Skip to content

Feature/gitignore and rebuild #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
chris11-taylor-nttd wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Feature/gitignore and rebuild #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
3b8b4bf
Add .gitignore, .secrets.baseline, .tool-version, and Makefile
chris11-taylor-nttd Jun 11, 2024
74efcfa
Elevate during Azure CLI install (uses apt)
chris11-taylor-nttd Jun 11, 2024
4aa150e
Default to --once
chris11-taylor-nttd Jun 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
.repo/
components/

.pre-commit-config.yaml
Makefile.container.includes
112 changes: 112 additions & 0 deletions .secrets.baseline
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,112 @@
{
"version": "1.4.0",
"plugins_used": [
{
"name": "ArtifactoryDetector"
},
{
"name": "AWSKeyDetector"
},
{
"name": "AzureStorageKeyDetector"
},
{
"name": "Base64HighEntropyString",
"limit": 4.5
},
{
"name": "BasicAuthDetector"
},
{
"name": "CloudantDetector"
},
{
"name": "DiscordBotTokenDetector"
},
{
"name": "GitHubTokenDetector"
},
{
"name": "HexHighEntropyString",
"limit": 3.0
},
{
"name": "IbmCloudIamDetector"
},
{
"name": "IbmCosHmacDetector"
},
{
"name": "JwtTokenDetector"
},
{
"name": "KeywordDetector",
"keyword_exclude": ""
},
{
"name": "MailchimpDetector"
},
{
"name": "NpmDetector"
},
{
"name": "PrivateKeyDetector"
},
{
"name": "SendGridDetector"
},
{
"name": "SlackDetector"
},
{
"name": "SoftlayerDetector"
},
{
"name": "SquareOAuthDetector"
},
{
"name": "StripeDetector"
},
{
"name": "TwilioKeyDetector"
}
],
"filters_used": [
{
"path": "detect_secrets.filters.allowlist.is_line_allowlisted"
},
{
"path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
"min_level": 2
},
{
"path": "detect_secrets.filters.heuristic.is_indirect_reference"
},
{
"path": "detect_secrets.filters.heuristic.is_likely_id_string"
},
{
"path": "detect_secrets.filters.heuristic.is_lock_file"
},
{
"path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
},
{
"path": "detect_secrets.filters.heuristic.is_potential_uuid"
},
{
"path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
},
{
"path": "detect_secrets.filters.heuristic.is_sequential_string"
},
{
"path": "detect_secrets.filters.heuristic.is_swagger_file"
},
{
"path": "detect_secrets.filters.heuristic.is_templated_secret"
}
],
"results": {},
"generated_at": "2024-06-11T15:40:17Z"
}
3 changes: 3 additions & 0 deletions .tool-versions
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# This .tool-versions file does not contribute to software installed within this container.
# To add software to the base image, edit the .tool-versions file in the launch-build-agent-base
# repository.
6 changes: 3 additions & 3 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,12 @@ WORKDIR /azp/

COPY ./scripts/az-entry.sh /azp/az-entry.sh

RUN chmod +x /azp/az-entry.sh \
&& curl -sL -o InstallAzureCLIDeb.sh https://aka.ms/InstallAzureCLIDeb \
USER root
RUN curl -sL -o InstallAzureCLIDeb.sh https://aka.ms/InstallAzureCLIDeb \
&& chmod +x InstallAzureCLIDeb.sh \
&& ./InstallAzureCLIDeb.sh \
&& rm -f InstallAzureCLIDeb.sh

USER launch
ENTRYPOINT ["/bin/bash", "-c", " /azp/az-entry.sh"]

FROM base AS final
Expand Down
132 changes: 132 additions & 0 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,132 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Include custom values from .lcafenv. Repository root is assumed to be the working directory.
# Including overriding values in this file is preferred over modifying the contents below.
LCAF_ENV_FILE = .lcafenv
-include $(LCAF_ENV_FILE)

# Source repository for repo manifests
REPO_MANIFESTS_URL ?= https://github.com/launchbynttdata/launch-common-automation-framework.git
# Branch of source repository for repo manifests. Other tags not currently supported.
REPO_BRANCH ?= refs/tags/1.0.0
# Path to seed manifest in repository referenced in REPO_MANIFESTS_URL
REPO_MANIFEST ?= manifests/containers/generic/seed/manifest.xml

# Settings to pull in Nexient version of (google) repo utility that supports environment substitution:
REPO_URL ?= https://github.com/launchbynttdata/git-repo.git
# Branch of the repository referenced by REPO_URL to use
REPO_REV ?= main
export REPO_REV REPO_URL

# Example variable to substituted after init, but before sync in repo manifests.
GITBASE ?= https://github.com/launchbynttdata/
GITREV ?= main
export GITBASE GITREV

# Set to true in a pipeline context
IS_PIPELINE ?= false

IS_AUTHENTICATED ?= false

JOB_NAME ?= job
JOB_EMAIL ?= job@job.job

COMPONENTS_DIR = components
-include $(COMPONENTS_DIR)/Makefile

MODULE_DIR ?= ${COMPONENTS_DIR}/module

PYTHON3_INSTALLED = $(shell which python3 > /dev/null 2>&1; echo $$?)
MISE_INSTALLED = $(shell which mise > /dev/null 2>&1; echo $$?)
ASDF_INSTALLED = $(shell which asdf > /dev/null 2>&1; echo $$?)
REPO_INSTALLED = $(shell which repo > /dev/null 2>&1; echo $$?)
GIT_USER_SET = $(shell git config --get user.name > /dev/null 2>&1; echo $$?)
GIT_EMAIL_SET = $(shell git config --get user.email > /dev/null 2>&1; echo $$?)

.PHONY: configure-git-hooks
configure-git-hooks: configure-dependencies
ifeq ($(PYTHON3_INSTALLED), 0)
$(info Bypassing pre-commit install. This will be handled on a per-repo basis during CI, not at container build time.)
else
$(error Missing python3, which is required for pre-commit. Install python3 and rerun.)
endif

ifeq ($(IS_PIPELINE),true)
.PHONY: git-config
git-config:
@set -ex; \
git config --global user.name "$(JOB_NAME)"; \
git config --global user.email "$(JOB_EMAIL)"; \
git config --global color.ui false

configure: git-config
endif

ifeq ($(IS_AUTHENTICATED),true)
.PHONY: git-auth
git-auth:
$(call config,Bearer $(GIT_TOKEN))

define config
@set -ex; \
git config --global http.extraheader "AUTHORIZATION: $(1)"; \
git config --global http.https://gerrit.googlesource.com/git-repo/.extraheader ''; \
git config --global http.version HTTP/1.1;
endef

configure: git-auth
endif

.PHONY: configure-dependencies
configure-dependencies:
ifeq ($(MISE_INSTALLED), 0)
@echo "Installing dependencies using mise"
@awk -F'[ #]' '$$NF ~ /https/ {system("mise plugin install " $$1 " " $$NF " --yes")} $$1 ~ /./ {system("mise install " $$1 " " $$2 " --yes")}' ./.tool-versions
else ifeq ($(ASDF_INSTALLED), 0)
@echo "Installing dependencies using asdf-vm"
@awk -F'[ #]' '$$NF ~ /https/ {system("asdf plugin add " $$1 " " $$NF)} $$1 ~ /./ {system("asdf plugin add " $$1 "; asdf install " $$1 " " $$2)}' ./.tool-versions
else
$(error Missing supported dependency manager. Install asdf-vm (https://asdf-vm.com/) or mise (https://mise.jdx.dev/) and rerun)
endif

.PHONY: configure
configure: configure-git-hooks
ifneq ($(and $(GIT_USER_SET), $(GIT_EMAIL_SET)), 0)
$(error Git identities are not set! Set your user.name and user.email using 'git config' and rerun)
endif
ifeq ($(REPO_INSTALLED), 0)
echo n | repo --color=never init --no-repo-verify \
-u "$(REPO_MANIFESTS_URL)" \
-b "$(REPO_BRANCH)" \
-m "$(REPO_MANIFEST)"
repo envsubst
repo sync
else
$(error Missing Repo, which is required for platform sync. Install Repo (https://gerrit.googlesource.com/git-repo) and rerun.)
endif

# The first line finds and removes all the directories pulled in by repo
# The second line finds and removes all the broken symlinks from removing things
# https://stackoverflow.com/questions/42828021/removing-files-with-rm-using-find-and-xargs
.PHONY: clean
clean:
-repo list | awk '{ print $1; }' | cut -d '/' -f1 | uniq | xargs rm -rf
find . -type l ! -exec test -e {} \; -print | xargs rm -rf

.PHONY: init-clean
init-clean:
rm -rf .git
git init --initial-branch=main
ifneq (,$(wildcard ./TEMPLATED_README.md))
mv TEMPLATED_README.md README.MD
endif
2 changes: 1 addition & 1 deletion scripts/az-entry.sh
100644 → 100755
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,4 +91,4 @@ chmod +x ./run.sh

# To be aware of TERM and INT signals call ./run.sh
# Running it with the --once flag at the end will shut down the agent after the build is executed
./run.sh "$@" & wait $!
./run.sh "$@" --once & wait $!