Other dep updates and set up CD

Author: skizzerz

.cpanel.yml

@@ -0,0 +1,4 @@
+---
+deployment:
+  tasks:
+    - /bin/bash /home/werewolf/repositories/paste/deploy2.sh

.github/workflows/deploy.yml

@@ -0,0 +1,33 @@
+name: Deploy to production
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  deploy:
+    name: Deploy
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Setup python
+        uses: actions/setup-python@v2
+        with:
+          python-version: 3.7
+      - name: Install dependencies
+        run: pip install -r requirements.txt
+      - name: Run deployment
+        run: python deploy1.py
+        env:
+          DEBUG: 0
+          CPANEL_ENV: production
+          CPANEL_TOKEN: ${{ secrets.CPANEL_TOKEN }}
+          CPANEL_API_URL: "https://werewolf.chat:2083"
+          CPANEL_API_USER: werewolf
+          CPANEL_REPO_PATTERN: "/home/werewolf/repositories/{repo}"
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_REPO: ${{ github.repository }}
+          GITHUB_OWNER: ${{ github.repository_owner }}
+          GITHUB_COMMIT: ${{ github.sha }}
+          GITHUB_RUN_ID: ${{ github.run_id }}

app.py

@@ -5,12 +5,11 @@
 from flask import Flask, request, redirect, jsonify, abort, render_template
 from flask_talisman import Talisman
 from pygments import highlight
-from pygments.lexers import Python3TracebackLexer
+from pygments.lexers import PythonTracebackLexer
 from pygments.formatters import HtmlFormatter
 import db
 import config
 import webhook
-from style import SimpleStyle
 
 app = Flask(__name__)
 Talisman(app, content_security_policy={"default-src": "'self' 'unsafe-inline'"})
@@ -89,9 +88,9 @@ def get_paste(slug):
     if _wants_json():
         return jsonify({"status": "success", "data": data["paste_content"], "expires": data["paste_expires"]})
     output = highlight(data["paste_content"],
-                     Python3TracebackLexer(),
-                     HtmlFormatter(full=True, linenos="table", lineanchors="l",
-                                   anchorlinenos=True, wrapcode=True))
+                       PythonTracebackLexer(),
+                       HtmlFormatter(full=True, linenos="table", lineanchors="l",
+                                     anchorlinenos=True, wrapcode=True))
     # get rid of red boxes. Tried to do this the "official" way but pygments hates me
     return output.replace(r'class="err"', "")
 

deploy1.py

@@ -0,0 +1,186 @@
+import json
+import requests
+import sys
+import logging
+import pprint
+import time
+import os
+import functools
+
+# this script is executed in a github actions container
+
+DEBUG_MODE = int(os.environ["DEBUG"])
+CLEANUP = []
+
+def run():
+    gh_owner = os.environ["GITHUB_OWNER"]
+    gh_owner_repo = os.environ["GITHUB_REPO"]
+    gh_repo = gh_owner_repo[len(gh_owner)+1:]
+
+    cp_repo = os.environ["CPANEL_REPO_PATTERN"].format(owner=gh_owner, repo=gh_repo)
+    gh_deploy = "repos/{}/deployments".format(gh_owner_repo)
+
+    # add some logging about web requests that we make
+    if DEBUG_MODE:
+        logging.basicConfig(level=logging.DEBUG)
+
+    # make a new deployment in github
+    res = github_api("POST", gh_deploy, {
+        "ref": os.environ["GITHUB_SHA"],
+        "task": "deploy",
+        "required_contexts": [],
+        "auto_merge": False,
+        "environment": os.environ["CPANEL_ENV"]
+    })
+
+    gh_deploy_status = "{}/{}/statuses".format(gh_deploy, res["id"])
+    gh_status_url = "https://github.com/{}/actions/runs/{}".format(gh_owner_repo, os.environ["GITHUB_RUN_ID"])
+    res = github_api("POST", gh_deploy_status, {
+        "state": "pending",
+        "target_url": gh_status_url,
+        "description": "Initializing deployment"
+    })
+
+    CLEANUP.append(functools.partial(github_api, "POST", gh_deploy_status, {
+        "state": "error",
+        "target_url": gh_status_url,
+        "description": "Aborted due to error in GitHub Actions run"
+    }))
+
+    # Updates the repo to the latest master revision
+    res = cpanel_api("VersionControl", "update", {
+        "repository_root": cp_repo,
+        "branch": "master"
+    })
+
+    # check if we can execute a deploy
+    # if this fails, it's because the repo on the webserver has changes
+    # or is missing a .cpanel.yml file with deployment steps
+    if not res["data"]["deployable"]:
+        raise RuntimeError("Repository is not deployable, aborting!")
+
+    # create a deployment
+    res = cpanel_api("VersionControlDeployment", "create", {
+        "repository_root": cp_repo
+    })
+    cp_deploy_id = res["data"]["deploy_id"]
+
+    # mark deployment as queued
+    res = github_api("POST", gh_deploy_status, {
+        "state": "queued",
+        "target_url": gh_status_url,
+        "description": "Deployment {} queued at {} (task {})".format(res["data"]["deploy_id"],
+                                                                     res["data"]["timestamps"]["queued"],
+                                                                     res["data"]["task_id"])
+    })
+
+    # fetch deployment status (note: uses a custom API module since built-in
+    # one doesn't let us filter on a specific deployment id)
+    # Custom API module source code is available at:
+    # https://gist.github.com/skizzerz/85a0a2d4a6176ffa67004cd22c507799
+    cur_state = "queued"
+    success = False
+    i = 0
+    while True:
+        i += 1
+        # if the deployment is taking forever, give up on checking status
+        if i > 60:
+            res = github_api("POST", gh_deploy_status, {
+                "state": "error",
+                "target_url": gh_status_url,
+                "description": "No deployment response after 5 minutes, aborting action"
+            })
+            break
+        print("Sleeping for 5 seconds then checking status", flush=True)
+        time.sleep(5)
+        res = cpanel_api("VCDeployStatus", "retrieve", query={
+            "deploy_id": cp_deploy_id
+        })
+
+        if res["data"]["timestamps"].get("succeeded", None):
+            res = github_api("POST", gh_deploy_status, {
+                "state": "success",
+                "auto_inactive": True,
+                "target_url": gh_status_url,
+                "description": "Deployment {} succeeded at {} (task {})".format(res["data"]["deploy_id"],
+                                                                                res["data"]["timestamps"]["succeeded"],
+                                                                                res["data"]["task_id"])
+            })
+            success = True
+            break
+        if res["data"]["timestamps"].get("failed", None):
+            res = github_api("POST", gh_deploy_status, {
+                "state": "failure",
+                "target_url": gh_status_url,
+                "description": "Deployment {} FAILED at {} (task {})".format(res["data"]["deploy_id"],
+                                                                             res["data"]["timestamps"]["failed"],
+                                                                             res["data"]["task_id"])
+            })
+            break
+        if res["data"]["timestamps"].get("canceled", None):
+            res = github_api("POST", gh_deploy_status, {
+                "state": "failure",
+                "target_url": gh_status_url,
+                "description": "Deployment {} CANCELED at {} (task {})".format(res["data"]["deploy_id"],
+                                                                               res["data"]["timestamps"]["canceled"],
+                                                                               res["data"]["task_id"])
+            })
+            break
+        if cur_state == "queued" and res["data"]["timestamps"].get("active", None):
+            res = github_api("POST", gh_deploy_status, {
+                "state": "in_progress",
+                "target_url": gh_status_url,
+                "description": "Deployment {} began running at {} (task {})".format(res["data"]["deploy_id"],
+                                                                                    res["data"]["timestamps"]["active"],
+                                                                                    res["data"]["task_id"])
+            })
+            cur_state = "in_progress"
+        else:
+            print("No new deployment status updates", flush=True)
+
+    CLEANUP.clear()
+    return success
+
+def cpanel_api(module, endpoint, body=None, query=None):
+    headers = {
+        "Authorization": "cpanel {}:{}".format(os.environ["CPANEL_API_USER"], os.environ["CPANEL_TOKEN"])
+    }
+
+    url = "{}/execute/{}/{}".format(os.environ["CPANEL_API_URL"], module, endpoint)
+    method = "POST" if body else "GET"
+    print(method, url, flush=True)
+    r = requests.request(method, url, headers=headers, params=query, data=body)
+    r.raise_for_status()
+    data = r.json()
+    if DEBUG_MODE or not data["status"]:
+        pprint.pprint(data)
+        print("", flush=True)
+    if not data["status"]:
+        raise RuntimeError("API call was unsuccessful, aborting!")
+    return data
+
+def github_api(method, endpoint, body=None):
+    headers = {
+        "Authorization": "Bearer {}".format(os.environ["GITHUB_TOKEN"]),
+        # opt into preview letting us set additional deployment status types
+        # remove this line once it hits stable API
+        "Accept": "application/vnd.github.flash-preview+json, aplication/vnd.github.ant-man-preview+json"
+    }
+
+    url = "https://api.github.com/{}".format(endpoint)
+    print(method, url, flush=True)
+    r = requests.request(method, url, headers=headers, json=body)
+    data = r.json()
+    if DEBUG_MODE or r.status_code >= 400:
+        pprint.pprint(data)
+        print("", flush=True)
+    r.raise_for_status()
+    return data
+
+if __name__ == "__main__":
+    try:
+        if not run():
+            sys.exit(1)
+    finally:
+        for callback in CLEANUP:
+            callback()

deploy2.sh

@@ -0,0 +1,87 @@
+#!/bin/bash
+
+# this script is executed on the webserver
+
+# there's a bunch of sleep commands to guard things that don't necessarily
+# complete in realtime; should evaluate if they're actually necessary
+# and if they are how small we can make them
+
+##########
+# set up correct version of python/pip
+##########
+echo "Initializing deployment"
+export VIRTUAL_ENV_DISABLE_PROMPT=1
+source /home/werewolf/virtualenv/paste/3.7/bin/activate
+
+SOURCEPATH=/home/werewolf/repositories/paste
+DESTPATH=/home/werewolf/paste
+BAKPATH=/home/werewolf/paste.bak
+
+##########
+# make a backup
+##########
+echo "Creating backup"
+rm -rf $BAKPATH
+mv $DESTPATH $BAKPATH
+
+##########
+# ensure dependencies are up to date
+##########
+echo "Ensuring updated dependencies"
+cd $SOURCEPATH
+pip install --upgrade -r requirements.txt
+
+##########
+# copy files
+##########
+echo "Copying files"
+mkdir $DESTPATH
+mkdir $DESTPATH/tmp
+cp -r . $DESTPATH
+
+##########
+# cleanup unnecessary files
+##########
+rm -rf $DESTPATH/.git
+rm -rf $DESTPATH/.github
+rm -f $DESTPATH/.gitignore
+rm -f $DESTPATH/.cpanel.yml
+rm -f $DESTPATH/deploy*
+
+##########
+# restart app
+##########
+echo "Restarting webapp"
+touch $DESTPATH/tmp/restart.txt
+sleep 5
+
+##########
+# test if app runs successfully
+##########
+SUCCESS=0
+curl -f https://ww.chat > /dev/null
+if [ $? -ne 0 ]; then
+    SUCCESS=1
+fi
+
+sleep 5
+if [ -s $DESTPATH/stderr.log ]; then
+    SUCCESS=1
+fi
+
+##########
+# restore backup if app didn't run successfully
+##########
+if [ SUCCESS -eq 1 ]; then
+    echo "Webapp failed, restoring backup. Below is what was found in the log:"
+    cat $DESTPATH/stderr.log
+    rm -rf $DESTPATH
+    mv $BAKPATH $DESTPATH
+    touch $DESTPATH/tmp/restart.txt
+    sleep 5
+    curl -f https://ww.chat > /dev/null
+    echo "Backup restored"
+fi
+
+echo "Deployment complete"
+exit $SUCCESS

requirements.txt

@@ -1,28 +1,19 @@
-asn1crypto==1.2.0
-certifi==2019.9.11
-cffi==1.13.2
+certifi==2020.6.20
+cffi==1.14.3
 chardet==3.0.4
-Click==7.0
-cryptography==3.2
-elasticsearch==7.1.0
-Flask==1.1.1
-flask-mwoauth==0.4.75
+click==7.1.2
+cryptography==3.2.1
+Flask==1.1.2
 flask-talisman==0.7.0
-future==0.18.2
-idna==2.8
+idna==2.10
 itsdangerous==1.1.0
-Jinja2==2.10.3
+Jinja2==2.11.2
 MarkupSafe==1.1.1
-mwoauth==0.3.7
-mysql-connector-python==8.0.18
-oauthlib==3.1.0
-protobuf==3.10.0
-pycparser==2.19
-Pygments==2.4.2
-PyJWT==1.7.1
-python-dateutil==2.8.1
-requests==2.22.0
-requests-oauthlib==1.3.0
-six==1.13.0
-urllib3==1.25.7
-Werkzeug==0.16.0
+mysql-connector-python==8.0.22
+protobuf==3.13.0
+pycparser==2.20
+Pygments==2.7.2
+requests==2.24.0
+six==1.15.0
+urllib3==1.25.11
+Werkzeug==1.0.1