feat: 签名模块后台逻辑优化 TencentBlueKing#4885

royalhuang · Aug 16, 2021 · e3f8707 · e3f8707
1 parent a13dc12
commit e3f8707
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 19 deletions.
diff --git a/...end/ci/core/sign/biz-sign/src/main/kotlin/com/tencent/devops/sign/impl/SignServiceImpl.kt b/...end/ci/core/sign/biz-sign/src/main/kotlin/com/tencent/devops/sign/impl/SignServiceImpl.kt
@@ -337,7 +337,8 @@ class SignServiceImpl @Autowired constructor(
         return SignUtils.resignAppWildcard(
             appDir = appDir,
             certId = ipaSignInfo.certId,
-            wildcardInfo = wildcardInfo
+            wildcardInfo = wildcardInfo,
+            replaceKeyList = ipaSignInfo.replaceKeyList
         )
     }
 

diff --git a/...ci/core/sign/biz-sign/src/main/kotlin/com/tencent/devops/sign/service/AsyncSignService.kt b/...ci/core/sign/biz-sign/src/main/kotlin/com/tencent/devops/sign/service/AsyncSignService.kt
@@ -32,6 +32,7 @@ import com.tencent.devops.sign.api.pojo.IpaSignInfo
 import com.tencent.devops.sign.jmx.SignBean
 import org.slf4j.LoggerFactory
 import org.springframework.beans.factory.DisposableBean
+import org.springframework.beans.factory.annotation.Value
 import org.springframework.scheduling.annotation.Scheduled
 import org.springframework.stereotype.Service
 import java.io.File
@@ -48,13 +49,19 @@ class AsyncSignService(
     private val signBean: SignBean
 ) : DisposableBean {
 
+    @Value("\${bkci.sign.taskPoolSize:#{null}}")
+    private val taskPoolSize: Int? = null
+
+    @Value("\${bkci.sign.taskQueueSize:#{null}}")
+    private val taskQueueSize: Int? = null
+
     // 线程池队列和线程上限保持一致，并保持有一个活跃线程
     private val signExecutorService = ThreadPoolExecutor(
-        10,
-        10,
+        taskPoolSize ?: 10,
+        taskPoolSize ?: 10,
         0L,
         TimeUnit.MILLISECONDS,
-        LinkedBlockingQueue(100)
+        LinkedBlockingQueue(taskQueueSize ?: 5)
     )
 
     fun asyncSign(
@@ -105,8 +112,10 @@ class AsyncSignService(
         }
     }
 
-    @Scheduled(cron = "0/10 * *  * * ? ")
+    @Scheduled(cron = "0/30 * *  * * ? ")
     fun flushTaskStatus() {
+        logger.info("SIGN|signExecutorService|activeCount=${signExecutorService.activeCount}" +
+            "|taskCount=${signExecutorService.taskCount}|queueSize=${signExecutorService.queue.size}")
         signBean.flushStatus(
             activeCount = signExecutorService.activeCount,
             taskCount = signExecutorService.taskCount,

diff --git a/...kend/ci/core/sign/biz-sign/src/main/kotlin/com/tencent/devops/sign/service/SignService.kt b/...kend/ci/core/sign/biz-sign/src/main/kotlin/com/tencent/devops/sign/service/SignService.kt
@@ -36,7 +36,7 @@ import java.io.InputStream
 interface SignService {
 
     /*
-    * 对ipa文件进行签名，并归档
+    * 接受文件上传并解码签名信息
     * */
     fun uploadIpaAndDecodeInfo(
         resignId: String,

diff --git a/src/backend/ci/core/sign/biz-sign/src/main/kotlin/com/tencent/devops/sign/utils/SignUtils.kt b/src/backend/ci/core/sign/biz-sign/src/main/kotlin/com/tencent/devops/sign/utils/SignUtils.kt
@@ -30,6 +30,7 @@ package com.tencent.devops.sign.utils
 import com.dd.plist.NSDictionary
 import com.dd.plist.NSObject
 import com.dd.plist.PropertyListParser
+import com.tencent.devops.common.api.util.script.CommandLineUtils
 import com.tencent.devops.common.service.utils.ZipUtil
 import com.tencent.devops.sign.api.pojo.MobileProvisionInfo
 import org.slf4j.LoggerFactory
@@ -70,15 +71,16 @@ object SignUtils {
     fun resignAppWildcard(
         appDir: File,
         certId: String,
-        wildcardInfo: MobileProvisionInfo
+        wildcardInfo: MobileProvisionInfo,
+        replaceKeyList: Map<String, String>?
     ): Boolean {
         if (!appDir.isDirectory || !appDir.extension.contains("app")) {
             logger.error("App directory $appDir is invalid.")
             return false
         }
         try {
             // 通配符签名统一不做Bundle替换
-            overwriteInfo(appDir, wildcardInfo, false)
+            overwriteInfo(appDir, wildcardInfo, false, replaceKeyList)
 
             // 扫描是否有其他待签目录
             val needResignDirs = scanNeedResignFiles(appDir)
@@ -87,21 +89,22 @@ object SignUtils {
                     when {
                         // 如果是个拓展则递归进入进行重签
                         subFile.isDirectory && subFile.extension.contains("app") -> {
-                            resignAppWildcard(subFile, certId, wildcardInfo)
+                            resignAppWildcard(subFile, certId, wildcardInfo, replaceKeyList)
                         }
 
                         // 如果是个framework则在做一次下层目录扫描
                         subFile.isDirectory && subFile.extension.contains("framework") -> {
                             resignFramework(
                                 frameworkDir = subFile,
                                 certId = certId,
-                                info = wildcardInfo
+                                info = wildcardInfo,
+                                replaceKeyList = replaceKeyList
                             )
                         }
 
                         // 如果不是app或framework目录，则使用主描述文件进行重签
                         else -> {
-                            overwriteInfo(subFile, wildcardInfo, false)
+                            overwriteInfo(subFile, wildcardInfo, false, replaceKeyList)
                             codesignFile(certId, subFile.absolutePath)
                         }
                     }
@@ -133,9 +136,9 @@ object SignUtils {
         infoMap: Map<String, MobileProvisionInfo>,
         appName: String,
         replaceBundleId: Boolean,
+        replaceKeyList: Map<String, String>?,
         keychainAccessGroups: List<String>? = null,
-        universalLinks: List<String>? = null,
-        replaceKeyList: Map<String, String>? = null
+        universalLinks: List<String>? = null
     ): Boolean {
         val info = infoMap[appName]
         if (info == null) {
@@ -214,7 +217,7 @@ object SignUtils {
         frameworkDir: File,
         certId: String,
         info: MobileProvisionInfo,
-        replaceKeyList: Map<String, String>? = null
+        replaceKeyList: Map<String, String>?
     ): Boolean {
         if (!frameworkDir.isDirectory || !frameworkDir.extension.contains("framework")) {
             logger.error("The framework directory $frameworkDir is invalid.")
@@ -241,9 +244,9 @@ object SignUtils {
     }
 
     fun unzipIpa(ipaFile: File, unzipIpaDir: File) {
-        val cmd = "/usr/bin/unzip -o ${ipaFile.canonicalPath} -d ${unzipIpaDir.canonicalPath}"
+        val cmd = "/usr/bin/jar -xvf ${ipaFile.canonicalPath}"
         logger.info("[unzipIpa] $cmd")
-        runtimeExec(cmd)
+        CommandLineUtils.execute(cmd, unzipIpaDir, true)
     }
 
     fun zipIpaFile(unzipDir: File, ipaPath: String): File? {
@@ -265,7 +268,7 @@ object SignUtils {
         resignDir: File,
         info: MobileProvisionInfo,
         replaceBundle: Boolean,
-        replaceKeyList: Map<String, String>? = null
+        replaceKeyList: Map<String, String>?
     ) {
         if (!resignDir.exists()) return
 

diff --git a/...nd/ci/core/sign/biz-sign/src/test/kotlin/com/tencent/devops/sign/utils/IpaSignUtilTest.kt b/...nd/ci/core/sign/biz-sign/src/test/kotlin/com/tencent/devops/sign/utils/IpaSignUtilTest.kt
@@ -28,7 +28,7 @@
 package com.tencent.devops.sign.utils
 
 import com.tencent.devops.common.api.util.FileUtil
-import junit.framework.Assert.assertEquals
+import org.junit.Assert
 import org.junit.Test
 import java.io.File
 
@@ -51,7 +51,7 @@ class IpaSignUtilTest {
         val inputStream = File(inputStreamFile).inputStream()
         val outputStreamFile = File(outputStreamStreamFile)
         val md5 = IpaFileUtil.copyInputStreamToFile(inputStream, outputStreamFile)
-        assertEquals(FileUtil.getMD5(testFile), md5)
+        Assert.assertEquals(FileUtil.getMD5(testFile), md5)
         if (!exists) {
             testFile.delete()
         }