Skip to content

Dockerize #40

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 17 commits into
base: master
Choose a base branch
from
Open

Dockerize #40

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
d853f50
get docker build working and add uwsgi config
guykisel Feb 1, 2017
b579066
move files into app dir
guykisel Feb 1, 2017
c3e2bcd
copy requirements file to app dir
guykisel Feb 3, 2017
c6d7966
install nvm and stuff
guykisel Feb 3, 2017
1364b9b
add ssh keys as needed
guykisel Feb 6, 2017
190aaf5
install pyenv and rvm
guykisel Feb 6, 2017
e78f634
don't switch users
guykisel Feb 6, 2017
c544e2f
setup known hosts
guykisel Feb 6, 2017
6adafa4
handle keygen errors
guykisel Feb 6, 2017
45a153a
properly append to known hosts
guykisel Feb 6, 2017
9289002
capture keyscan stderr
guykisel Feb 6, 2017
3d53f5a
actually capture output
guykisel Feb 6, 2017
bd34620
handle SSH key generation
guykisel Feb 9, 2017
a947e9e
define ssh_keygen earlier
guykisel Feb 9, 2017
c95d7d2
send blank passphrase and fix url
guykisel Feb 9, 2017
2eeb2aa
actually send empty passphrase
guykisel Feb 9, 2017
fc167a4
set up ssh agent
guykisel Feb 9, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
handle SSH key generation
  • Loading branch information
@guykisel
guykisel committed Jul 21, 2017
commit bd346201a6dd43da00f909d735d7cebea9a5b698
51 changes: 45 additions & 6 deletions app/main.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,17 @@
from __future__ import print_function
from __future__ import unicode_literals

import hashlib
import os
import random
import shutil
import subprocess
import tempfile
import threading
import time
import traceback
from flask import Flask, request, redirect
import github3

app = Flask(__name__)

Expand All @@ -20,9 +23,19 @@
SAFE_ENV['TOKEN'] = ''
DOTFILES = 'dotfiles'
STOP_FILE_NAME = '.inlineplzstop'
SSH_FILE_NAME = 'inline_plz_rsa'
SSH_FILE_PATH = os.path.join(os.path.expanduser('~'), '.ssh', SSH_FILE_NAME)
REVIEWS_IN_PROGRESS = dict()
SSH_LOCK = threading.Lock()

TRUSTED = os.environ.get('TRUSTED', '').lower().strip() in ['true', 'yes', '1']
if TRUSTED:
ssh_keygen()

SSH_KEY_HASH = hashlib.md5()
Copy link

@inline-plz-bot inline-plz-bot Feb 10, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

bandit: Use of insecure MD2, MD4, or MD5 hash function.

SSH_KEY_HASH.update(open(SSH_FILE_PATH).read())
SSH_KEY_HASH = SSH_KEY_HASH.hexdigest()[-6:]


@app.errorhandler(Exception)
def all_exception_handler():
Expand Down Expand Up @@ -64,16 +77,41 @@ def clone_dotfiles(url, org, tempdir, token):
return clone(clone_url, dotfile_path, token)


def ssh_keygen(url):
def ssh_keygen():
time.sleep(random.randint(1, 10))
while not os.path.exists(SSH_FILE_PATH):
try:
subprocess.check_call(['ssh-keygen', '-t', 'rsa', '-b', '2048', '-f', SSH_FILE_PATH])
except Exception:
traceback.print_exc()
time.sleep(random.randint(1, 10))


def ssh_setup(url, token):
with SSH_LOCK:
if not url or url in ['http://github.com', 'https://github.com']:
github = github3.GitHub(token=token)
else:
github = github3.GitHubEnterprise(url, token=token)

key_found = False
for key in github.iter_keys():
if SSH_FILE_NAME in key.title and not SSH_KEY_HASH in key.title:
github.delete_key(key.id)
elif key.title == '{}_{}'.format(SSH_FILE_NAME, SSH_KEY_HASH):
key_found = True
if not key_found:
github.create_key('{}_{}'.format(SSH_FILE_NAME, SSH_KEY_HASH), SSH_FILE_PATH + '.pub')

keygen_url = url.split('//')[-1]
try:
output = subprocess.check_output(['ssh-keygen', '-F', url], stderr=subprocess.STDOUT)
output = subprocess.check_output(['ssh-keygen', '-F', keygen_url], stderr=subprocess.STDOUT)
if output.strip():
return
except subprocess.CalledProcessError:
traceback.print_exc()
try:
output = subprocess.check_output(['ssh-keyscan', '-t', 'rsa', url], stderr=subprocess.STDOUT)
output = subprocess.check_output(['ssh-keyscan', '-t', 'rsa', keygen_url], stderr=subprocess.STDOUT)
with open(os.path.join(os.path.expanduser('~'), '.ssh', 'known_hosts'), 'a') as known_hosts:
known_hosts.write(output)
except Exception:
Expand All @@ -96,7 +134,7 @@ def lint(data):
except KeyError:
traceback.print_exc()
return 'Invalid pull request data.'
trusted = os.environ.get('TRUSTED', '').lower().strip() in ['true', 'yes', '1']


print('Starting inline-plz:')
print('Event: {}'.format(event_type))
Expand All @@ -109,7 +147,8 @@ def lint(data):
if event_type not in ['opened', 'synchronize']:
return

ssh_keygen(url)
if TRUSTED:
ssh_setup(url, token)

# make temp dirs
tempdir = tempfile.mkdtemp()
Expand Down Expand Up @@ -149,7 +188,7 @@ def lint(data):
'--interface={}'.format(interface),
'--zero-exit'
]
if trusted:
if TRUSTED:
args.append('--trusted')
if clone_dotfiles(url, org, dotfile_dir, token):
args.append('--config-dir={}'.format(
Expand Down
2 changes: 1 addition & 1 deletion requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ configparser==3.5.0
docutils==0.12
dodgy==0.1.9
Flask==0.11.1
github3.py==0.9.5
github3.py==0.9.6
inlineplz==0.23.1
isort==4.2.5
itsdangerous==0.24
Expand Down