Skip to content

Commit

Permalink
Deployment pipeline.
Browse files Browse the repository at this point in the history
  • Loading branch information
casey-rapnicki-bixal committed Oct 28, 2024
1 parent d4be6fc commit 2bcf7c7
Show file tree
Hide file tree
Showing 26 changed files with 1,237 additions and 0 deletions.
48 changes: 48 additions & 0 deletions .github/workflows/build-and-deploy.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
name: Build and deploy

on:
push:
branches:
- develop
- main
- feature/dg-98-build-and-configure-pipeline

permissions:
contents: read
packages: write

jobs:
php-lint:
name: PHP Lint
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Nodejs
uses: actions/setup-node@v4
- name: Set env.BRANCH
run: |
echo "BRANCH=$(echo $GITHUB_REF | cut -d'/' -f 3)" >> $GITHUB_ENV
- name: Build Node
run: ./orch/build_node.sh
- name: Install PHP
run: bash ./scripts/pipeline/deb-php-install.sh
- name: Install Linters and Sniffers
run: |
composer global config --no-plugins allow-plugins.dealerdirect/phpcodesniffer-composer-installer false
composer global require --dev drupal/coder php-parallel-lint/php-parallel-lint squizlabs/php_codesniffer=*
COMPOSER_DIR=$(composer -n config --global home)
$COMPOSER_DIR/vendor/bin/phpcs --config-set installed_paths $COMPOSER_DIR/vendor/drupal/coder/coder_sniffer,$COMPOSER_DIR/vendor/sirbrillig/phpcs-variable-analysis,$COMPOSER_DIR/vendor/slevomat/coding-standard
mkdir -p /tmp/results
touch /tmp/results/php-lint.log
touch /tmp/results/php-cs.log
touch /tmp/results/theme-lint.log
- name: PHP Lint
run: |
COMPOSER_DIR=$(composer -n config --global home)
$COMPOSER_DIR/vendor/bin/parallel-lint -e php,module,inc,install,test,profile,theme ./digital-gov-drupal
- name: PHP CodeSniff (Ignore warnings)
run: |
COMPOSER_DIR=$(composer -n config --global home)
$COMPOSER_DIR/vendor/bin/phpcs --standard=./digital-gov-drupal/.phpcs.xml.dist -v --warning-severity=0 ./digital-gov-drupal
39 changes: 39 additions & 0 deletions scripts/bash_exports.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
#! /bin/bash

export SECRETS=$(echo $VCAP_SERVICES | jq -r '.["user-provided"][] | select(.name == "secrets") | .credentials')
export SECAUTHSECRETS=$(echo $VCAP_SERVICES | jq -r '.["user-provided"][] | select(.name == "secauthsecrets") | .credentials')

export APP_NAME=$(echo $VCAP_APPLICATION | jq -r '.name')
export APP_ROOT=$(dirname "$0")
export APP_ID=$(echo "$VCAP_APPLICATION" | jq -r '.application_id')

export DB_NAME=$(echo $VCAP_SERVICES | jq -r '.["aws-rds"][] | .credentials.db_name')
export DB_USER=$(echo $VCAP_SERVICES | jq -r '.["aws-rds"][] | .credentials.username')
export DB_PW=$(echo $VCAP_SERVICES | jq -r '.["aws-rds"][] | .credentials.password')
export DB_HOST=$(echo $VCAP_SERVICES | jq -r '.["aws-rds"][] | .credentials.host')
export DB_PORT=$(echo $VCAP_SERVICES | jq -r '.["aws-rds"][] | .credentials.port')

export ADMIN_EMAIL=$(echo $SECRETS | jq -r '.ADMIN_EMAIL')

export ENV=$(echo "$VCAP_APPLICATION" | jq -r '.space_name' | rev | cut -d- -f1 | rev)

export S3_BUCKET=$(echo "$VCAP_SERVICES" | jq -r '.["s3"][]? | select(.name == "storage") | .credentials.bucket')
export S3_ENDPOINT=$(echo "$VCAP_SERVICES" | jq -r '.["s3"][]? | select(.name == "storage") | .credentials.fips_endpoint')

export SPACE=$(echo $VCAP_APPLICATION | jq -r '.["space_name"]')
export WWW_HOST=${WWW_HOST:-$(echo $VCAP_APPLICATION | jq -r '.["application_uris"][]' | grep 'beta\|www' | tr '\n' ' ')}
export CMS_HOST=${CMS_HOST:-$(echo $VCAP_APPLICATION | jq -r '.["application_uris"][]' | grep cms | tr '\n' ' ')}
if [ -z "$WWW_HOST" ]; then
export WWW_HOST="*.app.cloud.gov"
elif [ -z "$CMS_HOST" ]; then
export CMS_HOST=$(echo $VCAP_APPLICATION | jq -r '.["application_uris"][]' | head -n 1)
fi

export S3_ROOT_WEB=${S3_ROOT_WEB:-/web}
export S3_ROOT_CMS=${S3_ROOT_CMS:-/cms/public}
export S3_HOST=${S3_HOST:-$S3_BUCKET.$S3_ENDPOINT}
export S3_PROXY_WEB=${S3_PROXY_WEB:-$S3_HOST$S3_ROOT_WEB}
export S3_PROXY_CMS=${S3_PROXY_CMS:-$S3_HOST$S3_ROOT_CMS}
export S3_PROXY_PATH_CMS=${S3_PROXY_PATH_CMS:-/s3/files}

export DNS_SERVER=${DNS_SERVER:-$(grep -i '^nameserver' /etc/resolv.conf|head -n1|cut -d ' ' -f2)}
76 changes: 76 additions & 0 deletions scripts/bootstrap.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
#!/bin/bash
set -uo pipefail

## Export proxy servers.
export http_proxy=$(echo ${VCAP_SERVICES} | jq -r '."user-provided"[].credentials.proxy_uri')
export https_proxy=$(echo ${VCAP_SERVICES} | jq -r '."user-provided"[].credentials.proxy_uri')

export home="/home/vcap"
export app_path="${home}/app"
export apt_path="${home}/deps/0/apt"

echo $VCAP_SERVICES | jq -r '."user-provided"[].credentials.ca_certificate' | base64 -d > ${app_path}/ca_certificate.pem
echo $VCAP_SERVICES | jq -r '."user-provided"[].credentials.ca_key' | base64 -d > ${app_path}/ca_key.pem

chmod 600 ${app_path}/ca_certificate.pem
chmod 600 ${app_path}/ca_key.pem

if [ -z "${VCAP_SERVICES:-}" ]; then
echo "VCAP_SERVICES must a be set in the environment: aborting bootstrap";
exit 1;
fi

## NewRelic configuration
export newrelic_apt="${apt_path}/usr/lib/newrelic-php5"
export newrelic_app="${app_path}/newrelic/"

rm -rf ${newrelic_app}/agent
ln -s ${newrelic_apt}/agent ${newrelic_app}/agent

rm -f ${newrelic_app}/daemon/newrelic-daemon.x64
ln -s ${apt_path}/usr/bin/newrelic-daemon ${newrelic_app}/daemon/newrelic-daemon.x64

rm -f ${app_path}/newrelic/scripts/newrelic-iutil.x64
ln -s ${newrelic_apt}/scripts/newrelic-iutil.x64 ${newrelic_app}/scripts/newrelic-iutil.x64

echo 'newrelic.daemon.collector_host=gov-collector.newrelic.com' >> ${app_path}/php/etc/php.ini

source ${app_path}/scripts/bash_exports.sh

if [ ! -f ./container_start_timestamp ]; then
touch ./container_start_timestamp
chmod a+r ./container_start_timestamp
echo "$(date +'%s')" > ./container_start_timestamp
fi

dirs=( "${HOME}/private" "${HOME}/web/sites/default/files" )

for dir in $dirs; do
if [ ! -d $dir ]; then
echo "Creating ${dir} directory ... "
mkdir $dir
chown vcap. $dir
fi
done

## Updated ~/.bashrc to update $PATH when someone logs in.
[ -z $(cat ${home}/.bashrc | grep PATH) ] && \
touch ${home}/.bashrc && \
echo "export http_proxy=${http_proxy}" >> ${home}/.bashrc && \
echo "export https_proxy=${https_proxy}" >> ${home}/.bashrc && \
echo "alias nano=\"${home}/deps/0/apt/bin/nano\"" >> ${home}/.bashrc && \
echo "PATH=$PATH:/home/vcap/app/php/bin:/home/vcap/app/vendor/drush/drush" >> /home/vcap/.bashrc

source ${home}/.bashrc

echo "Installing awscli..."
{
curl -S "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "/tmp/awscliv2.zip"
unzip -qq /tmp/awscliv2.zip -d /tmp/
/tmp/aws/install --bin-dir ${home}/deps/0/bin --install-dir ${home}/deps/0/usr/local/aws-cli
rm -rf /tmp/awscliv2.zip /tmp/aws
} >/dev/null 2>&1

# if [ "${CF_INSTANCE_INDEX:-''}" == "0" ]; then
# ${app_path}/scripts/post-deploy
# fi
113 changes: 113 additions & 0 deletions scripts/download_backup.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,113 @@
#!/bin/bash

set -e

if [ "$(uname -s)" = "Darwin" ]; then
if ! hash brew 2>/dev/null ; then
echo "Please install Homebrew:
/bin/bash -c \"\$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)\""
echo
echo "NOTE: You will need sudoer permission."
echo "Linux: https://linuxize.com/post/how-to-add-user-to-sudoers-in-ubuntu/"
echo "MacOS: https://osxdaily.com/2014/02/06/add-user-sudoers-file-mac/"
exit 1
fi

if ! hash gdate 2>/dev/null ; then
echo "Please install GNU coreutils:
Homebrew:
brew install coreutils"
exit 1
fi
fi

if ! hash cf 2>/dev/null ; then
echo "Please install cf version 8:
Linux: https://docs.cloudfoundry.org/cf-cli/install-go-cli.html
Homebrew:
brew tap cloudfoundry/tap
brew install cf-cli@8"
exit 1
elif [[ "$(cf --version)" != *"cf version 8."* ]]; then
echo "Please install cf version 8:
Linux: https://docs.cloudfoundry.org/cf-cli/install-go-cli.html
Homebrew:
brew uninstall cf-cli
brew tap cloudfoundry/tap
brew install cf-cli@8"
exit 1
fi

if ! hash jq 2>/dev/null ; then
echo "Please install jq:
Linux: https://jqlang.github.io/jq/download/
Homebrew:
brew install jq"
exit 1
fi

# change which date command is used based on host OS
date_command=''

if [ "$(uname -s)" == "Darwin" ]; then
date_command=gdate
else
date_command=date
fi

help(){
echo "Usage: $0 [options]" >&2
echo
echo " -b The name of the S3 bucket with the backup."
echo " -e Environment of backup to download."
echo " -s Name of the space the backup bucket is in."
echo " -d Date to retrieve backup from. Acceptable values
are 'latest' or in 'YYYY-MM-DD' format and no
more than 15 days ago."
}

RED='\033[0;31m'
NC='\033[0m'

while getopts 'b:e:s:d:' flag; do
case ${flag} in
b) backup_bucket=${OPTARG} ;;
e) env=${OPTARG} ;;
s) space=${OPTARG} ;;
d) retrieve_date=${OPTARG} ;;
*) help && exit 1 ;;
esac
done

[[ -z "${backup_bucket}" ]] && help && echo -e "\n${RED}Error: Missing -b flag.${NC}" && exit 1
[[ -z "${env}" ]] && help && echo -e "\n${RED}Error: Missing -e flag.${NC}" && exit 1
[[ -z "${space}" ]] && help && echo -e "\n${RED}Error: Missing -s flag.${NC}" && exit 1
[[ -z "${retrieve_date}" ]] && help && echo -e "\n${RED}Error: Missing -d flag.${NC}" && exit 1

echo "Getting backup bucket credentials..."
{
cf target -s "${space}"

export service="${backup_bucket}"
export service_key="${service}-key"
cf delete-service-key "${service}" "${service_key}" -f
cf create-service-key "${service}" "${service_key}"
sleep 2
export s3_credentials=$(cf service-key "${service}" "${service_key}" | tail -n +2)

export AWS_ACCESS_KEY_ID=$(echo "${s3_credentials}" | jq -r '.credentials.access_key_id')
export bucket=$(echo "${s3_credentials}" | jq -r '.credentials.bucket')
export AWS_DEFAULT_REGION=$(echo "${s3_credentials}" | jq -r '.credentials.region')
export AWS_SECRET_ACCESS_KEY=$(echo "${s3_credentials}" | jq -r '.credentials.secret_access_key')

} >/dev/null 2>&1

echo "Downloading backup..."
{

aws s3 cp s3://${bucket}/${env}/${retrieve_date}.tar.gz . --no-verify-ssl 2>/dev/null
cf delete-service-key "${service}" "${service_key}" -f

} >/dev/null 2>&1

echo "File saved: ${retrieve_date}.tar.gz"
4 changes: 4 additions & 0 deletions scripts/entrypoint
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
#!/bin/bash

## Simple script to hold the container open.
while : ; do sleep 60m ; done
Loading

0 comments on commit 2bcf7c7

Please sign in to comment.