Merge pull request #8 from rtyler/proxy-refactor

Refactor the proxy code into a base image
2017-12-21 07:25:38 -08:00 · 2017-12-21 07:25:38 -08:00 · 88cff02746
parent 4b5eaa4818 ae0afa226a
commit 88cff02746
13 changed files with 183 additions and 22 deletions
--- a/16
+++ b/16
@ -1,5 +1,4 @@
-FROM nginx:alpine
-USER root
+FROM codevalet/proxy:latest

 # Prepare the alpine image with some Jenkins dependencies
 ################################################################################
@ -10,7 +9,6 @@ RUN apk add --no-cache git \
        bash \
        ttf-dejavu \
        coreutils \
-        supervisor \
        openjdk8-jre && \
            mkdir -p /usr/share/jenkins && \
            curl -sSL https://ci.jenkins.io/job/Core/job/jenkins/job/master/lastSuccessfulBuild/artifact/war/target/linux-jenkins.war  > /usr/share/jenkins/jenkins.war
@ -19,21 +17,9 @@ RUN apk add --no-cache git \

 # Snippet taken from Dockerfile.alpine
 ################################################################################
-ARG user=jenkins
-ARG group=jenkins
-ARG uid=1000
-ARG gid=1000
 ARG http_port=8080
 ARG agent_port=50000

-ENV JENKINS_HOME /var/jenkins_home
-ENV JENKINS_SLAVE_AGENT_PORT ${agent_port}
-# Jenkins is run with user `jenkins`, uid = 1000
-# If you bind mount a volume from the host or a data container,
-# ensure you use the same uid
-RUN addgroup -g ${gid} ${group} \
-    && adduser -h "$JENKINS_HOME" -u ${uid} -G ${group} -s /bin/bash -D ${user}
-
 # Jenkins home directory is a volume, so configuration and build history
 # can be persisted and survive image upgrades
 VOLUME /var/jenkins_home
--- a/10
+++ b/10
@ -8,6 +8,11 @@ pipeline {
    }

    stages {
+        stage('Test') {
+            steps {
+                sh 'make check'
+            }
+        }
        stage('Create builder') {
            steps {
                sh 'make builder'
@ -30,11 +35,6 @@ pipeline {
                }
            }
        }
-        stage('Test') {
-            steps {
-                sh 'make check'
-            }
-        }
    }
    post {
        always {
--- a/9
+++ b/9
@ -3,21 +3,26 @@ IMAGE_PREFIX=rtyler/codevalet
 all: check plugins master

 check: agent-templates validate-plugins
+	$(MAKE) -C proxy check

 validate-plugins: plugins.yml
 	./scripts/ruby ./scripts/plugins-from-yaml plugins.yml > /dev/null

 clean:
 	rm -rf build/
+	$(MAKE) -C proxy clean

 ## Build the Jenkins master image
 ###############################################################
 builder: Dockerfile.builder
 	docker build -t ${IMAGE_PREFIX}-$@ -f Dockerfile.$@ .

-master: Dockerfile build/git-refs.txt agent-templates
+master: Dockerfile build/git-refs.txt agent-templates proxy
 	docker build -t ${IMAGE_PREFIX}-$@  .

+proxy:
+	$(MAKE) -C proxy container
+
 plugins: ./scripts/build-plugins plugins.yml builder
 	./scripts/build-plugins

@ -35,4 +40,4 @@ build/agent-templates:
 	git clone --depth 1 https://github.com/codevalet/agent-templates.git build/agent-templates
 ###############################################################

-.PHONY: clean plugins master builder all check
+.PHONY: clean plugins master builder all check proxy
--- a/README.adoc
+++ b/README.adoc
@ -10,3 +10,11 @@ has since been moved out to allow for more independent iteration on the master
 image itself.


+== Hacking
+
+=== Prerequisites
+
+* Git
+* GNU/Make
+* Docker
+* Docker Compose
--- a/proxy/Dockerfile
+++ b/proxy/Dockerfile
@ -0,0 +1,27 @@
+FROM nginx:alpine
+USER root
+
+RUN apk add --no-cache supervisor
+
+ARG user=jenkins
+ARG group=jenkins
+ARG uid=1000
+ARG gid=1000
+
+ENV JENKINS_HOME /var/jenkins_home
+# Jenkins is run with user `jenkins`, uid = 1000
+# If you bind mount a volume from the host or a data container,
+# ensure you use the same uid
+RUN addgroup -g ${gid} ${group} \
+    && adduser -h "$JENKINS_HOME" -u ${uid} -G ${group} -s /bin/bash -D ${user}
+
+# Prepare the nginx instance itself
+################################################################################
+COPY nginx.conf /etc/nginx/conf.d/default.conf
+################################################################################
+
+# Prepare the supervisor script to run nginx and Jenkins inside the container
+################################################################################
+COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
+CMD /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf
+################################################################################
--- a/proxy/Makefile
+++ b/proxy/Makefile
@ -0,0 +1,36 @@
+IMAGE_NAME=codevalet/proxy
+COMPOSE=build/docker-compose
+
+all: check
+
+check: bats container $(COMPOSE)
+	$(COMPOSE) up --remove-orphans -d
+	./test/check-connectivity
+	./bats/bin/bats test/*.bats
+
+container: Dockerfile nginx.conf supervisord.conf
+	docker build -t $(IMAGE_NAME):latest .
+
+clean: $(COMPOSE)
+	$(COMPOSE) down
+	docker rmi $(shell docker images -q -f "reference=$(IMAGE_NAME)")
+	rm -rf bats
+	rm -rf build
+
+
+bats:
+	git clone --depth 1 -b v0.4.0 https://github.com/sstephenson/bats.git
+
+# Whenever the nginx.conf changes, we should down the docker-compose bits just
+# to ensure we come up with something new
+nginx.conf: $(COMPOSE)
+	$(COMPOSE) down
+
+build:
+	mkdir -p build
+build/docker-compose: build
+	(cd build && \
+	curl -sL https://github.com/docker/compose/releases/download/1.18.0/docker-compose-`uname -s`-`uname -m` -o docker-compose && \
+	chmod +x docker-compose)
+
+.PHONY: all check container clean
--- a/proxy/bats
+++ b/proxy/bats
@ -0,0 +1 @@
+Subproject commit 7b032e4b232666ee24f150338bad73de65c7b99d
--- a/proxy/docker-compose.yml
+++ b/proxy/docker-compose.yml
@ -0,0 +1,7 @@
+---
+version: '3'
+services:
+  webapp:
+    image: 'codevalet/proxy:latest'
+    ports:
+      - 8081:80
--- a/proxy/nginx.conf
+++ b/proxy/nginx.conf
@ -17,6 +17,22 @@ server {
        return 301 /blue/organizations/jenkins/create-pipeline;
    }

+    # Send "abusive" routes to Code Valet's abuse disclaimer page rather than
+    # somewhere else within Jenkins. This should help avoid undo load on
+    # Jenkins instances.
+    #
+    # See also: https://github.com/CodeValet/master/issues/1
+    location ~ /(cli|asynchPeople) {
+        return 301 https://codevalet.io/abuse/;
+    }
+    location ~ ^/api(/json|xml|python)? {
+        return 301 https://codevalet.io/abuse/;
+    }
+    location ~ job/(.*)/api(/json|xml|python)? {
+        return 301 https://codevalet.io/abuse/;
+    }
+
+
    location / {
        proxy_redirect off;
        proxy_set_header Host $http_host;
--- a/proxy/supervisord.conf
+++ b/proxy/supervisord.conf
--- a/proxy/test/check-connectivity
+++ b/proxy/test/check-connectivity
@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+
+PROXY_URL=http://127.0.0.1:8081/
+
+for i in $(seq 1 5); do
+    curl -sI ${PROXY_URL} 2>&1 > /dev/null
+    if [ $? -ne 0 ]; then
+        sleep 1
+    else
+        exit 0
+    fi;
+done;
+
+# If we get to here without having bailed out, something is wrong
+exit 1
--- a/proxy/test/redirects.bats
+++ b/proxy/test/redirects.bats
@ -0,0 +1,51 @@
+#!/usr/bin/env bats
+
+PROXY_URL=http://127.0.0.1:8081/
+
+@test "the root URL should redirect to Blue Ocean" {
+    run curl -Iv ${PROXY_URL}
+    [ "${status}" -eq 0 ]
+    echo ${output} | grep -e "Location: http://.*/blue/pipelines"
+}
+
+@test "/newJob redirects to the Blue Ocean 'Create Pipeline' view" {
+    run curl -Iv ${PROXY_URL}/newJob
+    [ "${status}" -eq 0 ]
+    echo ${output} | grep -e "Location: http://.*/blue/organizations/jenkins/create-pipeline"
+}
+
+@test "/cli redirects to the Abuse page" {
+    run curl -Iv ${PROXY_URL}/cli
+    [ "${status}" -eq 0 ]
+    echo ${output} | grep -e "Location: https://codevalet.io/abuse/"
+}
+
+@test "/asynchPeople redirects to the Abuse page" {
+    run curl -Iv ${PROXY_URL}/asynchPeople
+    [ "${status}" -eq 0 ]
+    echo ${output} | grep -e "Location: https://codevalet.io/abuse/"
+}
+
+@test "/api redirects to the Abuse page" {
+    run curl -Iv ${PROXY_URL}/api
+    [ "${status}" -eq 0 ]
+    echo ${output} | grep -e "Location: https://codevalet.io/abuse/"
+}
+
+@test "/api/json redirects to the Abuse page" {
+    run curl -Iv ${PROXY_URL}/api/json
+    [ "${status}" -eq 0 ]
+    echo ${output} | grep -e "Location: https://codevalet.io/abuse/"
+}
+
+@test "/job/something/api redirects to the Abuse page" {
+    run curl -Iv ${PROXY_URL}/job/codevalet/api
+    [ "${status}" -eq 0 ]
+    echo ${output} | grep -e "Location: https://codevalet.io/abuse/"
+}
+
+@test "/job/something/api/json redirects to the Abuse page" {
+    run curl -Iv ${PROXY_URL}/job/codevalet/api/json
+    [ "${status}" -eq 0 ]
+    echo ${output} | grep -e "Location: https://codevalet.io/abuse/"
+}
--- a/proxy/test/rewrite.bats
+++ b/proxy/test/rewrite.bats
@ -0,0 +1,9 @@
+#!/usr/bin/env bats
+
+PROXY_URL=http://127.0.0.1:8081/
+
+# https://github.com/CodeValet/master/issues/7
+@test "ocean should rewrite to blue/organizations/jenkins" {
+    skip "Cannot implement this test without a Jenkins"
+}
+
				`@ -0,0 +1 @@`
				`Subproject commit 7b032e4b232666ee24f150338bad73de65c7b99d`