From f7698f2e3f6a51e7a4a0bd5768c4b3044b023e8a Mon Sep 17 00:00:00 2001 From: ruowen Date: Thu, 5 Apr 2018 18:17:50 +0800 Subject: [PATCH] update gerrit docker --- gerrit/Dockerfile | 57 ++++++- gerrit/LICENSE | 202 ------------------------ gerrit/README.md | 9 -- gerrit/createGerrit.sh | 68 -------- gerrit/destroyGerrit.sh | 10 -- gerrit/gerrit-create-group.sh | 68 -------- gerrit/gerrit-create-user.sh | 113 -------------- gerrit/gerrit-entrypoint.sh | 268 -------------------------------- gerrit/gerrit-init.nohup | 13 -- gerrit/gerrit-upload-ssh-key.sh | 84 ---------- gerrit/gerrit-user-to-group.sh | 80 ---------- gerrit/setupGerrit.sh | 73 --------- gerrit/sources.list | 19 +++ gerrit/upgradeGerrit.sh | 50 ------ 14 files changed, 68 insertions(+), 1046 deletions(-) delete mode 100644 gerrit/LICENSE delete mode 100644 gerrit/README.md delete mode 100755 gerrit/createGerrit.sh delete mode 100755 gerrit/destroyGerrit.sh delete mode 100644 gerrit/gerrit-create-group.sh delete mode 100644 gerrit/gerrit-create-user.sh delete mode 100755 gerrit/gerrit-entrypoint.sh delete mode 100644 gerrit/gerrit-init.nohup delete mode 100644 gerrit/gerrit-upload-ssh-key.sh delete mode 100644 gerrit/gerrit-user-to-group.sh delete mode 100755 gerrit/setupGerrit.sh create mode 100644 gerrit/sources.list delete mode 100755 gerrit/upgradeGerrit.sh diff --git a/gerrit/Dockerfile b/gerrit/Dockerfile index 55fd682..95ec4c6 100644 --- a/gerrit/Dockerfile +++ b/gerrit/Dockerfile @@ -1,11 +1,52 @@ -FROM openfrontier/gerrit:latest +# +# Copyright (C) 2017 C-SKY Microsystems Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# -MAINTAINER xt +FROM ubuntu:16.04 +MAINTAINER xt -COPY jre/java.security /usr/lib/jvm/java-1.8-openjdk/jre/lib/security/java.security -COPY gerrit-entrypoint.sh / +COPY sources.list /etc/apt/sources.list -COPY gerrit-create-user.sh /usr/local/bin/gerrit-create-user.sh -COPY gerrit-upload-ssh-key.sh /usr/local/bin/gerrit-upload-ssh-key.sh -COPY gerrit-init.nohup /docker-entrypoint-init.d/gerrit-init.nohup -RUN chmod +x /usr/local/bin/*.sh /docker-entrypoint-init.d/gerrit-init.nohup +# Add Gerrit packages repository +# Allow remote connectivity and sudo +# Install OpenJDK and Gerrit in two subsequent transactions +# (pre-trans Gerrit script needs to have access to the Java command) +RUN echo "deb mirror://mirrorlist.gerritforge.com/deb gerrit contrib" > /etc/apt/sources.list.d/GerritForge.list && \ + apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 1871F775 && \ + apt-get update && \ + apt-key update && \ + apt-get -y install openssh-client sudo && \ + apt-get -y install openjdk-8-jdk && \ + apt-get -y install gerrit=2.15-1 && \ + rm -f /var/gerrit/logs/* && \ + rm -rf /var/lib/apt/lists/* + +COPY jre/java.security /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/java.security + +USER gerrit +RUN java -jar /var/gerrit/bin/gerrit.war init --batch --install-all-plugins -d /var/gerrit && \ + java -jar /var/gerrit/bin/gerrit.war reindex -d /var/gerrit + +ENV TZ=Asia/Shanghai +ENV CANONICAL_WEB_URL= + +# Allow incoming traffic +EXPOSE 29418 8080 + +VOLUME ["/var/gerrit"] + +# Start Gerrit +CMD git config -f /var/gerrit/etc/gerrit.config noteDb.changes.autoMigrate true && \ + /var/gerrit/bin/gerrit.sh run diff --git a/gerrit/LICENSE b/gerrit/LICENSE deleted file mode 100644 index 8f71f43..0000000 --- a/gerrit/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - diff --git a/gerrit/README.md b/gerrit/README.md deleted file mode 100644 index c5f4891..0000000 --- a/gerrit/README.md +++ /dev/null @@ -1,9 +0,0 @@ -# gerrit-ci docker -This docker image is an extension of the [Gerrit docker](https://hub.docker.com/r/openfrontier/gerrit/). - -## Usage -This project is utilized by the [ci-compose project](https://github.com/openfrontier/ci-compose) to demonstrate how to start a gerrit-jenkins-nexus environment in seconds. -This project can also be utilized as a demo about how to extend the [Gerrit docker](https://hub.docker.com/r/openfrontier/gerrit/) by adding a nohup script to accomplish some setup works while the Gerrit service is starting up. - -## Todo -Fix createGerrit.sh, destroyGerrit.sh and upgradeGerrit.sh in order to make it works with the [ci project](https://github.com/openfrontier/ci). diff --git a/gerrit/createGerrit.sh b/gerrit/createGerrit.sh deleted file mode 100755 index bf2f692..0000000 --- a/gerrit/createGerrit.sh +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/bash -set -e -GERRIT_WEBURL=${GERRIT_WEBURL:-$1} -LDAP_SERVER=${LDAP_SERVER:-$2} -LDAP_ACCOUNTBASE=${LDAP_ACCOUNTBASE:-$3} -SMTP_SERVER=${SMTP_SERVER:-$4} -USER_EMAIL=${USER_EMAIL:-$5} -SMTP_USER=${SMTP_USER:-$6} -SMTP_PASS=${SMTP_PASS:-$7} -HTTPD_LISTENURL=${HTTPD_LISTENURL:-http://*:8080} -GERRIT_NAME=${GERRIT_NAME:-gerrit} -GERRIT_VOLUME=${GERRIT_VOLUME:-gerrit-volume} -PG_GERRIT_NAME=${PG_GERRIT_NAME:-pg-gerrit} -GERRIT_IMAGE_NAME=${GERRIT_IMAGE_NAME:-openfrontier/gerrit-ci} -POSTGRES_IMAGE=${POSTGRES_IMAGE:-postgres} -CI_NETWORK=${CI_NETWORK:-ci-network} - -# Start PostgreSQL. -docker volume create --name pg-gerrit-volume - -docker run \ ---name ${PG_GERRIT_NAME} \ ---net ${CI_NETWORK} \ ---volume pg-gerrit-volume:/var/lib/postgresql/data \ --P \ --e POSTGRES_USER=gerrit2 \ --e POSTGRES_PASSWORD=gerrit \ --e POSTGRES_DB=reviewdb \ ---restart=unless-stopped \ --d ${POSTGRES_IMAGE} - -while [ -z "$(docker logs ${PG_GERRIT_NAME} 2>&1 | grep 'autovacuum launcher started')" ]; do - echo "Waiting postgres ready." - sleep 1 -done - -# Create Gerrit volume. -docker volume create --name ${GERRIT_VOLUME} - -# Start Gerrit. -docker run \ ---name ${GERRIT_NAME} \ ---net ${CI_NETWORK} \ --p 29418:29418 \ ---volume ${GERRIT_VOLUME}:/var/gerrit/review_site \ --e WEBURL=${GERRIT_WEBURL} \ --e HTTPD_LISTENURL=${HTTPD_LISTENURL} \ --e DATABASE_TYPE=postgresql \ --e DB_PORT_5432_TCP_ADDR=${PG_GERRIT_NAME} \ --e DB_PORT_5432_TCP_PORT=5432 \ --e DB_ENV_POSTGRES_DB=reviewdb \ --e DB_ENV_POSTGRES_USER=gerrit2 \ --e DB_ENV_POSTGRES_PASSWORD=gerrit \ --e AUTH_TYPE=LDAP \ --e LDAP_SERVER=${LDAP_SERVER} \ --e LDAP_ACCOUNTBASE=${LDAP_ACCOUNTBASE} \ --e SMTP_SERVER=${SMTP_SERVER} \ --e SMTP_USER=${SMTP_USER} \ --e SMTP_PASS=${SMTP_PASS} \ --e USER_EMAIL=${USER_EMAIL} \ --e GERRIT_INIT_ARGS='--install-plugin=download-commands --install-plugin=replication' \ --e INITIAL_ADMIN_USER=${GERRIT_ADMIN_UID} \ --e INITIAL_ADMIN_PASSWORD=${GERRIT_ADMIN_PWD} \ --e JENKINS_HOST=jenkins \ --e GITWEB_TYPE=gitiles \ ---restart=unless-stopped \ --d ${GERRIT_IMAGE_NAME} - diff --git a/gerrit/destroyGerrit.sh b/gerrit/destroyGerrit.sh deleted file mode 100755 index 622943e..0000000 --- a/gerrit/destroyGerrit.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash -GERRIT_NAME=${GERRIT_NAME:-gerrit} -GERRIT_VOLUME=${GERRIT_VOLUME:-gerrit-volume} -PG_GERRIT_NAME=${PG_GERRIT_NAME:-pg-gerrit} -docker stop ${GERRIT_NAME} -docker rm -v ${GERRIT_NAME} -docker volume rm ${GERRIT_VOLUME} -docker stop ${PG_GERRIT_NAME} -docker rm -v ${PG_GERRIT_NAME} -docker volume rm pg-gerrit-volume diff --git a/gerrit/gerrit-create-group.sh b/gerrit/gerrit-create-group.sh deleted file mode 100644 index a13c533..0000000 --- a/gerrit/gerrit-create-group.sh +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/env bash - -set -e - -# Usage -usage() { - echo "Usage:" - echo " ${0} -A -P -g " - exit 1 -} - -# Constants -SLEEP_TIME=10 -MAX_RETRY=10 - -while getopts "A:P:g:" opt; do - case "${opt}" in - A) - admin_user=${OPTARG} - ;; - P) - admin_password=${OPTARG} - ;; - g) - target_group=${OPTARG} - ;; - *) - echo "Invalid parameter(s) or option(s)." - usage - ;; - esac -done - -# Validate options -if [ -z "${admin_user}" ] || [ -z "${admin_password}" ] || [ -z "${target_group}" ]; then - echo "Parameters missing" - usage -fi - -echo "Testing Gerrit Connection" -until curl --location --output /dev/null --silent --write-out "%{http_code}\\n" "http://localhost:8080/gerrit/login" | grep "401" &> /dev/null -do - echo "Gerrit unavailable, sleeping for ${SLEEP_TIME}" - sleep "${SLEEP_TIME}" -done - -# Check exists -target_group=$(echo -e "${target_group}" | sed 's/ /%20/g') -ret=$(curl --user "${admin_user}:${admin_password}" --output /dev/null --silent --write-out "%{http_code}" "http://localhost:8080/gerrit/a/groups/${target_group}") -if [[ ${ret} -eq 200 ]] ; then - echo "Group already exists: ${target_group}" - exit 0 -fi - -# Add group -echo "Creating group: ${target_group}" -count=0 -until [ $count -ge ${MAX_RETRY} ] -do - ret=$(curl --request PUT --user "${admin_user}:${admin_password}" --output /dev/null --silent --write-out "%{http_code}" http://localhost:8080/gerrit/a/groups/"${target_group}") - if [[ ${ret} -eq 201 ]]; then - echo "Group ${target_group} was created" - break - fi - echo "Unable to create group ${target_group}, response code ${ret}, retry ... ${count}" - count=$((count+1)) - sleep ${SLEEP_TIME} -done diff --git a/gerrit/gerrit-create-user.sh b/gerrit/gerrit-create-user.sh deleted file mode 100644 index c27034c..0000000 --- a/gerrit/gerrit-create-user.sh +++ /dev/null @@ -1,113 +0,0 @@ -#!/usr/bin/env bash - -set -e - -# Usage -usage() { - echo "Usage:" - echo " ${0} -t -u -p -f -A -P -g " - exit 1 -} - -# Constants -SLEEP_TIME=10 -MAX_RETRY=10 - -type="internal" - -while getopts "t:u:p:f:A:P:g:" opt; do - case "${opt}" in - t) - type=${OPTARG} - ;; - u) - username=${OPTARG} - ;; - p) - password=${OPTARG} - ;; - f) - full_name=${OPTARG} - ;; - A) - admin_user=${OPTARG} - ;; - P) - admin_password=${OPTARG} - ;; - g) - target_group=${OPTARG} - ;; - *) - echo "Invalid parameter(s) or option(s)." - usage - ;; - esac -done - -# Validate options -case "${type}" in - ldap) - if [ -z "${username}" ] || [ -z "${password}" ]; then - echo "Parameters missing" - usage - fi - ;; - internal) - if [ -z "${admin_user}" ] || [ -z "${admin_password}" ] || [ -z "${username}" ] || [ -z "${full_name}" ]; then - echo "Parameters missing" - usage - fi - ;; - *) - echo "Invalid parameter(s) or option(s)." - usage - ;; -esac - -echo "Testing Gerrit Connection" -until curl --location --output /dev/null --silent --write-out "%{http_code}\\n" "http://localhost:8080/gerrit/login" | grep "401" &> /dev/null -do - echo "Gerrit unavailable, sleeping for ${SLEEP_TIME}" - sleep "${SLEEP_TIME}" -done - -# Check exists -username=$(echo -e "${username}" | sed 's/ /%20/g') -ret=$(curl --output /dev/null --silent --write-out "%{http_code}" "http://localhost:8080/gerrit/accounts/${username}") -if [[ ${ret} -eq 200 ]] ; then - echo "User already exists: ${username}" - exit 0 -fi - -# Add user -echo "Creating user: ${username}" -count=0 -until [ $count -ge ${MAX_RETRY} ] -do - case "${type}" in - ldap) - ret=$(curl --request POST --data "username=${username}&password=${password}" --output /dev/null --silent --write-out "%{http_code}" http://localhost:8080/gerrit/login) - if [[ ${ret} -eq 302 ]]; then - echo "LDAP user ${username} was found in database" - break - fi - echo "Unable to find user ${username} in LDAP database, response code ${ret}, retry ... ${count}" - ;; - internal) - if [[ -z "${target_group}" ]]; then - target_group="Non-Interactive Users" - echo "Target group was not specified, defaulting to non-interactive" - fi - json_request="{ \"name\": \"${full_name}\", \"groups\": [ \"${target_group}\" ] }" - ret=$(curl --request PUT --user "${admin_user}:${admin_password}" --header 'Content-Type: application/json; charset=UTF-8' --data "${json_request}" --output /dev/null --silent --write-out "%{http_code}" http://localhost:8080/gerrit/a/accounts/"${username}") - if [[ ${ret} -eq 201 ]]; then - echo "User ${username} was created" - break - fi - echo "Unable to create user ${username}, response code ${ret}, retry ... ${count}" - ;; - esac - count=$((count+1)) - sleep ${SLEEP_TIME} -done diff --git a/gerrit/gerrit-entrypoint.sh b/gerrit/gerrit-entrypoint.sh deleted file mode 100755 index 0b8c20d..0000000 --- a/gerrit/gerrit-entrypoint.sh +++ /dev/null @@ -1,268 +0,0 @@ -#!/usr/bin/env sh -set -e - -set_gerrit_config() { - su-exec ${GERRIT_USER} git config -f "${GERRIT_SITE}/etc/gerrit.config" "$@" -} - -set_secure_config() { - su-exec ${GERRIT_USER} git config -f "${GERRIT_SITE}/etc/secure.config" "$@" -} - -wait_for_database() { - echo "Waiting for database connection $1:$2 ..." - until nc -z $1 $2; do - sleep 1 - done - - # Wait to avoid "panic: Failed to open sql connection pq: the database system is starting up" - sleep 1 -} - -if [ -n "${JAVA_HEAPLIMIT}" ]; then - JAVA_MEM_OPTIONS="-Xmx${JAVA_HEAPLIMIT}" -fi - -if [ "$1" = "/gerrit-start.sh" ]; then - # If you're mounting ${GERRIT_SITE} to your host, you this will default to root. - # This obviously ensures the permissions are set correctly for when gerrit starts. - find "${GERRIT_SITE}/" ! -user `id -u ${GERRIT_USER}` -exec chown ${GERRIT_USER} {} \; - - # Initialize Gerrit if ${GERRIT_SITE}/git is empty. - if [ -z "$(ls -A "$GERRIT_SITE/git")" ]; then - echo "First time initialize gerrit..." - su-exec ${GERRIT_USER} java ${JAVA_OPTIONS} ${JAVA_MEM_OPTIONS} -jar "${GERRIT_WAR}" init --batch --no-auto-start -d "${GERRIT_SITE}" ${GERRIT_INIT_ARGS} - #All git repositories must be removed when database is set as postgres or mysql - #in order to be recreated at the secondary init below. - #Or an execption will be thrown on secondary init. - [ ${#DATABASE_TYPE} -gt 0 ] && rm -rf "${GERRIT_SITE}/git" - fi - - # Install external plugins - su-exec ${GERRIT_USER} cp -f ${GERRIT_HOME}/delete-project.jar ${GERRIT_SITE}/plugins/delete-project.jar - su-exec ${GERRIT_USER} cp -f ${GERRIT_HOME}/events-log.jar ${GERRIT_SITE}/plugins/events-log.jar - su-exec ${GERRIT_USER} cp -f ${GERRIT_HOME}/importer.jar ${GERRIT_SITE}/plugins/importer.jar - - # Provide a way to customise this image - echo - for f in /docker-entrypoint-init.d/*; do - case "$f" in - *.sh) echo "$0: running $f"; source "$f" ;; - *.nohup) echo "$0: running $f"; nohup "$f" & ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done - - #Customize gerrit.config - - #Section gerrit - [ -z "${WEBURL}" ] || set_gerrit_config gerrit.canonicalWebUrl "${WEBURL}" - [ -z "${GITHTTPURL}" ] || set_gerrit_config gerrit.gitHttpUrl "${GITHTTPURL}" - - #Section sshd - [ -z "${LISTEN_ADDR}" ] || set_gerrit_config sshd.listenAddress "${LISTEN_ADDR}" - - #Section database - if [ "${DATABASE_TYPE}" = 'postgresql' ]; then - set_gerrit_config database.type "${DATABASE_TYPE}" - [ -z "${DB_PORT_5432_TCP_ADDR}" ] || set_gerrit_config database.hostname "${DB_PORT_5432_TCP_ADDR}" - [ -z "${DB_PORT_5432_TCP_PORT}" ] || set_gerrit_config database.port "${DB_PORT_5432_TCP_PORT}" - [ -z "${DB_ENV_POSTGRES_DB}" ] || set_gerrit_config database.database "${DB_ENV_POSTGRES_DB}" - [ -z "${DB_ENV_POSTGRES_USER}" ] || set_gerrit_config database.username "${DB_ENV_POSTGRES_USER}" - [ -z "${DB_ENV_POSTGRES_PASSWORD}" ] || set_secure_config database.password "${DB_ENV_POSTGRES_PASSWORD}" - fi - - #Section database - if [ "${DATABASE_TYPE}" = 'mysql' ]; then - set_gerrit_config database.type "${DATABASE_TYPE}" - [ -z "${DB_PORT_3306_TCP_ADDR}" ] || set_gerrit_config database.hostname "${DB_PORT_3306_TCP_ADDR}" - [ -z "${DB_PORT_3306_TCP_PORT}" ] || set_gerrit_config database.port "${DB_PORT_3306_TCP_PORT}" - [ -z "${DB_ENV_MYSQL_DB}" ] || set_gerrit_config database.database "${DB_ENV_MYSQL_DB}" - [ -z "${DB_ENV_MYSQL_USER}" ] || set_gerrit_config database.username "${DB_ENV_MYSQL_USER}" - [ -z "${DB_ENV_MYSQL_PASSWORD}" ] || set_secure_config database.password "${DB_ENV_MYSQL_PASSWORD}" - fi - - #Section auth - [ -z "${AUTH_TYPE}" ] || set_gerrit_config auth.type "${AUTH_TYPE}" - [ -z "${AUTH_HTTP_HEADER}" ] || set_gerrit_config auth.httpHeader "${AUTH_HTTP_HEADER}" - [ -z "${AUTH_EMAIL_FORMAT}" ] || set_gerrit_config auth.emailFormat "${AUTH_EMAIL_FORMAT}" - if [ -z "${AUTH_GIT_BASIC_AUTH_POLICY}" ]; then - case "${AUTH_TYPE}" in - LDAP|LDAP_BIND) - set_gerrit_config auth.gitBasicAuthPolicy "LDAP" - ;; - HTTP|HTTP_LDAP) - set_gerrit_config auth.gitBasicAuthPolicy "${AUTH_TYPE}" - ;; - *) - esac - else - set_gerrit_config auth.gitBasicAuthPolicy "${AUTH_GIT_BASIC_AUTH_POLICY}" - fi - - # Set OAuth provider - if [ "${AUTH_TYPE}" = 'OAUTH' ]; then - [ -z "${AUTH_GIT_OAUTH_PROVIDER}" ] || set_gerrit_config auth.gitOAuthProvider "${AUTH_GIT_OAUTH_PROVIDER}" - fi - - if [ -z "${AUTH_TYPE}" ] || [ "${AUTH_TYPE}" = 'OpenID' ] || [ "${AUTH_TYPE}" = 'OpenID_SSO' ]; then - [ -z "${AUTH_ALLOWED_OPENID}" ] || set_gerrit_config auth.allowedOpenID "${AUTH_ALLOWED_OPENID}" - [ -z "${AUTH_TRUSTED_OPENID}" ] || set_gerrit_config auth.trustedOpenID "${AUTH_TRUSTED_OPENID}" - [ -z "${AUTH_OPENID_DOMAIN}" ] || set_gerrit_config auth.openIdDomain "${AUTH_OPENID_DOMAIN}" - fi - - #Section ldap - if [ "${AUTH_TYPE}" = 'LDAP' ] || [ "${AUTH_TYPE}" = 'LDAP_BIND' ] || [ "${AUTH_TYPE}" = 'HTTP_LDAP' ]; then - [ -z "${LDAP_SERVER}" ] || set_gerrit_config ldap.server "${LDAP_SERVER}" - [ -z "${LDAP_SSLVERIFY}" ] || set_gerrit_config ldap.sslVerify "${LDAP_SSLVERIFY}" - [ -z "${LDAP_GROUPSVISIBLETOALL}" ] || set_gerrit_config ldap.groupsVisibleToAll "${LDAP_GROUPSVISIBLETOALL}" - [ -z "${LDAP_USERNAME}" ] || set_gerrit_config ldap.username "${LDAP_USERNAME}" - [ -z "${LDAP_PASSWORD}" ] || set_secure_config ldap.password "${LDAP_PASSWORD}" - [ -z "${LDAP_REFERRAL}" ] || set_gerrit_config ldap.referral "${LDAP_REFERRAL}" - [ -z "${LDAP_READTIMEOUT}" ] || set_gerrit_config ldap.readTimeout "${LDAP_READTIMEOUT}" - [ -z "${LDAP_ACCOUNTBASE}" ] || set_gerrit_config ldap.accountBase "${LDAP_ACCOUNTBASE}" - [ -z "${LDAP_ACCOUNTSCOPE}" ] || set_gerrit_config ldap.accountScope "${LDAP_ACCOUNTSCOPE}" - [ -z "${LDAP_ACCOUNTPATTERN}" ] || set_gerrit_config ldap.accountPattern "${LDAP_ACCOUNTPATTERN}" - [ -z "${LDAP_ACCOUNTFULLNAME}" ] || set_gerrit_config ldap.accountFullName "${LDAP_ACCOUNTFULLNAME}" - [ -z "${LDAP_ACCOUNTEMAILADDRESS}" ] || set_gerrit_config ldap.accountEmailAddress "${LDAP_ACCOUNTEMAILADDRESS}" - [ -z "${LDAP_ACCOUNTSSHUSERNAME}" ] || set_gerrit_config ldap.accountSshUserName "${LDAP_ACCOUNTSSHUSERNAME}" - [ -z "${LDAP_ACCOUNTMEMBERFIELD}" ] || set_gerrit_config ldap.accountMemberField "${LDAP_ACCOUNTMEMBERFIELD}" - [ -z "${LDAP_FETCHMEMBEROFEAGERLY}" ] || set_gerrit_config ldap.fetchMemberOfEagerly "${LDAP_FETCHMEMBEROFEAGERLY}" - [ -z "${LDAP_GROUPBASE}" ] || set_gerrit_config ldap.groupBase "${LDAP_GROUPBASE}" - [ -z "${LDAP_GROUPSCOPE}" ] || set_gerrit_config ldap.groupScope "${LDAP_GROUPSCOPE}" - [ -z "${LDAP_GROUPPATTERN}" ] || set_gerrit_config ldap.groupPattern "${LDAP_GROUPPATTERN}" - [ -z "${LDAP_GROUPMEMBERPATTERN}" ] || set_gerrit_config ldap.groupMemberPattern "${LDAP_GROUPMEMBERPATTERN}" - [ -z "${LDAP_GROUPNAME}" ] || set_gerrit_config ldap.groupName "${LDAP_GROUPNAME}" - [ -z "${LDAP_LOCALUSERNAMETOLOWERCASE}" ] || set_gerrit_config ldap.localUsernameToLowerCase "${LDAP_LOCALUSERNAMETOLOWERCASE}" - [ -z "${LDAP_AUTHENTICATION}" ] || set_gerrit_config ldap.authentication "${LDAP_AUTHENTICATION}" - [ -z "${LDAP_USECONNECTIONPOOLING}" ] || set_gerrit_config ldap.useConnectionPooling "${LDAP_USECONNECTIONPOOLING}" - [ -z "${LDAP_CONNECTTIMEOUT}" ] || set_gerrit_config ldap.connectTimeout "${LDAP_CONNECTTIMEOUT}" - fi - - #Section OAUTH general - if [ "${AUTH_TYPE}" = 'OAUTH' ] ; then - su-exec ${GERRIT_USER} cp -f ${GERRIT_HOME}/gerrit-oauth-provider.jar ${GERRIT_SITE}/plugins/gerrit-oauth-provider.jar - [ -z "${OAUTH_ALLOW_EDIT_FULL_NAME}" ] || set_gerrit_config oauth.allowEditFullName "${OAUTH_ALLOW_EDIT_FULL_NAME}" - [ -z "${OAUTH_ALLOW_REGISTER_NEW_EMAIL}" ] || set_gerrit_config oauth.allowRegisterNewEmail "${OAUTH_ALLOW_REGISTER_NEW_EMAIL}" - - # Google - [ -z "${OAUTH_GOOGLE_RESTRICT_DOMAIN}" ] || set_gerrit_config plugin.gerrit-oauth-provider-google-oauth.domain "${OAUTH_GOOGLE_RESTRICT_DOMAIN}" - [ -z "${OAUTH_GOOGLE_CLIENT_ID}" ] || set_gerrit_config plugin.gerrit-oauth-provider-google-oauth.client-id "${OAUTH_GOOGLE_CLIENT_ID}" - [ -z "${OAUTH_GOOGLE_CLIENT_SECRET}" ] || set_gerrit_config plugin.gerrit-oauth-provider-google-oauth.client-secret "${OAUTH_GOOGLE_CLIENT_SECRET}" - [ -z "${OAUTH_GOOGLE_LINK_OPENID}" ] || set_gerrit_config plugin.gerrit-oauth-provider-google-oauth.link-to-existing-openid-accounts "${OAUTH_GOOGLE_LINK_OPENID}" - [ -z "${OAUTH_GOOGLE_USE_EMAIL_AS_USERNAME}" ] || set_gerrit_config plugin.gerrit-oauth-provider-google-oauth.use-email-as-username "${OAUTH_GOOGLE_USE_EMAIL_AS_USERNAME}" - - # Github - [ -z "${OAUTH_GITHUB_CLIENT_ID}" ] || set_gerrit_config plugin.gerrit-oauth-provider-github-oauth.client-id "${OAUTH_GITHUB_CLIENT_ID}" - [ -z "${OAUTH_GITHUB_CLIENT_SECRET}" ] || set_gerrit_config plugin.gerrit-oauth-provider-github-oauth.client-secret "${OAUTH_GITHUB_CLIENT_SECRET}" - - # GitLab - [ -z "${OAUTH_GITLAB_ROOT_URL}" ] || set_gerrit_config plugin.gerrit-oauth-provider-gitlab-oauth.root-url "${OAUTH_GITLAB_ROOT_URL}" - [ -z "${OAUTH_GITLAB_CLIENT_ID}" ] || set_gerrit_config plugin.gerrit-oauth-provider-gitlab-oauth.client-id "${OAUTH_GITLAB_CLIENT_ID}" - [ -z "${OAUTH_GITLAB_CLIENT_SECRET}" ] || set_gerrit_config plugin.gerrit-oauth-provider-gitlab-oauth.client-secret "${OAUTH_GITLAB_CLIENT_SECRET}" - - # Bitbucket - [ -z "${OAUTH_BITBUCKET_CLIENT_ID}" ] || set_gerrit_config plugin.gerrit-oauth-provider-bitbucket-oauth.client-id "${OAUTH_BITBUCKET_CLIENT_ID}" - [ -z "${OAUTH_BITBUCKET_CLIENT_SECRET}" ] || set_gerrit_config plugin.gerrit-oauth-provider-bitbucket-oauth.client-secret "${OAUTH_BITBUCKET_CLIENT_SECRET}" - [ -z "${OAUTH_BITBUCKET_FIX_LEGACY_USER_ID}" ] || set_gerrit_config plugin.gerrit-oauth-provider-bitbucket-oauth.fix-legacy-user-id "${OAUTH_BITBUCKET_FIX_LEGACY_USER_ID}" - fi - - #Section container - [ -z "${JAVA_HEAPLIMIT}" ] || set_gerrit_config container.heapLimit "${JAVA_HEAPLIMIT}" - [ -z "${JAVA_OPTIONS}" ] || set_gerrit_config container.javaOptions "${JAVA_OPTIONS}" - [ -z "${JAVA_SLAVE}" ] || set_gerrit_config container.slave "${JAVA_SLAVE}" - - #Section sendemail - if [ -z "${SMTP_SERVER}" ]; then - set_gerrit_config sendemail.enable false - else - set_gerrit_config sendemail.enable true - set_gerrit_config sendemail.smtpServer "${SMTP_SERVER}" - if [ "smtp.gmail.com" = "${SMTP_SERVER}" ]; then - echo "gmail detected, using default port and encryption" - set_gerrit_config sendemail.smtpServerPort 587 - set_gerrit_config sendemail.smtpEncryption tls - fi - [ -z "${SMTP_SERVER_PORT}" ] || set_gerrit_config sendemail.smtpServerPort "${SMTP_SERVER_PORT}" - [ -z "${SMTP_USER}" ] || set_gerrit_config sendemail.smtpUser "${SMTP_USER}" - [ -z "${SMTP_PASS}" ] || set_secure_config sendemail.smtpPass "${SMTP_PASS}" - [ -z "${SMTP_ENCRYPTION}" ] || set_gerrit_config sendemail.smtpEncryption "${SMTP_ENCRYPTION}" - [ -z "${SMTP_CONNECT_TIMEOUT}" ] || set_gerrit_config sendemail.connectTimeout "${SMTP_CONNECT_TIMEOUT}" - [ -z "${SMTP_FROM}" ] || set_gerrit_config sendemail.from "${SMTP_FROM}" - fi - - #Section user - [ -z "${USER_NAME}" ] || set_gerrit_config user.name "${USER_NAME}" - [ -z "${USER_EMAIL}" ] || set_gerrit_config user.email "${USER_EMAIL}" - [ -z "${USER_ANONYMOUS_COWARD}" ] || set_gerrit_config user.anonymousCoward "${USER_ANONYMOUS_COWARD}" - - #Section plugins - set_gerrit_config plugins.allowRemoteAdmin true - - #Section plugin events-log - set_gerrit_config plugin.events-log.storeUrl "jdbc:h2:${GERRIT_SITE}/db/ChangeEvents" - - #Section httpd - [ -z "${HTTPD_LISTENURL}" ] || set_gerrit_config httpd.listenUrl "${HTTPD_LISTENURL}" - - #Section gitweb - case "$GITWEB_TYPE" in - "gitiles") su-exec $GERRIT_USER cp -f $GERRIT_HOME/gitiles.jar $GERRIT_SITE/plugins/gitiles.jar ;; - "") # Gitweb by default - set_gerrit_config gitweb.cgi "/usr/share/gitweb/gitweb.cgi" - export GITWEB_TYPE=gitweb - ;; - esac - set_gerrit_config gitweb.type "$GITWEB_TYPE" - - case "${DATABASE_TYPE}" in - #postgresql) wait_for_database ${DB_PORT_5432_TCP_ADDR} ${DB_PORT_5432_TCP_PORT} ;; - #mysql) wait_for_database ${DB_PORT_3306_TCP_ADDR} ${DB_PORT_3306_TCP_PORT} ;; - *) ;; - esac - - echo "Upgrading gerrit..." - su-exec ${GERRIT_USER} java ${JAVA_OPTIONS} ${JAVA_MEM_OPTIONS} -jar "${GERRIT_WAR}" init --batch -d "${GERRIT_SITE}" ${GERRIT_INIT_ARGS} - if [ $? -eq 0 ]; then - GERRIT_VERSIONFILE="${GERRIT_SITE}/gerrit_version" - - if [ -n "${IGNORE_VERSIONCHECK}" ]; then - echo "Don't perform a version check and never do a full reindex" - NEED_REINDEX=0 - else - # check whether its a good idea to do a full upgrade - NEED_REINDEX=1 - echo "Checking version file ${GERRIT_VERSIONFILE}" - if [ -f "${GERRIT_VERSIONFILE}" ]; then - OLD_GERRIT_VER="V$(cat ${GERRIT_VERSIONFILE})" - GERRIT_VER="V${GERRIT_VERSION}" - echo " have old gerrit version ${OLD_GERRIT_VER}" - if [ "${OLD_GERRIT_VER}" == "${GERRIT_VER}" ]; then - echo " same gerrit version, no upgrade necessary ${OLD_GERRIT_VER} == ${GERRIT_VER}" - NEED_REINDEX=0 - else - echo " gerrit version mismatch #${OLD_GERRIT_VER}# != #${GERRIT_VER}#" - fi - else - echo " gerrit version file does not exist, upgrade necessary" - fi - fi - if [ ${NEED_REINDEX} -eq 1 ]; then - echo "Reindexing..." - su-exec ${GERRIT_USER} java ${JAVA_OPTIONS} ${JAVA_MEM_OPTIONS} -jar "${GERRIT_WAR}" reindex --verbose -d "${GERRIT_SITE}" - if [ $? -eq 0 ]; then - echo "Upgrading is OK. Writing versionfile ${GERRIT_VERSIONFILE}" - su-exec ${GERRIT_USER} touch "${GERRIT_VERSIONFILE}" - su-exec ${GERRIT_USER} echo "${GERRIT_VERSION}" > "${GERRIT_VERSIONFILE}" - echo "${GERRIT_VERSIONFILE} written." - else - echo "Upgrading fail!" - fi - fi - else - echo "Something wrong..." - cat "${GERRIT_SITE}/logs/error_log" - fi -fi -exec "$@" diff --git a/gerrit/gerrit-init.nohup b/gerrit/gerrit-init.nohup deleted file mode 100644 index 52ac037..0000000 --- a/gerrit/gerrit-init.nohup +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -set -e - -echo "Initializing Gerrit..." -gerrit-create-user.sh -t ldap -u ${INITIAL_ADMIN_USER} -p ${INITIAL_ADMIN_PASSWORD} -gerrit-create-user.sh -t internal -A ${INITIAL_ADMIN_USER} -P ${INITIAL_ADMIN_PASSWORD} -u jenkins -f "Jenkins Server" -#/add_user_to_group.sh -A ${GERRIT_USERNAME} -P ${GERRIT_PASSWORD} -u ${JENKINS_USERNAME} -g Administrators -#/add_user_to_group.sh -A ${GERRIT_USERNAME} -P ${GERRIT_PASSWORD} -u ${INITIAL_ADMIN_USER} -g "Administrators" - -gerrit-upload-ssh-key.sh -c ${JENKINS_HOST} -p 8080 -A ${INITIAL_ADMIN_USER} -P ${INITIAL_ADMIN_PASSWORD} -k id_rsa.pub -u jenkins - -exit 0 diff --git a/gerrit/gerrit-upload-ssh-key.sh b/gerrit/gerrit-upload-ssh-key.sh deleted file mode 100644 index 00c5919..0000000 --- a/gerrit/gerrit-upload-ssh-key.sh +++ /dev/null @@ -1,84 +0,0 @@ -#!/usr/bin/env bash - -set -e - -# Usage -usage() { - echo "Usage:" - echo " ${0} -c -p -A -P -k -u " - exit 1 -} - -# Constants -SLEEP_TIME=10 - -while getopts "c:p:A:P:k:u:" opt; do - case $opt in - c) - host=${OPTARG} - ;; - p) - port=${OPTARG} - ;; - A) - username=${OPTARG} - ;; - P) - password=${OPTARG} - ;; - k) - key=${OPTARG} - ;; - u) - user=${OPTARG} - ;; - *) - echo "Invalid parameter(s) or option(s)." - usage - ;; - esac -done - -if [ -z "${host}" ] || [ -z "${port}" ] || [ -z "${username}" ] || [ -z "${password}" ] || [ -z "${key}" ] || [ -z "${user}" ]; then - echo "Parameters missing" - usage -fi - -key=$(echo -e "${key}" | sed 's/ /%20/g') -user=$(echo -e "${user}" | sed 's/ /%20/g') - -echo "Testing Jenkins Connection & Key Presence" -until curl --location --user ${username}:${password} --output /dev/null --silent --write-out "%{http_code}\\n" "http://${host}:${port}/jenkins/userContent/${key}" | grep "200" &> /dev/null -do - echo "Jenkins or key unavailable, sleeping for ${SLEEP_TIME}" - sleep "${SLEEP_TIME}" -done - -echo "Retrieving value: ${key}" -ssh_key=$(curl --silent --request GET --user ${username}:${password} "http://${host}:${port}/jenkins/userContent/${key}") - -echo "Checking if \"${user}\" exists" -if curl --location --output /dev/null --silent --write-out "%{http_code}\\n" "http://localhost:8080/gerrit/accounts/${user}" | grep "404" &> /dev/null; then - echo "User does not exist: ${user}" - exit 1 -fi - -echo "* Verify public-key existence" -# Download the stored key and decode from to UTF-8 -# Using echo -e the -n switch from echo allows to remove the trailing \n that echo would add -# The decode part is necessary as Gerrit correctly encode the SSH key and as a result = sign is converted to \u003d -stored_key=$(echo -e $(curl --user ${username}:${password} --silent http://localhost:8080/gerrit/a/accounts/${user}/sshkeys | grep "ssh_public_key" | awk '{split($0, a, ": "); print a[2]}' | sed 's/[",]//g')) -if [[ "$stored_key" == "$ssh_key" ]]; then - echo "* Stored key is the same as downloaded, skipping it ..." - exit 0 -else - echo "* Stored key is not same as downloaded, uploading it ..." -fi - -echo "Uploading public-key to Gerrit user \"${user}\"" -ret=$(curl --request POST --user "${username}:${password}" --data "${ssh_key}" --output /dev/null --silent --write-out "%{http_code}" "http://localhost:8080/gerrit/a/accounts/${user}/sshkeys") -if [[ ${ret} -eq 201 ]]; then - echo "Public-key was uploaded" -else - echo "Public-key was uploaded with the invalid response code: ${ret}" -fi diff --git a/gerrit/gerrit-user-to-group.sh b/gerrit/gerrit-user-to-group.sh deleted file mode 100644 index 28781cf..0000000 --- a/gerrit/gerrit-user-to-group.sh +++ /dev/null @@ -1,80 +0,0 @@ -#!/usr/bin/env bash - -set -e - -# Usage -usage() { - echo "Usage:" - echo " ${0} -u -g -A -P " - exit 1 -} - -# Constants -SLEEP_TIME=10 -MAX_RETRY=10 - -while getopts "u:g:A:P:" opt; do - case "${opt}" in - u) - username=${OPTARG} - ;; - g) - target_group=${OPTARG} - ;; - A) - admin_user=${OPTARG} - ;; - P) - admin_password=${OPTARG} - ;; - *) - echo "Invalid parameter(s) or option(s)." - usage - ;; - esac -done - -# Validate options -if [ -z "${admin_user}" ] || [ -z "${admin_password}" ] || [ -z "${username}" ] || [ -z "${target_group}" ]; then - echo "Parameters missing" - usage -fi - -echo "Testing Gerrit Connection" -until curl --location --output /dev/null --silent --write-out "%{http_code}\\n" "http://localhost:8080/gerrit/login" | grep "401" &> /dev/null -do - echo "Gerrit unavailable, sleeping for ${SLEEP_TIME}" - sleep "${SLEEP_TIME}" -done - -# Check exists -username=$(echo -e "${username}" | sed 's/ /%20/g') -ret=$(curl --user "${admin_user}:${admin_password}" --output /dev/null --silent --write-out "%{http_code}" "http://localhost:8080/gerrit/a/accounts/${username}") -if [[ ${ret} -eq 404 ]] ; then - echo "User does not exists: ${username}" - exit 0 -fi - -target_group=$(echo -e "${target_group}" | sed 's/ /%20/g') -ret=$(curl --user "${admin_user}:${admin_password}" --output /dev/null --silent --write-out "%{http_code}" "http://localhost:8080/gerrit/a/groups/${target_group}") -if [[ ${ret} -eq 404 ]] ; then - echo "Group does not exists: ${target_group}" - exit 0 -fi - -# Add user to group -echo "Adding user: ${username}, to group: ${target_group}" -count=0 -until [ $count -ge ${MAX_RETRY} ] -do - json_request="{ \"members\": [ \"${username}\" ] }" - ret=$(curl --request POST --user "${admin_user}:${admin_password}" --header 'Content-Type: application/json; charset=UTF-8' --data "${json_request}" --output /dev/null --silent --write-out "%{http_code}" http://localhost:8080/gerrit/a/groups/"${target_group}"/members.add) - if [[ ${ret} -eq 200 ]]; then - echo "User ${username} was added to a group ${target_group}" - break - fi - - echo "Unable to add user ${username} to a group ${target_group}, response code ${ret}, retry ... ${count}" - count=$((count+1)) - sleep ${SLEEP_TIME} -done diff --git a/gerrit/setupGerrit.sh b/gerrit/setupGerrit.sh deleted file mode 100755 index 29ea57b..0000000 --- a/gerrit/setupGerrit.sh +++ /dev/null @@ -1,73 +0,0 @@ -#!/bin/bash -set -e - -HOST_NAME=${HOST_NAME:-$1} -GERRIT_WEBURL=${GERRIT_WEBURL:-$2} -GERRIT_ADMIN_UID=${GERRIT_ADMIN_UID:-$3} -GERRIT_ADMIN_PWD=${GERRIT_ADMIN_PWD:-$4} -GERRIT_ADMIN_EMAIL=${GERRIT_ADMIN_EMAIL:-$5} -SSH_KEY_PATH=${SSH_KEY_PATH:-~/.ssh/id_rsa} -CHECKOUT_DIR=./git - - -#Remove appended '/' if existed. -GERRIT_WEBURL=${GERRIT_WEBURL%/} - -# Add ssh-key -cat "${SSH_KEY_PATH}.pub" | curl --data @- --user "${GERRIT_ADMIN_UID}:${GERRIT_ADMIN_PWD}" ${GERRIT_WEBURL}/a/accounts/self/sshkeys - -#gather server rsa key -##TODO: This is not an elegant way. -[ -f ~/.ssh/known_hosts ] && mv ~/.ssh/known_hosts ~/.ssh/known_hosts.bak -ssh-keyscan -p 29418 -t rsa ${HOST_NAME} > ~/.ssh/known_hosts - -#checkout project.config from All-Project.git -[ -d ${CHECKOUT_DIR} ] && mv ${CHECKOUT_DIR} ${CHECKOUT_DIR}.$$ -mkdir ${CHECKOUT_DIR} - -git init ${CHECKOUT_DIR} -cd ${CHECKOUT_DIR} - -#start ssh agent and add ssh key -eval $(ssh-agent) -ssh-add "${SSH_KEY_PATH}" - -#git config -git config user.name ${GERRIT_ADMIN_UID} -git config user.email ${GERRIT_ADMIN_EMAIL} -git remote add origin ssh://${GERRIT_ADMIN_UID}@${HOST_NAME}:29418/All-Projects -#checkout project.config -git fetch -q origin refs/meta/config:refs/remotes/origin/meta/config -git checkout meta/config - -#add label.Verified -git config -f project.config label.Verified.function MaxWithBlock -git config -f project.config --add label.Verified.defaultValue 0 -git config -f project.config --add label.Verified.value "-1 Fails" -git config -f project.config --add label.Verified.value "0 No score" -git config -f project.config --add label.Verified.value "+1 Verified" -##commit and push back -git commit -a -m "Added label - Verified" - -#Change global access right -##Remove anonymous access right. -git config -f project.config --unset access.refs/*.read "group Anonymous Users" -##add Jenkins access and verify right -git config -f project.config --add access.refs/heads/*.read "group Non-Interactive Users" -git config -f project.config --add access.refs/tags/*.read "group Non-Interactive Users" -git config -f project.config --add access.refs/heads/*.label-Code-Review "-1..+1 group Non-Interactive Users" -git config -f project.config --add access.refs/heads/*.label-Verified "-1..+1 group Non-Interactive Users" -##add project owners' right to add verify flag -git config -f project.config --add access.refs/heads/*.label-Verified "-1..+1 group Project Owners" -##commit and push back -git commit -a -m "Change access right." -m "Add access right for Jenkins. Remove anonymous access right" -git push origin meta/config:meta/config - -#stop ssh agent -kill ${SSH_AGENT_PID} - -cd - -rm -rf ${CHECKOUT_DIR} -[ -d ${CHECKOUT_DIR}.$$ ] && mv ${CHECKOUT_DIR}.$$ ${CHECKOUT_DIR} - -echo "finish gerrit setup" diff --git a/gerrit/sources.list b/gerrit/sources.list new file mode 100644 index 0000000..16d9236 --- /dev/null +++ b/gerrit/sources.list @@ -0,0 +1,19 @@ +# deb cdrom:[Ubuntu 16.04 LTS _Xenial Xerus_ - Release amd64 (20160420.1)]/ xenial main restricted +deb-src http://archive.ubuntu.com/ubuntu xenial main restricted #Added by software-properties +deb http://mirrors.aliyun.com/ubuntu/ xenial main restricted +deb-src http://mirrors.aliyun.com/ubuntu/ xenial main restricted multiverse universe #Added by software-properties +deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted +deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted multiverse universe #Added by software-properties +deb http://mirrors.aliyun.com/ubuntu/ xenial universe +deb http://mirrors.aliyun.com/ubuntu/ xenial-updates universe +deb http://mirrors.aliyun.com/ubuntu/ xenial multiverse +deb http://mirrors.aliyun.com/ubuntu/ xenial-updates multiverse +deb http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse +deb-src http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse #Added by software-properties +deb http://archive.canonical.com/ubuntu xenial partner +deb-src http://archive.canonical.com/ubuntu xenial partner +deb http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted +deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted multiverse universe #Added by software-properties +deb http://mirrors.aliyun.com/ubuntu/ xenial-security universe +deb http://mirrors.aliyun.com/ubuntu/ xenial-security multiverse + diff --git a/gerrit/upgradeGerrit.sh b/gerrit/upgradeGerrit.sh deleted file mode 100755 index e03c6b6..0000000 --- a/gerrit/upgradeGerrit.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/bash -set -e -GERRIT_WEBURL=${GERRIT_WEBURL:-$1} -LDAP_SERVER=${LDAP_SERVER:-$2} -LDAP_ACCOUNTBASE=${LDAP_ACCOUNTBASE:-$3} -SMTP_SERVER=${SMTP_SERVER:-$4} -USER_EMAIL=${USER_EMAIL:-$5} -SMTP_USER=${SMTP_USER:$6} -SMTP_PASS=${SMTP_PASS:$7} -HTTPD_LISTENURL=${HTTPD_LISTENURL:-http://*:8080} -GERRIT_NAME=${GERRIT_NAME:-gerrit} -GERRIT_VOLUME=${GERRIT_VOLUME:-gerrit-volume} -PG_GERRIT_NAME=${PG_GERRIT_NAME:-pg-gerrit} -GERRIT_IMAGE_NAME=${GERRIT_IMAGE_NAME:-openfrontier/gerrit} -CI_NETWORK=${CI_NETWORK:-ci-network} - -# Stop and Delete gerrit container. -if [ -z "$(docker ps -a | grep ${GERRIT_VOLUME})" ]; then - echo "${GERRIT_VOLUME} does not exist." - exit 1 -elif [ -z "$(docker ps -a | grep ${PG_GERRIT_NAME})" ]; then - echo "${PG_GERRIT_NAME} does not exist." - exit 1 -elif [ -n "$(docker ps | grep ${GERRIT_NAME} | grep -v ${PG_GERRIT_NAME})" ]; then - docker stop ${GERRIT_NAME} -fi -if [ -n "$(docker ps -a | grep ${GERRIT_NAME} | grep -v ${GERRIT_VOLUME} | grep -v ${PG_GERRIT_NAME})" ]; then - docker rm -v ${GERRIT_NAME} -fi - -# Start Gerrit. -docker run \ ---name ${GERRIT_NAME} \ ---net ${CI_NETWORK} \ --p 29418:29418 \ ---volumes-from ${GERRIT_VOLUME} \ --e WEBURL=${GERRIT_WEBURL} \ --e HTTPD_LISTENURL=${HTTPD_LISTENURL} \ --e DATABASE_TYPE=postgresql \ --e AUTH_TYPE=LDAP \ --e LDAP_SERVER=${LDAP_SERVER} \ --e LDAP_ACCOUNTBASE=${LDAP_ACCOUNTBASE} \ --e SMTP_SERVER=${SMTP_SERVER} \ --e SMTP_USER=${SMTP_USER} \ --e SMTP_PASS=${SMTP_PASS} \ --e USER_EMAIL=${USER_EMAIL} \ --e GERRIT_INIT_ARGS='--install-plugin=download-commands' \ ---restart=unless-stopped \ --d ${GERRIT_IMAGE_NAME} - -- GitLab