init: a repo for various pipelines of workspaces

2025-05-17 15:51:29 +00:00
commit 6ed0d234d4
7 changed files with 567 additions and 0 deletions
--- a/gitops_router.sh
+++ b/gitops_router.sh
@ -0,0 +1,178 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+PERSON="${1:?Missing PERSON argument}"
+HOST="alps:3222"
+PROTOCOL="http"
+REPO=("babbarc/workspaces" "babbarc/workspaces-pipelines" "babbarc/workspaces-sec-alps-infilytics")
+BRANCH="master"
+LOG_FILE="/tmp/.gitops-router-${PERSON}.log"
+
+# ─────────────────────────────────────────────
+# ANSI color codes
+readonly C_RESET='\033[0m'
+readonly C_INFO='\033[1;34m'  # bold blue
+readonly C_WARN='\033[1;33m'  # bold yellow
+readonly C_ERROR='\033[1;31m' # bold red
+
+# ─────────────────────────────────────────────
+# log <level> <message...> with emojis
+log() {
+  local lvl="${1^^}"
+  shift
+  local icon color
+
+  case "$lvl" in
+  INFO) icon="ℹ️" color="$C_INFO" ;;
+  WARN) icon="⚠️" color="$C_WARN" ;;
+  ERROR) icon="❌" color="$C_ERROR" ;;
+  *) icon="🔹" color="$C_RESET" ;;
+  esac
+
+  local ts
+  ts="$(date '+%Y-%m-%d %H:%M:%S')"
+  printf '%b%s [%s] [%s] %s%b\n' \
+    "$color" "$icon" "$ts" "$lvl" "$*" "$C_RESET" |
+    tee -a "$LOG_FILE"
+}
+
+# ─────────────────────────────────────────────
+# Build the raw URL for fetching files
+geturl() {
+  local repo="$1" type="$2" file="$3"
+  printf '%s://%s/%s/%s/branch/%s/%s\n' \
+    "$PROTOCOL" "$HOST" "${REPO[$repo]}" "$type" "$BRANCH" "$file"
+}
+
+# ─────────────────────────────────────────────
+# Run a local script
+run() {
+  local script="$1"
+  "$HOME/.local/bin/$script"
+}
+
+# ─────────────────────────────────────────────
+# Download & install an artifact
+# update <repo> <file> <target-dir> <mode> [<type>]
+update() {
+  local repo="$1" file="$2" dir="$3" mode="$4" type="${5:-raw}"
+  local url out
+
+  out="$HOME/$dir/$(basename "$file")"
+  url="$(geturl "$repo" "$type" "$file")"
+
+  [[ -f "$out" ]] && chmod 700 "$out"
+
+  if curl -fsSL "$url" -o "$out"; then
+    log INFO "Downloaded $url → $out"
+    chmod "$mode" "$out"
+  else
+    log ERROR "Failed to download $url"
+    return 1
+  fi
+}
+
+# ─────────────────────────────────────────────
+# Clean up dangling podman images
+clean_images() {
+  local dangling
+  dangling="$(podman images -f dangling=true -q)"
+  if [[ -z "$dangling" ]]; then
+    log INFO "No dangling images to remove."
+  else
+    log WARN "Removing dangling images..."
+    echo "$dangling" | xargs podman rmi
+    log INFO "Dangling images removed."
+  fi
+}
+
+# ─────────────────────────────────────────────
+# Remove host podman containers
+remove_containers() {
+  local tokens=("$@")
+  local flags=() patterns=() containers=()
+  local valid='^[A-Za-z0-9._-]+$'
+
+  # allow unmatched globs to disappear
+  shopt -s nullglob
+
+  # separate flags (-f, etc.) from name patterns
+  for tok in "${tokens[@]}"; do
+    if [[ "$tok" == -* ]]; then
+      flags+=("$tok")
+    else
+      patterns+=("$tok")
+    fi
+  done
+
+  # validate & expand each pattern
+  for pat in "${patterns[@]}"; do
+    if [[ ! "$pat" =~ $valid ]]; then
+      log ERROR "Invalid container name: '$pat'"
+      shopt -u nullglob
+      return 1
+    fi
+    containers+=("$pat")
+  done
+
+  shopt -u nullglob
+
+  if ((${#containers[@]} == 0)); then
+    log WARN "No containers matched: ${patterns[*]}"
+    return 0
+  fi
+
+  # pass flags *then* containers to podman rm
+  podman rm "${flags[@]}" "${containers[@]}"
+}
+
+# ─────────────────────────────────────────────
+# validate_command <workspace> <cmd> [<tok1> <tok2> …]
+source "$HOME"/.local/bin/validate_command_access.sh
+
+# ─────────────────────────────────────────────
+# Entry & command parsing
+if [[ -z "${SSH_ORIGINAL_COMMAND:-}" ]]; then
+  log ERROR "No SSH_ORIGINAL_COMMAND provided."
+  exit 1
+fi
+
+log INFO "SSH_ORIGINAL_COMMAND: $SSH_ORIGINAL_COMMAND"
+read -ra parts <<<"$SSH_ORIGINAL_COMMAND"
+cmd="${parts[0]}"
+args=("${parts[@]:1}")
+
+validate_command "$PERSON" "$cmd" "${args[@]}"
+
+# ─────────────────────────────────────────────
+# Dispatch
+case "$cmd" in
+build)
+  case "${args[0]}" in
+  base) podman build --target base -t analytics-backend-base . ;;
+  workspace) podman build --target base -t analytics-backend-base . ;;
+  all) podman build -t analytics-backend-workspace . ;;
+  *) log ERROR "build: invalid arg '${args[0]}'" ;;
+  esac
+  ;;
+update)
+  case "${args[0]}" in
+  containerfile) update 0 Containerfile . 500 ;;
+  access) update 2 access.yml . 400 ;;
+  authorized_keys) update 2 access.yml . 400 ;;
+  ssh_router) update 1 ssh_router.sh .local/bin 500 ;;
+  gitops_router) update 1 gitops_router.sh .local/bin 500 ;;
+  validate_command) update 1 validate_command_access.sh .local/bin 500 ;;
+  home_tar) update 0 home.tar.gz . 500 media ;;
+  gitconfig) update 0 gitconfig.template . 500 ;;
+  *) log ERROR "update: invalid arg '${args[0]}'" ;;
+  esac
+  ;;
+clean) clean_images ;;
+status) podman images ;;
+remove) remove_containers "${args[@]}" ;;
+*)
+  log ERROR "Unknown command: '$cmd'"
+  exit 127
+  ;;
+esac