Add rake task, dockerfile and service for webhook (#15)

* Add rake task for webhook * change frontend config * Add dockerfile and service with webhook
openware · Dec 19, 2018 · 1a30149 · 1a30149
1 parent 22503c0
commit 1a30149
Show file tree

Hide file tree

Showing 12 changed files with 128 additions and 63 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,6 @@
+Dockerfile
+.dockerignore
+.git
+.gitignore
+LICENSE
+README
diff --git a/.env b/.env
@@ -3,3 +3,4 @@ APP_DOMAIN=app.local
 COMPOSE_FILE=compose/app.yaml:compose/backend.yaml:compose/gateway.yaml:compose/proxy.yaml:compose/daemons.yaml:compose/frontend.yaml:compose/utils.yaml
 PEATIO_IMAGE=rubykube/peatio:2.0.3-alpha
 BARONG_IMAGE=rubykube/barong:2.0.8-alpha
+FRONTEND_IMAGE=rubykube/mikroapp:latest
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,17 @@
+FROM ruby:2.5.3
+
+ENV APP_HOME=/home/app
+
+ARG UID=1000
+ARG GID=1000
+
+RUN groupadd -r --gid ${GID} app \
+ && useradd --system --create-home --home ${APP_HOME} --shell /sbin/nologin --no-log-init \
+      --gid ${GID} --uid ${UID} app
+
+USER app
+WORKDIR $APP_HOME
+
+COPY --chown=app:app . .
+
+RUN bundle install --jobs=$(nproc) --deployment
diff --git a/Gemfile b/Gemfile
@@ -15,3 +15,4 @@ gem 'sinatra'
 gem 'puma'
 gem 'rspec'
 gem 'jwt'
+gem 'faraday'
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -14,8 +14,11 @@ GEM
       eventmachine (>= 0.12.9)
       http_parser.rb (~> 0.6.0)
     eventmachine (1.2.7)
+    faraday (0.15.4)
+      multipart-post (>= 1.2, < 3)
     http_parser.rb (0.6.0)
     jwt (2.1.0)
+    multipart-post (2.0.0)
     mustermann (1.0.3)
     mysql2 (0.5.2)
     peatio (0.4.4)
@@ -56,6 +59,7 @@ PLATFORMS
 
 DEPENDENCIES
   barong
+  faraday
   jwt
   peatio
   puma

diff --git a/bin/install b/bin/install
@@ -1,2 +1,9 @@
+SECRET=$(ruby -rsecurerandom -e 'puts SecureRandom.hex(20)')
 
-puts "Mirko install package"
+sed s/GENERATED_HMAC_SECRET/${SECRET}/g templates/webhook.service > webhook.service
+
+sed -i s#MICROKUBE_DIRECTORY#${PWD}#g webhook.service
+
+echo "Generated Secret: ${SECRET}"
+
+sudo mv ./webhook.service /etc/systemd/system/webhook.service
diff --git a/compose/frontend.yaml b/compose/frontend.yaml
@@ -2,17 +2,7 @@ version: '3.6'
 
 services:
   frontend:
-    image: node:11
-    user: "${UID}:${GID}"
-    volumes:
-      - ../vendor/frontend:/home/node
-    command:
-      - sh
-      - -c
-      - |
-        cd /home/node
-        yarn
-        yarn start
+    image: "${FRONTEND_IMAGE}"
     labels:
       traefik.enable: true
       traefik.frontend.rule: "PathPrefix:/;Host:www.${APP_DOMAIN}"

diff --git a/config.ru b/config.ru
@@ -0,0 +1,5 @@
+#\ -s Puma --host 0.0.0.0 -p 1337 -E production
+
+require_relative 'lib/microkube/webhook'
+
+run Webhook
diff --git a/lib/microkube/server.rb b/lib/microkube/server.rb
diff --git a/lib/microkube/webhook.rb b/lib/microkube/webhook.rb
@@ -0,0 +1,58 @@
+require 'sinatra/base'
+require 'json'
+require_relative 'payload'
+
+class Webhook < Sinatra::Base
+
+  set :show_exceptions, false
+
+  def initialize
+    super
+    @services = %w[barong peatio frontend tower]
+    secret = ENV['WEBHOOK_JWT_SECRET']
+    raise 'WEBHOOK_JWT_SECRET is not set' if secret.to_s.empty?
+    @decoder = Microkube::Payload.new(secret: secret)
+  end
+
+  before do
+    content_type 'application/json'
+  end
+
+  get '/deploy/ping' do
+    'pong'
+  end
+
+  get '/deploy/:token' do |token|
+    decoded = @decoder.safe_decode(token)
+    return answer(400, 'invalid token') unless decoded
+
+    service = decoded['service']
+    image = decoded['image']
+
+    return answer(400, 'service is not specified') unless service
+    return answer(400, 'image is not specified') unless image
+    return answer(404, 'unknown service') unless @services.include? service
+    return answer(400, 'invalid image') if (%r(^(([-_\w\.]){,20}(\/|:))+([-\w\.]{,20})$) =~ image) == nil
+
+    system "docker image pull #{image}"
+
+    unless $?.success?
+      system("docker image inspect #{image} > /dev/null")
+      return answer(404, 'invalid image') unless $?.success?
+    end
+
+    image_tag = "#{service.upcase}_IMAGE=#{image}"
+    system "#{image_tag} docker-compose up -Vd #{service}"
+
+    return answer(500, 'could not restart container') unless $?.success?
+    return answer(200, "service #{service} updated with image #{image}")
+  end
+
+  def answer(response_status, message)
+    status response_status
+
+    {
+      message: message
+    }.to_json
+  end
+end
diff --git a/lib/tasks/payload.rake b/lib/tasks/payload.rake
@@ -0,0 +1,14 @@
+require_relative '../microkube/payload'
+require 'faraday'
+
+namespace :payload do
+  desc 'Generate JWT'
+  task :send, [:service, :image, :url] do |t, args|
+    secret = ENV['WEBHOOK_JWT_SECRET']
+    abort 'WEBHOOK_JWT_SECRET not set' if secret.to_s.empty?
+    coder = Microkube::Payload.new(secret: secret)
+    jwt = coder.generate!(service: args.service, image: args.image)
+    response = Faraday.get "#{args.url}/deploy/#{jwt}"
+    pp response.body
+  end
+end
diff --git a/templates/webhook.service b/templates/webhook.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Microkube Webhook service
+
+[Service]
+User=app
+Environment="WEBHOOK_JWT_SECRET=GENERATED_HMAC_SECRET"
+ExecStart=/usr/local/bin/bundle exec rackup config.ru
+Type=simple
+Restart=always
+WorkingDirectory=MICROKUBE_DIRECTORY
+
+[Install]
+WantedBy=multi-user.target