Skip to content

Commit 4021806

Browse files
JancisJancis
authored
Merge pull request #41 from wunderio/feature/bash-refactor-quoting-etc
Refactor bash scripts.
2 parents c658fd9 + eeafc50 commit 4021806

1 file changed

Lines changed: 130 additions & 83 deletions

File tree

orb.yml

Lines changed: 130 additions & 83 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,8 @@ jobs:
3636
- run:
3737
name: Silta basic checks
3838
command: |
39+
set -euo pipefail
40+
3941
files=(
4042
silta/silta.yml
4143
silta/silta-prod.yml
@@ -46,8 +48,8 @@ jobs:
4648
web/.dockerignore
4749
)
4850
49-
for file in ${files[@]}; do
50-
if [ -f $file ]; then
51+
for file in "${files[@]}"; do
52+
if [ -f "$file" ]; then
5153
echo "✅ $file is present"
5254
else
5355
echo "❌ $file is missing from the repository."
@@ -159,13 +161,15 @@ jobs:
159161
- run:
160162
name: Deploy helm release
161163
command: |
162-
helm upgrade --install $RELEASE_NAME <<parameters.chart_name>> \
163-
--repo "<<parameters.chart_repository>>" \
164-
--set environmentName=$CIRCLE_BRANCH \
165-
--set frontend.image=$DOCKER_REPO_HOST/$DOCKER_REPO_PROJ/${CIRCLE_PROJECT_REPONAME,,}-node:$node_HASH \
164+
set -euo pipefail
165+
reponame="${CIRCLE_PROJECT_REPONAME,,}"
166+
helm upgrade --install "$RELEASE_NAME" '<<parameters.chart_name>>' \
167+
--repo '<<parameters.chart_repository>>' \
168+
--set environmentName="$CIRCLE_BRANCH" \
169+
--set frontend.image="$DOCKER_REPO_HOST/$DOCKER_REPO_PROJ/$reponame-node:$node_HASH" \
166170
--set clusterDomain=$CLUSTER_DOMAIN \
167-
--namespace=${CIRCLE_PROJECT_REPONAME,,} \
168-
--values <<parameters.silta_config>>
171+
--namespace="$reponame" \
172+
--values '<<parameters.silta_config>>'
169173
170174
- helm-release-information
171175

@@ -176,8 +180,9 @@ commands:
176180
- run:
177181
name: phpcs validation
178182
command: |
179-
if [ -f vendor/bin/phpcs ]
180-
then
183+
set -euo pipefail
184+
185+
if [ -f vendor/bin/phpcs ]; then
181186
vendor/bin/phpcs --config-set installed_paths vendor/drupal/coder/coder_sniffer
182187
vendor/bin/phpcs --standard=phpcs.xml -s --colors
183188
else
@@ -200,25 +205,33 @@ commands:
200205
steps:
201206
- run:
202207
name: composer install
203-
command: composer install -n --prefer-dist --ignore-platform-reqs --optimize-autoloader
208+
command: |
209+
set -euo pipefail
210+
211+
composer install -n --prefer-dist --ignore-platform-reqs --optimize-autoloader
204212
205213
- unless:
206214
condition: <<parameters.install-dev-dependencies>>
207215
steps:
208216
- run:
209217
name: composer install
210-
command: composer install -n --prefer-dist --ignore-platform-reqs --no-dev --optimize-autoloader
211-
212-
- run:
213-
name: Clean up vendor tests
214218
command: |
215-
for directory in vendor web/core web/*/contrib
216-
do
217-
if [ -d $directory ]
218-
then
219-
find $directory \( -name .git -o -name test -o -name tests -o -name Tests \) | xargs rm -rf
220-
fi
221-
done
219+
set -euo pipefail
220+
221+
composer install -n --prefer-dist --ignore-platform-reqs --no-dev --optimize-autoloader
222+
223+
- run:
224+
name: Clean up vendor tests
225+
command: |
226+
set -euo pipefail
227+
228+
for directory in vendor web/core web/*/contrib
229+
do
230+
if [ -d "$directory" ]
231+
then
232+
find "$directory" \( -name .git -o -name test -o -name tests -o -name Tests \) -print0 | xargs -0 rm -rf
233+
fi
234+
done
222235
223236
- save_cache:
224237
paths:
@@ -261,35 +274,37 @@ commands:
261274
- run:
262275
name: Build <<parameters.identifier>> docker image
263276
command: |
264-
IMAGE_URL=$DOCKER_REPO_HOST/$DOCKER_REPO_PROJ/${CIRCLE_PROJECT_REPONAME,,}-<<parameters.identifier>>
277+
set -euo pipefail
278+
279+
image_url="$DOCKER_REPO_HOST/$DOCKER_REPO_PROJ/${CIRCLE_PROJECT_REPONAME,,}"-'<<parameters.identifier>>'
265280
266281
# Only exclude files
267-
if [ -f <<parameters.path>>/.dockerignore ]
282+
exclude_dockerignore=''
283+
if [ -f '<<parameters.path>>/.dockerignore' ]
268284
then
269-
EXCLUDE_DOCKERIGNORE="--exclude-from=<<parameters.path>>/.dockerignore"
285+
exclude_dockerignore=--exclude-from='<<parameters.path>>'/.dockerignore
270286
fi
271287
272288
# Take a hash of all files in the folder except those ignored by docker.
273289
# Also make sure modification time or order play no role.
274-
IMAGE_TAG=`tar \
290+
image_tag=$(tar \
275291
--sort=name \
276-
$EXCLUDE_DOCKERIGNORE \
292+
"$exclude_dockerignore" \
277293
--exclude=vendor/composer \
278294
--exclude=vendor/autoload.php \
279295
--mtime='2000-01-01 00:00Z' \
280296
--clamp-mtime \
281-
-cf - <<parameters.path>> <<parameters.dockerfile>> | sha1sum | cut -c 1-40`
297+
-cf - '<<parameters.path>>' '<<parameters.dockerfile>>' | sha1sum | cut -c 1-40)
282298
283-
if gcloud container images list-tags $IMAGE_URL | grep -q $IMAGE_TAG;
284-
then
299+
if gcloud container images list-tags "$image_url" | grep -q "$image_tag"; then
285300
echo "This <<parameters.identifier>> image has already been built, the existing image from the Docker repository will be used."
286301
else
287-
docker build -t $IMAGE_URL:$IMAGE_TAG -f <<parameters.dockerfile>> <<parameters.path>>
288-
docker push $IMAGE_URL:$IMAGE_TAG
302+
docker build -t "$image_url:$image_tag" -f '<<parameters.dockerfile>>' '<<parameters.path>>'
303+
docker push "$image_url:$image_tag"
289304
fi
290305
291306
# Persist the image tag so it is available during deployment.
292-
echo "export <<parameters.identifier>>_HASH='$IMAGE_TAG'" >> $BASH_ENV
307+
echo "export <<parameters.identifier>>_HASH='$image_tag'" >> "$BASH_ENV"
293308
294309
npm-install-build:
295310
parameters:
@@ -311,13 +326,17 @@ commands:
311326
- run:
312327
name: Install frontend dependencies
313328
command: |
314-
cd <<parameters.path>>
329+
set -euo pipefail
330+
331+
cd '<<parameters.path>>'
315332
npm install
316333
317334
- run:
318335
name: Build frontend
319336
command: |
320-
cd <<parameters.path>>
337+
set -euo pipefail
338+
339+
cd '<<parameters.path>>'
321340
<<parameters.build-command>>
322341
323342
- save_cache:
@@ -345,13 +364,17 @@ commands:
345364
- run:
346365
name: Install frontend dependencies
347366
command: |
348-
cd <<parameters.path>>
367+
set -euo pipefail
368+
369+
cd '<<parameters.path>>'
349370
yarn install
350371
351372
- run:
352373
name: Build frontend
353374
command: |
354-
cd <<parameters.path>>
375+
set -euo pipefail
376+
377+
cd '<<parameters.path>>'
355378
<<parameters.build-command>>
356379
357380
- save_cache:
@@ -363,7 +386,10 @@ commands:
363386
steps:
364387
- run:
365388
name: Login to the docker registry
366-
command: echo $GCLOUD_KEY_JSON | docker login -u _json_key --password-stdin https://$DOCKER_REPO_HOST
389+
command: |
390+
set -euo pipefail
391+
392+
printenv GCLOUD_KEY_JSON | docker login -u _json_key --password-stdin "https://$DOCKER_REPO_HOST"
367393
368394
drupal-docker-build:
369395
steps:
@@ -391,46 +417,54 @@ commands:
391417
- run:
392418
name: Set release name
393419
command: |
420+
set -euo pipefail
421+
394422
# Release name length is 37 chars long, which leaves max 16 chars for kubernetes resource name.
395423
# Release name is prefixed with w because it _HAS_ to start with alphabetic character. w 4 wunder.
396-
BRANCHNAME_LOWER=${CIRCLE_BRANCH,,}
397-
BRANCHNAME=${BRANCHNAME_LOWER//[^[:alnum:]]/-}
398-
BRANCHNAME_HASH=$(echo -n $BRANCHNAME | shasum -a 256 | cut -c 1-4 )
399-
BRANCHNAME_TRUNCATED=$(echo $BRANCHNAME | cut -c 1-15 | sed 's/^\(.*\)-$/\1/' )
400-
REPONAME=${CIRCLE_PROJECT_REPONAME,,}
401-
REPONAME_HASH=$(echo -n $REPONAME | shasum -a 256 | cut -c 1-4 )
402-
REPONAME_TRUNCATED=$(echo $REPONAME | cut -c 1-15 | sed 's/^\(.*\)-$/\1/' )
424+
branchname_lower="${CIRCLE_BRANCH,,}"
425+
branchname="${branchname_lower//[^[:alnum:]]/-}"
426+
branchname_hash=$(printf "$branchname" | shasum -a 256 | cut -c 1-4 )
427+
branchname_truncated=$(printf "$branchname" | cut -c 1-15 | sed 's/^\(.*\)-$/\1/' )
428+
reponame="${CIRCLE_PROJECT_REPONAME,,}"
429+
reponame_hash=$(printf "$reponame" | shasum -a 256 | cut -c 1-4 )
430+
reponame_truncated=$(printf "$reponame" | cut -c 1-15 | sed 's/^\(.*\)-$/\1/' )
403431
# Truncate long names
404-
if [ ${#BRANCHNAME} -ge 20 ]; then BRANCHNAME=$BRANCHNAME_TRUNCATED-$BRANCHNAME_HASH; fi;
405-
if [ ${#REPONAME} -ge 20 ]; then REPONAME=$REPONAME_TRUNCATED-$REPONAME_HASH; fi;
406-
echo "export RELEASE_NAME='$REPONAME--$BRANCHNAME'" >> $BASH_ENV
432+
if [ ${#branchname} -ge 20 ]; then branchname="$branchname_truncated-$branchname_hash"; fi
433+
if [ ${#reponame} -ge 20 ]; then reponame="$reponame_truncated-$reponame_hash"; fi
434+
name="$reponame--$branchname"
435+
echo "export RELEASE_NAME='$name'" >> "$BASH_ENV"
407436
408-
echo "The release name for this branch is $REPONAME--$BRANCHNAME"
437+
echo "The release name for this branch is $name"
409438
410439
gcloud-login:
411440
steps:
412441
- run:
413442
name: Google Cloud login
414443
command: |
444+
set -euo pipefail
445+
415446
# Save key, authenticate and set compute zone.
416-
echo $GCLOUD_KEY_JSON > ${HOME}/gcloud-service-key.json
417-
gcloud auth activate-service-account --key-file=${HOME}/gcloud-service-key.json --project $GCLOUD_PROJECT_NAME
418-
gcloud config set compute/zone $GCLOUD_COMPUTE_ZONE
447+
printenv GCLOUD_KEY_JSON > "$HOME/gcloud-service-key.json"
448+
gcloud auth activate-service-account --key-file="$HOME/gcloud-service-key.json" --project "$GCLOUD_PROJECT_NAME"
449+
gcloud config set compute/zone "$GCLOUD_COMPUTE_ZONE"
419450
420451
# Updates a kubeconfig file with appropriate credentials and endpoint information.
421-
gcloud container clusters get-credentials $GCLOUD_CLUSTER_NAME --zone $GCLOUD_COMPUTE_ZONE --project $GCLOUD_PROJECT_NAME
452+
gcloud container clusters get-credentials "$GCLOUD_CLUSTER_NAME" --zone "$GCLOUD_COMPUTE_ZONE" --project "$GCLOUD_PROJECT_NAME"
422453
423454
helm-cleanup:
424455
steps:
425456
- run:
426457
name: Clean up failed Helm releases
427458
command: |
428-
if [[ "$( helm list --failed | grep $RELEASE_NAME | cut -f2 )" -eq 1 ]]; then
459+
set -euo pipefail
460+
reponame="${CIRCLE_PROJECT_REPONAME,,}"
461+
462+
if [[ $( helm list --failed | grep "$RELEASE_NAME" | cut -f2 ) -eq 1 ]]; then
429463
# Remove any existing post-release hook, since it's technically not part of the release.
430-
kubectl delete job -n ${CIRCLE_PROJECT_REPONAME,,} $RELEASE_NAME-post-release 2> /dev/null || true
464+
kubectl delete job -n "$reponame" "$RELEASE_NAME-post-release" 2> /dev/null || true
431465
432466
echo "Removing failed first release"
433-
helm delete --purge $RELEASE_NAME
467+
helm delete --purge "$RELEASE_NAME"
434468
435469
echo -n "Waiting for volumes to be deleted."
436470
until [[ -z `kubectl get pv | grep "$RELEASE_NAME-public-files"` ]]
@@ -463,22 +497,28 @@ commands:
463497
- run:
464498
name: Deploy helm release
465499
command: |
500+
set -euo pipefail
466501
467502
# Secret management
468-
if [[ ! -z "<<parameters.decrypt_files>>" ]]; then
503+
secrets='<<parameters.decrypt_files>>'
504+
if [[ ! -z "$secrets" ]]; then
469505
echo "Decrypting secrets"
470-
secrets="<<parameters.decrypt_files>>"
471-
for i in ${secrets//,/}; do
472-
echo $i;
473-
openssl enc -d -aes-256-cbc -pbkdf2 -in $i -out $i.tmp -pass pass:${SECRET_KEY};
474-
mv $i.tmp $i;
506+
for file in ${secrets//,/}
507+
do
508+
echo "$file"
509+
tmp=$(mktemp)
510+
openssl enc -d -aes-256-cbc -pbkdf2 -in "$file" -out "$tmp" -pass env:SECRET_KEY
511+
mv -v "$tmp" "$file"
475512
done
476513
fi
477514
515+
reponame="${CIRCLE_PROJECT_REPONAME,,}"
516+
478517
# Disable reference data if the required volume is not present.
479-
REFERENCE_VOLUME=`kubectl get pv | grep "${CIRCLE_PROJECT_REPONAME,,}\/.*-reference-data"` || true
480-
if [[ -z $REFERENCE_VOLUME ]] ; then
481-
REFERENCE_DATA_OVERRIDE="--set referenceData.skipMount=true"
518+
reference_volume=$(kubectl get pv | grep --extended-regexp "$reponame/.*-reference-data") || true
519+
reference_data_override=''
520+
if [[ -z "$reference_volume" ]] ; then
521+
reference_data_override='--set referenceData.skipMount=true'
482522
fi
483523
484524
# Structure IP whitelist
@@ -496,37 +536,44 @@ commands:
496536
497537
# Override Database credentials if specified
498538
if [[ ! -z "$DB_ROOT_PASS" ]] ; then
499-
DB_ROOT_PASS_OVERRIDE="--set mariadb.rootUser.password=$DB_ROOT_PASS"
539+
db_root_pass_override="--set mariadb.rootUser.password=$DB_ROOT_PASS"
500540
fi
501541
if [[ ! -z "$DB_USER_PASS" ]] ; then
502-
DB_USER_PASS_OVERRIDE="--set mariadb.db.password=$DB_USER_PASS"
542+
db_user_pass_override="--set mariadb.db.password=$DB_USER_PASS"
503543
fi
504544
505-
helm upgrade --install $RELEASE_NAME <<parameters.chart_name>> \
506-
--repo "<<parameters.chart_repository>>" \
507-
--set environmentName=$CIRCLE_BRANCH \
508-
--set php.image=$DOCKER_REPO_HOST/$DOCKER_REPO_PROJ/${CIRCLE_PROJECT_REPONAME,,}-php:$php_HASH \
509-
--set nginx.image=$DOCKER_REPO_HOST/$DOCKER_REPO_PROJ/${CIRCLE_PROJECT_REPONAME,,}-nginx:$nginx_HASH \
510-
--set shell.image=$DOCKER_REPO_HOST/$DOCKER_REPO_PROJ/${CIRCLE_PROJECT_REPONAME,,}-shell:$shell_HASH \
511-
$DB_ROOT_PASS_OVERRIDE \
512-
$DB_USER_PASS_OVERRIDE \
513-
--set shell.gitAuth.repositoryUrl="${CIRCLE_REPOSITORY_URL}" \
514-
--set shell.gitAuth.apiToken="${GITAUTH_API_TOKEN}" \
515-
--set clusterDomain=$CLUSTER_DOMAIN \
516-
$REFERENCE_DATA_OVERRIDE \
517-
--namespace=${CIRCLE_PROJECT_REPONAME,,} \
518-
--values <<parameters.silta_config>>
545+
helm upgrade --install "$RELEASE_NAME" '<<parameters.chart_name>>' \
546+
--repo '<<parameters.chart_repository>>' \
547+
--set environmentName="$CIRCLE_BRANCH" \
548+
--set php.image="$DOCKER_REPO_HOST/$DOCKER_REPO_PROJ/$reponame-php:$php_HASH" \
549+
--set nginx.image="$DOCKER_REPO_HOST/$DOCKER_REPO_PROJ/$reponame-nginx:$nginx_HASH" \
550+
--set shell.image="$DOCKER_REPO_HOST/$DOCKER_REPO_PROJ/$reponame-shell:$shell_HASH" \
551+
$db_root_pass_override \
552+
$db_user_pass_override \
553+
--set shell.gitAuth.repositoryUrl="$CIRCLE_REPOSITORY_URL" \
554+
--set shell.gitAuth.apiToken="$GITAUTH_API_TOKEN" \
555+
--set clusterDomain="$CLUSTER_DOMAIN" \
556+
$reference_data_override \
557+
--namespace="$reponame" \
558+
--values '<<parameters.silta_config>>'
519559
520560
- run:
521561
name: Deployment log
522562
when: always
523563
command: |
524-
kubectl logs job/${RELEASE_NAME}-post-release -n ${CIRCLE_PROJECT_REPONAME,,} -f --timestamps=true
564+
set -euo pipefail
565+
reponame="${CIRCLE_PROJECT_REPONAME,,}"
566+
kubectl logs "job/$RELEASE_NAME-post-release" -n "$reponame" -f --timestamps=true
525567
526568
- run:
527569
name: Wait for resources to be ready
528570
command: |
571+
set -euo pipefail
572+
reponame="${CIRCLE_PROJECT_REPONAME,,}"
529573
# Get all deployments in the release and check the status of each one.
530-
kubectl get deployment -n ${CIRCLE_PROJECT_REPONAME,,} -l release=${RELEASE_NAME} -o name | xargs -n 1 kubectl rollout status -n ${CIRCLE_PROJECT_REPONAME,,}
574+
kubectl get deployment -n "$reponame" -l "release=${RELEASE_NAME}" -o name | xargs -n 1 kubectl rollout status -n "$reponame"
575+
576+
# Display only the part following NOTES from the helm status.
577+
helm status "$RELEASE_NAME" | sed -e '1,/NOTES/d'
531578
532579
- helm-release-information

0 commit comments

Comments
 (0)