-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathbuild.sh
executable file
·147 lines (120 loc) · 3.54 KB
/
build.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
#!/bin/bash
# vim: et sr sw=4 ts=4 smartindent:
# helper script to generate label data for docker image during building
#
# docker_build will generate an image tagged :candidate
#
# It is a post-step to tag that appropriately and push to repo
MIN_DOCKER=1.11.0
GIT_SHA_LEN=8
IMG_TAG=candidate
version_gt() {
[[ "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1" ]]
}
valid_docker_version() {
v=$(docker --version | grep -Po '\b\d+\.\d+\.\d+\b')
if version_gt $MIN_DOCKER $v
then
echo "ERROR: need min docker version $MIN_DOCKER" >&2
return 1
fi
}
awscli_version() {
_pypi_pkg_version 'awscli'
}
credstash_version() {
_pypi_pkg_version 'credstash'
}
_pypi_pkg_version() {
local pkg="$1"
local uri="https://pypi.python.org/pypi/$pkg/json"
curl -s --retry 5 \
--retry-max-time 20 $uri \
| jq -r '.releases | keys | .[]' \
2>/dev/null \
| sort --version-sort \
| tail -1 || return 1
}
alpine_img(){
grep -Po '(?<=^FROM ).*' Dockerfile
}
init_apk_versions() {
local img="$1"
docker pull $img >/dev/null 2>&1 || return 1
}
apk_pkg_version() {
local img="$1"
local pkg="$2"
docker run -i --rm $img apk --no-cache --update info $pkg \
| grep -Po "(?<=^$pkg-)[^ ]+(?= description:)" | head -n 1
}
terraform_version() {
grep -Po '(?<=\bTERRAFORM_VERSION=)[0-9\.]+' Dockerfile
}
terraform_provider_version() {
local n="$1" # provider name
grep -Po "(?<=^${n}=)[0-9\.]+" assets/provider.versions
}
built_by() {
local user="--UNKNOWN--"
if [[ ! -z "${BUILD_URL}" ]]; then
user="${BUILD_URL}"
elif [[ ! -z "${AWS_PROFILE}" ]] || [[ ! -z "${AWS_ACCESS_KEY_ID}" ]]; then
user="$(aws iam get-user --query 'User.UserName' --output text)@$HOSTNAME"
else
user="$(git config --get user.name)@$HOSTNAME"
fi
echo "$user"
}
git_uri(){
git config remote.origin.url || echo 'no-remote'
}
git_sha(){
git rev-parse --short=${GIT_SHA_LEN} --verify HEAD
}
git_branch(){
r=$(git rev-parse --abbrev-ref HEAD)
[[ -z "$r" ]] && echo "ERROR: no rev to parse when finding branch? " >&2 && return 1
[[ "$r" == "HEAD" ]] && r="from-a-tag"
echo "$r"
}
img_name(){
(
set -o pipefail;
grep -Po '(?<=[nN]ame=")[^"]+' Dockerfile | head -n 1
)
}
labels() {
local ai av cv jv tv bb gu gs gb gt
ai=$(alpine_img) || return 1
init_apk_versions $ai || return 1
tv=$(terraform_version) && [[ -z "$tv" ]] && return 1
bb=$(built_by) || return 1
gu=$(git_uri) || return 1
gs=$(git_sha) || return 1
gb=$(git_branch) || return 1
gt=$(git describe 2>/dev/null || echo "no-git-tag")
cat<<EOM
--label version=$(date +'%Y%m%d%H%M%S')
--label opsgang.terraform_version=$tv
--label opsgang.build_git_uri=$gu
--label opsgang.build_git_sha=$gs
--label opsgang.build_git_branch=$gb
--label opsgang.build_git_tag=$gt
--label opsgang.built_by="$bb"
EOM
}
docker_build(){
valid_docker_version || return 1
labels=$(labels) || return 1
n=$(img_name) || return 1
echo "INFO: adding these labels:"
echo "$labels"
echo "INFO: building $n:$IMG_TAG"
# if github token in env, use it as --arg to docker build.
github_token="${GITHUB_OAUTH_TOKEN:-$GITHUB_TOKEN}"
export GITHUB_OAUTH_TOKEN="${github_token}"
[[ ! -z "$github_token" ]] && echo "using github token ..." && args="--build-arg GITHUB_OAUTH_TOKEN"
docker build $args --no-cache=true --force-rm $labels -t $n:$IMG_TAG .
}
docker_build