From 5477db32c5929f5ae1cf8fa888d3f9c025981c3a Mon Sep 17 00:00:00 2001 From: ruowen Date: Tue, 3 Apr 2018 15:32:49 +0800 Subject: [PATCH] add gerrit image --- gerrit/Dockerfile | 8 ++ gerrit/LICENSE | 202 ++++++++++++++++++++++++++++++++ gerrit/README.md | 9 ++ gerrit/createGerrit.sh | 68 +++++++++++ gerrit/destroyGerrit.sh | 10 ++ gerrit/gerrit-create-group.sh | 68 +++++++++++ gerrit/gerrit-create-user.sh | 113 ++++++++++++++++++ gerrit/gerrit-init.nohup | 13 ++ gerrit/gerrit-upload-ssh-key.sh | 84 +++++++++++++ gerrit/gerrit-user-to-group.sh | 80 +++++++++++++ gerrit/setupGerrit.sh | 73 ++++++++++++ gerrit/upgradeGerrit.sh | 50 ++++++++ 12 files changed, 778 insertions(+) create mode 100644 gerrit/Dockerfile create mode 100644 gerrit/LICENSE create mode 100644 gerrit/README.md create mode 100755 gerrit/createGerrit.sh create mode 100755 gerrit/destroyGerrit.sh create mode 100644 gerrit/gerrit-create-group.sh create mode 100644 gerrit/gerrit-create-user.sh create mode 100644 gerrit/gerrit-init.nohup create mode 100644 gerrit/gerrit-upload-ssh-key.sh create mode 100644 gerrit/gerrit-user-to-group.sh create mode 100755 gerrit/setupGerrit.sh create mode 100755 gerrit/upgradeGerrit.sh diff --git a/gerrit/Dockerfile b/gerrit/Dockerfile new file mode 100644 index 0000000..dda7b71 --- /dev/null +++ b/gerrit/Dockerfile @@ -0,0 +1,8 @@ +FROM openfrontier/gerrit:latest + +MAINTAINER xt + +COPY gerrit-create-user.sh /usr/local/bin/gerrit-create-user.sh +COPY gerrit-upload-ssh-key.sh /usr/local/bin/gerrit-upload-ssh-key.sh +COPY gerrit-init.nohup /docker-entrypoint-init.d/gerrit-init.nohup +RUN chmod +x /usr/local/bin/*.sh /docker-entrypoint-init.d/gerrit-init.nohup diff --git a/gerrit/LICENSE b/gerrit/LICENSE new file mode 100644 index 0000000..8f71f43 --- /dev/null +++ b/gerrit/LICENSE @@ -0,0 +1,202 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/gerrit/README.md b/gerrit/README.md new file mode 100644 index 0000000..c5f4891 --- /dev/null +++ b/gerrit/README.md @@ -0,0 +1,9 @@ +# gerrit-ci docker +This docker image is an extension of the [Gerrit docker](https://hub.docker.com/r/openfrontier/gerrit/). + +## Usage +This project is utilized by the [ci-compose project](https://github.com/openfrontier/ci-compose) to demonstrate how to start a gerrit-jenkins-nexus environment in seconds. +This project can also be utilized as a demo about how to extend the [Gerrit docker](https://hub.docker.com/r/openfrontier/gerrit/) by adding a nohup script to accomplish some setup works while the Gerrit service is starting up. + +## Todo +Fix createGerrit.sh, destroyGerrit.sh and upgradeGerrit.sh in order to make it works with the [ci project](https://github.com/openfrontier/ci). diff --git a/gerrit/createGerrit.sh b/gerrit/createGerrit.sh new file mode 100755 index 0000000..bf2f692 --- /dev/null +++ b/gerrit/createGerrit.sh @@ -0,0 +1,68 @@ +#!/bin/bash +set -e +GERRIT_WEBURL=${GERRIT_WEBURL:-$1} +LDAP_SERVER=${LDAP_SERVER:-$2} +LDAP_ACCOUNTBASE=${LDAP_ACCOUNTBASE:-$3} +SMTP_SERVER=${SMTP_SERVER:-$4} +USER_EMAIL=${USER_EMAIL:-$5} +SMTP_USER=${SMTP_USER:-$6} +SMTP_PASS=${SMTP_PASS:-$7} +HTTPD_LISTENURL=${HTTPD_LISTENURL:-http://*:8080} +GERRIT_NAME=${GERRIT_NAME:-gerrit} +GERRIT_VOLUME=${GERRIT_VOLUME:-gerrit-volume} +PG_GERRIT_NAME=${PG_GERRIT_NAME:-pg-gerrit} +GERRIT_IMAGE_NAME=${GERRIT_IMAGE_NAME:-openfrontier/gerrit-ci} +POSTGRES_IMAGE=${POSTGRES_IMAGE:-postgres} +CI_NETWORK=${CI_NETWORK:-ci-network} + +# Start PostgreSQL. +docker volume create --name pg-gerrit-volume + +docker run \ +--name ${PG_GERRIT_NAME} \ +--net ${CI_NETWORK} \ +--volume pg-gerrit-volume:/var/lib/postgresql/data \ +-P \ +-e POSTGRES_USER=gerrit2 \ +-e POSTGRES_PASSWORD=gerrit \ +-e POSTGRES_DB=reviewdb \ +--restart=unless-stopped \ +-d ${POSTGRES_IMAGE} + +while [ -z "$(docker logs ${PG_GERRIT_NAME} 2>&1 | grep 'autovacuum launcher started')" ]; do + echo "Waiting postgres ready." + sleep 1 +done + +# Create Gerrit volume. +docker volume create --name ${GERRIT_VOLUME} + +# Start Gerrit. +docker run \ +--name ${GERRIT_NAME} \ +--net ${CI_NETWORK} \ +-p 29418:29418 \ +--volume ${GERRIT_VOLUME}:/var/gerrit/review_site \ +-e WEBURL=${GERRIT_WEBURL} \ +-e HTTPD_LISTENURL=${HTTPD_LISTENURL} \ +-e DATABASE_TYPE=postgresql \ +-e DB_PORT_5432_TCP_ADDR=${PG_GERRIT_NAME} \ +-e DB_PORT_5432_TCP_PORT=5432 \ +-e DB_ENV_POSTGRES_DB=reviewdb \ +-e DB_ENV_POSTGRES_USER=gerrit2 \ +-e DB_ENV_POSTGRES_PASSWORD=gerrit \ +-e AUTH_TYPE=LDAP \ +-e LDAP_SERVER=${LDAP_SERVER} \ +-e LDAP_ACCOUNTBASE=${LDAP_ACCOUNTBASE} \ +-e SMTP_SERVER=${SMTP_SERVER} \ +-e SMTP_USER=${SMTP_USER} \ +-e SMTP_PASS=${SMTP_PASS} \ +-e USER_EMAIL=${USER_EMAIL} \ +-e GERRIT_INIT_ARGS='--install-plugin=download-commands --install-plugin=replication' \ +-e INITIAL_ADMIN_USER=${GERRIT_ADMIN_UID} \ +-e INITIAL_ADMIN_PASSWORD=${GERRIT_ADMIN_PWD} \ +-e JENKINS_HOST=jenkins \ +-e GITWEB_TYPE=gitiles \ +--restart=unless-stopped \ +-d ${GERRIT_IMAGE_NAME} + diff --git a/gerrit/destroyGerrit.sh b/gerrit/destroyGerrit.sh new file mode 100755 index 0000000..622943e --- /dev/null +++ b/gerrit/destroyGerrit.sh @@ -0,0 +1,10 @@ +#!/bin/bash +GERRIT_NAME=${GERRIT_NAME:-gerrit} +GERRIT_VOLUME=${GERRIT_VOLUME:-gerrit-volume} +PG_GERRIT_NAME=${PG_GERRIT_NAME:-pg-gerrit} +docker stop ${GERRIT_NAME} +docker rm -v ${GERRIT_NAME} +docker volume rm ${GERRIT_VOLUME} +docker stop ${PG_GERRIT_NAME} +docker rm -v ${PG_GERRIT_NAME} +docker volume rm pg-gerrit-volume diff --git a/gerrit/gerrit-create-group.sh b/gerrit/gerrit-create-group.sh new file mode 100644 index 0000000..a13c533 --- /dev/null +++ b/gerrit/gerrit-create-group.sh @@ -0,0 +1,68 @@ +#!/usr/bin/env bash + +set -e + +# Usage +usage() { + echo "Usage:" + echo " ${0} -A -P -g " + exit 1 +} + +# Constants +SLEEP_TIME=10 +MAX_RETRY=10 + +while getopts "A:P:g:" opt; do + case "${opt}" in + A) + admin_user=${OPTARG} + ;; + P) + admin_password=${OPTARG} + ;; + g) + target_group=${OPTARG} + ;; + *) + echo "Invalid parameter(s) or option(s)." + usage + ;; + esac +done + +# Validate options +if [ -z "${admin_user}" ] || [ -z "${admin_password}" ] || [ -z "${target_group}" ]; then + echo "Parameters missing" + usage +fi + +echo "Testing Gerrit Connection" +until curl --location --output /dev/null --silent --write-out "%{http_code}\\n" "http://localhost:8080/gerrit/login" | grep "401" &> /dev/null +do + echo "Gerrit unavailable, sleeping for ${SLEEP_TIME}" + sleep "${SLEEP_TIME}" +done + +# Check exists +target_group=$(echo -e "${target_group}" | sed 's/ /%20/g') +ret=$(curl --user "${admin_user}:${admin_password}" --output /dev/null --silent --write-out "%{http_code}" "http://localhost:8080/gerrit/a/groups/${target_group}") +if [[ ${ret} -eq 200 ]] ; then + echo "Group already exists: ${target_group}" + exit 0 +fi + +# Add group +echo "Creating group: ${target_group}" +count=0 +until [ $count -ge ${MAX_RETRY} ] +do + ret=$(curl --request PUT --user "${admin_user}:${admin_password}" --output /dev/null --silent --write-out "%{http_code}" http://localhost:8080/gerrit/a/groups/"${target_group}") + if [[ ${ret} -eq 201 ]]; then + echo "Group ${target_group} was created" + break + fi + echo "Unable to create group ${target_group}, response code ${ret}, retry ... ${count}" + count=$((count+1)) + sleep ${SLEEP_TIME} +done diff --git a/gerrit/gerrit-create-user.sh b/gerrit/gerrit-create-user.sh new file mode 100644 index 0000000..c27034c --- /dev/null +++ b/gerrit/gerrit-create-user.sh @@ -0,0 +1,113 @@ +#!/usr/bin/env bash + +set -e + +# Usage +usage() { + echo "Usage:" + echo " ${0} -t -u -p -f -A -P -g " + exit 1 +} + +# Constants +SLEEP_TIME=10 +MAX_RETRY=10 + +type="internal" + +while getopts "t:u:p:f:A:P:g:" opt; do + case "${opt}" in + t) + type=${OPTARG} + ;; + u) + username=${OPTARG} + ;; + p) + password=${OPTARG} + ;; + f) + full_name=${OPTARG} + ;; + A) + admin_user=${OPTARG} + ;; + P) + admin_password=${OPTARG} + ;; + g) + target_group=${OPTARG} + ;; + *) + echo "Invalid parameter(s) or option(s)." + usage + ;; + esac +done + +# Validate options +case "${type}" in + ldap) + if [ -z "${username}" ] || [ -z "${password}" ]; then + echo "Parameters missing" + usage + fi + ;; + internal) + if [ -z "${admin_user}" ] || [ -z "${admin_password}" ] || [ -z "${username}" ] || [ -z "${full_name}" ]; then + echo "Parameters missing" + usage + fi + ;; + *) + echo "Invalid parameter(s) or option(s)." + usage + ;; +esac + +echo "Testing Gerrit Connection" +until curl --location --output /dev/null --silent --write-out "%{http_code}\\n" "http://localhost:8080/gerrit/login" | grep "401" &> /dev/null +do + echo "Gerrit unavailable, sleeping for ${SLEEP_TIME}" + sleep "${SLEEP_TIME}" +done + +# Check exists +username=$(echo -e "${username}" | sed 's/ /%20/g') +ret=$(curl --output /dev/null --silent --write-out "%{http_code}" "http://localhost:8080/gerrit/accounts/${username}") +if [[ ${ret} -eq 200 ]] ; then + echo "User already exists: ${username}" + exit 0 +fi + +# Add user +echo "Creating user: ${username}" +count=0 +until [ $count -ge ${MAX_RETRY} ] +do + case "${type}" in + ldap) + ret=$(curl --request POST --data "username=${username}&password=${password}" --output /dev/null --silent --write-out "%{http_code}" http://localhost:8080/gerrit/login) + if [[ ${ret} -eq 302 ]]; then + echo "LDAP user ${username} was found in database" + break + fi + echo "Unable to find user ${username} in LDAP database, response code ${ret}, retry ... ${count}" + ;; + internal) + if [[ -z "${target_group}" ]]; then + target_group="Non-Interactive Users" + echo "Target group was not specified, defaulting to non-interactive" + fi + json_request="{ \"name\": \"${full_name}\", \"groups\": [ \"${target_group}\" ] }" + ret=$(curl --request PUT --user "${admin_user}:${admin_password}" --header 'Content-Type: application/json; charset=UTF-8' --data "${json_request}" --output /dev/null --silent --write-out "%{http_code}" http://localhost:8080/gerrit/a/accounts/"${username}") + if [[ ${ret} -eq 201 ]]; then + echo "User ${username} was created" + break + fi + echo "Unable to create user ${username}, response code ${ret}, retry ... ${count}" + ;; + esac + count=$((count+1)) + sleep ${SLEEP_TIME} +done diff --git a/gerrit/gerrit-init.nohup b/gerrit/gerrit-init.nohup new file mode 100644 index 0000000..52ac037 --- /dev/null +++ b/gerrit/gerrit-init.nohup @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e + +echo "Initializing Gerrit..." +gerrit-create-user.sh -t ldap -u ${INITIAL_ADMIN_USER} -p ${INITIAL_ADMIN_PASSWORD} +gerrit-create-user.sh -t internal -A ${INITIAL_ADMIN_USER} -P ${INITIAL_ADMIN_PASSWORD} -u jenkins -f "Jenkins Server" +#/add_user_to_group.sh -A ${GERRIT_USERNAME} -P ${GERRIT_PASSWORD} -u ${JENKINS_USERNAME} -g Administrators +#/add_user_to_group.sh -A ${GERRIT_USERNAME} -P ${GERRIT_PASSWORD} -u ${INITIAL_ADMIN_USER} -g "Administrators" + +gerrit-upload-ssh-key.sh -c ${JENKINS_HOST} -p 8080 -A ${INITIAL_ADMIN_USER} -P ${INITIAL_ADMIN_PASSWORD} -k id_rsa.pub -u jenkins + +exit 0 diff --git a/gerrit/gerrit-upload-ssh-key.sh b/gerrit/gerrit-upload-ssh-key.sh new file mode 100644 index 0000000..00c5919 --- /dev/null +++ b/gerrit/gerrit-upload-ssh-key.sh @@ -0,0 +1,84 @@ +#!/usr/bin/env bash + +set -e + +# Usage +usage() { + echo "Usage:" + echo " ${0} -c -p -A -P -k -u " + exit 1 +} + +# Constants +SLEEP_TIME=10 + +while getopts "c:p:A:P:k:u:" opt; do + case $opt in + c) + host=${OPTARG} + ;; + p) + port=${OPTARG} + ;; + A) + username=${OPTARG} + ;; + P) + password=${OPTARG} + ;; + k) + key=${OPTARG} + ;; + u) + user=${OPTARG} + ;; + *) + echo "Invalid parameter(s) or option(s)." + usage + ;; + esac +done + +if [ -z "${host}" ] || [ -z "${port}" ] || [ -z "${username}" ] || [ -z "${password}" ] || [ -z "${key}" ] || [ -z "${user}" ]; then + echo "Parameters missing" + usage +fi + +key=$(echo -e "${key}" | sed 's/ /%20/g') +user=$(echo -e "${user}" | sed 's/ /%20/g') + +echo "Testing Jenkins Connection & Key Presence" +until curl --location --user ${username}:${password} --output /dev/null --silent --write-out "%{http_code}\\n" "http://${host}:${port}/jenkins/userContent/${key}" | grep "200" &> /dev/null +do + echo "Jenkins or key unavailable, sleeping for ${SLEEP_TIME}" + sleep "${SLEEP_TIME}" +done + +echo "Retrieving value: ${key}" +ssh_key=$(curl --silent --request GET --user ${username}:${password} "http://${host}:${port}/jenkins/userContent/${key}") + +echo "Checking if \"${user}\" exists" +if curl --location --output /dev/null --silent --write-out "%{http_code}\\n" "http://localhost:8080/gerrit/accounts/${user}" | grep "404" &> /dev/null; then + echo "User does not exist: ${user}" + exit 1 +fi + +echo "* Verify public-key existence" +# Download the stored key and decode from to UTF-8 +# Using echo -e the -n switch from echo allows to remove the trailing \n that echo would add +# The decode part is necessary as Gerrit correctly encode the SSH key and as a result = sign is converted to \u003d +stored_key=$(echo -e $(curl --user ${username}:${password} --silent http://localhost:8080/gerrit/a/accounts/${user}/sshkeys | grep "ssh_public_key" | awk '{split($0, a, ": "); print a[2]}' | sed 's/[",]//g')) +if [[ "$stored_key" == "$ssh_key" ]]; then + echo "* Stored key is the same as downloaded, skipping it ..." + exit 0 +else + echo "* Stored key is not same as downloaded, uploading it ..." +fi + +echo "Uploading public-key to Gerrit user \"${user}\"" +ret=$(curl --request POST --user "${username}:${password}" --data "${ssh_key}" --output /dev/null --silent --write-out "%{http_code}" "http://localhost:8080/gerrit/a/accounts/${user}/sshkeys") +if [[ ${ret} -eq 201 ]]; then + echo "Public-key was uploaded" +else + echo "Public-key was uploaded with the invalid response code: ${ret}" +fi diff --git a/gerrit/gerrit-user-to-group.sh b/gerrit/gerrit-user-to-group.sh new file mode 100644 index 0000000..28781cf --- /dev/null +++ b/gerrit/gerrit-user-to-group.sh @@ -0,0 +1,80 @@ +#!/usr/bin/env bash + +set -e + +# Usage +usage() { + echo "Usage:" + echo " ${0} -u -g -A -P " + exit 1 +} + +# Constants +SLEEP_TIME=10 +MAX_RETRY=10 + +while getopts "u:g:A:P:" opt; do + case "${opt}" in + u) + username=${OPTARG} + ;; + g) + target_group=${OPTARG} + ;; + A) + admin_user=${OPTARG} + ;; + P) + admin_password=${OPTARG} + ;; + *) + echo "Invalid parameter(s) or option(s)." + usage + ;; + esac +done + +# Validate options +if [ -z "${admin_user}" ] || [ -z "${admin_password}" ] || [ -z "${username}" ] || [ -z "${target_group}" ]; then + echo "Parameters missing" + usage +fi + +echo "Testing Gerrit Connection" +until curl --location --output /dev/null --silent --write-out "%{http_code}\\n" "http://localhost:8080/gerrit/login" | grep "401" &> /dev/null +do + echo "Gerrit unavailable, sleeping for ${SLEEP_TIME}" + sleep "${SLEEP_TIME}" +done + +# Check exists +username=$(echo -e "${username}" | sed 's/ /%20/g') +ret=$(curl --user "${admin_user}:${admin_password}" --output /dev/null --silent --write-out "%{http_code}" "http://localhost:8080/gerrit/a/accounts/${username}") +if [[ ${ret} -eq 404 ]] ; then + echo "User does not exists: ${username}" + exit 0 +fi + +target_group=$(echo -e "${target_group}" | sed 's/ /%20/g') +ret=$(curl --user "${admin_user}:${admin_password}" --output /dev/null --silent --write-out "%{http_code}" "http://localhost:8080/gerrit/a/groups/${target_group}") +if [[ ${ret} -eq 404 ]] ; then + echo "Group does not exists: ${target_group}" + exit 0 +fi + +# Add user to group +echo "Adding user: ${username}, to group: ${target_group}" +count=0 +until [ $count -ge ${MAX_RETRY} ] +do + json_request="{ \"members\": [ \"${username}\" ] }" + ret=$(curl --request POST --user "${admin_user}:${admin_password}" --header 'Content-Type: application/json; charset=UTF-8' --data "${json_request}" --output /dev/null --silent --write-out "%{http_code}" http://localhost:8080/gerrit/a/groups/"${target_group}"/members.add) + if [[ ${ret} -eq 200 ]]; then + echo "User ${username} was added to a group ${target_group}" + break + fi + + echo "Unable to add user ${username} to a group ${target_group}, response code ${ret}, retry ... ${count}" + count=$((count+1)) + sleep ${SLEEP_TIME} +done diff --git a/gerrit/setupGerrit.sh b/gerrit/setupGerrit.sh new file mode 100755 index 0000000..29ea57b --- /dev/null +++ b/gerrit/setupGerrit.sh @@ -0,0 +1,73 @@ +#!/bin/bash +set -e + +HOST_NAME=${HOST_NAME:-$1} +GERRIT_WEBURL=${GERRIT_WEBURL:-$2} +GERRIT_ADMIN_UID=${GERRIT_ADMIN_UID:-$3} +GERRIT_ADMIN_PWD=${GERRIT_ADMIN_PWD:-$4} +GERRIT_ADMIN_EMAIL=${GERRIT_ADMIN_EMAIL:-$5} +SSH_KEY_PATH=${SSH_KEY_PATH:-~/.ssh/id_rsa} +CHECKOUT_DIR=./git + + +#Remove appended '/' if existed. +GERRIT_WEBURL=${GERRIT_WEBURL%/} + +# Add ssh-key +cat "${SSH_KEY_PATH}.pub" | curl --data @- --user "${GERRIT_ADMIN_UID}:${GERRIT_ADMIN_PWD}" ${GERRIT_WEBURL}/a/accounts/self/sshkeys + +#gather server rsa key +##TODO: This is not an elegant way. +[ -f ~/.ssh/known_hosts ] && mv ~/.ssh/known_hosts ~/.ssh/known_hosts.bak +ssh-keyscan -p 29418 -t rsa ${HOST_NAME} > ~/.ssh/known_hosts + +#checkout project.config from All-Project.git +[ -d ${CHECKOUT_DIR} ] && mv ${CHECKOUT_DIR} ${CHECKOUT_DIR}.$$ +mkdir ${CHECKOUT_DIR} + +git init ${CHECKOUT_DIR} +cd ${CHECKOUT_DIR} + +#start ssh agent and add ssh key +eval $(ssh-agent) +ssh-add "${SSH_KEY_PATH}" + +#git config +git config user.name ${GERRIT_ADMIN_UID} +git config user.email ${GERRIT_ADMIN_EMAIL} +git remote add origin ssh://${GERRIT_ADMIN_UID}@${HOST_NAME}:29418/All-Projects +#checkout project.config +git fetch -q origin refs/meta/config:refs/remotes/origin/meta/config +git checkout meta/config + +#add label.Verified +git config -f project.config label.Verified.function MaxWithBlock +git config -f project.config --add label.Verified.defaultValue 0 +git config -f project.config --add label.Verified.value "-1 Fails" +git config -f project.config --add label.Verified.value "0 No score" +git config -f project.config --add label.Verified.value "+1 Verified" +##commit and push back +git commit -a -m "Added label - Verified" + +#Change global access right +##Remove anonymous access right. +git config -f project.config --unset access.refs/*.read "group Anonymous Users" +##add Jenkins access and verify right +git config -f project.config --add access.refs/heads/*.read "group Non-Interactive Users" +git config -f project.config --add access.refs/tags/*.read "group Non-Interactive Users" +git config -f project.config --add access.refs/heads/*.label-Code-Review "-1..+1 group Non-Interactive Users" +git config -f project.config --add access.refs/heads/*.label-Verified "-1..+1 group Non-Interactive Users" +##add project owners' right to add verify flag +git config -f project.config --add access.refs/heads/*.label-Verified "-1..+1 group Project Owners" +##commit and push back +git commit -a -m "Change access right." -m "Add access right for Jenkins. Remove anonymous access right" +git push origin meta/config:meta/config + +#stop ssh agent +kill ${SSH_AGENT_PID} + +cd - +rm -rf ${CHECKOUT_DIR} +[ -d ${CHECKOUT_DIR}.$$ ] && mv ${CHECKOUT_DIR}.$$ ${CHECKOUT_DIR} + +echo "finish gerrit setup" diff --git a/gerrit/upgradeGerrit.sh b/gerrit/upgradeGerrit.sh new file mode 100755 index 0000000..e03c6b6 --- /dev/null +++ b/gerrit/upgradeGerrit.sh @@ -0,0 +1,50 @@ +#!/bin/bash +set -e +GERRIT_WEBURL=${GERRIT_WEBURL:-$1} +LDAP_SERVER=${LDAP_SERVER:-$2} +LDAP_ACCOUNTBASE=${LDAP_ACCOUNTBASE:-$3} +SMTP_SERVER=${SMTP_SERVER:-$4} +USER_EMAIL=${USER_EMAIL:-$5} +SMTP_USER=${SMTP_USER:$6} +SMTP_PASS=${SMTP_PASS:$7} +HTTPD_LISTENURL=${HTTPD_LISTENURL:-http://*:8080} +GERRIT_NAME=${GERRIT_NAME:-gerrit} +GERRIT_VOLUME=${GERRIT_VOLUME:-gerrit-volume} +PG_GERRIT_NAME=${PG_GERRIT_NAME:-pg-gerrit} +GERRIT_IMAGE_NAME=${GERRIT_IMAGE_NAME:-openfrontier/gerrit} +CI_NETWORK=${CI_NETWORK:-ci-network} + +# Stop and Delete gerrit container. +if [ -z "$(docker ps -a | grep ${GERRIT_VOLUME})" ]; then + echo "${GERRIT_VOLUME} does not exist." + exit 1 +elif [ -z "$(docker ps -a | grep ${PG_GERRIT_NAME})" ]; then + echo "${PG_GERRIT_NAME} does not exist." + exit 1 +elif [ -n "$(docker ps | grep ${GERRIT_NAME} | grep -v ${PG_GERRIT_NAME})" ]; then + docker stop ${GERRIT_NAME} +fi +if [ -n "$(docker ps -a | grep ${GERRIT_NAME} | grep -v ${GERRIT_VOLUME} | grep -v ${PG_GERRIT_NAME})" ]; then + docker rm -v ${GERRIT_NAME} +fi + +# Start Gerrit. +docker run \ +--name ${GERRIT_NAME} \ +--net ${CI_NETWORK} \ +-p 29418:29418 \ +--volumes-from ${GERRIT_VOLUME} \ +-e WEBURL=${GERRIT_WEBURL} \ +-e HTTPD_LISTENURL=${HTTPD_LISTENURL} \ +-e DATABASE_TYPE=postgresql \ +-e AUTH_TYPE=LDAP \ +-e LDAP_SERVER=${LDAP_SERVER} \ +-e LDAP_ACCOUNTBASE=${LDAP_ACCOUNTBASE} \ +-e SMTP_SERVER=${SMTP_SERVER} \ +-e SMTP_USER=${SMTP_USER} \ +-e SMTP_PASS=${SMTP_PASS} \ +-e USER_EMAIL=${USER_EMAIL} \ +-e GERRIT_INIT_ARGS='--install-plugin=download-commands' \ +--restart=unless-stopped \ +-d ${GERRIT_IMAGE_NAME} + -- GitLab