diff --git a/.plzconfig b/.plzconfig deleted file mode 100644 index 00a9416dd..000000000 --- a/.plzconfig +++ /dev/null @@ -1,39 +0,0 @@ -; Please config file -; Leaving this file as is is enough to use plz to build your project. -; Please will stay on whatever version you currently have until you run -; 'plz update', when it will download the latest available version. -; -; Or you can uncomment the following to pin everyone to a particular version; -; when you change it all users will automatically get updated. -[please] -version = 16.17.1 - -[buildconfig] -; ssh_config_dir = "./tmp/vagrant/ssh_configs" -; pex_cache_dir = "./tmp/cache/pex" -; provisioner_platform = "linux_amd64" - -[build] -# 3600 seconds, 60 minutes -# Majority of the time is spent on //third_party/firecracker:kernel -timeout = 3600 - -[python] -moduledir = "third_party.python" - -[alias "ansible-playbook"] -cmd = run //third_party/ansible|ansible-playbook -- - -[alias "ansible-galaxy"] -cmd = run //third_party/ansible|ansible-galaxy -- - -[alias "pulumi"] -cmd = run //third_party/pulumi:pulumi|pulumi -- - -[alias "ssh"] -cmd = run //tools/ssh -- - -[Parse] -PreloadBuildDefs = ./tools/please/sh_rules.build_defs -PreloadBuildDefs = ./tools/please/helpers.build_defs -buildfilename = BUILD.plz \ No newline at end of file diff --git a/BUILD.plz b/BUILD.plz deleted file mode 100644 index 8e230fe48..000000000 --- a/BUILD.plz +++ /dev/null @@ -1,5 +0,0 @@ -github_repo( - name = "pleasings", - repo = "thought-machine/pleasings", - revision = "8f68304e6d151b65817c2ee7d5aa6221a03cb51b", -) \ No newline at end of file diff --git a/MODULE.bazel b/MODULE.bazel index 62009bffb..44f492b70 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -15,7 +15,7 @@ bazel_dep(name = "platforms", version = "0.0.6") bazel_dep(name = "bazel_skylib", version = "1.4.1") # ------------------------------------ rules_pkg ------------------------------------ # -bazel_dep(name = "rules_pkg", version = "0.9.0") +bazel_dep(name = "rules_pkg", version = "0.7.0") # ------------------------------------ rules_task ------------------------------------ # bazel_dep(name = "rules_task", version = "0.1.0") diff --git a/WORKSPACE.bzlmod b/WORKSPACE.bzlmod index e187af927..6d9ac8337 100644 --- a/WORKSPACE.bzlmod +++ b/WORKSPACE.bzlmod @@ -1,20 +1,50 @@ load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive", "http_file") +# ------------------------------------ rules_go ------------------------------------ # +http_archive( + name = "io_bazel_rules_go", + sha256 = "f2dcd210c7095febe54b804bb1cd3a58fe8435a909db2ec04e31542631cf715c", + urls = [ + "https://mirror.bazel.build/github.com/bazelbuild/rules_go/releases/download/v0.31.0/rules_go-v0.31.0.zip", + "https://github.com/bazelbuild/rules_go/releases/download/v0.31.0/rules_go-v0.31.0.zip", + ], +) + +load( + "@io_bazel_rules_go//go:deps.bzl", + "go_download_sdk", + "go_rules_dependencies", +) + +go_rules_dependencies() + +# From https://github.com/buildbuddy-io/buildbuddy/blob/73ec4544d3bf813141314970275d4c2eaa5091a8/WORKSPACE#L57-L83 +go_download_sdk( + name = "go_sdk_linux", + goarch = "amd64", + goos = "linux", + version = "1.18", # Keep in sync with .github/workflows/checkstyle.yaml +) + +go_download_sdk( + name = "go_sdk_linux_arm64", + goarch = "arm64", + goos = "linux", + version = "1.18", +) + +# go_register_toolchains(version="1.18") + +# ------------------------------------ rules_docker ------------------------------------ # # https://github.com/bazelbuild/rules_docker/pull/2201 http_archive( name = "io_bazel_rules_docker", sha256 = "b1e80761a8a8243d03ebca8845e9cc1ba6c82ce7c5179ce2b295cd36f7e394bf", - urls = ["https://github.com/bazelbuild/rules_docker/releases/download/v0.25.0/rules_docker-v0.25.0.tar.gz"], + urls = [ + "https://github.com/bazelbuild/rules_docker/releases/download/v0.25.0/rules_docker-v0.25.0.tar.gz", + ], ) -# load("@io_bazel_rules_docker//toolchains/docker:toolchain.bzl", -# docker_toolchain_configure="toolchain_configure" -# ) -# docker_toolchain_configure( -# name = "docker_config", -# docker_path="", -# ) - load( "@io_bazel_rules_docker//repositories:repositories.bzl", container_repositories = "repositories", @@ -129,7 +159,9 @@ http_archive( name = "io_buildbuddy_buildbuddy_toolchain", sha256 = "e899f235b36cb901b678bd6f55c1229df23fcbc7921ac7a3585d29bff2bf9cfd", strip_prefix = "buildbuddy-toolchain-fd351ca8f152d66fc97f9d98009e0ae000854e8f", - urls = ["https://github.com/buildbuddy-io/buildbuddy-toolchain/archive/fd351ca8f152d66fc97f9d98009e0ae000854e8f.tar.gz"], + urls = [ + "https://github.com/buildbuddy-io/buildbuddy-toolchain/archive/fd351ca8f152d66fc97f9d98009e0ae000854e8f.tar.gz", + ], ) load("@io_buildbuddy_buildbuddy_toolchain//:deps.bzl", "buildbuddy_deps") diff --git a/firecracker/BUILD.plz b/firecracker/BUILD.plz deleted file mode 100644 index 6f02469b3..000000000 --- a/firecracker/BUILD.plz +++ /dev/null @@ -1,42 +0,0 @@ -subinclude("//tools/packer") - -packer_build( - name = "kernel", - srcs = { - "cloud_init_meta_data": "./cloud-init/meta-data", - "cloud_init_user_data": "./cloud-init/user-data", - "playbook": "./build.yml", - "kernel_config": "./config-4.19.155-fc.x86_64", - "ansible_config": "./ansible.cfg", - }, - outs = [ - "vmlinux.bin", - ], - env = { - "ANSIBLE_CONFIG": "echo $(location //build_helpers/defs:ansible.cfg)", - }, - templates = [ - "./packer_qemu.pkr.hcl", - "./provision.pkr.hcl", - ], - toolchain = "//third_party/packer", - tools = { - "ANSIBLE_PLAYBOOK": "//third_party/ansible|ansible-playbook", - }, - variables = { - "iso_file": "echo $(location //third_party/ubuntu:ubuntu_focal)", - "iso_checksum": "echo $(location //third_party/ubuntu:ubuntu_focal_checksum)", - "ssh_private_key_file": "echo $(location //secrets:id_rsa)", - "vm_name": "echo kernel", - "cloud_init_meta_data": "echo $SRCS_CLOUD_INIT_META_DATA", - "cloud_init_user_data": "echo $SRCS_CLOUD_INIT_USER_DATA", - "ansible_playbook_binary": "echo $TOOLS_ANSIBLE_PLAYBOOK", - "ansible_playbook": "echo $SRCS_PLAYBOOK", - "kernel_file": "echo vmlinux.bin", - }, - deps = [ - "//secrets:id_rsa", - "//third_party/ubuntu:ubuntu_focal", - "//third_party/ubuntu:ubuntu_focal_checksum", - ], -) \ No newline at end of file diff --git a/hypervisor/BUILD.plz b/hypervisor/BUILD.plz deleted file mode 100644 index 1d5c28e8d..000000000 --- a/hypervisor/BUILD.plz +++ /dev/null @@ -1,19 +0,0 @@ -# Install necessary dependencies for Ansible -# plz ansible-galaxy install -r $PWD/ansible_requirements.yml -sh_cmd( - name = "provision", - cmd = """ - export PLEASE_ROOT=$(plz query reporoot) - export PLAYBOOK="$PLEASE_ROOT/$(out_location provision.yml)" - export VARS="$PLEASE_ROOT/$(out_location credentials.yml)" - export EXTRA_ARGS="$@" - - $PLEASE_ROOT/$(out_location //third_party/ansible|ansible-playbook) -i hypervisor, $PLAYBOOK $EXTRA_ARGS --extra-vars "@$VARS" - """, - paths = [ - "//tools/ssh", - ], - deps = [ - "//third_party/ansible", - ], -) \ No newline at end of file diff --git a/pleasew b/pleasew deleted file mode 100755 index c551448b7..000000000 --- a/pleasew +++ /dev/null @@ -1,71 +0,0 @@ -#!/usr/bin/env bash -set -u - -RED="\x1B[31m" -GREEN="\x1B[32m" -YELLOW="\x1B[33m" -RESET="\x1B[0m" - -DEFAULT_URL_BASE="https://get.please.build" -# We might already have it downloaded... -LOCATION=$(grep -i "^location" .plzconfig 2>/dev/null | cut -d '=' -f 2 | tr -d ' ') -if [ -z "$LOCATION" ]; then - if [ -z "$HOME" ]; then - echo -e >&2 "${RED}\$HOME not set, not sure where to look for Please.${RESET}" - exit 1 - fi - LOCATION="${HOME}/.please" -else - # It can contain a literal ~, need to explicitly handle that. - LOCATION="${LOCATION/\~/$HOME}" -fi -# If this exists at any version, let it handle any update. -TARGET="${LOCATION}/please" -if [ -f "$TARGET" ]; then - exec "$TARGET" ${PLZ_ARGS:-} "$@" -fi - -URL_BASE="$(grep -i "^downloadlocation" .plzconfig | cut -d '=' -f 2 | tr -d ' ')" -if [ -z "$URL_BASE" ]; then - URL_BASE=$DEFAULT_URL_BASE -fi -URL_BASE="${URL_BASE%/}" - -VERSION="$(grep -i "^version[^a-z]" .plzconfig)" -VERSION="${VERSION#*=}" # Strip until after first = -VERSION="${VERSION/ /}" # Remove all spaces -VERSION="${VERSION#>=}" # Strip any initial >= -if [ -z "$VERSION" ]; then - echo -e >&2 "${YELLOW}Can't determine version, will use latest.${RESET}" - VERSION=$(curl -fsSL ${URL_BASE}/latest_version) -fi - -# Find the os / arch to download. You can do this quite nicely with go env -# but we use this script on machines that don't necessarily have Go itself. -OS=$(uname) -if [ "$OS" = "Linux" ]; then - GOOS="linux" -elif [ "$OS" = "Darwin" ]; then - GOOS="darwin" -else - echo -e >&2 "${RED}Unknown operating system $OS${RESET}" - exit 1 -fi -# Don't have any builds other than amd64 at the moment. -ARCH="amd64" - -PLEASE_URL="${URL_BASE}/${GOOS}_${ARCH}/${VERSION}/please_${VERSION}.tar.xz" -DIR="${LOCATION}/${VERSION}" -# Potentially we could reuse this but it's easier not to really. -if [ ! -d "$DIR" ]; then - rm -rf "$DIR" -fi -echo -e >&2 "${GREEN}Downloading Please ${VERSION} to ${DIR}...${RESET}" -mkdir -p "$DIR" -curl -fsSL "${PLEASE_URL}" | tar -xJpf- --strip-components=1 -C "$DIR" -# Link it all back up a dir -for x in $(ls "$DIR"); do - ln -sf "${DIR}/${x}" "$LOCATION" -done -echo -e >&2 "${GREEN}Should be good to go now, running plz...${RESET}" -exec "$TARGET" ${PLZ_ARGS:-} "$@" diff --git a/provisioner/BUILD.bazel b/provisioner/BUILD.bazel index 9e4723af2..7955db023 100644 --- a/provisioner/BUILD.bazel +++ b/provisioner/BUILD.bazel @@ -1,6 +1,7 @@ load("//tools/pyinfra:defs.bzl", "pyinfra_run") -load("@rules_task//:defs.bzl", "cmd", "task") -load("//tools/docker:docker.bzl", "docker_load_and_run") +load("@rules_task//:defs.bzl", "cmd", "task", "task_test") +load("//tools/docker:docker.bzl", "docker_load") +load("@pip-setup//:requirements.bzl", "requirement") pyinfra_run( name = "provision", @@ -20,30 +21,101 @@ pyinfra_run( inventory = "inventory.py", ) -docker_load_and_run( - name = "dev_image_run", - command = "/sbin/init", - docker_args = [ - "--rm", - "--name provisioner_dev", - "--detach", - "--tmpfs /run", - "--tmpfs /run/lock", - "--tmpfs /tmp", - "--privileged", - "-v /lib/modules:/lib/modules:ro", - ], +docker_load( + name = "load_dev_image", + exec_properties = { + "workload-isolation-type": "firecracker", + "init-dockerd": "true", + "recycle-runner": "true", + }, image = "//tools/ubuntu:ubuntu_snap_base_image", ) +task( + name = "run_dev_image", + cmds = [ + "export CONTAINER_IMAGE=$($load_dev_image)", + cmd.shell( + "docker run", + "--rm", + "--detach", + "--tmpfs /run", + "--tmpfs /run/lock", + "--tmpfs /tmp", + "--privileged", + "-v /lib/modules:/lib/modules:ro", + "-h provisioner", + "$CLI_ARGS", + "$CONTAINER_IMAGE", + "/sbin/init", + ), + ], + env = { + "load_dev_image": cmd.executable(":load_dev_image"), + }, + exec_properties = { + "workload-isolation-type": "firecracker", + "init-dockerd": "true", + "recycle-runner": "true", + }, +) + task( name = "dev", cmds = [ - "CONTAINER_ID=$($run_dev_image)", + "docker rm -f provisioner_dev", + "export CONTAINER_ID=$($run_dev_image)", {"defer": "docker rm -f $CONTAINER_ID"}, "docker logs -f $CONTAINER_ID", ], env = { - "run_dev_image": cmd.executable(":dev_image_run"), + "run_dev_image": cmd.shell( + cmd.executable(":run_dev_image"), + "--name provisioner_dev", + ), + }, +) + +task( + name = "validate", + cmds = [ + cmd.python(""" + import os + setup_env = os.environ.get("SETUP_ENV", 'dev') + + if setup_env == 'test': + os.environ['VALIDATE_HOST'] = os.environ['CONTAINER_ID'] + else: + os.environ['VALIDATE_HOST'] = 'provisioner_dev' + """), + cmd.python_entry_point("pytest:console_main", "-vv", "-ra", "--hosts=\"docker://root@$VALIDATE_HOST\"", "$tests"), + ], + env = { + "tests": cmd.files("test_provisioner.py"), + }, + deps = [ + requirement("pytest-testinfra"), + requirement("pyyaml"), + ], +) + +task_test( + name = "test", + cmds = [ + "export CONTAINER_ID=$($run_dev_image)", + {"defer": "docker rm -f $CONTAINER_ID"}, + "$provision", + "$validate", + ], + env = { + "run_dev_image": cmd.executable(":run_dev_image"), + "provision": cmd.executable(":provision"), + "validate": cmd.executable(":validate"), + "SETUP_ENV": "test", + }, + exec_properties = { + "workload-isolation-type": "firecracker", + "init-dockerd": "true", + "recycle-runner": "true", }, ) diff --git a/provisioner/deploys/microk8s/tasks/install_microk8s.py b/provisioner/deploys/microk8s/tasks/install_microk8s.py index 76acd2298..7d3d58b57 100644 --- a/provisioner/deploys/microk8s/tasks/install_microk8s.py +++ b/provisioner/deploys/microk8s/tasks/install_microk8s.py @@ -24,6 +24,9 @@ def install_microk8s(): dest="/boot/firmware/cmdline.txt", create_remote_dir=True, _sudo=True, + user="root", + group="root", + mode="644", ) if config_file.changed and not host.data.get("inside_docker"): @@ -42,15 +45,16 @@ def install_microk8s(): _sudo=True, ) - server.shell( - name="Update firewall rules", - commands=[ - "ufw allow in on cni0", - "ufw allow out on cni0", - "ufw default allow routed", - ], - _sudo=True, - ) + if not host.data.get("inside_docker"): + server.shell( + name="Update firewall rules", + commands=[ + "ufw allow in on cni0", + "ufw allow out on cni0", + "ufw default allow routed", + ], + _sudo=True, + ) existing_groups = host.get_fact(Users)["ubuntu"]["groups"] new_groups = existing_groups + ["microk8s"] @@ -72,12 +76,20 @@ def install_microk8s(): _sudo=True, ) - server.shell( - name="Enable DNS addon", - # From here https://microk8s.io/docs/addons - commands=[ - "microk8s enable dns", - "microk8s enable helm", - "microk8s enable hostpath-storage", - ], - ) + if not host.data.get("inside_docker"): + server.shell( + name="Start Microk8s", + commands=[ + "microk8s start", + ], + ) + + server.shell( + name="Enable DNS addon", + # From here https://microk8s.io/docs/addons + commands=[ + "microk8s enable dns", + "microk8s enable helm", + "microk8s enable hostpath-storage", + ], + ) diff --git a/provisioner/deploys/network/tasks/install_network.py b/provisioner/deploys/network/tasks/install_network.py index c7126a172..f94bb1c42 100644 --- a/provisioner/deploys/network/tasks/install_network.py +++ b/provisioner/deploys/network/tasks/install_network.py @@ -21,6 +21,30 @@ def install_network(): _sudo=True, ) + # update iptables with https://lowendspirit.com/discussion/1559/iptables-restore-v1-8-4-legacy-couldnt-load-match-limit-no-such-file-or-directory + apt.packages( + name="Install iptables", + packages=["iptables", "arptables", "ebtables"], + latest=True, + _sudo=True, + ) + + legacy_ip_tables = { + "iptables": "/usr/sbin/iptables-legacy", + "ip6tables": "/usr/sbin/ip6tables-legacy", + "arptables": "/usr/sbin/arptables-legacy", + "ebtables": "/usr/sbin/ebtables-legacy", + } + + for lib, binary in legacy_ip_tables.items(): + server.shell( + name=f"Enable legacy iptables: {lib} - {binary}", + commands=[ + f"update-alternatives --set {lib} {binary}", + ], + _sudo=True, + ) + apt.packages( name="Install Uncomplicated Firewall (ufw)", packages=["ufw"], @@ -28,6 +52,15 @@ def install_network(): _sudo=True, ) + if not host.data.get("inside_docker"): + server.shell( + name="Enable firewall", + commands=[ + "ufw enable", + ], + _sudo=True, + ) + if config_file.changed: server.shell( name="Generate netplan", diff --git a/provisioner/inventory.py b/provisioner/inventory.py index 8787af781..a42cb03f5 100644 --- a/provisioner/inventory.py +++ b/provisioner/inventory.py @@ -1,9 +1,18 @@ import os -if os.environ.get("SETUP_ENV", "dev") == "prod": +setup_env = os.environ.get("SETUP_ENV", "dev") + +if setup_env == "prod": hosts = [ ("@ssh/192.168.1.31", {"ssh_user": "ubuntu"}), ] + +elif setup_env == "test": + container_id = os.environ["CONTAINER_ID"] + hosts = [ + (f"@docker/{container_id}", {"inside_docker": True}), + ] + else: container_id = "provisioner_dev" hosts = [ diff --git a/provisioner/test_provisioner.py b/provisioner/test_provisioner.py new file mode 100644 index 000000000..39460ae28 --- /dev/null +++ b/provisioner/test_provisioner.py @@ -0,0 +1,70 @@ +import yaml +import re + + +def test_netplan_installed(host): + netplan = host.package("netplan.io") + assert netplan.is_installed + + +def test_netplan_config(host): + cmd = host.run("netplan get all") + data = yaml.safe_load(cmd.stdout) + assert data["network"]["ethernets"]["eth0"]["addresses"] == ["192.168.1.31/24"] + + +def test_ufw_installed(host): + ufw = host.package("ufw") + assert ufw.is_installed + + +def test_ufw_enabled(host): + ufw = host.service("ufw") + assert ufw.is_enabled + + +def test_hostname(host): + assert host.check_output("hostname -s") == "provisioner" + + +def test_cmdline(host): + cmdline = host.file("/boot/firmware/cmdline.txt") + assert cmdline.contains("root") + assert cmdline.user == "root" + assert cmdline.group == "root" + assert cmdline.mode == 0o644 + + +def test_ubuntu_focal(host): + assert host.system_info.type == "linux" + assert host.system_info.distribution == "ubuntu" + assert host.system_info.release == "20.04" + assert host.system_info.codename == "focal" + + +def test_microk8s_installed(host): + assert "microk8s" in host.check_output("snap list") + + +def test_microk8s_version(host): + assert host.check_output("microk8s version").startswith("MicroK8s v1.27") + + +def test_user_added_to_microk8s_group(host): + assert "microk8s" in host.user("ubuntu").groups + + +def test_kube_config_permissions(host): + kube_config = host.file("/home/ubuntu/.kube") + assert kube_config.is_directory + assert kube_config.user == "ubuntu" + assert kube_config.group == "ubuntu" + assert kube_config.mode == 0o755 + + +def test_passwd_file(host): + passwd = host.file("/etc/passwd") + assert passwd.contains("root") + assert passwd.user == "root" + assert passwd.group == "root" + assert passwd.mode == 0o644 diff --git a/requirements.in b/requirements.in index b0cd0edfe..3a15538f0 100644 --- a/requirements.in +++ b/requirements.in @@ -1,6 +1,8 @@ black==23.3.0; pytest==7.1.2; pytest-cov==3.0.0; +pytest-testinfra==7.0.0; +PyYAML==6.0; pulumi==3.60.1; pulumi-command==0.7.1; pulumi-kubernetes==3.24.2; diff --git a/requirements.lock b/requirements.lock index b1b5d7894..f2e581c54 100644 --- a/requirements.lock +++ b/requirements.lock @@ -1051,6 +1051,7 @@ pytest==7.1.2 \ # pytest-socket # pytest-sugar # pytest-test-groups + # pytest-testinfra # pytest-timeout # pytest-xdist pytest-aiohttp==0.3.0 \ @@ -1086,6 +1087,10 @@ pytest-sugar==0.9.5 \ pytest-test-groups==1.0.3 \ --hash=sha256:a93ee8ae8605ad290965508d13efc975de64f80429465837af5f3dd5bc93fd96 # via pytest-homeassistant-custom-component +pytest-testinfra==7.0.0 \ + --hash=sha256:0b28076d7088fb0c8e868119639f1259f95dd0e735ae8045ead34433ce8cbc98 \ + --hash=sha256:38c2ce2df4e25f685636c7db9ac15083a7cf3e4a8a997d5fa654e8a7bedeadce + # via -r ./requirements.in pytest-timeout==2.1.0 \ --hash=sha256:c07ca07404c612f8abbe22294b23c368e2e5104b521c1790195561f37e1ac3d9 \ --hash=sha256:f6f50101443ce70ad325ceb4473c4255e9d74e3c7cd0ef827309dfa4c0d975c6 @@ -1153,6 +1158,7 @@ pyyaml==6.0 \ --hash=sha256:e61ceaab6f49fb8bdfaa0f92c4b57bcfbea54c09277b1b4f7ac376bfb7a7c174 \ --hash=sha256:f84fbc98b019fef2ee9a1cb3ce93e3187a6df0b2538a651bfb890254ba9f90b5 # via + # -r ./requirements.in # homeassistant # pulumi # pulumi-kubernetes diff --git a/rules/rules_task/runner.py b/rules/rules_task/runner.py index 3f0907c5b..f7143219f 100644 --- a/rules/rules_task/runner.py +++ b/rules/rules_task/runner.py @@ -84,8 +84,6 @@ def main() -> None: bash_cmd = jinja_render_string(bash_cmd) - # print(bash_cmd) - cmd_env = os.environ.copy() cmd_env["CLI_ARGS"] = cli_args diff --git a/secrets/BUILD.plz b/secrets/BUILD.plz deleted file mode 100644 index 8a6968fe8..000000000 --- a/secrets/BUILD.plz +++ /dev/null @@ -1,11 +0,0 @@ -filegroup( - name = "id_rsa", - srcs = ["id_rsa.development"], - visibility = ["PUBLIC"], -) - -filegroup( - name = "id_rsa_pub", - srcs = ["id_rsa.development.pub"], - visibility = ["PUBLIC"], -) \ No newline at end of file diff --git a/third_party/ansible/BUILD.plz b/third_party/ansible/BUILD.plz deleted file mode 100644 index 5c4e88221..000000000 --- a/third_party/ansible/BUILD.plz +++ /dev/null @@ -1,26 +0,0 @@ -package(default_visibility = ["PUBLIC"]) - -subinclude("//tools/python") - -pex_binary( - name = "ansible", - packages = [ - "ansible==4.5.0", - "netaddr==0.8.0", - ], - pex_toolchain = "//third_party/pex", - python_toolchain = "//third_party/python", - scripts = [ - "ansible", - "ansible-config", - "ansible-connection", - "ansible-console", - "ansible-doc", - "ansible-galaxy", - "ansible-inventory", - "ansible-playbook", - "ansible-pull", - "ansible-test", - "ansible-vault", - ], -) \ No newline at end of file diff --git a/third_party/gnu/BUILD.plz b/third_party/gnu/BUILD.plz deleted file mode 100644 index 7e669352d..000000000 --- a/third_party/gnu/BUILD.plz +++ /dev/null @@ -1,8 +0,0 @@ -package(default_visibility = ["PUBLIC"]) - -subinclude("//tools/homebrew") - -homebrew_bottle( - name = "coreutils", - version = "8.32", -) diff --git a/third_party/jq/BUILD.plz b/third_party/jq/BUILD.plz deleted file mode 100644 index 2ac74c451..000000000 --- a/third_party/jq/BUILD.plz +++ /dev/null @@ -1,7 +0,0 @@ -remote_file( - name = "jq", - binary = True, - extract = False, - url = "https://github.com/stedolan/jq/releases/download/jq-1.6/jq-osx-amd64", - visibility = ["PUBLIC"], -) \ No newline at end of file diff --git a/third_party/packer/BUILD.plz b/third_party/packer/BUILD.plz deleted file mode 100644 index 2ab5d3512..000000000 --- a/third_party/packer/BUILD.plz +++ /dev/null @@ -1,7 +0,0 @@ -remote_file( - name = "packer", - binary = True, - extract = True, - url = "https://releases.hashicorp.com/packer/1.7.3/packer_1.7.3_darwin_amd64.zip", - visibility = ["PUBLIC"], -) \ No newline at end of file diff --git a/third_party/pex/BUILD.plz b/third_party/pex/BUILD.plz deleted file mode 100644 index a61d305b2..000000000 --- a/third_party/pex/BUILD.plz +++ /dev/null @@ -1,6 +0,0 @@ -remote_file( - name = "pex", - binary = True, - url = "https://github.com/pantsbuild/pex/releases/download/v2.1.61/pex", - visibility = ["PUBLIC"], -) \ No newline at end of file diff --git a/third_party/pulumi/BUILD.plz b/third_party/pulumi/BUILD.plz deleted file mode 100644 index 43303862e..000000000 --- a/third_party/pulumi/BUILD.plz +++ /dev/null @@ -1,10 +0,0 @@ -remote_file( - name = "pulumi", - binary = True, - entry_points = { - "pulumi": "./pulumi/pulumi", - }, - extract = True, - url = "https://get.pulumi.com/releases/sdk/pulumi-v3.21.0-darwin-x64.tar.gz", - visibility = ["PUBLIC"], -) diff --git a/third_party/python/BUILD.plz b/third_party/python/BUILD.plz deleted file mode 100644 index b0faf8bf8..000000000 --- a/third_party/python/BUILD.plz +++ /dev/null @@ -1,19 +0,0 @@ -package(default_visibility = ["PUBLIC"]) - -subinclude("//tools/python") - -python_toolchain( - name = "python", - version = "3.8.12", -) - -pip_library( - name = "Jinja2", - version = "3.0.1", -) - -# TODO: Jinja2 requires MarkupSafe but this is not automatically installed using pip_library? -pip_library( - name = "MarkupSafe", - version = "2.0.1", -) \ No newline at end of file diff --git a/third_party/ubuntu/BUILD.plz b/third_party/ubuntu/BUILD.plz deleted file mode 100644 index 5730403a9..000000000 --- a/third_party/ubuntu/BUILD.plz +++ /dev/null @@ -1,16 +0,0 @@ - -remote_file( - name = "ubuntu_focal", - binary = False, - extract = False, - url = "https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img", - visibility = ["PUBLIC"], -) - -remote_file( - name = "ubuntu_focal_checksum", - binary = False, - extract = False, - url = "https://cloud-images.ubuntu.com/focal/current/SHA256SUMS", - visibility = ["PUBLIC"], -) \ No newline at end of file diff --git a/tools/BUILD.plz b/tools/BUILD.plz deleted file mode 100644 index f1aaea4c0..000000000 --- a/tools/BUILD.plz +++ /dev/null @@ -1,25 +0,0 @@ -remote_file( - name = "packer", - binary = True, - extract = True, - url = "https://releases.hashicorp.com/packer/1.7.3/packer_1.7.3_darwin_amd64.zip", - visibility = ["PUBLIC"], -) - -remote_file( - name = "ubuntu_iso", - binary = False, - extract = False, - url = "https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img", - visibility = ["PUBLIC"], -) - -remote_file( - name = "ubuntu_checksum", - binary = False, - extract = False, - url = "https://cloud-images.ubuntu.com/focal/current/SHA256SUMS", - visibility = ["PUBLIC"], -) - - diff --git a/tools/docker/docker.bzl b/tools/docker/docker.bzl index 1bca786ae..daa966e6b 100644 --- a/tools/docker/docker.bzl +++ b/tools/docker/docker.bzl @@ -4,9 +4,9 @@ For quickly loading and running docker images built by Bazel. load("@rules_task//:defs.bzl", "cmd", "task") -def docker_load_and_run(name, image, command, docker_args = []): +def docker_load(name, image, **kwargs): """ - Loads a docker image and runs it. + Loads a docker image and return the image name. """ image_label = "{}.tar".format(image) image_sha_label = "{}.json.sha256".format(image) @@ -15,27 +15,22 @@ def docker_load_and_run(name, image, command, docker_args = []): name = name, cmds = [ """ - DEFAULT_ARGS="$command" - CLI_ARGS="$CLI_ARGS" - ARGS=${CLI_ARGS:-$DEFAULT_ARGS} DOCKER_DIGEST_FILE=$image_sha_label DOCKER_DIGEST=$(cat $DOCKER_DIGEST_FILE) DOCKER_LOAD_FILE=$image_label - if ! docker image inspect $DOCKER_DIGEST > /dev/null 2>&1 ; then docker load --input $DOCKER_LOAD_FILE >&2 else echo Image already exists >&2 fi - docker run $docker_args $DOCKER_DIGEST $ARGS + echo $DOCKER_DIGEST """, ], env = { - "command": command, - "docker_args": " ".join(docker_args), "image_label": cmd.file(image_label), "image_sha_label": cmd.file(image_sha_label), }, + **kwargs ) diff --git a/tools/homebrew/BUILD.plz b/tools/homebrew/BUILD.plz deleted file mode 100644 index ac8cba5ce..000000000 --- a/tools/homebrew/BUILD.plz +++ /dev/null @@ -1,13 +0,0 @@ -remote_file( - name = "regctl", - binary = True, - extract = False, - url = "https://github.com/regclient/regclient/releases/download/v0.3.5/regctl-darwin-amd64", - visibility = ["PUBLIC"], -) - -filegroup( - name = "homebrew", - srcs = ["homebrew.build_defs"], - visibility = ["PUBLIC"], -) diff --git a/tools/packer/BUILD.plz b/tools/packer/BUILD.plz deleted file mode 100644 index 27dd89bde..000000000 --- a/tools/packer/BUILD.plz +++ /dev/null @@ -1,5 +0,0 @@ -filegroup( - name = "packer", - srcs = ["packer.build_defs"], - visibility = ["PUBLIC"], -) diff --git a/tools/python/BUILD.plz b/tools/python/BUILD.plz deleted file mode 100644 index faede3d53..000000000 --- a/tools/python/BUILD.plz +++ /dev/null @@ -1,5 +0,0 @@ -filegroup( - name = "python", - srcs = ["python.build_defs"], - visibility = ["PUBLIC"], -) diff --git a/tools/ssh/BUILD.plz b/tools/ssh/BUILD.plz deleted file mode 100644 index b32c1e5a1..000000000 --- a/tools/ssh/BUILD.plz +++ /dev/null @@ -1,45 +0,0 @@ -ssh_config = text_file( - name = "ssh_config.templ", - content = f""" -Include ~/.ssh/config -Include /etc/ssh/ssh_config -Include $PLEASE_ROOT/tmp/vagrant/ssh_configs/* - """, -) - -sh_cmd( - name = "ssh", - out = "ssh", - cmd = f""" - # https://unix.stackexchange.com/questions/108873/removing-a-directory-from-path/291611#291611 - function path_remove {{ - # Delete path by parts so we can never accidentally remove sub paths - PATH=${PATH//":$1:"/":"} # delete any instances in the middle - PATH=${PATH/#"$1:"/} # delete any instance at the beginning - PATH=${PATH/%":$1"/} # delete any instance in the at the end - }} - - SSH_CONFIG_TEMPL="$PLEASE_ROOT/$(out_location {ssh_config})" - SSH_CONFIG_DIR="$PLEASE_ROOT/$(out_dir {ssh_config})" - SSH_CONFIG="$SSH_CONFIG_DIR/ssh_config" - ANCHOR="$(out_dir :ssh)" - - cat $SSH_CONFIG_TEMPL | envsubst '$PLEASE_ROOT' > $SSH_CONFIG - - # Remove the folder which contains this ssh binary from the path - # to prevent endless recursion calling ssh on the next line - path_remove "$ANCHOR" - path_remove "$PLEASE_ROOT/$ANCHOR" - - echo $PATH > /tmp/kerk - echo $PLEASE_ROOT > /tmp/kerk_root - echo $ANCHOR > /tmp/kerk_achor - - ARGS="-F $SSH_CONFIG ${@:-}" - - ssh $ARGS - """, - shell = "/usr/bin/env bash", - visibility = ["PUBLIC"], - deps = [ssh_config], -) \ No newline at end of file diff --git a/tools/template/BUILD.plz b/tools/template/BUILD.plz deleted file mode 100644 index d0c5a1217..000000000 --- a/tools/template/BUILD.plz +++ /dev/null @@ -1,15 +0,0 @@ -python_binary( - name = "jinja", - main = "main.py", - visibility = ["PUBLIC"], - deps = [ - "//third_party/python:Jinja2", - "//third_party/python:MarkupSafe", - ], -) - -filegroup( - name = "template", - srcs = ["template.build_defs"], - visibility = ["PUBLIC"], -) diff --git a/tools/template/test/BUILD.plz b/tools/template/test/BUILD.plz deleted file mode 100644 index 519f3ca5d..000000000 --- a/tools/template/test/BUILD.plz +++ /dev/null @@ -1,36 +0,0 @@ -subinclude("//tools/template") - -template_value( - name = "base_image", - value = "some:image", -) - -template_value( - name = "output_file", - value = "some content", -) - -template( - name = "dockerfile-test", - srcs = ["Dockerfile"], - subs = { - "base_image": "//tools/template/test:base_image", - "version": "10.0.0", - "output_file": ":output_file", - }, - deps = [ - ":output_file", - "//tools/template/test:base_image", - ], -) - -python_test( - name = "template_test", - srcs = ["template_test.py"], - data = [ - "Dockerfile.expected", - ":dockerfile-test", - ], -) - - diff --git a/workstation/BUILD.bazel b/workstation/BUILD.bazel index a6830d963..a6c21b3ac 100644 --- a/workstation/BUILD.bazel +++ b/workstation/BUILD.bazel @@ -4,7 +4,6 @@ load("@io_bazel_rules_docker//docker/package_managers:download_pkgs.bzl", "downl load("@io_bazel_rules_docker//container:container.bzl", "container_image") load("@io_bazel_rules_docker//docker/util:run.bzl", "container_run_and_commit_layer") load("@rules_pkg//:pkg.bzl", "pkg_tar") -load("//tools/docker:docker.bzl", "docker_load_and_run") load("@rules_task//:defs.bzl", "cmd", "task") pyinfra_run( @@ -121,20 +120,20 @@ container_image( workdir = "/project", ) -docker_load_and_run( - name = "inspec_runner", - command = "inspec exec . -t ssh://$$USER@host.docker.internal -i /root/.ssh/id_rsa --shell --shell-command='/bin/sh' --shell-options='--login'", - docker_args = [ - "--volume=$$BUILD_WORKSPACE_DIRECTORY/tmp/remote_key/id_rsa:/root/.ssh/id_rsa", - ], - image = ":inspec_image", -) +# docker_load_and_run( +# name = "inspec_runner", +# command = "inspec exec . -t ssh://$$USER@host.docker.internal -i /root/.ssh/id_rsa --shell --shell-command='/bin/sh' --shell-options='--login'", +# docker_args = [ +# "--volume=$$BUILD_WORKSPACE_DIRECTORY/tmp/remote_key/id_rsa:/root/.ssh/id_rsa", +# ], +# image = ":inspec_image", +# ) task( name = "test", cmds = [ cmd.executable(":provision"), cmd.executable("//tools/macos:macos-remote-setup"), - cmd.executable(":inspec_runner"), + # cmd.executable(":inspec_runner"), ], )