Skip to content

Commit

Permalink
infra docker files (#33314)
Browse files Browse the repository at this point in the history 
moving infra files

fixes: https://jira-dc.paloaltonetworks.com/browse/CIAC-7077
  • Loading branch information
@kobymeir
kobymeir authored Dec 9, 2024
1 parent 6f67bdb commit 99003fd
Show file tree
Hide file tree
Showing 15 changed files with 3,811 additions and 130 deletions.
36 changes: 0 additions & 36 deletions .circleci/config.yml
View file

This file was deleted.

7 changes: 3 additions & 4 deletions .github/config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,13 @@ newPRWelcomeComment: |
Questions about how we build Docker images? Make sure to checkout our [README](https://github.com/demisto/dockerfiles/blob/master/README.md).
**What happens next?**
* CircleCI will run the build cycle on any new/modified docker images. If the build fails make sure to review the CircleCI logs and try to fix any issues.
* Once the build passes CircleCI will create a `development` docker image which can be used for local testing. A comment with the details will be posted to this PR.
* The CI will run the build cycle on any new/modified docker images. If the build fails make sure to review the posted comment and address the errors.
* Once the build passes, The CI will create a `development` docker image which can be used for local testing. A comment with the details will be posted to this PR.
* A member of the team will then review the pull request.
* If all is good and both the build is passing and the pull request has passed review, you will be able to merge the PR.
* Once merged, CircleCI will run another build and create a `production` ready docker image which will be deployed at Docker Hub under the demisto organization: https://hub.docker.com/u/demisto .
* Once merged, The CI will run another build and create a *production* ready docker image which will be deployed at Docker Hub under the demisto organization: https://hub.docker.com/u/demisto .
Good luck to us all!
firstPRMergeComment: >
Congrats on merging your first pull request! :tada: How awesome!
3 changes: 2 additions & 1 deletion .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,5 @@ _site
artifacts
dockerfiles-trust
.python-version
.venv
.venv
/report.xml
11 changes: 5 additions & 6 deletions .gitlab/.gitlab-ci.yml
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,7 @@
variables:
GH_BRANCH: $CI_COMMIT_BRANCH
GH_COMMIT: $CI_COMMIT_SHA
trigger_job:
trigger:
strategy: depend
project: ${CI_PROJECT_NAMESPACE}/dockerfiles-cicd
CURRENT_BRANCH_NAME: $INFRA_BRANCH

include:
- file: "/.gitlab/ci/dockerfiles/.gitlab-ci.yml"
ref: $INFRA_BRANCH
project: "${CI_PROJECT_NAMESPACE}/infra"
82 changes: 82 additions & 0 deletions .gitlab/helper_functions.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
#!/bin/bash

CYAN="\e[0;36m"
CLEAR="\e[0m"
RED='\033[0;31m'
GREEN='\033[0;32m'
BLUE='\033[0;34m'
NC='\033[0m'

SECTION_START="\e[0Ksection_start:the_time:section_id\r\e[0K${CYAN}section_header${CLEAR}"
SECTION_END="\e[0Ksection_end:the_time:section_id\r\e[0K"

section_start() {
local section_header section_id start
start="$SECTION_START"
if [[ "$#" -eq 1 ]]; then
section_header="$1"
section_id="$(echo "$1" | tr -c '[:alnum:]\n\r' '_')"
elif [[ "$#" -eq 2 ]]; then
if [[ "$2" =~ -{0,2}collapsed ]]; then
start="${start/section_id/section_id[collapsed=true]}"
section_header="$1"
section_id="$(echo "$1" | tr -c '[:alnum:]\n\r' '_')"
else
section_header="$2"
section_id="$1"
fi
elif [[ "$#" -eq 3 && "$3" =~ /^-{0,2}collapsed$/ ]]; then
start="${start/section_id/section_id[collapsed=true]}"
section_header="$2"
section_id="$1"
else
echo "section_start should be called with 1-3 args but it was called with $# args"
echo "acceptable usages:"
echo " 1. section_start \"<section-header>\""
echo " 2. section_start \"<section-start-id>\" \"<section-header>\""
echo " 3. section_start \"<section-header>\" --collapse"
echo " 4. section_start \"<section-start-id>\" \"<section-header>\" --collapse"
echo "where <section-start-id> is only alphanumeric characters and underscore and"
echo "--collapse indicates that you would like those log steps to be collapsed in the job log output by default"
exit 9
fi
start_time=$(date +%s)
start="$(echo "$start" | sed -e "s/the_time/$start_time/" -e "s/section_id/$section_id/" -e "s/section_header/$section_header/")"
echo -e "$start"
date +"[%Y-%m-%dT%H:%M:%S.%3N] section start"
}

section_end() {
local section_id end
date +"[%Y-%m-%dT%H:%M:%S.%3N] section end"
end="$SECTION_END"
if [[ "$#" -eq 1 ]]; then
section_id="$(echo "$1" | tr -c '[:alnum:]\n\r' '_')"
else
echo "section_end should be called with 1 arg but it was called with $# args"
echo "acceptable usage:"
echo " 1. section_end \"<section-start-id>\""
echo " 2. section_end \"<section-header>\""
echo "where <section-start-id> or <section-header> is the id of the section this marks the end of"
exit 9
fi
end_time=$(date +%s)
end="$(echo "$end" | sed -e "s/the_time/$end_time/" -e "s/section_id/$section_id/")"
echo -e "$end"
}

job-done() {
mkdir -p "${PIPELINE_JOBS_FOLDER}"
echo "creating file ${PIPELINE_JOBS_FOLDER}/${CI_JOB_NAME}.txt"
echo "done" > "${PIPELINE_JOBS_FOLDER}/${CI_JOB_NAME}.txt"
echo "finished writing to file ${PIPELINE_JOBS_FOLDER}/${CI_JOB_NAME}.txt"
}

sleep-with-progress() {
local sleep_time=${1:-10}
local sleep_interval=${2:-1}
local sleep_message=${3:-"Sleeping... "}
local columns=${4:-$(tput cols)}
local sleep_step=$((sleep_time / sleep_interval))
for ((i=0; i< sleep_step;i++)); do echo "${sleep_interval}";sleep "${sleep_interval}"; done | poetry run tqdm --total ${sleep_time} --unit seconds --leave --update --colour green -ncols ${columns} --desc "${sleep_message}" 1> /dev/null
}
113 changes: 113 additions & 0 deletions .hooks/bootstrap
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,113 @@
#!/usr/bin/env bash

#
# Bootstraps a development environment.
#
# This includes:
# * install pre-commit hooks
# * setup infra dependencies with poetry

function exit_on_error {
if [ "${1}" -ne 0 ]; then
echo "ERROR: ${2}, exiting with code ${1}" 1>&2
exit "${1}"
fi
}

# poetry is installed in ~/.local/bin
PATH=~/.local/bin:$PATH

if [[ "$1" == "-h" ]] || [[ "$1" == "--help" ]]; then
cat << __EOF__
Setup development environment (run with no arguments):
* install pre-commit hooks (set NO_HOOKS=1 to skip)
__EOF__
exit 0
fi

if [ ! "${PWD}" == "$(git rev-parse --show-toplevel)" ]; then
cat >&2 <<__EOF__
ERROR: this script must be run at the root of the source tree
__EOF__
exit 1
fi

echo "======================="
if [ -z "${INSTALL_POETRY}" ]; then
if ! command -v poetry >/dev/null 2>&1; then
echo "ERROR: poetry is missing. Please run the following command to install it:
curl -sSL https://install.python-poetry.org | python3 -" 1>&2
exit 1
fi
else
should_install_poetry="yes"
if command -v poetry >/dev/null 2>&1; then
if [[ "$(poetry --version)" == "Poetry (version ${POETRY_VERSION})" ]]; then
echo "Poetry is already installed with the correct version: $(poetry --version)"
should_install_poetry="no"
else
echo "Poetry is already installed with a different version: $(poetry --version), required version: ${POETRY_VERSION}"
fi
else
echo "Poetry isn't installed"
fi
if [[ "${should_install_poetry}" == "yes" ]]; then
echo "Installing Poetry version:${POETRY_VERSION}"
curl -sSL https://install.python-poetry.org | python3 - --version "${POETRY_VERSION}"
error_code=$?
if ! command -v poetry >/dev/null 2>&1; then
exit_on_error $? "Poetry isn't installed"
fi
if [[ "$(poetry --version)" == "Poetry (version ${POETRY_VERSION})" ]]; then
echo "Poetry version ${POETRY_VERSION} installed successfully"
else
exit_on_error 1 "Poetry version $(poetry --version) doesn't match the required version: ${POETRY_VERSION}"
fi
if [ -n "${ARTIFACTS_FOLDER}" ] && [ "${error_code}" -ne 0 ]; then
cp "${PWD}"/poetry-installer-error-*.log "${ARTIFACTS_FOLDER}"
fi
exit_on_error $error_code "Failed to install Poetry version:${POETRY_VERSION}"
fi
fi

if [ -n "${NO_HOOKS}" ]; then
echo "Skipping hooks setup as environment variable NO_HOOKS is set"
else
GIT_HOOKS_DIR="${PWD}/.git/hooks"
if [ ! -e "${GIT_HOOKS_DIR}/pre-commit" ]; then
echo "Installing 'pre-commit' hooks"
poetry run pre-commit install
exit_on_error $? "Failed to install pre-commit hook"
else
echo "Skipping install of pre-commit hook as it already exists."
echo "If you want to re-install: 'rm ${GIT_HOOKS_DIR}/pre-commit' and then run this script again."
exit 1
fi
fi

if [ -n "${CI}" ]; then
echo "Detected CI environment"
echo "Checking whether poetry files are valid"
poetry check --no-interaction
exit_on_error $? "Failed to check poetry files"
echo "Installing dependencies..."
poetry install --no-interaction
exit_on_error $? "Failed to install dependencies"
else
echo "Detected local environment"
echo "Check if poetry files are valid"
poetry check
exit_on_error $? "Failed to check poetry files"
echo "Installing dependencies..."
poetry install
exit_on_error $? "Failed to install dependencies"
fi

echo "=========================="
echo "Done setting up virtualenv with poetry"
echo "Activate the virtualenv by running: poetry shell"
echo "Deactivate by running: deactivate"
echo "======================="

echo "Finished setting up the environment."
exit 0
66 changes: 66 additions & 0 deletions .pre-commit-config.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
repos:
- repo: https://github.com/charliermarsh/ruff-pre-commit
rev: v0.5.4
hooks:
- id: ruff
args:
- --fix
- id: ruff-format
- repo: https://github.com/pappasam/toml-sort
rev: v0.23.1
hooks:
- id: toml-sort-fix
exclude: poetry.lock
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.6.0
hooks:
- id: check-json
- id: check-yaml
exclude: .gitlab
- id: check-ast
- id: check-merge-conflict
- id: name-tests-test
files: .+_test.py$
- id: trailing-whitespace
- id: check-toml
- id: check-xml
- repo: https://github.com/python-poetry/poetry
rev: 1.8.3
hooks:
- id: poetry-check
args:
- --lock
files: ^pyproject.toml$
- repo: https://github.com/hadialqattan/pycln
rev: v2.4.0
hooks:
- id: pycln
args:
- --all
- repo: https://github.com/pre-commit/mirrors-mypy
rev: v1.10.1
hooks:
- id: mypy
entry: mypy
args:
- --show-error-codes
additional_dependencies:
- types-requests
- types-paramiko
- types-PyYAML
- types-setuptools
- types-ujson
- types-decorator
- types-retry
- types-pytz
- types-python-dateutil
- types-tabulate
- types-dateparser
types: [python]
#duplicate here and in pyproject.toml because https://github.com/python/mypy/issues/13916
exclude: artifacts*|.*_test|test_.*|test_data|tests_data|.venv
- repo: https://github.com/koalaman/shellcheck-precommit
rev: v0.10.0
hooks:
- id: shellcheck
args: ["--severity=error"]
14 changes: 6 additions & 8 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
# Cortex XSOAR Dockerfiles and Image Build Management

[![CircleCI](https://circleci.com/gh/demisto/dockerfiles.svg?style=svg)](https://circleci.com/gh/demisto/dockerfiles)

This repository's `master` branch tracks images pushed to [the official Demisto Docker Hub organization](https://hub.docker.com/u/demisto/). Other branches` images are pushed to [devdemisto](https://hub.docker.com/u/devdemisto).

**Note:** We generate nightly information about packages and OS dependencies used in each of Demisto's Docker images. Checkout the `dockerfiles-info` project [README](https://github.com/demisto/dockerfiles-info/blob/master/README.md) for a full listing.
Expand Down Expand Up @@ -87,7 +85,7 @@ Requirements:
* Local install of docker
* Local install of `pipenv` or `poetry` (depends whether the image folder contains `Pipfile` or a `pyproject.toml`, respectively)

The script `docker/build_docker.sh` is used to build all modified Docker images. The script detects modified directories using `git` by comparing against `origin/master` if on a branch or if on `master` by using the `CIRCLE_COMPARE_URL` environment variable to obtain the commit range of the current build.
The script `docker/build_docker.sh` is used to build all modified Docker images. The script detects modified directories using `git` by comparing against `origin/master`.

If you want to test how the script detects commit changes: Make sure you are working on a branch and the changes are committed. If you haven't committed the changes and want to run a local build you can run the script with a image name (which corresponds to a directory name) to the run the build on. For example:

Expand Down Expand Up @@ -120,8 +118,8 @@ After opening a Pull Request, and in order for the reviewer to understand the co

The build script will check for a `build.conf` file in the target image directory and will read from it `name=value` properties. Supported properties:

* **version**: The version to use for tagging. Default: `1.0.0`. See [Dynamic Versioning](#dynamic-versioning) for non-static versions. #Note: that additionally, the CircleCI build number is always appended to the version as a revision (for example: `1.0.0.15519`) to create a unique version per build.
* **devonly**: If set the image will be pushed only to the `devdemisto` org in docker hub and will not be pushed to the `demisto` org. Should be used for images which are for development purposes only (such as the image used in CircleCI to build this project).
* **version**: The version to use for tagging. Default: `1.0.0`. See [Dynamic Versioning](#dynamic-versioning) for non-static versions. #Note: that additionally, the CI build number is always appended to the version as a revision (for example: `1.0.0.15519`) to create a unique version per build.
* **devonly**: If set the image will be pushed only to the `devdemisto` org in docker hub and will not be pushed to the `demisto` org. Should be used for images which are for development purposes only (such as the image used in CI to build this project).
* **deprecated**: If set the image will be listed as deprecated in the deprecated_images.json file and the image will be forbidden form using in the integrations/automations.
* **deprecated_reason**: Free text that explain the deprecation reason.

Expand Down Expand Up @@ -193,13 +191,13 @@ cat verify.ps1 | docker run --rm -i <image_name> pwsh -c '-'

## Docker Image Deployment

When you first open a PR, a `development` docker image is built (via CircleCI) under the `devdemisto` docker organization. So for example if your image is named `ldap3` an image with the name `devdemisto/ldap3` will be built.
When you first open a PR, a `development` docker image is built under the `devdemisto` docker organization. So for example if your image is named `ldap3` an image with the name `devdemisto/ldap3` will be built.

If the PR is on a local branch of the `dockerfiles` github project (relevant only for members of the project with commit access), the image will be deployed to the [devdemisto](https://hub.docker.com/u/devdemisto) docker hub organization. A bot will add a comment to the PR stating that the image has been deployed and available. You can then test the image out simply by doing `docker pull <image_name>` (instructions will be included in the comment added to the PR).

If you are contributing (**thank you!!**) via an external fork, then the image built will not be deployed to docker hub. It will be available to download from the build artifacts. You can download the image and load it locally by running the `docker load` command. If you go into the build details in CircleCI you will see also instructions in the end of the `Build Docker Images` step on how to load it with a one liner bash command. Example contribution build can be seen [here](https://circleci.com/gh/demisto/dockerfiles/1976#artifacts/containers/0).
If you are contributing (**thank you!!**) via an external fork, then the image built will not be deployed to docker hub. It will be available to download from the build artifacts, a comment with instructions will be posted on the PR. You can download the image and load it locally by running the `docker load` command.

Once merged into master, CircleCI will run another build and create a `production` ready docker image which will be deployed at Docker Hub under the [demisto](https://hub.docker.com/u/demisto) organization. A bot will add a comment to the original PR about the production deployment and the image will then be fully available for usage. An example `production` comment added to a PR can be seen [here](https://github.com/demisto/dockerfiles/pull/462#issuecomment-533150059).
Once merged into master, It will run an additional build and create a *production* ready docker image which will be deployed at Docker Hub under the [demisto](https://hub.docker.com/u/demisto) organization. A bot will add a comment to the original PR about the production deployment and the image will then be fully available for usage. An example *production* comment added to a PR can be seen [here](https://github.com/demisto/dockerfiles/pull/462#issuecomment-533150059).

## Advanced

Expand Down
Loading

0 comments on commit 99003fd

Please sign in to comment.