7 +23,7 @@ if [ -d "$MODULES_DIR" ]; then fi find_changed_layers() { - echo "Comparing current git revision to: $1" + echo >&2 "Comparing current git revision to: $1" git diff --name-only "$1" -- "$LAYERS_DIR" | awk -F "/" '{print $2}' | sort -n | uniq } From 036075f118fb529366c23f6570fd0f81a5d02b80 Mon Sep 17 00:00:00 2001 From: JP Bochi Date: Mon, 24 Sep 2018 13:54:27 -0600 Subject: [PATCH 07/12] cant really test apply.sh right now --- .circleci/config.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index bcefee1..b715025 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -37,8 +37,8 @@ jobs: name: plan command: cd test && plan.sh - run: - name: apply - command: cd test && apply.sh || echo apply failed. + name: apply - Please test in a new PR for https://github.com/rackspace-infrastructure-automation/969282-aws-751845724670-Phoenix-Sandbox-Do-Not-Delete/ + command: 'cd test && apply.sh || echo "TODO: find a way to test apply.sh"' - run: name: destroy command: cd test && destroy.sh From 1efc390f1c440312c37385a963529f79b047c8ea Mon Sep 17 00:00:00 2001 From: JP Bochi Date: Mon, 24 Sep 2018 14:00:38 -0600 Subject: [PATCH 08/12] deprecates check_old.sh --- repository_template/bin/check_old.sh | 20 +------------------- repository_template/bin/variables.sh | 11 ++++++++++- 2 files changed, 11 insertions(+), 20 deletions(-) diff --git a/repository_template/bin/check_old.sh b/repository_template/bin/check_old.sh index 9b57ed5..fb20568 100755 --- a/repository_template/bin/check_old.sh +++ b/repository_template/bin/check_old.sh @@ -1,21 +1,3 @@ #!/bin/sh -set -e - -# be sure branch is up to date -git fetch origin -MASTER_REF=$(git rev-parse remotes/origin/master) - -. $(dirname $(realpath $0))/variables.sh - -# in the last hundred commits, is one of the parents in the current master? -set +e -git log --pretty=format:'%H' -n 100 | grep -q "$MASTER_REF" -UPTODATE=$? -set -e - -if [ $UPTODATE -ne 0 ] -then - echo "Your branch is not up to date. Exiting." - exit 1 -fi +echo >&2 'check_old.sh is DEPRECATED. Please, remove it from your CI script.' diff --git a/repository_template/bin/variables.sh b/repository_template/bin/variables.sh index 7a3d6e9..a4d5468 100755 --- a/repository_template/bin/variables.sh +++ b/repository_template/bin/variables.sh @@ -2,6 +2,16 @@ set -e +# be sure branch is up to date +git fetch origin +MASTER_REF=$(git rev-parse remotes/origin/master) + +# in the last hundred commits, is one of the parents in the current master? +if ! (git log --pretty=format:'%H' -n 100 | grep -q "$MASTER_REF"); then + echo >&2 'Your branch is not up to date. Exiting.' + exit 1 +fi + # standard paths WORKING_DIR=$(pwd) @@ -39,7 +49,6 @@ if [ -d "$LAYERS_DIR" ]; then if [ -f "$WORKSPACE_DIR/changed_layers" ]; then CHANGED_LAYERS=$(cat "$WORKSPACE_DIR/changed_layers") else - MASTER_REF=$(git rev-parse remotes/origin/master) GIT_BRANCH=${CIRCLE_BRANCH:-$(git rev-parse --abbrev-ref HEAD)} if [ -z "$(aws s3 ls s3://${TF_STATE_BUCKET}/tf-applied-revision.sha)" ]; then if [ "$GIT_BRANCH" = 'master' ]; then From 6f06b3c110b7d59867ef02f9aec027b2b449ea2a Mon Sep 17 00:00:00 2001 From: JP Bochi Date: Mon, 24 Sep 2018 18:17:00 -0600 Subject: [PATCH 09/12] only git fetch on lint.sh --- repository_template/bin/lint.sh | 10 ++++++++++ repository_template/bin/variables.sh | 11 +---------- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/repository_template/bin/lint.sh b/repository_template/bin/lint.sh index 749415f..a5d5ab5 100755 --- a/repository_template/bin/lint.sh +++ b/repository_template/bin/lint.sh @@ -2,6 +2,16 @@ set -e +# be sure branch is up to date +git fetch origin +MASTER_REF=$(git rev-parse remotes/origin/master) + +# in the last hundred commits, is one of the parents in the current master? +if ! (git log --pretty=format:'%H' -n 100 | grep -q "$MASTER_REF"); then + echo >&2 'Your branch is not up to date. Exiting.' + exit 1 +fi + . $(dirname $(realpath $0))/variables.sh terraform fmt -check -diff diff --git a/repository_template/bin/variables.sh b/repository_template/bin/variables.sh index a4d5468..f39e6e7 100755 --- a/repository_template/bin/variables.sh +++ b/repository_template/bin/variables.sh @@ -2,17 +2,8 @@ set -e -# be sure branch is up to date -git fetch origin -MASTER_REF=$(git rev-parse remotes/origin/master) - -# in the last hundred commits, is one of the parents in the current master? -if ! (git log --pretty=format:'%H' -n 100 | grep -q "$MASTER_REF"); then - echo >&2 'Your branch is not up to date. Exiting.' - exit 1 -fi - # standard paths +MASTER_REF=$(git rev-parse remotes/origin/master) WORKING_DIR=$(pwd) # ensure workspace dir is always present From e82442295a41845fe508ecaa05b7e8fe32a2d371 Mon Sep 17 00:00:00 2001 From: JP Bochi Date: Mon, 24 Sep 2018 18:35:42 -0600 Subject: [PATCH 10/12] also tags and pushes by branch name --- .circleci/config.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index b715025..3084f1a 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -14,10 +14,11 @@ jobs: - deploy: name: Build rackspace-toolbox containers command: | - docker build -t rackspace-toolbox:$CIRCLE_SHA1 -f toolbox/Dockerfile . + docker build -t rackautomation/rackspace-toolbox:$CIRCLE_SHA1 -f toolbox/Dockerfile . docker login -u $DOCKER_USER -p $DOCKER_PASS - docker tag rackspace-toolbox:$CIRCLE_SHA1 rackautomation/rackspace-toolbox:$CIRCLE_SHA1 docker push rackautomation/rackspace-toolbox:$CIRCLE_SHA1 + docker tag rackautomation/rackspace-toolbox:$CIRCLE_SHA1 rackautomation/rackspace-toolbox:${CIRCLE_BRANCH//\//_} + docker push rackautomation/rackspace-toolbox:${CIRCLE_BRANCH//\//_} test_toolbox: docker: From 340efc1d3f6e043af66ba79a8e5c9ad0fac6d025 Mon Sep 17 00:00:00 2001 From: JP Bochi Date: Tue, 25 Sep 2018 09:12:33 -0600 Subject: [PATCH 11/12] un-deprecate check_old.sh --- repository_template/bin/check_old.sh | 9 ++++++++- repository_template/bin/lint.sh | 10 ---------- 2 files changed, 8 insertions(+), 11 deletions(-) diff --git a/repository_template/bin/check_old.sh b/repository_template/bin/check_old.sh index fb20568..b1f232b 100755 --- a/repository_template/bin/check_old.sh +++ b/repository_template/bin/check_old.sh @@ -1,3 +1,10 @@ #!/bin/sh -echo >&2 'check_old.sh is DEPRECATED. Please, remove it from your CI script.' +# be sure branch is up to date +git fetch origin + +# in the last hundred commits, is one of the parents in the current master? +if ! (git log --pretty=format:'%H' -n 100 | grep -q "$(git rev-parse remotes/origin/master)"); then + echo >&2 'Your branch is not up to date. Exiting.' + exit 1 +fi diff --git a/repository_template/bin/lint.sh b/repository_template/bin/lint.sh index a5d5ab5..749415f 100755 --- a/repository_template/bin/lint.sh +++ b/repository_template/bin/lint.sh @@ -2,16 +2,6 @@ set -e -# be sure branch is up to date -git fetch origin -MASTER_REF=$(git rev-parse remotes/origin/master) - -# in the last hundred commits, is one of the parents in the current master? -if ! (git log --pretty=format:'%H' -n 100 | grep -q "$MASTER_REF"); then - echo >&2 'Your branch is not up to date. Exiting.' - exit 1 -fi - . $(dirname $(realpath $0))/variables.sh terraform fmt -check -diff From 9dac58a9647172b02c764cdac1006524b9a3bffe Mon Sep 17 00:00:00 2001 From: JP Bochi Date: Tue, 25 Sep 2018 09:19:21 -0600 Subject: [PATCH 12/12] prefix branch tags of pushed docker images --- .circleci/config.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 3084f1a..77a8378 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -17,8 +17,8 @@ jobs: docker build -t rackautomation/rackspace-toolbox:$CIRCLE_SHA1 -f toolbox/Dockerfile . docker login -u $DOCKER_USER -p $DOCKER_PASS docker push rackautomation/rackspace-toolbox:$CIRCLE_SHA1 - docker tag rackautomation/rackspace-toolbox:$CIRCLE_SHA1 rackautomation/rackspace-toolbox:${CIRCLE_BRANCH//\//_} - docker push rackautomation/rackspace-toolbox:${CIRCLE_BRANCH//\//_} + docker tag rackautomation/rackspace-toolbox:$CIRCLE_SHA1 rackautomation/rackspace-toolbox:branch_${CIRCLE_BRANCH//\//_} + docker push rackautomation/rackspace-toolbox:branch_${CIRCLE_BRANCH//\//_} test_toolbox: docker: