-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathproxy.sh
More file actions
executable file
·233 lines (191 loc) · 6.64 KB
/
proxy.sh
File metadata and controls
executable file
·233 lines (191 loc) · 6.64 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
#!/bin/bash
set -eo pipefail
cd "${0%/*}" || exit 1
USEPODMAN=""
DOCKERBUILDOPTS=()
PUSH=""
CONTAINERNAME=testproxy
RUNBUILDER_PREFIX=""
NOPULL=
WEBHAREPROXY_FSROOT="$(cd "${BASH_SOURCE%/*}/fsroot/" || exit 1 ; pwd)/"
export WEBHAREPROXY_FSROOT
while [[ $1 =~ ^-.* ]]; do
if [ "$1" == "--podman" ]; then
USEPODMAN="1"
DOCKERBUILDOPTS+=(--security-opt label=disable)
shift
elif [ "$1" == "--nopull" ]; then
NOPULL="1"
shift
elif [ "$1" == "--push" ]; then
PUSH=1
shift
else
echo "Illegal option $1"
exit 1
fi
done
if [ -z "$NOPULL" ]; then
if [ -n "$USEPODMAN" ]; then
DOCKERBUILDOPTS+=(--pull=newer)
else
DOCKERBUILDOPTS+=(--pull)
fi
fi
RunBuilder()
{
local retval
if [ -z "$USEPODMAN" ]; then
echo "$(date) docker" "$@" >&2
$RUNBUILDER_PREFIX docker "$@" ; retval="$?"
if [ "$retval" != "0" ]; then
echo "$(date) docker returned errorcode $retval" >&2
fi
return $retval
else
echo "$(date) podman" "$@" >&2
$RUNBUILDER_PREFIX podman "$@" ; retval="$?"
if [ "$retval" != "0" ]; then
echo "$(date) podman returned errorcode $retval" >&2
fi
return $retval
fi
}
if [ -n "$CI_COMMIT_REF_NAME" ]; then
export TAG="docker.io/webhare/proxy:${CI_COMMIT_TAG:-$CI_COMMIT_REF_SLUG}"
else
export TAG="docker.io/webhare/proxy:devbuild"
fi
if [ "$1" == "runlocal" ] || [ "$1" == "check" ]; then
# Ensures our packages are up to date
"${WEBHAREPROXY_FSROOT}opt/webhare-nginx-proxy/install.sh"
# Verify code first
if ! "${WEBHAREPROXY_FSROOT}opt/webhare-nginx-proxy/node_modules/.bin/tsc" --project "${WEBHAREPROXY_FSROOT}opt/webhare-nginx-proxy/src/tsconfig.json" ; then
echo "TypeScript compilation failed"
exit 1
fi
fi
if [ "$1" == "build" ]; then
mkdir -p fsroot/opt/container/etc
git rev-parse HEAD > fsroot/opt/container/etc/proxy-version
# CI checkouts break the actual branch reported by git, so in that case we take it from the vars
echo "${CI_COMMIT_BRANCH:-$(git rev-parse --abbrev-ref HEAD)}" > fsroot/opt/container/etc/proxy-branch
# WebHare/SV integration
if [ -z "$CI_COMMIT_SHA" ]; then
# Not a CI build, try to get git commit and branch
# Also note that Runkit expects a com.webhare.webhare.git-commit-ref label to be present to recognize the image as a WebHare image
# so this is the path used by Escrow builds to actually set this information
CI_COMMIT_SHA="$(git rev-parse HEAD 2> /dev/null)"
CI_COMMIT_REF_NAME="$(git rev-parse --abbrev-ref HEAD 2> /dev/null)"
if [ -n "$CI_COMMIT_SHA$CI_COMMIT_REF_NAME" ]; then
echo "Building from git, branch '$CI_COMMIT_REF_NAME', commit '$CI_COMMIT_SHA'"
fi
fi
# Record CI information so we can verify eg. if this image really matches the most recent build
DOCKERBUILDOPTS+=(--build-arg "CI_COMMIT_SHA=$CI_COMMIT_SHA")
DOCKERBUILDOPTS+=(--build-arg "CI_COMMIT_REF_NAME=$CI_COMMIT_REF_NAME")
DOCKERBUILDOPTS+=(--build-arg "CI_PIPELINE_ID=$CI_PIPELINE_ID")
DOCKERBUILDOPTS+=(--build-arg "CI_COMMIT_TAG=$CI_COMMIT_TAG")
DOCKERBUILDOPTS+=(--tag "$TAG")
DOCKERBUILDOPTS+=(--progress plain)
export DOCKER_BUILDKIT=1
if ! RunBuilder build "${DOCKERBUILDOPTS[@]}" . ; then
echo "Docker build failed"
exit 1
fi
if [ "$PUSH" == "1" ]; then
if ! RunBuilder push "$TAG" ; then
echo Push failed for tag: "$TAG"
echo You may need to login: docker login
exit 1
fi
echo Pushed: "$TAG"
fi
exit 0
fi
if [ "$1" = "shell" ]; then
RUNBUILDER_PREFIX="exec" RunBuilder exec -ti $CONTAINERNAME /bin/bash
fi
if [ "$1" = "getproxykey" ]; then
RUNBUILDER_PREFIX="exec" RunBuilder exec $CONTAINERNAME /opt/container/get-proxy-key.sh
fi
DOCKERARGS="-v $(pwd)/runtimedata:/opt/webhare-proxy-data/ -eWEBHAREPROXY_ADMINHOSTNAME=127.0.0.1 -p 41080:80 -p 41443:443 -p 45443:5443 --name $CONTAINERNAME"
DEVELOPRUNCMD="RunBuilder run -v $(pwd)/fsroot/opt/webhare-nginx-proxy/src:/opt/webhare-nginx-proxy/src $DOCKERARGS"
LIVERUNCMD="RunBuilder run $DOCKERARGS"
if [ "$1" = "run" ]; then
RunBuilder kill $CONTAINERNAME
RunBuilder rm $CONTAINERNAME
RUNBUILDER_PREFIX="exec" $DEVELOPRUNCMD -ti "$TAG"
fi
if [ "$1" = "runlive" ]; then
RunBuilder kill $CONTAINERNAME
RunBuilder rm $CONTAINERNAME
RUNBUILDER_PREFIX="exec" $LIVERUNCMD -ti "$TAG"
fi
if [ "$1" = "runshell" ]; then
RunBuilder kill $CONTAINERNAME
RunBuilder rm $CONTAINERNAME
RUNBUILDER_PREFIX="exec" $DEVELOPRUNCMD -ti "$TAG" /bin/bash
fi
if [ "$1" = "runlocal" ]; then
if [ -x /opt/homebrew/bin/nginx ]; then
WEBHAREPROXY_NGINX=/opt/homebrew/bin/nginx
elif [ -x /usr/local/bin/nginx ]; then
WEBHAREPROXY_NGINX=/usr/local/bin/nginx
else
echo "NGINX not found"
exit 1
fi
[ -n "$WEBHAREPROXY_DATAROOT" ] || export WEBHAREPROXY_DATAROOT="$(cd "${WEBHAREPROXY_FSROOT}.." || exit 1 ; pwd)/localdata/"
[ -n "$WEBHAREPROXY_ADMINHOSTNAME" ] || export WEBHAREPROXY_ADMINHOSTNAME=localhost
export WEBHAREPROXY_PORT_HTTP=80
export WEBHAREPROXY_PORT_HTTPS=443
export WEBHAREPROXY_MGMT_HTTP=5080
export WEBHAREPROXY_MGMT_HTTPS=5443
export WEBHAREPROXY_FSROOT WEBHAREPROXY_NGINX
echo "Data root: $WEBHAREPROXY_DATAROOT"
# TODO dynamic brew configuration, see chatplane? or webhare' rb
if ! hash runsv ; then
echo "install runsv (brew install runit)"
exit 1
fi
set -m
{
trap '' INT TERM HUP
runsvdir -P "${WEBHAREPROXY_FSROOT}opt/container/services"
} &
set +m
RUNSVDIR_GROUP_PID="$!"
echo PID $RUNSVDIR_GROUP_PID
# shellcheck disable=SC2329
terminate() {
ps -p "$RUNSVDIR_GROUP_PID" > /dev/null || return 0
echo "Sending TERM" to "$RUNSVDIR_GROUP_PID"
# get the PID of the runsvdir process
RUNSVDIR_PID=$(pgrep -P "$RUNSVDIR_GROUP_PID" runsvdir || false)
# force the runsv(dir)s to stop. FIXME avoid this, but it seems runsvdir doesn't always stop the runsv's - it appears to just go await itself once it receives a SIGINT
if [ -n "$RUNSVDIR_PID" ]; then
# Send a HUP to the runsvdir process to kill the runsv processes
kill -HUP "$RUNSVDIR_PID"
fi
kill "$RUNSVDIR_GROUP_PID"
ps -p "$RUNSVDIR_GROUP_PID" > /dev/null && wait "$RUNSVDIR_GROUP_PID" || true
}
trap terminate EXIT INT TERM HUP
wait "$RUNSVDIR_GROUP_PID"
exit 0
fi
if [ "$1" == "check" ]; then
echo "Code check passed"
exit 0
fi
cat << HERE
- shell: Launch a shell in a running $CONTAINERNAME container
- getproxykey: Get key for the proxy
- build: Just build
- run: Build and run for development (mounts src/ into container)
- runshell: Build for development, but run a shell instead of the supervisor
- runlive: Build and run like live (no src/ mount)
- runlocal: Run locally from source
HERE
exit 1