From 7fe154e1822fd6449c7dc896c0d9904f61adbc86 Mon Sep 17 00:00:00 2001 From: Daniel Drack Date: Thu, 5 May 2022 15:36:42 +0200 Subject: [PATCH 1/4] added Dockerfile --- container/.gitignore | 1 + container/Dockerfile | 19 +++++++++++++++++++ container/customrun.sh | 33 +++++++++++++++++++++++++++++++++ 3 files changed, 53 insertions(+) create mode 100644 container/.gitignore create mode 100644 container/Dockerfile create mode 100644 container/customrun.sh diff --git a/container/.gitignore b/container/.gitignore new file mode 100644 index 0000000..b708448 --- /dev/null +++ b/container/.gitignore @@ -0,0 +1 @@ +certificates/**/* \ No newline at end of file diff --git a/container/Dockerfile b/container/Dockerfile new file mode 100644 index 0000000..5ef27b1 --- /dev/null +++ b/container/Dockerfile @@ -0,0 +1,19 @@ +FROM python:3.9.12-slim-buster +ARG VERSION + +WORKDIR /app + +COPY customrun.sh . + +COPY certificates/*.crt /usr/local/share/ca-certificates/ +RUN update-ca-certificates + +# set CERT paths +# - Requests Library +ENV REQUESTS_CA_BUNDLE /etc/ssl/certs/ca-certificates.crt +# - openssl +ENV SSL_CERT_FILE /etc/ssl/certs/ca-certificates.crt + +RUN pip install artifactory-cleanup==${VERSION} + +CMD ["bash", "customrun.sh"] \ No newline at end of file diff --git a/container/customrun.sh b/container/customrun.sh new file mode 100644 index 0000000..c7ad4ba --- /dev/null +++ b/container/customrun.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +if [[ -z "$ARTI_USER" ]];then + echo "mandatory ARTI_USER environment variable not set!" + exit 3 +fi +if [[ -z "$ARTI_URL" ]];then + echo "mandatory ARTI_URL environment variable not set!" + exit 3 +fi +if [[ -z "$ARTI_PW" ]];then + echo "mandatory ARTI_PW environment variable not set!" + exit 3 +fi +if [[ -z "$RULES_CONFIG" ]];then + echo "mandatory RULES_CONFIG environment variable not set!" + exit 3 +fi + +# check if /tmp/rules.py exists +[ ! -f "$RULES_CONFIG" ] && echo "$RULES_CONFIG not found" && exit 3 + +# move to rules config parent directory +cd $( dirname $RULES_CONFIG) + +DRY_RUN="" +if [[ -v DISABLE_DRY_RUN ]]; then + DRY_RUN="--destroy" +fi + +# execute artifactory cleanup +echo "artifactory-cleanup $DRY_RUN --user $ARTI_USER --password $ARTI_PW --artifactory-server $ARTI_URL --config $( basename $RULES_CONFIG)" +artifactory-cleanup $DRY_RUN --user $ARTI_USER --password $ARTI_PW --artifactory-server $ARTI_URL --config $( basename $RULES_CONFIG) \ No newline at end of file From f87f89a67e6dc0fb95b6345d289873436f9b95b7 Mon Sep 17 00:00:00 2001 From: Daniel Drack Date: Mon, 9 May 2022 16:01:27 +0200 Subject: [PATCH 2/4] added Dockerfile + README.md doc section --- .gitignore | 5 +++++ README.md | 38 +++++++++++++++++++++++++++++--- container/.gitignore | 1 - container/customrun.sh | 33 --------------------------- {container => docker}/Dockerfile | 9 +++++--- docker/run.sh | 33 +++++++++++++++++++++++++++ 6 files changed, 79 insertions(+), 40 deletions(-) delete mode 100644 container/.gitignore delete mode 100644 container/customrun.sh rename {container => docker}/Dockerfile (51%) create mode 100644 docker/run.sh diff --git a/.gitignore b/.gitignore index d209ffc..c7ecbd9 100644 --- a/.gitignore +++ b/.gitignore @@ -98,3 +98,8 @@ ENV/ # IDE .idea/ + + +# docker/helm +docker/certificates/**/* +rules.py \ No newline at end of file diff --git a/README.md b/README.md index 19b85e8..72344a0 100644 --- a/README.md +++ b/README.md @@ -6,11 +6,14 @@ +- [Artifactory cleanup](#artifactory-cleanup) +- [Tables of Contents](#tables-of-contents) - [Installation](#installation) - [Usage](#usage) - * [Commands](#commands) - * [Available Rules](#available-rules) - * [Artifact cleanup policies](#artifactory-cleanup-policies) + - [Commands](#commands) + - [Available Rules](#available-rules) + - [Artifact cleanup policies](#artifact-cleanup-policies) + - [Container Usage](#container-usage) @@ -110,3 +113,32 @@ RULES = [ ), ] ``` + +## Container Usage ## + +To use the container image you first have to build it. +This assumes you have `docker` installed on your system. +In case you have setup your Artifactory with self-signed certificates, place all certificates of the chain of trust into the `container/certificates/` folder. +They will then be copied to the container's truststore. +To build the container image run the following command in the folder of the `Dockerfile`: + +```bash + docker build --build-arg VERSION=0.3 . --tag artifactory-cleanup:latest +``` + +`VERSION` represents the artifactory-cleanup version you want to have installed in the container. +To run the container use the following command: + +```bash + docker run \ + --mount type=bind,source=./rules.py,target=/tmp/rules.py \ + -e ARTIFACTORY_USER= \ + -e ARTIFACTORY_PASSWORD= \ + -e ARTIFACTORY_URL= \ + -e ARTIFACTORY_RULES_CONFIG=/tmp/rules.py \ + artifactory-cleanup:latest +``` + +The environment variables specify the necessary `artifactory-cleanup` arguments. +Set the `ARTIFACTORY_DESTROY_ARTEFACTS` environment variable to deactivate the dry-run mode. +The above command assumes you to have your rules configuration file (`rules.py`!) in the same folder you run the command from. diff --git a/container/.gitignore b/container/.gitignore deleted file mode 100644 index b708448..0000000 --- a/container/.gitignore +++ /dev/null @@ -1 +0,0 @@ -certificates/**/* \ No newline at end of file diff --git a/container/customrun.sh b/container/customrun.sh deleted file mode 100644 index c7ad4ba..0000000 --- a/container/customrun.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash - -if [[ -z "$ARTI_USER" ]];then - echo "mandatory ARTI_USER environment variable not set!" - exit 3 -fi -if [[ -z "$ARTI_URL" ]];then - echo "mandatory ARTI_URL environment variable not set!" - exit 3 -fi -if [[ -z "$ARTI_PW" ]];then - echo "mandatory ARTI_PW environment variable not set!" - exit 3 -fi -if [[ -z "$RULES_CONFIG" ]];then - echo "mandatory RULES_CONFIG environment variable not set!" - exit 3 -fi - -# check if /tmp/rules.py exists -[ ! -f "$RULES_CONFIG" ] && echo "$RULES_CONFIG not found" && exit 3 - -# move to rules config parent directory -cd $( dirname $RULES_CONFIG) - -DRY_RUN="" -if [[ -v DISABLE_DRY_RUN ]]; then - DRY_RUN="--destroy" -fi - -# execute artifactory cleanup -echo "artifactory-cleanup $DRY_RUN --user $ARTI_USER --password $ARTI_PW --artifactory-server $ARTI_URL --config $( basename $RULES_CONFIG)" -artifactory-cleanup $DRY_RUN --user $ARTI_USER --password $ARTI_PW --artifactory-server $ARTI_URL --config $( basename $RULES_CONFIG) \ No newline at end of file diff --git a/container/Dockerfile b/docker/Dockerfile similarity index 51% rename from container/Dockerfile rename to docker/Dockerfile index 5ef27b1..7b60027 100644 --- a/container/Dockerfile +++ b/docker/Dockerfile @@ -3,17 +3,20 @@ ARG VERSION WORKDIR /app -COPY customrun.sh . +COPY run.sh . +# https://askubuntu.com/a/649463 COPY certificates/*.crt /usr/local/share/ca-certificates/ RUN update-ca-certificates -# set CERT paths +# set CERT paths for python libraries, necessary for self-signed certificates # - Requests Library +# -> https://docs.python-requests.org/en/master/user/advanced/#ssl-cert-verification ENV REQUESTS_CA_BUNDLE /etc/ssl/certs/ca-certificates.crt # - openssl +# -> https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_default_verify_paths.html ENV SSL_CERT_FILE /etc/ssl/certs/ca-certificates.crt RUN pip install artifactory-cleanup==${VERSION} -CMD ["bash", "customrun.sh"] \ No newline at end of file +CMD ["bash", "run.sh"] \ No newline at end of file diff --git a/docker/run.sh b/docker/run.sh new file mode 100644 index 0000000..f3aacf3 --- /dev/null +++ b/docker/run.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +if [[ -z "$ARTIFACTORY_USER" ]];then + echo "mandatory ARTIFACTORY_USER environment variable not set!" + exit 3 +fi +if [[ -z "$ARTIFACTORY_URL" ]];then + echo "mandatory ARTIFACTORY_URL environment variable not set!" + exit 3 +fi +if [[ -z "$ARTIFACTORY_PASSWORD" ]];then + echo "mandatory ARTIFACTORY_PASSWORD environment variable not set!" + exit 3 +fi +if [[ -z "$ARTIFACTORY_RULES_CONFIG" ]];then + echo "mandatory ARTIFACTORY_RULES_CONFIG environment variable not set!" + exit 3 +fi + +# check if /tmp/rules.py exists +[ ! -f "$ARTIFACTORY_RULES_CONFIG" ] && echo "$ARTIFACTORY_RULES_CONFIG not found" && exit 3 + +# move to rules config parent directory +cd $( dirname $ARTIFACTORY_RULES_CONFIG) + +DESTROY="" +if [[ -v "$ARTIFACTORY_DESTROY_ARTEFACTS" ]]; then + DESTROY="--destroy" +fi + +# execute artifactory cleanup +echo "artifactory-cleanup $DESTROY --user $ARTIFACTORY_USER --password $ARTIFACTORY_PASSWORD --artifactory-server $ARTIFACTORY_URL --config $( basename $ARTIFACTORY_RULES_CONFIG)" +artifactory-cleanup $DESTROY --user $ARTIFACTORY_USER --password $ARTIFACTORY_PASSWORD --artifactory-server $ARTIFACTORY_URL --config $( basename $ARTIFACTORY_RULES_CONFIG) \ No newline at end of file From 929433776cb9419bfd10316def4f20f3181c1aed Mon Sep 17 00:00:00 2001 From: Daniel Drack Date: Tue, 17 May 2022 09:20:15 +0200 Subject: [PATCH 3/4] Implemented feedback - certificates are now installed during container start, not in build step - renamed "destroy mode" env variable to ARTIFACTORY_DESTROY_MODE_ENABLED - rearranged README.md file Changes to be committed: modified: README.md modified: docker/Dockerfile modified: docker/run.sh --- README.md | 43 +++++++++++++++++++++++++++++-------------- docker/Dockerfile | 4 ---- docker/run.sh | 11 ++++++++++- 3 files changed, 39 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index 72344a0..bbcb48a 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ - [Commands](#commands) - [Available Rules](#available-rules) - [Artifact cleanup policies](#artifact-cleanup-policies) - - [Container Usage](#container-usage) + - [Docker Container Usage](#docker-container-usage) @@ -114,31 +114,46 @@ RULES = [ ] ``` -## Container Usage ## +## Docker Container Usage ## -To use the container image you first have to build it. -This assumes you have `docker` installed on your system. -In case you have setup your Artifactory with self-signed certificates, place all certificates of the chain of trust into the `container/certificates/` folder. -They will then be copied to the container's truststore. -To build the container image run the following command in the folder of the `Dockerfile`: - -```bash - docker build --build-arg VERSION=0.3 . --tag artifactory-cleanup:latest -``` - -`VERSION` represents the artifactory-cleanup version you want to have installed in the container. To run the container use the following command: ```bash + # dry-run mode docker run \ --mount type=bind,source=./rules.py,target=/tmp/rules.py \ + --mount type=bind,source=./certificates/,target=/mnt/self-signed-certs/ \ -e ARTIFACTORY_USER= \ -e ARTIFACTORY_PASSWORD= \ -e ARTIFACTORY_URL= \ -e ARTIFACTORY_RULES_CONFIG=/tmp/rules.py \ artifactory-cleanup:latest + + # 'delete artefacts' mode + docker run \ + --mount type=bind,source=./rules.py,target=/tmp/rules.py \ + --mount type=bind,source=./certificates/,target=/mnt/self-signed-certs/ \ + -e ARTIFACTORY_USER= \ + -e ARTIFACTORY_PASSWORD= \ + -e ARTIFACTORY_URL= \ + -e ARTIFACTORY_RULES_CONFIG=/tmp/rules.py \ + -e ARTIFACTORY_DESTROY_MODE_ENABLED="true" \ + artifactory-cleanup:latest ``` The environment variables specify the necessary `artifactory-cleanup` arguments. -Set the `ARTIFACTORY_DESTROY_ARTEFACTS` environment variable to deactivate the dry-run mode. +Set the `ARTIFACTORY_DESTROY_MODE_ENABLED` environment variable to deactivate the dry-run mode. The above command assumes you to have your rules configuration file (`rules.py`!) in the same folder you run the command from. + +To use the docker container image it first has to be built. +This is either done automatically via Github actions, or locally on your machine. +Building locally assumes you have `docker` installed on your system. +In case you have setup your Artifactory with self-signed certificates, place all certificates of the chain of trust into the `docker/certificates/` folder. +They will then be copied to the container's truststore. +To build the container image locally run the following command in the folder of the `Dockerfile`: + +```bash + docker build --build-arg VERSION=0.3 . --tag artifactory-cleanup:latest +``` + +`VERSION` represents the artifactory-cleanup version you want to have installed in the container. diff --git a/docker/Dockerfile b/docker/Dockerfile index 7b60027..81efbdb 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -5,10 +5,6 @@ WORKDIR /app COPY run.sh . -# https://askubuntu.com/a/649463 -COPY certificates/*.crt /usr/local/share/ca-certificates/ -RUN update-ca-certificates - # set CERT paths for python libraries, necessary for self-signed certificates # - Requests Library # -> https://docs.python-requests.org/en/master/user/advanced/#ssl-cert-verification diff --git a/docker/run.sh b/docker/run.sh index f3aacf3..b65dae5 100644 --- a/docker/run.sh +++ b/docker/run.sh @@ -20,11 +20,20 @@ fi # check if /tmp/rules.py exists [ ! -f "$ARTIFACTORY_RULES_CONFIG" ] && echo "$ARTIFACTORY_RULES_CONFIG not found" && exit 3 +# install/trust self-signed certificates for Artifactory instances +# with self-signed CA +# further reading: https://askubuntu.com/a/649463 +self_signed_certificates=$(shopt -s nullglob dotglob; echo /mnt/self-signed-certs/*) +if (( ${#self_signed_certificates} )); then + cp /mnt/self-signed-certs/*.crt /usr/local/share/ca-certificates/ + update-ca-certificates +fi + # move to rules config parent directory cd $( dirname $ARTIFACTORY_RULES_CONFIG) DESTROY="" -if [[ -v "$ARTIFACTORY_DESTROY_ARTEFACTS" ]]; then +if [[ -v "$ARTIFACTORY_DESTROY_MODE_ENABLED" ]]; then DESTROY="--destroy" fi From bf993516fcb52bd2b203f16fe5d17238f41a47a7 Mon Sep 17 00:00:00 2001 From: Aleksey Burov Date: Wed, 18 May 2022 11:35:22 +0700 Subject: [PATCH 4/4] Move specific part about self-signed certificates --- README.md | 28 +++++++++++----------------- 1 file changed, 11 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index bbcb48a..4b0c340 100644 --- a/README.md +++ b/README.md @@ -115,24 +115,23 @@ RULES = [ ``` ## Docker Container Usage ## +The below command assumes you to have your rules configuration file `rules.py` in the current working directory. To run the container use the following command: ```bash - # dry-run mode - docker run \ +# Dry mode - log artifacts that will be removed +docker run \ --mount type=bind,source=./rules.py,target=/tmp/rules.py \ - --mount type=bind,source=./certificates/,target=/mnt/self-signed-certs/ \ -e ARTIFACTORY_USER= \ -e ARTIFACTORY_PASSWORD= \ -e ARTIFACTORY_URL= \ -e ARTIFACTORY_RULES_CONFIG=/tmp/rules.py \ artifactory-cleanup:latest - # 'delete artefacts' mode - docker run \ +# Destroy mode - remove artifacts +docker run \ --mount type=bind,source=./rules.py,target=/tmp/rules.py \ - --mount type=bind,source=./certificates/,target=/mnt/self-signed-certs/ \ -e ARTIFACTORY_USER= \ -e ARTIFACTORY_PASSWORD= \ -e ARTIFACTORY_URL= \ @@ -141,19 +140,14 @@ To run the container use the following command: artifactory-cleanup:latest ``` -The environment variables specify the necessary `artifactory-cleanup` arguments. -Set the `ARTIFACTORY_DESTROY_MODE_ENABLED` environment variable to deactivate the dry-run mode. -The above command assumes you to have your rules configuration file (`rules.py`!) in the same folder you run the command from. +The environment variables specify the necessary `artifactory-cleanup` arguments. + +In case you have setup your Artifactory self-signed certificates, place all certificates of the chain of trust into the `docker/certificates/` folder and add an additional argument `--mount type=bind,source=./certificates/,target=/mnt/self-signed-certs/` to a command. + +To build the container image locally run the following command in the folder of the `Dockerfile`. -To use the docker container image it first has to be built. -This is either done automatically via Github actions, or locally on your machine. -Building locally assumes you have `docker` installed on your system. -In case you have setup your Artifactory with self-signed certificates, place all certificates of the chain of trust into the `docker/certificates/` folder. -They will then be copied to the container's truststore. -To build the container image locally run the following command in the folder of the `Dockerfile`: ```bash - docker build --build-arg VERSION=0.3 . --tag artifactory-cleanup:latest +docker build . --tag artifactory-cleanup:latest ``` -`VERSION` represents the artifactory-cleanup version you want to have installed in the container.