diff options
author | Paul Katsoulakis <34388743+paulkatsoulakis@users.noreply.github.com> | 2019-03-25 10:05:05 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-03-25 10:05:05 +0000 |
commit | 8f6b2bba3e0d82b27b26b7da1022e49fe9e09482 (patch) | |
tree | 9c8412a14a5dcc179f15f4db9ea23186091cc2f8 /tests | |
parent | 9c807630ea5e10144892a5bfc5379b36c2a63e8d (diff) |
Integrity testing: Check published kickstart files integrity (#5689)
* netdata/packaging/ci: Integrity testing
Introduce a scriptlet that validates kickstart integrity in my-netdata.io against the ones in the repo.
Run this through the pipeline on a scheduled manner.
Will refine the conditionals later, once i verify the stage is built up as expected
* netdata/packaging/ci: remove conditionals first
* netdata/packaging/ci: Adjust the names to something more appropriate. Run it along with nightlies
* netdata/packager/ci: Cleanup checksum validation for kickstart files (continued)
1) merge validate_kickstart_integrity.sh and tests/installer/checksums.sh
2) run checksums at the new point on the pipeline
3) Change that unstable gitignore check and use a more file-agnostic check that depends only on git that we already require
4) Do not run the kickstart validation on the online website everywhere, only on the nightly runs
* netdata/packaging/ci: First rounf of PR feedback adjustments
1) changes wordings as recommended
2) pass file info in parameter and use it in the wordings
3) as shellcheck suggests, use -n instead of ! -z. Makes sense actually, ! -z is kind of reverse logic that confuses
More adjustments on a follow up commit
* netdata/packaging/ci: Enable slack integration for kickstart validation
We want to be notified in a timely manner when the kickstart on the website is outdated.
Added a wrapper for incoming webhooks from slack and instead of failing the build we notify slack
Added a debug message in the end of the script to validate the process which i will remove on a follow up commit
* netdata/packaging/ci: fixes
fix sourcing path
missed the /, this new keyboard is a pain :p
Diffstat (limited to 'tests')
-rwxr-xr-x | tests/installer/checksums.sh | 54 | ||||
-rwxr-xr-x | tests/installer/slack.sh | 17 |
2 files changed, 60 insertions, 11 deletions
diff --git a/tests/installer/checksums.sh b/tests/installer/checksums.sh index 2c0279015a..625b1a1d7a 100755 --- a/tests/installer/checksums.sh +++ b/tests/installer/checksums.sh @@ -1,19 +1,51 @@ #!/bin/bash - +# +# Mechanism to validate kickstart files integrity status +# +# Copyright: SPDX-License-Identifier: GPL-3.0-or-later +# +# Author : Pawel Krupa (pawel@netdata.cloud) +# Author : Pavlos Emm. Katsoulakis (paul@netdata.cloud) set -e -if [ ! -f .gitignore ]; then - echo "Run as ./tests/installer/$(basename "$0") from top level directory of git repository" - exit 1 +# If we are not in netdata git repo, at the top level directory, fail +TOP_LEVEL=$(basename "$(git rev-parse --show-toplevel 2> /dev/null || echo "")") +CWD="$(git rev-parse --show-cdup 2> /dev/null || echo "")" +if [ -n "$CWD" ] || [ ! "${TOP_LEVEL}" == "netdata" ]; then + echo "Run as .travis/$(basename "$0") from top level directory of netdata git repository" + echo "Kickstart validation process aborted" + exit 1 fi +README_DOC="packaging/installer/README.md" +source ./tests/installer/slack.sh + for file in kickstart.sh kickstart-static64.sh; do - OLD_CHECKSUM=$(grep "$file" packaging/installer/README.md | grep md5sum | cut -d '"' -f2) - NEW_CHECKSUM="$(md5sum "packaging/installer/$file" | cut -d' ' -f1)" - if [ "$OLD_CHECKSUM" != "$NEW_CHECKSUM" ]; then - echo "Invalid checksum for $file in docs." - echo "checksum in docs: $OLD_CHECKSUM" - echo "current checksum: $NEW_CHECKSUM" - exit 1 + README_MD5=$(grep "$file" $README_DOC | grep md5sum | cut -d '"' -f2) + KICKSTART_URL="https://my-netdata.io/$file" + KICKSTART="packaging/installer/$file" + KICKSTART_MD5="$(md5sum "${KICKSTART}" | cut -d' ' -f1)" + CALCULATED_MD5="$(curl -Ss ${KICKSTART_URL} | md5sum | cut -d ' ' -f 1)" + + # Conditionally run the website validation + if [ -z "${LOCAL_ONLY}" ]; then + echo "Validating ${KICKSTART_URL} against local file ${KICKSTART} with MD5 ${KICKSTART_MD5}.." + if [ "$KICKSTART_MD5" == "$CALCULATED_MD5" ]; then + echo "${KICKSTART_URL} looks fine" + else + post_message "Attention @group , ${KICKSTART_URL} md5sum does not match local file, it needs to be updated" + fi fi + + echo "Validating documentation for $file" + if [ "$KICKSTART_MD5" != "$README_MD5" ]; then + echo "Invalid checksum for $file in $README_DOC." + echo "checksum in docs: $README_MD5" + echo "current checksum: $KICKSTART_MD5" + exit 2 + else + echo "$file MD5Sum is well documented" + fi + done +echo "No problems found, exiting succesfully!" diff --git a/tests/installer/slack.sh b/tests/installer/slack.sh new file mode 100755 index 0000000000..817989db92 --- /dev/null +++ b/tests/installer/slack.sh @@ -0,0 +1,17 @@ +#!/bin/bash +# +# Simple incoming webhook for slack integration. +# +# The script expects the following parameters to be defined by the upper layer: +# SLACK_INCOMING_WEBHOOK_URL +# SLACK_BOT_NAME +# SLACK_CHANNEL +# +# Copyright: +# +# Author: Pavlos Emm. Katsoulakis <paul@netdata.cloud + +post_message() { + MESSAGE="$1" + curl -X POST --data-urlencode "payload={\"channel\": \"${SLACK_CHANNEL}\", \"username\": \"${SLACK_BOT_NAME}\", \"text\": \"${MESSAGE}\", \"icon_emoji\": \":space_invader:\"}" ${SLACK_INCOMING_WEBHOOK_URL} +} |