Merge pull request #83 from CommunityHoneyNetwork/feature-dockerhub-d…

…eploy Feature - dockerhub deploy
CommunityHoneyNetwork · Nov 27, 2018 · 4eecf1f · 4eecf1f
2 parents ae0e5f5 + 6a42edf
commit 4eecf1f
Show file tree

Hide file tree

Showing 6 changed files with 59 additions and 78 deletions.
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -3,6 +3,7 @@ stages:
   - test
   - build
   - integration_testing
+  - deploy
 
 variables:
   DOCKER_DRIVER: overlay2
@@ -19,7 +20,6 @@ pep8:
 
   before_script:
     - flake8 --version
-
   script:
     - flake8 .
 
@@ -30,29 +30,11 @@ build_container:
   services:
     - docker:stable-dind
   script:
+    - sudo ntpdate pool.ntp.org
     - sudo docker login -u "gitlab-ci-token" -p "${CI_BUILD_TOKEN}" ${CI_REGISTRY}
-    - sudo docker build --pull -t "${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG}" -f Dockerfile-centos .
+    - sudo docker build --pull -t "${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG}" .
     - sudo docker push "${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG}"
 
-.dependency_scanning:
-   image: docker:stable
-   variables:
-     DOCKER_DRIVER: overlay2
-   allow_failure: true
-   services:
-     - docker:stable-dind
-   tags:
-     - dependency_scanning
-   script:
-     - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
-     - sudo docker run
-         --env DEP_SCAN_DISABLE_REMOTE_CHECKS="${DEP_SCAN_DISABLE_REMOTE_CHECKS:-false}"
-         --volume "$PWD:/code"
-         --volume /var/run/docker.sock:/var/run/docker.sock
-         "registry.gitlab.com/gitlab-org/security-products/dependency-scanning:$SP_VERSION" /code
-   artifacts:
-     paths: [gl-dependency-scanning-report.json]
-
 sast:
   image: docker:stable
   tags:
@@ -68,33 +50,19 @@ sast:
         --volume /var/run/docker.sock:/var/run/docker.sock
         "registry.gitlab.com/gitlab-org/security-products/sast:$SP_VERSION" /app/bin/run /code
   artifacts:
-    paths: [gl-sast-report.json]
-
-.license_management:
-  image: docker:stable
-  stage: test
-  tags:
-    - license_management
-  allow_failure: true
-  services:
-    - docker:stable-dind
-  script:
-    - export LICENSE_MANAGEMENT_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
-    - sudo docker run
-        --volume "$PWD:/code"
-        "registry.gitlab.com/gitlab-org/security-products/license-management:$LICENSE_MANAGEMENT_VERSION" analyze /code
-  artifacts:
-    paths: [gl-license-management-report.json]
+    reports:
+      sast: gl-sast-report.json
 
 infra_testing:
   image: docker:stable
   stage: integration_testing
-  allow_failure: true
+# allow_failure: true
   services:
     - docker:stable-dind
   tags:
-    - container_scanning
+    - stingar
   script:
+    - sudo ntpdate pool.ntp.org
     - sudo py.test .
 
 container_scanning:
@@ -121,4 +89,28 @@ container_scanning:
     - while( ! wget -T 10 -q -O /dev/null http://127.0.0.1:6060/v1/namespaces ) ; do sleep 1 ; echo -n "." ; if [ $retries -eq 10 ] ; then echo " Timeout, aborting." ; exit 1 ; fi ; retries=$(($retries+1)) ; done
     - sudo ./clair-scanner -c http://127.0.0.1:6060 --ip "$(hostname -I | awk '{print $1}')" -r gl-container-scanning-report.json -l clair.log -w clair-whitelist.yml ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} || true
   artifacts:
-    paths: [gl-container-scanning-report.json]
+    reports:
+      container_scanning: 'gl-container-scanning-report.json'
+
+deploy_dockerhub:
+  image: docker:stable
+  stage: deploy
+  tags:
+    - stingar
+  only:
+    - /(^v\d+(.\d+){1,2}$|^latest$)/
+  script:
+    - sudo docker login -u "gitlab-ci-token" -p "${CI_BUILD_TOKEN}" ${CI_REGISTRY}
+    - sudo docker pull ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG}
+    - sudo docker logout
+    - export DOCKER_TAG=$(echo $CI_BUILD_REF_NAME | sed -E 's/^v?([[:digit:]]+(.[[:digit:]]+){1,2}|latest)$/\1/g')
+    - export PROJECT_PATH=$(echo ${CI_PROJECT_PATH} | tr '[:upper:]' '[:lower:]')
+    - env
+    - echo docker tag ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} ${PROJECT_PATH}:$DOCKER_TAG
+    - sudo docker tag ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} ${PROJECT_PATH}:$DOCKER_TAG
+    - export VAULT_TOKEN=$(vault write -field=token auth/approle/login role_id=${VAULT_ROLE_ID} secret_id=${VAULT_SECRET_ID})
+    - export DOCKER_USERNAME=$(vault read -field=username secret/stingar/dockerhub-account)
+    - export DOCKER_PASSWORD=$(vault read -field=password secret/stingar/dockerhub-account)
+    - sudo docker login -u "$DOCKER_USERNAME" --password "${DOCKER_PASSWORD}"
+    - sudo docker push ${PROJECT_PATH}:$DOCKER_TAG
+    - sudo docker logout
diff --git a/Dockerfile-ubuntu → Dockerfile b/Dockerfile-ubuntu → Dockerfile
@@ -11,6 +11,7 @@ LABEL changelog-url "https://github.com/CommunityHoneyNetwork/communityhoneynetw
 
 ENV playbook "chnserver.yml"
 
+RUN date
 RUN apt-get update \
       && apt-get install -y ansible
 

diff --git a/Dockerfile-centos b/Dockerfile-centos
diff --git a/chnserver.yml b/chnserver.yml
@@ -18,6 +18,19 @@
           file: default.yml
         tags: vars
 
+      - name: Check date
+        shell: date
+        register: date_thing
+
+      - debug:
+          var: date_thing
+
+      - name: Update apt cache
+        apt:
+          update_cache: true
+          cache_valid_time: 3600
+        when: ansible_os_family == 'Debian'
+
       - name: CHN Server | install dependency packages
         package:
           name: "{{ item }}"

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,19 +1,8 @@
 version: '2'
 services:
-  centos:
-    build:
-      context: .
-      dockerfile: Dockerfile-centos
-    image: chnserver:centos
-    ports:
-      - "127.0.0.1:80:80"
-      - "127.0.0.1:443:443"
-    env_file:
-      - .development.env
   ubuntu:
     build:
       context: .
-      dockerfile: Dockerfile-ubuntu
     image: chnserver:ubuntu
     ports:
       - "127.0.0.1:80:80"

diff --git a/tests/test_default.py b/tests/test_default.py
@@ -1,28 +1,35 @@
 import pytest
 import subprocess
 import testinfra
+import os
 import time
+import sys
+
 
 # scope='session' uses the same container for all the tests;
 # scope='function' uses a new container per test function.
 @pytest.fixture(scope='session')
 def host(request):
-    # build local
-    ## TODO: Pull in previously built image from registry, if in CI
-    subprocess.check_call(['docker', 'build', '-t', 'chn-server-test', '-f',
-                           'Dockerfile-ubuntu', '.'])
+    # build locally
+    sys.stderr.write("Building locally\n")
+    subprocess.check_call([
+        'docker', 'build', '-t', 'chn-server-test',
+        '-f', 'Dockerfile', '.'])
     # run a container
     docker_id = subprocess.check_output(
         ['docker', 'run', '-d', 'chn-server-test']).decode().strip()
     # return a testinfra connection to the container
     yield testinfra.get_host("docker://" + docker_id)
+
+    subprocess.check_output(["docker", "exec", docker_id, "date"])
+
     # at the end of the test suite, destroy the container
     subprocess.check_call(['docker', 'rm', '-f', docker_id])
 
 
 def test_ports_listening(host):
     print("Testing testing")
-    ## Sleep a few seconds until things come up
+    # Sleep a few seconds until things come up
     time.sleep(15)
     print(host.check_output("netstat -anlpt"))
     print(host.socket.get_listening_sockets())