-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Supply private certificate via secret volume to tasks. Closes #621.
- Loading branch information
1 parent
a899140
commit d4f777f
Showing
91 changed files
with
675 additions
and
885 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -65,17 +65,17 @@ if [ "${WORKING_DIR}" != "." ]; then | |
ARTIFACT_PREFIX="${WORKING_DIR/\//-}-" | ||
fi | ||
|
||
echo "Configuring npm to use Nexus ..." | ||
# Remove the protocol segment from NEXUS_URL | ||
NEXUS_HOST=$(echo "${NEXUS_URL}" | sed -E 's/^\s*.*:\/\///g') | ||
if [ -n "${NEXUS_HOST}" ] && [ -n "${NEXUS_USERNAME}" ] && [ -n "${NEXUS_PASSWORD}" ]; then | ||
echo "Configuring npm to use Nexus (${NEXUS_URL}) ..." | ||
if [ -n "${NEXUS_URL}" ] && [ -n "${NEXUS_USERNAME}" ] && [ -n "${NEXUS_PASSWORD}" ]; then | ||
NEXUS_AUTH="$(urlencode "${NEXUS_USERNAME}"):$(urlencode "${NEXUS_PASSWORD}")" | ||
npm config set registry="$NEXUS_URL"/repository/npmjs/ | ||
npm config set always-auth=true | ||
npm config set _auth="$(echo -n "$NEXUS_AUTH" | base64)" | ||
npm config set [email protected] | ||
npm config set ca=null | ||
npm config set strict-ssl=false | ||
if [ -f /etc/ssl/certs/private-cert.pem ]; then | ||
echo "Configuring private cert ..." | ||
npm config set cafile=/etc/ssl/certs/private-cert.pem | ||
fi | ||
fi; | ||
|
||
echo "package-*.json checks ..." | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
#!/bin/bash | ||
set -u | ||
|
||
md5_bin="${MD5_BIN:-"md5sum --tag"}" | ||
private_cert="/etc/ssl/certs/private-cert.pem" | ||
src_truststore="${JAVA_HOME}/lib/security/cacerts" | ||
src_pass="changeit" | ||
dest_pass="changeit" | ||
|
||
while [[ "$#" -gt 0 ]]; do | ||
case $1 in | ||
|
||
--src-store) src_truststore="$2"; shift;; | ||
--src-store=*) src_truststore="${1#*=}";; | ||
|
||
--src-storepass) src_pass="$2"; shift;; | ||
--src-storepass=*) src_pass="${1#*=}";; | ||
|
||
--dest-store) dest_truststore="$2"; shift;; | ||
--dest-store=*) dest_truststore="${1#*=}";; | ||
|
||
--dest-storepass) dest_pass="$2"; shift;; | ||
--dest-storepass=*) dest_pass="${1#*=}";; | ||
|
||
--debug) set -x; shift;; | ||
|
||
*) echo "Unknown parameter passed: $1"; exit 1;; | ||
esac; shift; done | ||
|
||
dest_truststore_dir="${dest_truststore%/*}" | ||
mkdir -p "${dest_truststore_dir}" | ||
md5_private_cert_path="${dest_truststore_dir}/.md5-private-cert" | ||
md5_private_cert=$(${md5_bin} "${private_cert}") | ||
|
||
if [ ! -f "${dest_truststore}" ] || [ "${md5_private_cert}" != "$(cat "${md5_private_cert_path}")" ]; then | ||
echo "Creating truststore with private cert ..." | ||
# Copy global keystone to location where we can write to (hide output containing warnings). | ||
keytool -importkeystore \ | ||
-srckeystore "${src_truststore}" -destkeystore "${dest_truststore}" \ | ||
-deststorepass "${dest_pass}" -srcstorepass "${src_pass}" &> keytool-output.txt | ||
# shellcheck disable=SC2181 | ||
if [ $? -ne 0 ]; then | ||
cat keytool-output.txt; exit 1 | ||
fi | ||
# Trust private cert (hide output containing warnings). | ||
keytool -importcert -noprompt -trustcacerts \ | ||
-alias private-cert -file "${private_cert}" \ | ||
-keystore "${dest_truststore}" -storepass "${dest_pass}" &> keytool-output.txt | ||
# shellcheck disable=SC2181 | ||
if [ $? -ne 0 ]; then | ||
cat keytool-output.txt; exit 1 | ||
fi | ||
echo "${md5_private_cert}" > "${md5_private_cert_path}" | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,45 +1,39 @@ | ||
#!/bin/bash | ||
set -eu | ||
|
||
md5bin="${MD5_BIN:-"md5sum --tag"}" | ||
debug="${DEBUG:-false}" | ||
aquaScannerUrl="" | ||
binDir=".ods-cache/bin" | ||
md5_bin="${MD5_BIN:-"md5sum --tag"}" | ||
aqua_scanner_url="" | ||
bin_dir=".ods-cache/bin" | ||
|
||
while [[ "$#" -gt 0 ]]; do | ||
case $1 in | ||
|
||
--bin-dir) binDir="$2"; shift;; | ||
--bin-dir=*) binDir="${1#*=}";; | ||
--bin-dir) bin_dir="$2"; shift;; | ||
--bin-dir=*) bin_dir="${1#*=}";; | ||
|
||
--aqua-scanner-url) aquaScannerUrl="$2"; shift;; | ||
--aqua-scanner-url=*) aquaScannerUrl="${1#*=}";; | ||
--aqua-scanner-url) aqua_scanner_url="$2"; shift;; | ||
--aqua-scanner-url=*) aqua_scanner_url="${1#*=}";; | ||
|
||
--debug) debug="$2"; shift;; | ||
--debug=*) debug="${1#*=}";; | ||
--debug) set -x; shift;; | ||
|
||
*) echo "Unknown parameter passed: $1"; exit 1;; | ||
esac; shift; done | ||
|
||
if [ "${debug}" == "true" ]; then | ||
set -x | ||
fi | ||
|
||
aquaScannerPath="${binDir}/aquasec" | ||
md5AquaScannerUrlPath="${binDir}/.md5-aquasec" | ||
aqua_scanner_path="${bin_dir}/aquasec" | ||
md5_aqua_scanner_url_path="${bin_dir}/.md5-aquasec" | ||
|
||
# Optionally install Aqua scanner. | ||
# If the binary already exists and was downloaded from the | ||
# URL given by aquaScannerUrl, skip download. | ||
if [ -n "${aquaScannerUrl}" ] && [ "${aquaScannerUrl}" != "none" ]; then | ||
md5AquaScannerUrl=$(${md5bin} -s "${aquaScannerUrl}") | ||
if [ ! -f "${md5AquaScannerUrlPath}" ] || [ "${md5AquaScannerUrl}" != "$(cat "${md5AquaScannerUrlPath}")" ]; then | ||
# URL given by aqua_scanner_url, skip download. | ||
if [ -n "${aqua_scanner_url}" ] && [ "${aqua_scanner_url}" != "none" ]; then | ||
md5_aqua_scanner_url=$(${md5_bin} -s "${aqua_scanner_url}") | ||
if [ ! -f "${md5_aqua_scanner_url_path}" ] || [ "${md5_aqua_scanner_url}" != "$(cat "${md5_aqua_scanner_url_path}")" ]; then | ||
echo 'Installing Aqua scanner...' | ||
curl -v -sSf -L "${aquaScannerUrl}" -o aquasec | ||
mv aquasec "${aquaScannerPath}" | ||
chmod +x "${aquaScannerPath}" | ||
echo "${md5AquaScannerUrl}" > "${md5AquaScannerUrlPath}" | ||
curl -v -sSf -L "${aqua_scanner_url}" -o aquasec | ||
mv aquasec "${aqua_scanner_path}" | ||
chmod +x "${aqua_scanner_path}" | ||
echo "${md5_aqua_scanner_url}" > "${md5_aqua_scanner_url_path}" | ||
echo 'Installed Aqua scanner version:' | ||
"${aquaScannerPath}" version | ||
"${aqua_scanner_path}" version | ||
fi | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.