public
/
lineandsinker
Bevaka 1
Stjärnmärk 0
Förgrening 0
Kod Ärenden 0 Pull-förfrågningar 0 Släpp 0 Wiki Aktiviteter
WebHook broker that accepts notifications from multiple platforms and performs simple actions in response
Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.
14 Incheckningar
1 Gren
Träd: f73fd65be6
Grenar Taggar
${ item.name }
Skapa branchen ${ searchTerm }
från 'f73fd65be6'
${ noResults }
lineandsinker/main.py

main.py 5.5KB
Historik

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183 
  1. import hashlib

  2. import re

  3. import socket

  4. from functools import wraps

  5. 

  6. import jenkins

  7. import requests

  8. import os

  9. from bs4 import BeautifulSoup

  10. from flask import Flask, abort, request, Response

  11. 

  12. BASE_URL = os.environ["LAS_BASE_URL"]

  13. SECRET = os.environ["LAS_SECRET"]

  14. 

  15. jenkins_server = jenkins.Jenkins(

  16.     os.environ["LAS_JENKINS_URL"],

  17.     username=os.environ["LAS_JENKINS_USER"],

  18.     password=os.environ["LAS_JENKINS_PASSWORD"],

  19. )

  20. 

  21. 

  22. def get_hook_key(service, identifier):

  23.     nonce = (service + SECRET + identifier).encode("ascii")

  24.     return hashlib.sha256(nonce).hexdigest()

  25. 

  26. 

  27. def get_hook_url(service, identifier):

  28.     return f"{BASE_URL}hooks/{service}/{identifier}/{get_hook_key(service, identifier)}"

  29. 

  30. 

  31. def authenticate(f):

  32.     @wraps(f)

  33.     def wrapper(*args, **kwargs):

  34.         match = re.match(

  35.             "^/hooks/(?P<service>[^/]+)/(?P<identifier>.*)/(?P<key>[^/]+)$",

  36.             request.path,

  37.         )

  38. 

  39.         if not match:

  40.             return Response("Bad request", 400)

  41. 

  42.         expected_key = get_hook_key(match.group("service"), match.group("identifier"))

  43.         if expected_key != match.group("key"):

  44.             app.logger.info(

  45.                 f"Bad request to {request.path}: expected key {expected_key}"

  46.             )

  47.             return Response("Invalid key", 403)

  48. 

  49.         return f(*args, **kwargs)

  50. 

  51.     return wrapper

  52. 

  53. 

  54. def get_jenkins_jobs():

  55.     for job in jenkins_server.get_all_jobs():

  56.         config = BeautifulSoup(

  57.             jenkins_server.get_job_config(job["fullname"]), features="xml"

  58.         )

  59.         for git_config in config.find_all("scm", class_="hudson.plugins.git.GitSCM"):

  60.             branch_spec = git_config.find("branches").find("name").text

  61.             yield job["fullname"], branch_spec, git_config.find("url").text

  62. 

  63. 

  64. def gitea_request(method, api_path, **kwargs):

  65.     if "params" not in kwargs:

  66.         kwargs["params"] = {}

  67.     kwargs["params"]["access_token"] = os.environ["LAS_GITEA_TOKEN"]

  68.     return requests.request(

  69.         method, f"{os.environ['LAS_GITEA_URL']}api/v1/{api_path}", **kwargs

  70.     )

  71. 

  72. 

  73. def maybe_install_gitea_hook(project):

  74.     hook_url = get_hook_url("gitea", project)

  75.     path = f"repos/{project}/hooks"

  76.     hooks = gitea_request("get", path).json()

  77. 

  78.     if hook_url not in [hook["config"]["url"] for hook in hooks]:

  79.         body = {

  80.             "active": True,

  81.             "config": {"content_type": "json", "url": hook_url},

  82.             "events": [

  83.                 "create",

  84.                 "delete",

  85.                 "fork",

  86.                 "push",

  87.                 "issues",

  88.                 "issue_comment",

  89.                 "pull_request",

  90.                 "repository",

  91.                 "release",

  92.             ],

  93.             "type": "gitea",

  94.         }

  95.         gitea_request("post", path, json=body).json()

  96. 

  97. 

  98. def get_gitea_repos():

  99.     repos = gitea_request("get", f"user/repos").json()

  100.     for repo in repos:

  101.         maybe_install_gitea_hook(repo["full_name"])

  102.         yield repo["full_name"], repo["ssh_url"], repo["clone_url"]

  103. 

  104. 

  105. def reportbot_announce(message):

  106.     try:

  107.         with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock:

  108.             host = os.environ["LAS_REPORTBOT_ADDRESS"].split(":")

  109.             sock.connect((host[0], int(host[1])))

  110.             sock.sendall(

  111.                 f"{os.environ['LAS_REPORTBOT_PREFIX']} {message}\n".encode("utf-8")

  112.             )

  113.             app.logger.info(f"Report bot response: {sock.recv(512)}")

  114.     except Exception:

  115.         app.logger.exception("Unable to send report bot message")

  116. 

  117. 

  118. repos = dict((name, [ssh, clone]) for name, ssh, clone in get_gitea_repos())

  119. jobs = list(get_jenkins_jobs())

  120. app = Flask(__name__)

  121. 

  122. 

  123. @app.route("/")

  124. def handle_index():

  125.     return app.send_static_file("index.html")

  126. 

  127. 

  128. @app.route("/hooks/gitea/<path:repo>/<hash>", methods=["POST"])

  129. @authenticate

  130. def handle_hook_gitea(repo):

  131.     app.logger.info(f"Received hook for repo {repo}")

  132. 

  133.     if repo not in repos:

  134.         app.logger.info(f"Repository not found. Known repos: {repos.keys()}")

  135.         abort(404)

  136. 

  137.     if request.headers.get("X-Gitea-Event") == "push":

  138.         urls = repos[repo]

  139.         for name, spec, url in jobs:

  140.             if url in urls:

  141.                 # TODO: Check branches

  142.                 app.logger.info(f"Found matching job: {name} with URL {url}")

  143.                 jenkins_server.build_job(name)

  144. 

  145.         data = request.get_json()

  146.         if not data["repository"]["private"]:

  147.             repo = data["repository"]["full_name"]

  148.             commits = len(data["commits"])

  149.             compare = data["compare_url"]

  150.             pusher = data["pusher"]["login"]

  151. 

  152.             reportbot_announce(

  153.                 f"\002[git]\002 {pusher} pushed {commits} commit{'s' if commits != 1 else ''} to {repo}: {compare}"

  154.             )

  155.             for commit in data["commits"][:3]:

  156.                 reportbot_announce(

  157.                     f"\002[git]\002 {commit['id'][:10]}: {commit['message'][:100]}"

  158.                 )

  159. 

  160.     return "", 204

  161. 

  162. 

  163. @app.route("/hooks/docker/registry/<hash>", methods=["GET", "POST"])

  164. @authenticate

  165. def handle_docker_registry():

  166.     for event in request.get_json()["events"]:

  167.         if (

  168.             event["action"] == "push"

  169.             and "vnd.docker.distribution.manifest" in event["target"]["mediaType"]

  170.             and "tag" in event["target"]

  171.         ):

  172.             repo = event["target"]["repository"]

  173.             tag = event["target"]["tag"]

  174.             host = event["request"]["host"]

  175.             user = event["actor"]["name"]

  176.             reportbot_announce(

  177.                 f"\002[registry]\002 New manifest pushed to {host}/{repo}:{tag} by {user}"

  178.             )

  179. 

  180.     return "", 204

  181. 

  182. 

  183. app.run("0.0.0.0")