Automate RSA key handle with dev.py compose script, let nabla.init service copy the key to persistent ssh volume

AnastaZIuk · AnastaZIuk · commit d4ed2e8506db · 2023-12-28T17:52:06.000+01:00
diff --git a/docker/compose/ci/stages/dev/init/compose.yml b/docker/compose/ci/stages/dev/init/compose.yml
@@ -26,7 +26,7 @@ services:
       - type: bind
         source: ../../../../
         target: ${THIS_PROJECT_DOCKER_BIND_DIRECTORY}
-    entrypoint: ["ncpfmp.bat", "nbl.ci.dev.init"]
+    entrypoint: ["ncpfmp.bat", "nbl.ci.dev.init", "--key", "/key"]
     
 networks:
   nabla.network:
diff --git a/docker/dev.py b/docker/dev.py
@@ -16,10 +16,9 @@ def parseInputArguments():
 def main():
     try:
         args = parseInputArguments()
-        os.path.dirname(os.path.abspath(__file__))
-
-        os.chdir(os.path.dirname(os.path.abspath(__file__)))
-
+        
+        os.chdir(os.path.normpath(os.path.join(os.path.dirname(os.path.abspath(__file__)), "compose/ci/stages/dev")))
+        
         key = args.ssh
         platform = args.platform
         arch = args.arch
@@ -35,24 +34,18 @@ def main():
         
         if subprocess.call(["docker", "volume", "inspect", "ssh"], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) != 0:
            subprocess.run(["docker", "volume", "create", "ssh"], check=True) # create ssh volume if not present
-        
-        # TODO: Unix/Macos when needed
-        #subprocess.call(f"docker rm -f dev.ssh.intermediate", stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
-        #subprocess.run(f"docker run -d -v ssh:C:\\volume-mount-point --name dev.ssh.intermediate artifactory.devsh.eu/nabla/windows/base:latest", check=True) # create intermediate container
-        #subprocess.run(f"docker start dev.ssh.intermediate", check=True) # start intermediate container
-        #subprocess.run(f"docker cp {key} dev.ssh.intermediate:C:\\volume-mount-point", check=True) # copy ssh key to ssh volume
-        #subprocess.call(f"docker rm -f dev.ssh.intermediate", stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
-       
-        os.chdir("./compose/ci/stages/dev")
-       
+
         compose = [
             "docker", "compose",
             "-f", f"./compose.{platform}.{arch}.yml",
             "--env-file", "../.env/platform/windows/.env"
         ]
         
-        subprocess.run(compose + ["up", "--build"], check=True) # compose up pipeline
-        subprocess.run(compose + ["down"], check=True) # compose down pipeline
+        subprocess.run(compose + ["build"], check=True)
+        subprocess.run(compose + ["create", "--force-recreate"], check=True)
+        subprocess.run(compose + ["cp", key, "nabla.init:key"], check=True)
+        subprocess.run(compose + ["up"], check=True)
+        subprocess.run(compose + ["down"], check=True)
         
     except subprocess.CalledProcessError as e:
         print(f"Subprocess failed with exit code {e.returncode}")
diff --git a/docker/scripts/nbl/ci/dev/init.py b/docker/scripts/nbl/ci/dev/init.py
@@ -1,9 +1,11 @@
-import os, subprocess, sys, argparse
+import os, subprocess, sys, argparse, shutil
 
 
 def parseInputArguments():
     parser = argparse.ArgumentParser(description="Nabla CI Pipeline nbl.ci.dev.init Framework Module")
  
+    parser.add_argument("--key", help="RSA input key file", type=str, required=True)
+
     args = parser.parse_args()
     
     return args
@@ -15,20 +17,28 @@ def init():
     if not THIS_PROJECT_SSH_DIRECTORY:
         raise ValueError("THIS_PROJECT_SSH_DIRECTORY environment variables doesn't exist!")
 
-    key = os.path.normpath(os.path.join(THIS_PROJECT_SSH_DIRECTORY, "id_rsa"))
-
-    # TODO: Unix/MacOS when needed
-    subprocess.run(f"icacls.exe {key} /reset", check=True)
-    subprocess.run(f"icacls.exe {key} /GRANT:R ContainerAdministrator:(R)", check=True)
-    subprocess.run(f"icacls.exe {key} /inheritance:r", check=True)
+    args = parseInputArguments()
    
     try:
+        inputKey = args.key
+        targetKey = os.path.normpath(os.path.join(THIS_PROJECT_SSH_DIRECTORY, "id_rsa"))
+
+        # TODO: Unix/MacOS when needed
+        subprocess.run(f"icacls.exe {targetKey} /reset", check=False)
+
+        shutil.copy(inputKey, targetKey)
+        print(f"Copied \"{inputKey}\" to \"{targetKey}\"")
+
+        subprocess.run(f"icacls.exe {targetKey} /GRANT:R ContainerAdministrator:(R)", check=True)
+        subprocess.run(f"icacls.exe {targetKey} /inheritance:r", check=True)
+
         subprocess.run("ssh -o StrictHostKeyChecking=no -T git@github.com", check=True)
     except subprocess.CalledProcessError as e:
         if not (e.returncode == 0 or e.returncode == 1):
             raise ValueError("Could not authenticate with provided rsa key, exiting...")
+    except FileNotFoundError:
+        raise ValueError(f"Input key file \"{inputKey}\" not found")
             
-
 def main():
     try:
         init()
