diff options
Diffstat (limited to '.ci/docker')
-rw-r--r-- | .ci/docker/.dockerignore | 5 | ||||
-rw-r--r-- | .ci/docker/client/etc/my_repos.py | 6 | ||||
-rw-r--r-- | .ci/docker/client/var/output/.gitignore | 1 | ||||
-rw-r--r-- | .ci/docker/docker-compose.yml | 16 | ||||
-rw-r--r-- | .ci/docker/server/Dockerfile | 22 | ||||
-rwxr-xr-x | .ci/docker/server/setup_repo.sh | 29 | ||||
-rw-r--r-- | .ci/docker/ssh/client_key | 8 | ||||
-rw-r--r-- | .ci/docker/ssh/client_key.pub | 1 | ||||
-rw-r--r-- | .ci/docker/ssh/server_key | 7 | ||||
-rw-r--r-- | .ci/docker/ssh/server_key.pub | 1 | ||||
-rwxr-xr-x | .ci/docker/test.sh | 132 |
11 files changed, 228 insertions, 0 deletions
diff --git a/.ci/docker/.dockerignore b/.ci/docker/.dockerignore new file mode 100644 index 0000000..c0cb0ce --- /dev/null +++ b/.ci/docker/.dockerignore @@ -0,0 +1,5 @@ +* + +!/server/** +/server/Dockerfile +!/ssh/** diff --git a/.ci/docker/client/etc/my_repos.py b/.ci/docker/client/etc/my_repos.py new file mode 100644 index 0000000..9d90f21 --- /dev/null +++ b/.ci/docker/client/etc/my_repos.py @@ -0,0 +1,6 @@ +from cgit.repos.repo import Repo + + +MY_REPOS = ( + Repo('test_repo', clone_url='root@server:~/test_repo'), +) diff --git a/.ci/docker/client/var/output/.gitignore b/.ci/docker/client/var/output/.gitignore new file mode 100644 index 0000000..355164c --- /dev/null +++ b/.ci/docker/client/var/output/.gitignore @@ -0,0 +1 @@ +*/ diff --git a/.ci/docker/docker-compose.yml b/.ci/docker/docker-compose.yml new file mode 100644 index 0000000..2b27bdd --- /dev/null +++ b/.ci/docker/docker-compose.yml @@ -0,0 +1,16 @@ +version: '3' +services: + server: + build: + context: . + dockerfile: server/Dockerfile + image: server + client: + build: + context: ../.. + dockerfile: Dockerfile + image: client + volumes: + - ./client/etc/:/etc/cgit-repos:ro + - "$SSH_AUTH_SOCK:/var/run/cgit-repos/ssh-agent.sock" + - ./client/var/output:/var/tmp/cgit-repos/output diff --git a/.ci/docker/server/Dockerfile b/.ci/docker/server/Dockerfile new file mode 100644 index 0000000..a6283d0 --- /dev/null +++ b/.ci/docker/server/Dockerfile @@ -0,0 +1,22 @@ +FROM alpine:3.11 + +RUN apk --no-cache add bash git openssh-server && \ + echo 'root:root' | chpasswd && \ + git config --global user.name 'John Doe' && \ + git config --global user.email 'John.Doe@example.com' && \ + sed -ri 's/^#?PermitRootLogin\s+.*/PermitRootLogin yes/' /etc/ssh/sshd_config + +WORKDIR /root + +COPY ["ssh/server_key", "/etc/ssh/ssh_host_ed25519_key"] +COPY ["ssh/server_key.pub", "/etc/ssh/ssh_host_ed25519_key.pub"] +COPY ["ssh/client_key.pub", "./.ssh/authorized_keys"] + +RUN chmod 0600 -- /etc/ssh/ssh_host_ed25519_key && \ + chmod 0700 -- ./.ssh/ && \ + chmod 0600 -- ./.ssh/authorized_keys + +COPY ["server/setup_repo.sh", "./"] +RUN ./setup_repo.sh + +CMD ["/usr/sbin/sshd", "-D"] diff --git a/.ci/docker/server/setup_repo.sh b/.ci/docker/server/setup_repo.sh new file mode 100755 index 0000000..82ae711 --- /dev/null +++ b/.ci/docker/server/setup_repo.sh @@ -0,0 +1,29 @@ +#!/usr/bin/env bash + +set -o errexit -o nounset -o pipefail + +readonly local_repo_path="$HOME/test_repo" + +setup_local_repo() { + echo + echo ---------------------------------------------------------------------- + echo Setting up upstream repository + echo ---------------------------------------------------------------------- + + mkdir -p -- "$local_repo_path" + pushd -- "$local_repo_path" > /dev/null + git init + echo '1' > 1.txt + git add . + git commit -m 'first commit' + echo '2' > 2.txt + git add . + git commit -m 'second commit' + popd > /dev/null +} + +main() { + setup_local_repo +} + +main diff --git a/.ci/docker/ssh/client_key b/.ci/docker/ssh/client_key new file mode 100644 index 0000000..7502c82 --- /dev/null +++ b/.ci/docker/ssh/client_key @@ -0,0 +1,8 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABC0VWjnPC +6+rVnkkogRW2onAAAAZAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIDkpIMideN05ni89 +cmRjdbff6fj4qyukThD2X/gINlVMAAAAkOVOKvBjvIbIoc9JA2q8ui62PqP6dQwwsR94Vr +/czMBQah5jFKdH9vDiI2JLaGjoH4VvT9mzuPBoE0Vchk6MEpud2dNXWMdb2ubG1d9yTWfV +XhMXMeNd6UEjY7ypsldhR2X55dvIFeNr9B6A8dMy1Qpeyd62maBOwNdumbsG6MalXOFuv7 +srvnjlwUdHKZV9wg== +-----END OPENSSH PRIVATE KEY----- diff --git a/.ci/docker/ssh/client_key.pub b/.ci/docker/ssh/client_key.pub new file mode 100644 index 0000000..6b0e3e9 --- /dev/null +++ b/.ci/docker/ssh/client_key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDkpIMideN05ni89cmRjdbff6fj4qyukThD2X/gINlVM root@client diff --git a/.ci/docker/ssh/server_key b/.ci/docker/ssh/server_key new file mode 100644 index 0000000..07774eb --- /dev/null +++ b/.ci/docker/ssh/server_key @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACCXhJs2H7dvamDdK51mhWEAGuXnBsCVEKdWxyPjWYNgigAAAJDx95CI8feQ +iAAAAAtzc2gtZWQyNTUxOQAAACCXhJs2H7dvamDdK51mhWEAGuXnBsCVEKdWxyPjWYNgig +AAAEBkubMLhAF/0hCKnq2l3BuexD4UIQ+qcXW5ke+DWhQ8DJeEmzYft29qYN0rnWaFYQAa +5ecGwJUQp1bHI+NZg2CKAAAAC3Jvb3RAc2VydmVyAQI= +-----END OPENSSH PRIVATE KEY----- diff --git a/.ci/docker/ssh/server_key.pub b/.ci/docker/ssh/server_key.pub new file mode 100644 index 0000000..601277f --- /dev/null +++ b/.ci/docker/ssh/server_key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJeEmzYft29qYN0rnWaFYQAa5ecGwJUQp1bHI+NZg2CK root@server diff --git a/.ci/docker/test.sh b/.ci/docker/test.sh new file mode 100755 index 0000000..464ec3d --- /dev/null +++ b/.ci/docker/test.sh @@ -0,0 +1,132 @@ +#!/usr/bin/env bash + +set -o errexit -o nounset -o pipefail + +script_dir="$( dirname -- "${BASH_SOURCE[0]}" )" +script_dir="$( cd -- "$script_dir" && pwd )" +readonly script_dir +script_name="$( basename -- "${BASH_SOURCE[0]}" )" +readonly script_name + +dump() { + local prefix="${FUNCNAME[0]}" + [ "${#FUNCNAME[@]}" -gt 1 ] && prefix="${FUNCNAME[1]}" + + local msg + for msg; do + echo "$script_name: $prefix: $msg" + done +} + +kill_ssh_agent() { + [ -n "${SSH_AGENT_PID:+x}" ] || return 0 + dump "killing ssh-agent with PID $SSH_AGENT_PID" + kill "$SSH_AGENT_PID" +} + +spawn_ssh_agent() { + [ -n "${SSH_AGENT_PID:+x}" ] && return 0 + if ! command -v ssh-agent > /dev/null 2>&1; then + dump "could not find ssh-agent" >&2 + return 1 + fi + local output + output="$( ssh-agent -s )" + eval "$output" + if [ -z "${SSH_AGENT_PID:+x}" ]; then + dump "could not start ssh-agent" >&2 + return 1 + fi + trap kill_ssh_agent EXIT +} + +setup_ssh_agent() { + echo + echo ---------------------------------------------------------------------- + echo Setting up ssh-agent + echo ---------------------------------------------------------------------- + + spawn_ssh_agent + + local key='ssh/client_key' + chmod 0600 -- "$key" + local password='password' + + local askpass_path + askpass_path="$( mktemp --tmpdir="$script_dir" )" + + local askpass_rm + askpass_rm="$( printf -- 'rm -- %q; trap - RETURN' "$askpass_path" )" + trap "$askpass_rm" RETURN + + chmod 0700 -- "$askpass_path" + + local echo_password + echo_password="$( printf -- 'echo %q' "$password" )" + echo "$echo_password" > "$askpass_path" + + SSH_ASKPASS="$askpass_path" DISPLAY= ssh-add "$key" > /dev/null 2>&1 < /dev/null +} + +docker_build() { + echo + echo ---------------------------------------------------------------------- + echo Building Docker images + echo ---------------------------------------------------------------------- + + docker-compose build +} + +setup() { + setup_ssh_agent + docker_build +} + +run_server() { + echo + echo ---------------------------------------------------------------------- + echo Running the server + echo ---------------------------------------------------------------------- + + docker-compose up -d server +} + +run_client() { + echo + echo ---------------------------------------------------------------------- + echo Running the client + echo ---------------------------------------------------------------------- + + if [ -z "${SSH_AUTH_SOCK:+x}" ]; then + dump 'SSH_AUTH_SOCK is not defined' >&2 + return 1 + fi + dump "SSH_AUTH_SOCK: $SSH_AUTH_SOCK" + docker-compose run --rm client +} + +run() { + run_server + run_client +} + +verify() { + echo + echo ---------------------------------------------------------------------- + echo Checking the pulled repository + echo ---------------------------------------------------------------------- + + pushd -- "$script_dir/client/var/output/test_repo" > /dev/null + git log --oneline + popd > /dev/null +} + +main() { + pushd -- "$script_dir" > /dev/null + setup + run + verify + popd > /dev/null +} + +main |