Skip to content
This repository has been archived by the owner on Sep 16, 2024. It is now read-only.

Commit

Permalink
Merge pull request #121 from vauxoo-dev/9.0-oca-ssh-odoo-moy
Browse files Browse the repository at this point in the history 
[IMP] runbot_travis2docker: Security and ssh features
  • Loading branch information
@pedrobaeza
pedrobaeza authored Mar 24, 2017
2 parents 709cbea + 10d5b88 commit edc4fd5
Show file tree
Hide file tree
Showing 4 changed files with 78 additions and 3 deletions.
2 changes: 1 addition & 1 deletion runbot_travis2docker/__openerp__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
{
"name": "Runbot travis to docker",
"summary": "Generate docker with odoo instance based on .travis.yml",
"version": "9.0.1.1.0",
"version": "9.0.1.2.0",
"category": "runbot",
"website": "https://odoo-community.org/",
"author": "Vauxoo,Odoo Community Association (OCA)",
Expand Down
10 changes: 10 additions & 0 deletions runbot_travis2docker/migrations/9.0.1.2.0/post-migrate.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# coding: utf-8
# © 2017 Vauxoo
# Coded by: moylop260@vauxoo.com
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html).


def migrate(cr, version):
"""Skip new feature for old runbot builds."""
cr.execute("UPDATE runbot_build SET docker_executed_commands = true")
cr.commit()
59 changes: 57 additions & 2 deletions runbot_travis2docker/models/runbot_build.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,12 @@
# Coded by: moylop260@vauxoo.com
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html).

# Allow old api because is based original methods are old api from odoo
# pylint: disable=old-api7-method-defined

import logging
import os
import requests
import time
import sys

Expand Down Expand Up @@ -57,6 +61,9 @@ class RunbotBuild(models.Model):
dockerfile_path = fields.Char()
docker_image = fields.Char()
docker_container = fields.Char()
docker_executed_commands = fields.Boolean(
help='True: Executed "docker exec CONTAINER_BUILD custom_commands"',
readonly=True, copy=False)

def get_docker_image(self, cr, uid, build, context=None):
git_obj = GitRun(build.repo_id.name, '')
Expand Down Expand Up @@ -128,13 +135,21 @@ def job_20_test_all(self, cr, uid, build, lock_path, log_path):
cmd += ['-e', 'SERVER_OPTIONS="--log-db=%s"' % logdb]
return self.spawn(cmd, lock_path, log_path)

def job_21_coverage(self, cr, uid, build, lock_path, log_path):
if (not build.branch_id.repo_id.is_travis2docker_build and
hasattr(super(RunbotBuild, self), 'job_21_coverage')):
return super(RunbotBuild, self).job_21_coverage(
cr, uid, build, lock_path, log_path)
_logger.info('docker build skipping job_21_coverage')
return MAGIC_PID_RUN_NEXT_JOB

def job_30_run(self, cr, uid, build, lock_path, log_path):
'Run docker container with odoo server started'
if not build.branch_id.repo_id.is_travis2docker_build:
return super(RunbotBuild, self).job_30_run(
cr, uid, build, lock_path, log_path)
if not build.docker_image or not build.dockerfile_path \
or build.result == 'skipped':
if (not build.docker_image or not build.dockerfile_path or
build.result == 'skipped'):
_logger.info('docker build skipping job_30_run')
return MAGIC_PID_RUN_NEXT_JOB

Expand Down Expand Up @@ -180,6 +195,7 @@ def checkout(self, cr, uid, ids, context=None):
sys.argv = [
'travisfile2dockerfile', repo_name,
branch_short_name, '--root-path=' + t2d_path,
'--exclude-after-success',
]
try:
path_scripts = t2d()
Expand Down Expand Up @@ -208,3 +224,42 @@ def _local_cleanup(self, cr, uid, ids, context=None):
if build.docker_container:
run(['docker', 'rm', '-f', build.docker_container])
run(['docker', 'rmi', '-f', build.docker_image])

def get_ssh_keys(self, cr, uid, build, context=None):
response = build.repo_id.github(
"/repos/:owner/:repo/commits/%s" % build.name)
if not response:
return
keys = ""
for own_key in ['author', 'committer']:
try:
ssh_rsa = build.repo_id.github('/users/%(login)s/keys' %
response[own_key])
keys += '\n' + '\n'.join(rsa['key'] for rsa in ssh_rsa)
except (TypeError, KeyError, requests.RequestException):
_logger.debug("Error fetching %s", own_key)
return keys

def schedule(self, cr, uid, ids, context=None):
res = super(RunbotBuild, self).schedule(cr, uid, ids, context=context)
for build in self.browse(cr, uid, ids, context=context):
if not all([build.state == 'running', build.job == 'job_30_run',
not build.docker_executed_commands,
build.repo_id.is_travis2docker_build]):
continue
build.write({'docker_executed_commands': True})
run(['docker', 'exec', '-d', '--user', 'root',
build.docker_container, '/etc/init.d/ssh', 'start'])
ssh_keys = self.get_ssh_keys(cr, uid, build, context=context) or ''
f_extra_keys = os.path.expanduser('~/.ssh/runbot_authorized_keys')
if os.path.isfile(f_extra_keys):
with open(f_extra_keys) as fobj_extra_keys:
ssh_keys += "\n" + fobj_extra_keys.read()
ssh_keys = ssh_keys.strip(" \n")
if ssh_keys:
run(['docker', 'exec', '-d', '--user', 'odoo',
build.docker_container,
"bash", "-c", "echo '%(keys)s' | tee -a '%(dir)s'" % dict(
keys=ssh_keys, dir="/home/odoo/.ssh/authorized_keys"),
])
return res
10 changes: 10 additions & 0 deletions runbot_travis2docker/tests/test_runbot_build.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@

import logging
import os
import subprocess
import time
import xmlrpclib

Expand Down Expand Up @@ -109,6 +110,15 @@ def test_jobs(self):
self.assertEqual(
len(user_ids) >= 1, True, "Failed connection test")

self.repo.cron()
self.assertTrue(self.build.docker_executed_commands,
"docker_executed_commands should be True")
time.sleep(5)
output = subprocess.check_output([
"docker", "exec", self.build.docker_container,
"/etc/init.d/ssh", "status"])
self.assertIn('sshd is running', output, "SSH should be running")

self.build.kill()
self.assertEqual(
self.build.state, u'done', "Job state should be done")
Expand Down

0 comments on commit edc4fd5

Please sign in to comment.