Initial Commit

Author: cgrant

README.md

@@ -0,0 +1 @@
+# cp-utils

cleanup.sh

@@ -0,0 +1,21 @@
+## Access token needs delete rights which is not included in the base repo rights
+export INSTANCE_GIT_REPO_TOKEN=
+export INSTANCE_GIT_REPO_OWNER=cgrant
+
+## Delete Trigger
+TRIGGER_NAME=${APP_NAME}-webhook-trigger
+gcloud alpha builds triggers delete ${TRIGGER_NAME} -q
+
+
+## Delte Secret 
+SECRET_NAME=${APP_NAME}-webhook-trigger-secret
+gcloud secrets delete ${SECRET_NAME} -q
+
+## Delete Repo
+export GIT_TOKEN=${INSTANCE_GIT_REPO_TOKEN}
+export GIT_USERNAME=${INSTANCE_GIT_REPO_OWNER}
+export BASE_DIR=${PWD}
+export GIT_CMD=${BASE_DIR}/cp-templates/cicd-pipeline/util/git/gh.sh
+export GIT_ASKPASS=${BASE_DIR}/cp-templates/cicd-pipeline/util/git/git-ask-pass.sh
+${GIT_CMD} delete ${APP_NAME} 
+

createApp.sh

@@ -0,0 +1,72 @@
+
+## Required Vars
+
+# APP_NAME
+# REGION
+
+# INSTANCE_GIT_REPO_TOKEN
+# INSTANCE_GIT_REPO_OWNER
+# INSTANCE_GIT_REPO_NAME
+
+
+
+## Constructed Vars
+export GIT_USERNAME=${INSTANCE_GIT_REPO_OWNER}
+export GIT_TOKEN=${INSTANCE_GIT_REPO_TOKEN}
+export GIT_BASE_URL=https://${INSTANCE_GIT_REPO_OWNER}@github.com/${INSTANCE_GIT_REPO_OWNER}
+export BASE_DIR=${PWD}
+export GIT_CMD=${BASE_DIR}/utils/git/gh.sh
+export GIT_ASKPASS=${BASE_DIR}/utils/git/git-ask-pass.sh
+
+
+## Verify Vars
+echo GIT_ASKPASS=${GIT_ASKPASS}
+echo REGION=${REGION} 
+echo APP_NAME=${APP_NAME} 
+echo INSTANCE_GIT_REPO_OWNER=${INSTANCE_GIT_REPO_OWNER} 
+echo GIT_USERNAME=${GIT_USERNAME}
+echo INSTANCE_GIT_REPO_NAME=${INSTANCE_GIT_REPO_NAME} 
+echo INSTANCE_GIT_REPO_TOKEN=${INSTANCE_GIT_REPO_TOKEN}
+echo GIT_TOKEN=$GIT_TOKEN
+
+apt-get update
+apt-get install curl git -y
+
+#git config --global user.email $(gcloud config get-value account)
+git config --global user.email ${INSTANCE_GIT_REPO_OWNER}
+git config --global user.name ${INSTANCE_GIT_REPO_OWNER}
+
+
+#git clone https://github.com/gitrey/cp-templates.git util
+
+
+
+#source $GIT_ASKPASS
+
+printf 'Creating application: %s \n' $APP_NAME
+
+# # Create an instance of the template.
+# Clone the template repo
+#git clone https://github.com/GoogleCloudPlatform/software-delivery-workshop.git plat
+#mv plat/delivery-platform/resources/repos/app-templates ./
+#rm -rf plat
+rm -rf ./cp-templates/.git
+cd ./cp-templates/go-app-cicd/
+
+# Swap Variables
+for template in $(find . -name '*.tmpl'); do envsubst < ${template} > ${template%.*}; done
+
+# Create and push to new repo
+git init
+git checkout -b main
+#git symbolic-ref HEAD refs/heads/main
+echo create repo
+${GIT_CMD} create ${APP_NAME}
+git remote add origin $GIT_BASE_URL/${APP_NAME}
+git add . && git commit -m "initial commit" 
+git push origin main
+# Auth fails intermittetly on the very first client call for some reason
+#   Adding a retry to ensure the source is pushed. 
+git push origin main
+
+

createWebhook.sh

@@ -0,0 +1,62 @@
+# TODO: enable secret manager: secretmanager.googleapis.com
+
+
+## REQUIRED VARS
+# PROJECT_ID
+# APP_NAME
+
+# INSTANCE_GIT_REPO_TOKEN
+# INSTANCE_GIT_REPO_OWNER
+# INSTANCE_GIT_REPO_NAME
+
+# API_KEY
+
+
+## CONSTRUCTED VARS
+export GIT_TOKEN=${GIT_TOKEN}
+export GIT_USER=${GIT_USER}
+export GIT_USERNAME=${GIT_USER}
+export API_KEY_VALUE=${API_KEY}
+
+
+export WORK_DIR=${PWD}
+export GIT_CMD=${WORK_DIR}/utils/git/gh.sh
+export GIT_BASE_URL=https://${GIT_USER}@github.com/${GIT_USER}
+
+export APP_INSTANCE_REPO_LOCATION=https://github.com/${GIT_USERNAME}/${APP_NAME}
+
+export IMAGE_REPO=gcr.io/${PROJECT_ID}
+export PROJECT_NUMBER=$(gcloud projects describe $PROJECT_ID --format='value(projectNumber)')
+
+export SECRET_NAME=${APP_NAME}-webhook-trigger-secret
+
+#TODO - Fix value # this didn't work in cloud build run
+#SECRET_VALUE=$(sed "s/[^a-zA-Z0-9]//g" <<< $(openssl rand -base64 15))
+SECRET_VALUE=foobar
+
+SECRET_PATH=projects/${PROJECT_NUMBER}/secrets/${SECRET_NAME}/versions/1
+printf ${SECRET_VALUE} | gcloud secrets create ${SECRET_NAME} --data-file=-
+
+gcloud secrets add-iam-policy-binding ${SECRET_NAME} \
+    --member=serviceAccount:service-${PROJECT_NUMBER}@gcp-sa-cloudbuild.iam.gserviceaccount.com \
+    --role='roles/secretmanager.secretAccessor'
+
+## Create CloudBuild Webhook Endpoint
+echo Create CloudBuild Webhook Endpoint
+TRIGGER_NAME=${APP_NAME}-webhook-trigger
+BUILD_YAML_PATH=$WORK_DIR/cp-templates/go-app-cicd/build/cloudbuild.yaml
+
+## Setup Trigger & Webhook
+gcloud alpha builds triggers create webhook \
+    --name=${TRIGGER_NAME} \
+    --inline-config=$BUILD_YAML_PATH \
+    --secret=${SECRET_PATH} --substitutions='_APP_NAME=${APP_NAME},_APP_REPO=$(body.repository.git_url),_REF=$(body.ref)'
+
+## Retrieve the URL 
+WEBHOOK_URL="https://cloudbuild.googleapis.com/v1/projects/${PROJECT_ID}/triggers/${TRIGGER_NAME}:webhook?key=${API_KEY_VALUE}&secret=${SECRET_VALUE}"
+echo WEBHOOK_URL=${WEBHOOK_URL}
+
+## Configure Github Repo Webhook
+echo Configure Github Repo Webhook
+${GIT_CMD} create_webhook ${APP_NAME} $WEBHOOK_URL
+

git/gh.sh

@@ -0,0 +1,75 @@
+#!/usr/bin/env bash
+
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+## Input Validation
+if [[ ${GIT_TOKEN} == "" ]]; then
+    echo "GIT_TOKEN variable not set. Please rerun the env script"
+    exit -1
+fi
+if [[ ${GIT_USERNAME} == "" ]]; then
+    echo "GIT_USERNAME variable not set. Please rerun the env script"
+    exit -1
+fi
+
+if [[ $1 == "create_webhook" ]]; then
+    if [[ $2 == "" || $3 == ""  ]]; then
+        echo "Missing parameters"
+        echo "Usage: gh create_webhook <repo> <webhook_url>"
+        exit -1
+    fi
+fi
+
+if [[ $2 == "" || $1 == "" ]]; then
+    echo "Usage: gh <create|delete|create_webhook> <repo>  [webhook_url]"
+    exit -1
+fi
+
+## Local variables
+action=$1
+repo=$2
+WEBHOOK_URL=$3
+GIT_API_BASE="https://api.github.com"
+
+export GIT_ASKPASS=$BASE_DIR/common/ghp.sh
+
+## Execution
+create_webhook () {
+  curl -H "Authorization: token ${GIT_TOKEN}" \
+    -d '{"config": {"url": "'${WEBHOOK_URL}'", "content_type": "json"}}' \
+    -X POST ${GIT_API_BASE}/repos/${GIT_USERNAME}/${repo}/hooks 
+}
+
+
+if [[ $action == 'create' ]]; then
+    # Create
+    curl -H "Authorization: token ${GIT_TOKEN}" ${GIT_API_BASE}/user/repos -d '{"name": "'"${repo}"'"}' > /dev/null
+    echo "Created ${repo}"
+
+    #TODO: Check if repo exists first
+fi
+
+if [[ $action == 'delete' ]]; then
+    # Delete
+    echo 
+    echo "Deleting ${GIT_API_BASE}/repos/${GIT_USERNAME}/${repo}"
+    curl -H "Authorization: token ${GIT_TOKEN}" -X "DELETE" ${GIT_API_BASE}/repos/${GIT_USERNAME}/${repo}
+    echo "Deleted ${repo}"
+fi
+
+if [[ $action == 'create_webhook' ]]; then
+    # Webhook 
+    create_webhook
+fi

git/git-ask-pass.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+exec echo "${GIT_TOKEN}"

testScript.sh

@@ -0,0 +1,21 @@
+
+## Required Vars
+export PROJECT_ID=crg-workbench 
+
+export APP_NAME=foobar2
+export REGION=us-central1
+
+export API_KEY=
+
+export INSTANCE_GIT_REPO_TOKEN=
+export INSTANCE_GIT_REPO_OWNER=cgrant
+export INSTANCE_GIT_REPO_NAME=${APP_NAME} 
+
+
+
+./createApp.sh
+
+./createWebhook.sh
+
+
+#./cleanup.sh