diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..9ad042d --- /dev/null +++ b/.editorconfig @@ -0,0 +1,14 @@ +root = true + +[*] +charset = utf-8 +indent_size = 2 +indent_style = space +insert_final_newline = true +trim_trailing_whitespace = true + +[*.cs] +indent_size = 4 + +[*.{csv,editorconfig,cs,config,sql}] +insert_final_newline = false \ No newline at end of file diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..740c092 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,138 @@ +name: Build Certbot Lambda Package + +on: + push: + branches: [ master ] + pull_request: + branches: [ master ] + workflow_dispatch: + +jobs: + setup-build-workflow: + runs-on: ubuntu-latest + + outputs: + IS_PRERELEASE: ${{ steps.set-vars.outputs.IS_PRERELEASE }} + IS_MERGE_TO_MAIN: ${{ steps.set-vars.outputs.IS_MERGE_TO_MAIN }} + IS_MERGE_TO_DEVELOP: ${{ steps.set-vars.outputs.IS_MERGE_TO_DEVELOP }} + REF_TO_BUILD_AND_TAG: ${{ steps.set-vars.outputs.REF_TO_BUILD_AND_TAG }} + IS_DEPENDABOT_PR: ${{ steps.actor_check.outputs.IS_DEPENDABOT_PR }} + + steps: + - name: Set default env variables + id: set-vars + uses: actions/github-script@v7 + with: + script: | + const targetRef = '${{ github.base_ref }}'; + const sourceRef = '${{ github.head_ref }}'; + const mergeRef = '${{ github.ref }}'; + + const prIsDraft = '${{ github.event.pull_request.draft }}' === 'true'; + const prMergedToMain = mergeRef === 'refs/heads/master'; + + const isPreRelease = !prMergedToMain + + // For a detailed explanation of why we use different refs for different scenarios + // see https://docs.github.com/en/rest/reference/pulls#get-a-pull-request + const refToBuildAndTag = isPreRelease ? sourceRef : mergeRef; + + Object.entries({ + IS_PRERELEASE: isPreRelease, + IS_MERGE_TO_MAIN: prMergedToMain, + REF_TO_BUILD_AND_TAG: refToBuildAndTag, + }).forEach(pair => { + core.setOutput(...pair); + console.info(...pair); + }); + + - name: Check if Dependabot PR + id: actor_check + uses: actions/github-script@v7 + with: + script: | + const actor = '${{ github.actor}}'; + const knownDependabotNames = [ + 'dependabot[bot]', + 'dependabot' + ]; + const isDependabotPR = knownDependabotNames.includes(actor); + core.info(`Is Dependabot PR: ${isDependabotPR}`); + core.setOutput('IS_DEPENDABOT_PR', isDependabotPR); + + get-version: + runs-on: ubuntu-latest + needs: setup-build-workflow + + outputs: + NEXT_VERSION: ${{ steps.get-version.outputs.NEXT_VERSION }} + NEXT_VERSION_NO_PREFIX: ${{ steps.get-version.outputs.NEXT_VERSION_NO_PREFIX }} + + steps: + - uses: actions/checkout@v5 + with: + fetch-depth: 0 # Includes all history for all branches and tags + + - id: get-version + uses: joemcbride/git-version-lite@v3.2.0 + with: + calculate-prerelease-version: ${{ needs.setup-build-workflow.outputs.IS_PRERELEASE }} + branch-name: ${{ needs.setup-build-workflow.outputs.REF_TO_BUILD_AND_TAG }} + tag-prefix: certbot- + fallback-to-no-prefix-search: false + default-release-type: minor + create-ref: true + github-token: ${{ secrets.GITHUB_TOKEN }} + + - run: | + echo "The next version is ${{ env.NEXT_VERSION }}" + echo "The next version without the prefix is ${{ env.NEXT_VERSION_NO_PREFIX }}" + + build: + runs-on: ubuntu-latest + needs: get-version + permissions: + id-token: write + contents: read + env: + CI: true + AWS_REGION: us-west-2 + NEXT_VERSION: ${{ needs.get-version.outputs.NEXT_VERSION }} + NEXT_VERSION_NO_PREFIX: ${{ needs.get-version.outputs.NEXT_VERSION_NO_PREFIX }} + NEXT_BUILD_VERSION: ${{ needs.get-version.outputs.NEXT_BUILD_VERSION }} + + steps: + - name: Checkout code + uses: actions/checkout@v5 + + - name: Set up Python + uses: actions/setup-python@v6 + with: + python-version: '3.13' + + - name: Run package script + run: ./package.sh + + - name: Show package size + run: | + echo "Package size:" + du -h certbot/certbot-lambda.zip || echo "certbot-lambda.zip not found" + + - name: Upload build artifacts + uses: actions/upload-artifact@v4 + with: + name: certbot-lambda-package + path: certbot/certbot-lambda.zip + retention-days: 30 + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v5 + with: + role-to-assume: arn:aws:iam::888985673581:role/GithubActions-DovetailSofware_Org-OIDC + role-session-name: GitHub_to_AWS_via_FederatedOIDC + aws-region: ${{ env.AWS_REGION }} + + - name: Upload Certbot Lambda Assets to S3 + working-directory: certbot + run: | + aws s3 cp . s3://jenkins-artifacts.us-west-2.dovetailnow.com/jobs/certbot-lambda/$NEXT_VERSION_NO_PREFIX --recursive --exclude "*" --include "*.zip" diff --git a/package.sh b/package.sh index 09d1362..079a013 100755 --- a/package.sh +++ b/package.sh @@ -4,20 +4,32 @@ set -e readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" readonly CERTBOT_VERSION=$( awk -F= '$1 == "certbot"{ print $NF; }' "${SCRIPT_DIR}/requirements.txt" ) -readonly VENV="certbot/venv" -readonly PYTHON="python3" -readonly CERTBOT_ZIP_FILE="certbot.zip" -readonly CERTBOT_SITE_PACKAGES=${VENV}/Lib/site-packages +VENV="certbot/venv" +readonly PYTHON="python" +readonly CERTBOT_ZIP_FILE="certbot-lambda.zip" +CERTBOT_SITE_PACKAGES=${VENV}/lib/site-packages + +readonly CI=$CI cd "${SCRIPT_DIR}" -${PYTHON} -m venv "${VENV}" -source "${VENV}/Scripts/activate" +if [ "${CI}" = true ]; then + echo "Running in CI mode" + ${PYTHON} -m venv $VENV + VENV=$GITHUB_WORKSPACE/$VENV + source $VENV/bin/activate + CERTBOT_SITE_PACKAGES=${VENV}/lib/python3.13/site-packages +else + echo "Running in local mode" + rm -rf ./certbot + ${PYTHON} -m venv "${VENV}" + source "${VENV}/Scripts/activate" +fi -pip3 install -r requirements.txt +pip install -r requirements.txt pushd ${CERTBOT_SITE_PACKAGES} - zip -r -q ${SCRIPT_DIR}/certbot/${CERTBOT_ZIP_FILE} . -x "/*__pycache__/*" + 7z a -tzip ${SCRIPT_DIR}/certbot/${CERTBOT_ZIP_FILE} . -xr!__pycache__ popd -zip -g "certbot/${CERTBOT_ZIP_FILE}" main.py +7z a -tzip "certbot/${CERTBOT_ZIP_FILE}" main.py diff --git a/requirements.txt b/requirements.txt index d57015f..5fda595 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,64 +1,4 @@ -acme==2.9.0 -apispec==6.3.0 -awscli==1.32.52 -awscli-local==0.22.0 -boto3==1.34.52 -botocore==1.34.52 -cachetools==5.0.0 -certbot==2.9.0 -certbot-dns-route53==2.9.0 -certbot-dns-tencentcloud==2.0.2 -certifi==2023.7.22 -cffi==1.15.1 -charset-normalizer==3.1.0 -click==8.1.3 -colorama==0.4.4 -ConfigArgParse==1.7 -configobj==5.0.8 -cryptography==42.0.5 -dill==0.3.6 -distro==1.9.0 -dnslib==0.9.23 -dnspython==2.3.0 -docutils==0.16 -ecdsa==0.18.0 -idna==3.4 -jmespath==1.0.1 -josepy==1.14.0 -lark==1.1.5 -localstack-client==2.5 -markdown-it-py==2.2.0 -mdurl==0.1.2 -packaging==23.1 -parsedatetime==2.6 -pbr==5.11.1 -pcore==0.2.1 -plux==1.5.0 -psh==0.2.12 -psutil==5.9.5 -psys==0.4.2 -pyaes==1.6.1 -pyasn1==0.5.0 -pycparser==2.21 -Pygments==2.15.1 -pyOpenSSL==24.0.0 -pyRFC3339==1.1 -python-dateutil==2.8.2 -python-dotenv==1.0.0 -python-hcl2==4.3.0 -python-jose==3.3.0 -pytz==2024.1 -pywin32==306 -PyYAML==6.0.1 -requests==2.31.0 -rich==13.3.4 -rsa==4.7.2 -s3transfer==0.10.0 -semver==3.0.0 -six==1.16.0 -stevedore==5.0.0 -tabulate==0.9.0 -tailer==0.4.1 -terraform-local==0.16.0 -urllib3==2.0.7 -windows-curses==2.3.2 +boto3==1.40.48 +certbot==5.1.0 +certbot-dns-route53==5.1.0 +cryptography==46.0.2 \ No newline at end of file