Merge pull request #17 from keybase/david/circleci

Add CircleCI config

Author: ddworken

.circleci/config.yml

@@ -0,0 +1,34 @@
+version: 2
+jobs:
+  integration:
+    machine:
+      image: circleci/classic:latest
+    steps:
+      - checkout
+      - run: "./integrationTest.sh"
+  unit:
+    docker:
+      - image: circleci/golang:1.11
+    steps:
+      - checkout
+      - run: go test ./...
+  lint:
+    docker:
+      - image: circleci/golang:1.11
+    steps:
+      - checkout
+      - run: "! go fmt ./... 2>&1 | read"
+      - run: "! go vet ./... 2>&1 | read"
+      - run: go get -u golang.org/x/lint/golint
+      - run: "! golint ./... 2>&1 | read"
+      - run: go get golang.org/x/tools/cmd/goimports
+      - run: "! goimports ./... 2>&1 | read"
+      - run: "! go mod tidy ./... 2>&1 | read"
+workflows:
+  version: 2
+  build:
+    jobs:
+      - integration
+      - unit
+      - lint
+      

integrationTest.sh

@@ -3,14 +3,24 @@ set -euo pipefail
 IFS=$'\n\t'
 
 # Unit tests first
-go test ./... 2>&1 | grep -v 'no test files'
+set +u
+if [ -z "$CIRCLECI" ]; then
+  go test ./... 2>&1 | grep -v 'no test files'
+fi
 
+# Ensure we have the correct environment variables
 if [[ -f "tests/env.sh" ]]; then
-    echo "env.sh file already exists, skipping configuring new accounts..."
+  echo "env.sh already exists, skipping configuring new accounts..."
+  source tests/env.sh
 else
+  if [ -n "$CIRCLECI" ]; then
+    echo "Running in circle with configured environment variables"
+  else
     python3 tests/configure_accounts.py
+    source tests/env.sh
+  fi
 fi
-
+set -u
 
 # Some colors for pretty output
 RED='\033[0;31m'
@@ -19,13 +29,13 @@ NC='\033[0m'
 
 # A function used to indent the log output from the tests
 indent() { sed 's/^/    /'; }
+# Reset docker and wipe all volumes
 reset_docker() {
     docker-compose down -v
     docker system prune -f
 }
 
 cd tests/
-source env.sh
 reset_docker
 
 echo "Building containers..."

tests/Dockerfile-sshd

@@ -1,4 +1,4 @@
-# This dockerfile builds an openssh server that will accept SSH keys signed by the key provided in /mnt/keybase-ca-key.pub
+# This dockerfile builds an openssh server that will accept SSH keys signed by the key provided in /shared/keybase-ca-key.pub
 # It takes in a build argument and only allows keys with the build argument in the principals field
 FROM ubuntu:18.04
 
@@ -26,4 +26,4 @@ RUN echo -n "uniquestring" > /etc/unique
 
 EXPOSE 22
 
-CMD ln -sf /mnt/keybase-ca-key.pub /etc/ssh/ca.pub && /usr/sbin/sshd -D
+CMD ln -sf /shared/keybase-ca-key.pub /etc/ssh/ca.pub && /usr/sbin/sshd -D

tests/bot-entrypoint.py

@@ -24,7 +24,7 @@ def load_env():
         "bin/keybaseca --wipe-all-configs\n"
         "bin/keybaseca --wipe-logs || true\n"
         "bin/keybaseca generate --overwrite-existing-key\n"
-        "echo yes | bin/keybaseca backup > /mnt/cakey.backup\n"
+        "echo yes | bin/keybaseca backup > /shared/cakey.backup\n"
         "bin/keybaseca service &"
     ) % (shlex.quote(path)))
     # Sleep so keybaseca has time to start

tests/bot-entrypoint.sh

@@ -2,17 +2,16 @@
 set -euo pipefail
 IFS=$'\n\t'
 
-# For some reason it is necessary to touch a file in /mnt/ in order to get the volume permissions to work correctly
+# For some reason it is necessary to touch a file in /shared/ in order to get the volume permissions to work correctly
 # when keybaseca generate runs
-touch /mnt/.keep
+touch /shared/.keep
 
 # Generate the env files that will be used for tests
-source tests/env.sh
 mkdir -p tests/generated-env
 ls tests/envFiles/ | xargs -I {} -- bash -c 'cat tests/envFiles/{} | envsubst > tests/generated-env/{}'
 
 nohup bash -c "run_keybase -g &"
 sleep 3
 keybase oneshot --username $BOT_USERNAME --paperkey "$BOT_PAPERKEY"
-touch /mnt/ready
+touch /shared/ready
 python3 tests/bot-entrypoint.py

tests/docker-compose.yml

@@ -9,10 +9,11 @@ services:
     environment:
       - BOT_PAPERKEY
       - BOT_USERNAME
+      - SUBTEAM
     volumes:
-      - app-volume:/mnt/
+      - app-volume:/shared/
     user: root
-    command: "sh -c 'chown -R keybase:keybase /mnt && su keybase -c \"bash tests/bot-entrypoint.sh\"'"
+    command: "sh -c 'chown -R keybase:keybase /shared && su keybase -c \"bash tests/bot-entrypoint.sh\"'"
     ports:
       - 8080  # Used for the flask webserver that manages restarting keybaseca with different config options
     depends_on:
@@ -31,7 +32,7 @@ services:
       - SUBTEAM
       - SUBTEAM_SECONDARY
     volumes:
-      - app-volume:/mnt/
+      - app-volume:/shared/
     user: keybase
     command: "bash tests/tester-entrypoint.sh"
     depends_on:
@@ -49,7 +50,7 @@ services:
         user_principal: ${SUBTEAM}.ssh.staging
         root_principal: ${SUBTEAM}.ssh.root_everywhere
     volumes:
-      - app-volume:/mnt/
+      - app-volume:/shared/
   # An ssh server that will accept signed requests with the principal "prod"
   sshd-prod:
     image: sshd-prod
@@ -61,6 +62,6 @@ services:
         user_principal: ${SUBTEAM}.ssh.prod
         root_principal: ${SUBTEAM}.ssh.root_everywhere
     volumes:
-      - app-volume:/mnt/
+      - app-volume:/shared/
 volumes:
   app-volume:

tests/envFiles/README.md

@@ -1,2 +1,3 @@
 The files in this directory are env files used to run the CA bot. The files are filled in based on
-the values of environment variables `SUBTEAM`, `BOT_USERNAME`, and `BOT_PAPERKEY` from tests/env.sh.
+the values of environment variables `SUBTEAM`, `BOT_USERNAME`, and `BOT_PAPERKEY`. When running
+locally, these environment variables are stored in tests/env.sh. 

tests/envFiles/test_env_1

@@ -6,3 +6,4 @@ export TEAMS="$SUBTEAM.ssh.staging,$SUBTEAM.ssh.prod,$SUBTEAM.ssh.root_everywher
 export KEYBASE_PAPERKEY="$BOT_PAPERKEY"
 export KEYBASE_USERNAME="$BOT_USERNAME"
 export CHAT_CHANNEL="$SUBTEAM.ssh#ssh-provision"
+export CA_KEY_LOCATION="/shared/keybase-ca-key"

tests/envFiles/test_env_2_local_audit_log

@@ -1,7 +1,8 @@
 # Used to test sending the audit log to the normal filesystem. The code that handles local audit log writes is different
 # from the code that handles KBFS audit log writes.
 export KEY_EXPIRATION="+1h"
-export LOG_LOCATION="/mnt/ca.log"
+export LOG_LOCATION="/shared/ca.log"
 export TEAMS="$SUBTEAM.ssh.staging,$SUBTEAM.ssh.prod,$SUBTEAM.ssh.root_everywhere"
 export KEYBASE_PAPERKEY="$BOT_PAPERKEY"
 export KEYBASE_USERNAME="$BOT_USERNAME"
+export CA_KEY_LOCATION="/shared/keybase-ca-key"

tests/envFiles/test_env_3_user_not_in_first_team

@@ -1,7 +1,8 @@
 # Used to test the behavior of the chatbot when the user is not in the first listed team. This used to not work
 # due to the choice of only placing config files in the first team.
 export KEY_EXPIRATION="+1h"
-export LOG_LOCATION="/mnt/ca.log"
+export LOG_LOCATION="/shared/ca.log"
 export TEAMS="$SUBTEAM.ssh.prod,$SUBTEAM.ssh.staging,$SUBTEAM.ssh.root_everywhere"
 export KEYBASE_PAPERKEY="$BOT_PAPERKEY"
 export KEYBASE_USERNAME="$BOT_USERNAME"
+export CA_KEY_LOCATION="/shared/keybase-ca-key"