-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathrocketship.py
295 lines (242 loc) · 9.32 KB
/
rocketship.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
from dotenv import load_dotenv, dotenv_values
load_dotenv()
import argparse
import subprocess
import yaml
import os
import re
import requests
import shutil
from base64 import b64encode
try:
from nacl import encoding, public
except ImportError:
print("Error: The 'nacl' library is required for this script.")
print("You can install it with 'pip install pynacl'.")
exit(1)
def azure_login():
try:
with open(os.devnull, "w") as devnull:
subprocess.run(["az", "login"], stdout=devnull, stderr=devnull, check=True)
except subprocess.CalledProcessError:
print("Error logging into Azure.")
return
def encrypt(public_key: str, secret_value: str) -> str:
"""Encrypt a Unicode string using the public key."""
public_key = public.PublicKey(public_key.encode("utf-8"), encoding.Base64Encoder())
sealed_box = public.SealedBox(public_key)
encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))
return b64encode(encrypted).decode("utf-8")
def create_secret(token, repo, name, value):
public_key = get_public_key(token, repo)
encrypted_value = encrypt(public_key["key"], value)
url = f"https://api.github.com/repos/{repo}/actions/secrets/{name}"
headers = {
"Authorization": f"token {token}",
"Accept": "application/vnd.github.v3+json",
}
data = {
"encrypted_value": encrypted_value,
"key_id": public_key["key_id"],
}
response = requests.put(url, headers=headers, json=data)
response.raise_for_status()
def create_github_secrets(token, repo, secrets):
for name, value in secrets.items():
create_secret(token, repo, name, value)
def update_app_settings(azure, additional_env):
app_name = azure["app_service"]["app_name"]
resource_group = azure["app_service"]["resource_group"]
subscription = azure["subscription"] # Add the subscription to your config
for key, value in additional_env.items():
try:
with open(os.devnull, "w") as devnull:
subprocess.run(
[
"az",
"webapp",
"config",
"appsettings",
"set",
"--name",
app_name,
"--resource-group",
resource_group,
"--settings",
f"{key}={value}",
"--subscription",
subscription,
],
stdout=devnull,
stderr=devnull,
check=True,
)
except subprocess.CalledProcessError as e:
print(f"Error setting app setting {key}.")
print(e)
return
def get_public_key(token, repo):
url = f"https://api.github.com/repos/{repo}/actions/secrets/public-key"
headers = {
"Authorization": f"token {token}",
"Accept": "application/vnd.github.v3+json",
}
response = requests.get(url, headers=headers)
response.raise_for_status()
return response.json()
def check_azure_cli():
if not shutil.which("az"):
print("Error: Azure CLI is not installed or not in the system path.")
print(
"Please follow the installation instructions at: https://docs.microsoft.com/en-us/cli/azure/install-azure-cli"
)
exit(1)
def check_docker():
if not shutil.which("docker"):
print("Error: Docker is not installed or not in the system path.")
exit(1)
def check_dockerfile():
if not os.path.isfile("Dockerfile"):
print("Error: Dockerfile does not exist in the current directory.")
exit(1)
def check_github():
# Load the Github token from an environment variable
github_token = os.getenv("GITHUB_TOKEN")
if not github_token:
print("Error: GITHUB_TOKEN environment variable is not set.")
exit(1)
def init():
config = {
"service": "myapp",
"image": "image-name",
"registry": {
"server": "registry.server.com",
"username": "registry-user-name",
"password": ["ROCKETSHIP_REGISTRY_PASSWORD"],
},
"github": {"repo": "org-or-user/repo-name"},
}
os.makedirs("config", exist_ok=True)
with open("config/deploy.yml", "w") as f:
yaml.dump(config, f)
def load_config():
with open("config/deploy.yml") as f:
config = yaml.safe_load(f)
# Replace placeholders with environment variable values
config = replace_placeholders_in_dict(config)
return config
def replace_placeholders(value):
# This regular expression matches placeholders like ${VAR_NAME}
pattern = re.compile(r"\$\{(.+?)\}")
return pattern.sub(lambda m: os.getenv(m.group(1)), value)
def replace_placeholders_in_dict(d):
for key, value in d.items():
if isinstance(value, str):
d[key] = replace_placeholders(value)
elif isinstance(value, dict):
d[key] = replace_placeholders_in_dict(value)
return d
def validate_config(config):
assert (
"service" in config and config["service"]
), "Missing or empty 'service' in config"
assert "image" in config and config["image"], "Missing or empty 'image' in config"
assert (
"registry" in config and config["registry"]
), "Missing or empty 'registry' in config"
assert (
"server" in config["registry"] and config["registry"]["server"]
), "Missing or empty 'server' in registry config"
assert (
"username" in config["registry"] and config["registry"]["username"]
), "Missing or empty 'username' in registry config"
assert (
"password" in config["registry"] and config["registry"]["password"]
), "Missing or empty 'password' in registry config"
def setup():
check_docker()
check_dockerfile()
check_github()
check_azure_cli()
config = load_config()
validate_config(config)
registry = config["registry"] if "registry" in config else None
image = config["image"] if "image" in config else None
service = config["service"] if "service" in config else None
azure = config["azure"] if "azure" in config else None
github = config["github"] if "github" in config else None
github_token = os.getenv("GITHUB_TOKEN")
# Load environment variables from .env file
env_variables = dotenv_values(".env")
if azure:
azure_login()
# Log into the registry
try:
print(f'Logging into Docker Container Registry: {registry["server"]} ...')
subprocess.run(
[
"docker",
"login",
registry["server"],
"-u",
registry["username"],
"--password-stdin",
],
input=registry["password"],
encoding="utf-8",
check=True,
)
except subprocess.CalledProcessError:
print("Error logging into Docker Container Registry.")
return
# Build the image
try:
print(f'Building Docker image: {registry["server"]}/{image}:latest ...')
subprocess.run(
["docker", "build", "-t", f'{registry["server"]}/{image}:latest', "."],
check=True,
)
except subprocess.CalledProcessError:
print("Error building Docker image.")
return
# Push the image to the registry
try:
print(f'Pushing Docker image: {registry["server"]}/{image}:latest ...')
subprocess.run(
["docker", "push", f'{registry["server"]}/{image}:latest'], check=True
)
except subprocess.CalledProcessError:
print("Error pushing Docker image to registry.")
return
# Create and push secrets to Github
if github:
print(f'Pushing secrets to Github repository: {github["repo"]} ...')
github_secrets = {
"ROCKETSHIP_REGISTRY_SERVER": registry["server"],
"ROCKETSHIP_REGISTRY_USERNAME": registry["username"],
"ROCKETSHIP_REGISTRY_PASSWORD": registry["password"],
"ROCKETSHIP_IMAGE": image,
}
all_github_secrets = {**env_variables, **github_secrets}
all_github_secrets.pop("GITHUB_TOKEN", None)
create_github_secrets(github_token, github["repo"], all_github_secrets)
else:
print("Missing configuration for Github...")
print("Pushing secrets to Github Repository:...skipped")
if azure:
print(f"Pushing secrets to Azure Web App Service ...")
all_azure_secrets = {**env_variables, **azure["app_service"]["additional_env"]}
update_app_settings(azure, all_azure_secrets)
else:
print("Missing configuration for Azure...")
print("Pushing secrets to Azure Web App Service...skipped")
def main():
parser = argparse.ArgumentParser()
parser.add_argument("command", choices=["init", "setup"])
args = parser.parse_args()
if args.command == "init":
init()
elif args.command == "setup":
setup()
if __name__ == "__main__":
main()