parent
efb1673975
commit
88dcd3b404
@ -1,22 +0,0 @@
|
||||
stages:
|
||||
- name: Build
|
||||
steps:
|
||||
- publishImageConfig:
|
||||
dockerfilePath: ./Dockerfile
|
||||
buildContext: .
|
||||
tag: registry.jochum.dev/jochum/homepage:${CICD_GIT_COMMIT}
|
||||
pushRemote: true
|
||||
registry: registry.jochum.dev
|
||||
- name: Deploy
|
||||
steps:
|
||||
- applyYamlConfig:
|
||||
path: ./deployment.yaml
|
||||
timeout: 60
|
||||
notification:
|
||||
recipients:
|
||||
- recipient: rene@jochum.dev
|
||||
notifier: local:n-wnbgn
|
||||
condition:
|
||||
- Success
|
||||
- Changed
|
||||
- Failed
|
@ -1,86 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: List
|
||||
items:
|
||||
- apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: nginx
|
||||
namespace: rene-jochum-dev
|
||||
spec:
|
||||
progressDeadlineSeconds: 600
|
||||
replicas: 1
|
||||
revisionHistoryLimit: 10
|
||||
strategy:
|
||||
rollingUpdate:
|
||||
maxSurge: 1
|
||||
maxUnavailable: 0
|
||||
type: RollingUpdate
|
||||
selector:
|
||||
matchLabels:
|
||||
container: nginx
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
container: nginx
|
||||
spec:
|
||||
containers:
|
||||
- image: registry.jochum.dev/jochum/homepage:${CICD_GIT_COMMIT}
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: nginx
|
||||
resources: {}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities: {}
|
||||
privileged: false
|
||||
procMount: Default
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: false
|
||||
stdin: true
|
||||
terminationMessagePath: /dev/termination-log
|
||||
terminationMessagePolicy: File
|
||||
tty: true
|
||||
dnsPolicy: ClusterFirst
|
||||
imagePullSecrets:
|
||||
- name: registry-jochum-dev
|
||||
restartPolicy: Always
|
||||
schedulerName: default-scheduler
|
||||
securityContext: {}
|
||||
terminationGracePeriodSeconds: 30
|
||||
|
||||
- kind: Service
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: nginx
|
||||
namespace: rene-jochum-dev
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
container: "nginx"
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 80
|
||||
targetPort: 80
|
||||
|
||||
- kind: Ingress
|
||||
apiVersion: extensions/v1beta1
|
||||
metadata:
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-prod
|
||||
kubernetes.io/tls-acme: "true"
|
||||
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
||||
generation: 2
|
||||
name: rene.jochum.dev
|
||||
namespace: rene-jochum-dev
|
||||
spec:
|
||||
rules:
|
||||
- host: rene.jochum.dev
|
||||
http:
|
||||
paths:
|
||||
- backend:
|
||||
serviceName: nginx
|
||||
servicePort: 80
|
||||
path: /
|
||||
tls:
|
||||
- hosts:
|
||||
- rene.jochum.dev
|
||||
secretName: rene-jochum-dev-tls
|
@ -1,141 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
# This script will make a best-effort attempt at showing modifications
|
||||
# to package-provided config files on a Debian system.
|
||||
#
|
||||
# It's subject to some pretty significant limitations: most notably,
|
||||
# there's no way to identify all such config files. We approximate the
|
||||
# answer by looking first at dpkg-managed conffiles, and then hoping
|
||||
# that most of the time, if maintainer scripts are managing files
|
||||
# themselves, they're using ucf. So, DO NOT TRUST THIS SCRIPT to find
|
||||
# everything... but it should help to find most customisation.
|
||||
|
||||
|
||||
# Set this non-empty to see a diff against empty for apparently-deleted
|
||||
# files; leave it empty for a single 'file deleted' note.
|
||||
diff_empty=
|
||||
|
||||
# Space-separated list of directory *trees* to be searched for package
|
||||
# files. This is the only means of locating packages that can't be
|
||||
# installed by apt. Note that we do a recursive search in here *before*
|
||||
# we ask apt to download the package; don't point it at a stupidly-large
|
||||
# tree.
|
||||
local_packages="/var/cache/puppet"
|
||||
|
||||
|
||||
|
||||
package_version() {
|
||||
pkg="$1"
|
||||
dpkg-query -W -f='${Version}\n' "$pkg"
|
||||
}
|
||||
|
||||
# I've made no attempt to create a sensible overall ordering; we keep
|
||||
# files grouped by package within a particular section, then hope that
|
||||
# most packages won't mix config file types.
|
||||
|
||||
|
||||
#############
|
||||
# conffiles
|
||||
|
||||
package_file() {
|
||||
pkg="$1"
|
||||
|
||||
exec 3< <(dpkg-query -W -f='${Version} ${Architecture} ${Status}\n' "$pkg")
|
||||
read -u3 version arch status
|
||||
|
||||
if [ "$status" != "install ok installed" -o -z "$version" ]; then
|
||||
# Package isn't actually installed; ignore it.
|
||||
exit 0
|
||||
fi
|
||||
|
||||
basename="${pkg}_${version//:/%3a}_${arch}.deb"
|
||||
filename="/var/cache/apt/archives/$basename"
|
||||
|
||||
if [ -f "$filename" ]; then
|
||||
echo "$filename"
|
||||
exit
|
||||
fi
|
||||
|
||||
found="$(find $local_packages -name "$basename" -print -quit)"
|
||||
if [ -n "$found" ]; then
|
||||
echo "$found"
|
||||
exit
|
||||
fi
|
||||
|
||||
if [ "$UID" -gt 0 ]; then
|
||||
echo "Package ${pkg} (${version}, ${arch}) is not available; need to install, but not root" >&2
|
||||
exit 1
|
||||
fi
|
||||
apt-get -qq --download-only --reinstall install "${pkg}=${version}"
|
||||
|
||||
if [ -f "$filename" ]; then
|
||||
echo "$filename"
|
||||
else
|
||||
echo "Failed to download ${pkg} (${version}, ${arch})" >&2
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
original_content() {
|
||||
pkg="$1"
|
||||
file="$2"
|
||||
|
||||
deb="$(package_file "$pkg")"
|
||||
if [ "$?" -ne 0 -o -z "$deb" ]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
dpkg-deb --fsys-tarfile "$deb" | tar -x -O ".$file"
|
||||
}
|
||||
|
||||
|
||||
dpkg-query -W -f='${Conffiles}\n' '*' |
|
||||
awk 'OFS=" "{print $2,$1}' |
|
||||
md5sum -c 2>/dev/null |
|
||||
awk -F': ' '$2 !~ /OK/{print $1}' |
|
||||
xargs dpkg -S |
|
||||
sort -u |
|
||||
awk -F ': ' 'OFS=" "{print $1,$2}' |
|
||||
while read pkg file; do
|
||||
if [ ! -f "$file" -a -z "$diff_empty" ]; then
|
||||
echo "Deleted: $file (from $pkg)"
|
||||
else
|
||||
content="$(original_content "$pkg" "$file")"
|
||||
if [ "$?" -eq 0 ]; then
|
||||
echo "package $pkg"
|
||||
diff -u --new-file --report-identical-files --label "$pkg $(package_version "$pkg")" <(echo "$content") "$file"
|
||||
else
|
||||
echo "Failed to load original for $file from $pkg"
|
||||
fi
|
||||
fi
|
||||
echo
|
||||
done
|
||||
|
||||
|
||||
#######
|
||||
# ucf
|
||||
|
||||
md5sum -c /var/lib/ucf/hashfile 2>/dev/null |
|
||||
awk -F': ' '$2 !~ /OK/{print $1}' |
|
||||
xargs ucfq -w |
|
||||
sort -t ':' -k 2,1 | uniq |
|
||||
awk -F: 'OFS=" " {print $1,$2}' |
|
||||
while read file pkg; do
|
||||
if [ ! -f "$file" -a -z "$diff_empty" ]; then
|
||||
echo "Deleted: $file (from ${pkg:-??})"
|
||||
else
|
||||
cache="/var/lib/ucf/cache/${file//\//:}"
|
||||
if [ -f "$cache" ]; then
|
||||
if [ -n "$pkg" ]; then
|
||||
echo "package $pkg"
|
||||
label="$pkg $(package_version "$pkg")"
|
||||
else
|
||||
label="original"
|
||||
fi
|
||||
diff -u --new-file --report-identical-files --label "$label" "$cache" "$file"
|
||||
else
|
||||
echo "Failed to load original for $file from ${pkg:-??}"
|
||||
fi
|
||||
fi
|
||||
echo
|
||||
done
|
Loading…
Reference in New Issue