diff --git a/Dockerfile b/Dockerfile index 954691f..f27142a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM bigfleet/shibboleth_idp +FROM bigfleet/shibboleth_idp:autoexec ARG maintainer=tier ARG imagename=shibboleth_idp @@ -34,11 +34,14 @@ RUN chown -R root:root /opt/shibboleth/shibboleth-identity-provider-$version && ln -s /opt/shibboleth/current /opt/shibboleth-idp && \ ln -s /opt/shibboleth-idp/war/idp.war $CATALINA_HOME/webapps/idp.war && \ touch /usr/local/tomcat/logs/voltest && \ - touch /opt/shibboleth/shibboleth-identity-provider-$version/logs/voltest + touch /opt/shibboleth/shibboleth-identity-provider-$version/logs/voltest && \ + mkdir /opt/certs COPY ./conf/ /usr/local/tomcat/conf/ -COPY ./certs/gencert.sh /opt/certs/ -RUN chmod +x /opt/certs/gencert.sh && /opt/certs/gencert.sh +COPY ./certs/gencert.sh /opt/autoexec/onbuild/gencert.sh +# Remove this line once build is cooking +COPY ./tmp/onbuild.sh /opt/autoexec/bin/onbuild.sh +RUN chmod +x /opt/autoexec/onbuild/gencert.sh && /opt/autoexec/bin/onbuild.sh VOLUME ["/usr/local/tomcat/logs", "/opt/shibboleth/shibboleth-identity-provider-$VERSION/logs"] diff --git a/Jenkinsfile b/Jenkinsfile index 52b34ca..7cd0213 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -6,23 +6,15 @@ node('docker') { stage 'Acquire util' - sh 'mkdir -p bin' - dir('bin'){ + sh 'mkdir -p tmp && mkdir -p bin' + dir('tmp'){ git([ url: "https://github.internet2.edu/docker/util.git", credentialsId: "jenkins-github-access-token" ]) - sh 'ls' - sh 'mv bin/* .' + sh 'mv ./bin/* ../bin/.' } + sh 'rm -rf tmp' - stage 'Acquire conftree' - - sh 'mkdir -p root' - dir('root'){ - git([ url: "https://github.internet2.edu/docker/shib-idp-conftree.git", - branch: "test", credentialsId: "jenkins-github-access-token" ]) - } - - stage 'Build' + stage 'Setting build context' def maintainer = maintainer() def imagename = imagename() @@ -38,32 +30,71 @@ node('docker') { if(!imagename){ echo "You must define an imagename in common.bash" currentBuild.result = 'FAILURE' + sh 'exit 1' + } + if(maintainer){ + echo "Building ${imagename}:${tag} for ${maintainer}" + } + + stage 'Acquire conftree' + + sh 'mkdir -p root' + dir('root'){ + git([ url: "https://github.internet2.edu/docker/shib-idp-conftree.git", + branch: "test", credentialsId: "jenkins-github-access-token" ]) } - if(maintainer){ - echo "Building ${maintainer}:${tag} for ${maintainer}" - echo "Building ${maintainer} for ${maintainer}" + + stage 'Build haproxy' + + try{ + dir('haproxy'){ + sh 'docker build --rm my/haproxy .' + } + } catch(error) { + def error_details = readFile('./debug'); + def message = "BUILD ERROR: There was a problem building Shibboleth appliance haproxy image (${tag}). \n\n ${error_details}" + sh "rm -f ./debug" + handleError(message, tag) } - sh 'bin/rebuild.sh' - - stage 'Start container' + stage 'Build' + try{ + sh 'bin/rebuild.sh &> debug' + } catch(error) { + def error_details = readFile('./debug'); + def message = "BUILD ERROR: There was a problem building Shibboleth appliance image (${tag}). \n\n ${error_details}" + sh "rm -f ./debug" + handleError(message, tag) + } - sh 'bin/ci-run.sh && sleep 60' + stage 'Compose' + try{ + sh 'bin/compose.sh &> debug' + } catch(error) { + def error_details = readFile('./debug'); + def message = "BUILD ERROR: There was a problem composing Shibboleth appliance (${tag}). \n\n ${error_details}" + sh "rm -f ./debug" + handleError(message, tag) + } stage 'Tests' - sh 'bin/test.sh' - // should build a finally construct here - stage 'Stop container' + try{ + sh 'bin/test.sh &> debug' + } catch(error) { + def error_details = readFile('./debug'); + def message = "BUILD ERROR: There was a problem testing Shibboleth appliance :${tag}. \n\n ${error_details}" + sh "rm -f ./debug" + handleError(message, tag) + } - sh 'bin/ci-stop.sh' + stage 'Clean Up' - stage 'Push' + cleanup(tag) - docker.withRegistry('https://registry.hub.docker.com/', 'dockerhub-bigfleet') { - def baseImg = docker.build("$maintainer/$imagename") - baseImg.push("$tag") - } + stage 'Notify' + + slackSend color: 'good', message: "Shibboleth-appliance (${tag}) passes test battery" } @@ -77,7 +108,25 @@ def imagename() { matcher ? matcher[0][1] : null } -def version() { - def matcher = readFile('common.bash') =~ 'version="(.+)"' - matcher ? matcher[0][1] : null +def handleError(String message, String tag, Boolean doCleanup = true){ + echo "${message}" + currentBuild.setResult("FAILED") + slackSend color: 'danger', message: "${message}" + //step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: 'chris.bynum@levvel.io', sendToIndividuals: true]) + if (doCleanup) { + cleanup(tag) + } + sh 'exit 1' } + +def cleanup(String tag) { + try{ + sh 'bin/decompose.sh &> debug' + sh 'bin/prune.sh &> debug' + } catch(error) { + def error_details = readFile('./debug'); + def message = "BUILD ERROR: There was a problem cleaning up Shibboleth appliance :${tag}. \n\n ${error_details}" + sh "rm -f ./debug" + handleError(message, tag, false) + } +} \ No newline at end of file diff --git a/tests/image.bats b/tests/image.bats index e3d24d2..b61af96 100644 --- a/tests/image.bats +++ b/tests/image.bats @@ -26,3 +26,8 @@ load ../common result="$(docker run -i $maintainer/$imagename find /usr/local/tomcat/webapps -type d -print0)" [ "$result" == '/usr/local/tomcat/webapps' ] } + + +@test "Java keystore present" { + docker run -i $maintainer/$imagename find /opt/certs/keystore.jks +} \ No newline at end of file diff --git a/tests/running.bats b/tests/running.bats index 4366e99..58236a3 100644 --- a/tests/running.bats +++ b/tests/running.bats @@ -5,21 +5,22 @@ load ../common # These tests assume the pipeline will start and stop the container. @test "Leaves running process" { - result="$(docker ps | grep $imagename)" + result="$(docker ps | grep shibboleth_idp_0)" [ "$result" != '' ] } @test "Exposes running Tomcat service" { - result="$(docker exec -i $imagename curl http://localhost:8080/idp/)" + result="$(docker exec -i shibboleth_idp_0 curl -k https://localhost:8443/idp/)" [ "$result" != '' ] } @test "Service is Shibboleth" { - docker exec -i $imagename curl -silent http://localhost:8080/idp/ | grep 'Shibboleth' + docker exec -i shibboleth_idp_0 curl -k -silent https://localhost:8443/idp/ | grep 'Shibboleth' } @test "Shibboleth status URL is available" { - run docker exec -i $imagename curl -o /dev/null --silent --head --write-out '%{http_code}\n' http://localhost:8080/idp/status + skip + run docker exec -i shibboleth_idp_0 curl -o /dev/null --silent --head --write-out '%{http_code}\n' https://localhost:8443/idp/status echo ${output} [ "$status" -eq 0 ] [ ${output} == *"200"* ] diff --git a/tmp/onbuild.sh b/tmp/onbuild.sh new file mode 100755 index 0000000..d6794a5 --- /dev/null +++ b/tmp/onbuild.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +for file in /opt/autoexec/onbuild/* +do + exec "$file" >> /opt/etc/autoexec.build.log +done \ No newline at end of file