-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathtea_runner.py
191 lines (156 loc) · 6.64 KB
/
tea_runner.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
#!/usr/bin/env python3
"""
Run tasks based on webhooks configured in Gitea.
Command-line options:
--debug, -d Send more detailed log output to console.
Configuration file (config.ini) options:
[runner]
ALLOWED_IP_RANGE=xxx.xxx.xxx.xxx/mm
# Only respond to requests made from this range of IP addresses. Eg. 192.168.1.0/24
GIT_SSL_NO_VERIFY=true
# Ignore certificate host verification errors. Useful for self-signed certs.
LISTEN_IP=xxx.xxx.xxx.xxx
# IP address for incoming requests. Defaults to 0.0.0.0 (Any).
LISTEN_PORT=xxxx
# TCP port number used for incoming requests. Defaults to 1706.
"""
from ipaddress import ip_address, ip_network
from os import path
from subprocess import run, DEVNULL
from sys import exit
from os import access, X_OK, chdir, environ, path
from tempfile import TemporaryDirectory
from waitress import serve
from werkzeug import utils
from flask import Flask, request, jsonify
from configparser import ConfigParser
from argparse import ArgumentParser
import logging
GIT_BIN = '/usr/bin/git'
RSYNC_BIN = '/usr/bin/rsync'
DOCKER_BIN = '/usr/bin/docker'
print("Tea Runner")
# Debug is a command-line option, but most configuration comes from config.ini
arg_parser = ArgumentParser()
arg_parser.add_argument('-d', '--debug', action='store_true',
help='display debugging output while running')
args = arg_parser.parse_args()
config = ConfigParser()
config.read('config.ini')
if args.debug:
config.set('runner', 'DEBUG', "true")
if config.getboolean('runner', 'DEBUG', fallback='False') == True:
logging.basicConfig(format='%(levelname)s: %(message)s',
level=logging.DEBUG)
logging.info('Debug logging is on')
else:
logging.basicConfig(
format='%(levelname)s: %(message)s', level=logging.INFO)
if not access(GIT_BIN, X_OK):
logging.error("git binary not found or not executable")
exit(1)
if not access(RSYNC_BIN, X_OK):
logging.error("rsync binary not found or not executable")
exit(1)
if not access(DOCKER_BIN, X_OK):
logging.error("docker binary not found or not executable")
exit(1)
def git_clone(src_url, dest_dir):
"""
Clone a remote git repository into a local directory.
Args:
src_url (string): HTTP(S) url used to clone the repo.
dest_dir (string): Path to the local directory.
Returns:
(boolean): True if command returns success.
"""
logging.info('git clone ' + src_url)
if config.getboolean('runner', 'GIT_SSL_NO_VERIFY', fallback='False') == True:
environ['GIT_SSL_NO_VERIFY'] = 'true'
chdir(dest_dir)
clone_result = run([GIT_BIN, 'clone', src_url, '.'],
stdout=None if args.debug else DEVNULL, stderr=None if args.debug else DEVNULL)
return clone_result.returncode == 0
app = Flask(__name__)
@app.before_request
def check_authorized():
"""
Only respond to requests from ALLOWED_IP_RANGE if it's configured in config.ini
"""
if config.has_option('runner', 'ALLOWED_IP_RANGE'):
allowed_ip_range = ip_network(config['runner']['ALLOWED_IP_RANGE'])
requesting_ip = ip_address(request.remote_addr)
if requesting_ip not in allowed_ip_range:
logging.info(
'Dropping request from unauthorized host ' + request.remote_addr)
return jsonify(status='forbidden'), 403
else:
logging.info('Request from ' + request.remote_addr)
@app.before_request
def check_media_type():
"""
Only respond requests with Content-Type header of application/json
"""
if not request.headers.get('Content-Type').lower().startswith('application/json'):
logging.error(
'"Content-Type: application/json" header missing from request made by ' + request.remote_addr)
return jsonify(status='unsupported media type'), 415
@app.route('/test', methods=['POST'])
def test():
logging.debug('Content-Type: ' + request.headers.get('Content-Type'))
logging.debug(request.get_json(force=True))
return jsonify(status='success', sender=request.remote_addr)
@app.route('/rsync', methods=['POST'])
def rsync():
body = request.get_json()
dest = request.args.get('dest') or body['repository']['name']
rsync_root = config.get('rsync', 'RSYNC_ROOT', fallback='')
if rsync_root:
dest = path.join(rsync_root, utils.secure_filename(dest))
logging.debug('rsync dest path updated to ' + dest)
with TemporaryDirectory() as temp_dir:
if git_clone(body['repository']['clone_url'], temp_dir):
logging.info('rsync ' + body['repository']['name'] + ' to ' + dest)
chdir(temp_dir)
if config.get('rsync', 'DELETE', fallback=''):
result = run([RSYNC_BIN, '-r',
'--exclude=.git',
'--delete-during' if config.get(
'rsync', 'DELETE', fallback='') else '',
'.',
dest],
stdout=None if args.debug else DEVNULL,
stderr=None if args.debug else DEVNULL
)
else:
result = run([RSYNC_BIN, '-r',
'--exclude=.git',
'.',
dest],
stdout=None if args.debug else DEVNULL,
stderr=None if args.debug else DEVNULL
)
if result.returncode != 0:
return jsonify(status='rsync failed'), 500
else:
return jsonify(status='git clone failed'), 500
return jsonify(status='success')
@app.route('/docker/build', methods=['POST'])
def docker_build():
body = request.get_json()
with TemporaryDirectory() as temp_dir:
if git_clone(body['repository']['clone_url'], temp_dir):
logging.info('docker build')
chdir(temp_dir)
result = run([DOCKER_BIN, 'build', '-t', body['repository']['name'], '.'],
stdout=None if args.debug else DEVNULL, stderr=None if args.debug else DEVNULL)
if result.returncode != 0:
return jsonify(status='docker build failed'), 500
else:
return jsonify(status='git clone failed'), 500
return jsonify(status='success')
if __name__ == '__main__':
logging.info('Limiting requests to: ' + config.get('runner',
'ALLOWED_IP_RANGE', fallback='<any>'))
serve(app, host=config.get('runner', 'LISTEN_IP', fallback='0.0.0.0'),
port=config.getint('runner', 'LISTEN_PORT', fallback=1706))