fix: escape shell variables from Woodpecker CI substitution
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Woodpecker pre-processes ${VAR} syntax as CI variables, replacing
undefined ones with empty strings. Use $$ escaping for shell variables
to prevent Woodpecker from consuming them. The ${REPO} variable in
the skopeo publish step was being replaced with empty string.
This commit is contained in:
Viktor Barzin
parent
792776bfe0
commit
1dd0c25cbc
1 changed files with 51 additions and 51 deletions
102
.woodpecker.yml
102
.woodpecker.yml
|
|
@ -75,15 +75,15 @@ steps:
|
||||||
- |
|
- |
|
||||||
for REPO in trading-bot-service trading-bot-dashboard; do
|
for REPO in trading-bot-service trading-bot-dashboard; do
|
||||||
skopeo copy \
|
skopeo copy \
|
||||||
--src-creds "viktorbarzin:$DOCKERHUB_TOKEN" \
|
--src-creds "viktorbarzin:$$DOCKERHUB_TOKEN" \
|
||||||
--dest-creds "viktorbarzin:$DOCKERHUB_TOKEN" \
|
--dest-creds "viktorbarzin:$$DOCKERHUB_TOKEN" \
|
||||||
"docker://docker.io/viktorbarzin/${REPO}:build-${CI_PIPELINE_NUMBER}" \
|
"docker://docker.io/viktorbarzin/$${REPO}:build-${CI_PIPELINE_NUMBER}" \
|
||||||
"docker://docker.io/viktorbarzin/${REPO}:${CI_PIPELINE_NUMBER}"
|
"docker://docker.io/viktorbarzin/$${REPO}:${CI_PIPELINE_NUMBER}"
|
||||||
skopeo copy \
|
skopeo copy \
|
||||||
--src-creds "viktorbarzin:$DOCKERHUB_TOKEN" \
|
--src-creds "viktorbarzin:$$DOCKERHUB_TOKEN" \
|
||||||
--dest-creds "viktorbarzin:$DOCKERHUB_TOKEN" \
|
--dest-creds "viktorbarzin:$$DOCKERHUB_TOKEN" \
|
||||||
"docker://docker.io/viktorbarzin/${REPO}:build-${CI_PIPELINE_NUMBER}" \
|
"docker://docker.io/viktorbarzin/$${REPO}:build-${CI_PIPELINE_NUMBER}" \
|
||||||
"docker://docker.io/viktorbarzin/${REPO}:latest"
|
"docker://docker.io/viktorbarzin/$${REPO}:latest"
|
||||||
done
|
done
|
||||||
|
|
||||||
- name: update-deployment
|
- name: update-deployment
|
||||||
|
|
@ -93,25 +93,25 @@ steps:
|
||||||
commands:
|
commands:
|
||||||
- apk add --no-cache curl jq
|
- apk add --no-cache curl jq
|
||||||
- |
|
- |
|
||||||
TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
|
TOKEN=$$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
|
||||||
SERVICE_IMAGE="viktorbarzin/trading-bot-service:${CI_PIPELINE_NUMBER}"
|
SERVICE_IMAGE="viktorbarzin/trading-bot-service:${CI_PIPELINE_NUMBER}"
|
||||||
DASHBOARD_IMAGE="viktorbarzin/trading-bot-dashboard:${CI_PIPELINE_NUMBER}"
|
DASHBOARD_IMAGE="viktorbarzin/trading-bot-dashboard:${CI_PIPELINE_NUMBER}"
|
||||||
RESTART_AT=$(date -u +%Y-%m-%dT%H:%M:%SZ)
|
RESTART_AT=$$(date -u +%Y-%m-%dT%H:%M:%SZ)
|
||||||
API="https://kubernetes:6443/apis/apps/v1/namespaces/trading-bot/deployments"
|
API="https://kubernetes:6443/apis/apps/v1/namespaces/trading-bot/deployments"
|
||||||
|
|
||||||
# --- trading-bot-frontend: 2 containers ---
|
# --- trading-bot-frontend: 2 containers ---
|
||||||
echo "Patching trading-bot-frontend..."
|
echo "Patching trading-bot-frontend..."
|
||||||
curl -sf -X PATCH "$API/trading-bot-frontend" \
|
curl -sf -X PATCH "$$API/trading-bot-frontend" \
|
||||||
-H "Authorization: Bearer $TOKEN" \
|
-H "Authorization: Bearer $$TOKEN" \
|
||||||
-H "Content-Type: application/strategic-merge-patch+json" \
|
-H "Content-Type: application/strategic-merge-patch+json" \
|
||||||
-k -d "{
|
-k -d "{
|
||||||
\"spec\":{
|
\"spec\":{
|
||||||
\"paused\":null,
|
\"paused\":null,
|
||||||
\"template\":{
|
\"template\":{
|
||||||
\"metadata\":{\"annotations\":{\"kubectl.kubernetes.io/restartedAt\":\"$RESTART_AT\"}},
|
\"metadata\":{\"annotations\":{\"kubectl.kubernetes.io/restartedAt\":\"$$RESTART_AT\"}},
|
||||||
\"spec\":{\"containers\":[
|
\"spec\":{\"containers\":[
|
||||||
{\"name\":\"dashboard\",\"image\":\"$DASHBOARD_IMAGE\"},
|
{\"name\":\"dashboard\",\"image\":\"$$DASHBOARD_IMAGE\"},
|
||||||
{\"name\":\"api-gateway\",\"image\":\"$SERVICE_IMAGE\"}
|
{\"name\":\"api-gateway\",\"image\":\"$$SERVICE_IMAGE\"}
|
||||||
]}
|
]}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -119,21 +119,21 @@ steps:
|
||||||
|
|
||||||
# --- trading-bot-workers: 6 containers ---
|
# --- trading-bot-workers: 6 containers ---
|
||||||
echo "Patching trading-bot-workers..."
|
echo "Patching trading-bot-workers..."
|
||||||
curl -sf -X PATCH "$API/trading-bot-workers" \
|
curl -sf -X PATCH "$$API/trading-bot-workers" \
|
||||||
-H "Authorization: Bearer $TOKEN" \
|
-H "Authorization: Bearer $$TOKEN" \
|
||||||
-H "Content-Type: application/strategic-merge-patch+json" \
|
-H "Content-Type: application/strategic-merge-patch+json" \
|
||||||
-k -d "{
|
-k -d "{
|
||||||
\"spec\":{
|
\"spec\":{
|
||||||
\"paused\":null,
|
\"paused\":null,
|
||||||
\"template\":{
|
\"template\":{
|
||||||
\"metadata\":{\"annotations\":{\"kubectl.kubernetes.io/restartedAt\":\"$RESTART_AT\"}},
|
\"metadata\":{\"annotations\":{\"kubectl.kubernetes.io/restartedAt\":\"$$RESTART_AT\"}},
|
||||||
\"spec\":{\"containers\":[
|
\"spec\":{\"containers\":[
|
||||||
{\"name\":\"news-fetcher\",\"image\":\"$SERVICE_IMAGE\"},
|
{\"name\":\"news-fetcher\",\"image\":\"$$SERVICE_IMAGE\"},
|
||||||
{\"name\":\"sentiment-analyzer\",\"image\":\"$SERVICE_IMAGE\"},
|
{\"name\":\"sentiment-analyzer\",\"image\":\"$$SERVICE_IMAGE\"},
|
||||||
{\"name\":\"signal-generator\",\"image\":\"$SERVICE_IMAGE\"},
|
{\"name\":\"signal-generator\",\"image\":\"$$SERVICE_IMAGE\"},
|
||||||
{\"name\":\"trade-executor\",\"image\":\"$SERVICE_IMAGE\"},
|
{\"name\":\"trade-executor\",\"image\":\"$$SERVICE_IMAGE\"},
|
||||||
{\"name\":\"learning-engine\",\"image\":\"$SERVICE_IMAGE\"},
|
{\"name\":\"learning-engine\",\"image\":\"$$SERVICE_IMAGE\"},
|
||||||
{\"name\":\"market-data\",\"image\":\"$SERVICE_IMAGE\"}
|
{\"name\":\"market-data\",\"image\":\"$$SERVICE_IMAGE\"}
|
||||||
]}
|
]}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -146,36 +146,36 @@ steps:
|
||||||
commands:
|
commands:
|
||||||
- apk add --no-cache curl jq
|
- apk add --no-cache curl jq
|
||||||
- |
|
- |
|
||||||
TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
|
TOKEN=$$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
|
||||||
EXPECTED_SERVICE="viktorbarzin/trading-bot-service:${CI_PIPELINE_NUMBER}"
|
EXPECTED_SERVICE="viktorbarzin/trading-bot-service:${CI_PIPELINE_NUMBER}"
|
||||||
EXPECTED_DASHBOARD="viktorbarzin/trading-bot-dashboard:${CI_PIPELINE_NUMBER}"
|
EXPECTED_DASHBOARD="viktorbarzin/trading-bot-dashboard:${CI_PIPELINE_NUMBER}"
|
||||||
BASE_API="https://kubernetes:6443/api/v1/namespaces/trading-bot/pods"
|
BASE_API="https://kubernetes:6443/api/v1/namespaces/trading-bot/pods"
|
||||||
DEPLOY_API="https://kubernetes:6443/apis/apps/v1/namespaces/trading-bot/deployments"
|
DEPLOY_API="https://kubernetes:6443/apis/apps/v1/namespaces/trading-bot/deployments"
|
||||||
|
|
||||||
for DEPLOY in trading-bot-frontend trading-bot-workers; do
|
for DEPLOY in trading-bot-frontend trading-bot-workers; do
|
||||||
echo "Verifying $DEPLOY..."
|
echo "Verifying $$DEPLOY..."
|
||||||
PODS_API="$BASE_API?labelSelector=app%3D$DEPLOY"
|
PODS_API="$$BASE_API?labelSelector=app%3D$$DEPLOY"
|
||||||
|
|
||||||
if [ "$DEPLOY" = "trading-bot-frontend" ]; then
|
if [ "$$DEPLOY" = "trading-bot-frontend" ]; then
|
||||||
EXPECTED_IMAGE="$EXPECTED_DASHBOARD"
|
EXPECTED_IMAGE="$$EXPECTED_DASHBOARD"
|
||||||
else
|
else
|
||||||
EXPECTED_IMAGE="$EXPECTED_SERVICE"
|
EXPECTED_IMAGE="$$EXPECTED_SERVICE"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
DEPLOY_STATUS=$(curl -sfk "$DEPLOY_API/$DEPLOY" \
|
DEPLOY_STATUS=$$(curl -sfk "$$DEPLOY_API/$$DEPLOY" \
|
||||||
-H "Authorization: Bearer $TOKEN" \
|
-H "Authorization: Bearer $$TOKEN" \
|
||||||
-H "Accept: application/json")
|
-H "Accept: application/json")
|
||||||
echo " Deployment status: replicas=$(echo "$DEPLOY_STATUS" | jq -r '.status.replicas // 0') updated=$(echo "$DEPLOY_STATUS" | jq -r '.status.updatedReplicas // 0') ready=$(echo "$DEPLOY_STATUS" | jq -r '.status.readyReplicas // 0')"
|
echo " Deployment status: replicas=$$(echo "$$DEPLOY_STATUS" | jq -r '.status.replicas // 0') updated=$$(echo "$$DEPLOY_STATUS" | jq -r '.status.updatedReplicas // 0') ready=$$(echo "$$DEPLOY_STATUS" | jq -r '.status.readyReplicas // 0')"
|
||||||
|
|
||||||
FOUND=0
|
FOUND=0
|
||||||
for i in $(seq 1 60); do
|
for i in $$(seq 1 60); do
|
||||||
RAW=$(curl -sfk "$PODS_API" \
|
RAW=$$(curl -sfk "$$PODS_API" \
|
||||||
-H "Authorization: Bearer $TOKEN" \
|
-H "Authorization: Bearer $$TOKEN" \
|
||||||
-H "Accept: application/json")
|
-H "Accept: application/json")
|
||||||
|
|
||||||
if [ "$i" -eq 1 ] || [ "$i" -eq 10 ] || [ "$i" -eq 30 ]; then
|
if [ "$$i" -eq 1 ] || [ "$$i" -eq 10 ] || [ "$$i" -eq 30 ]; then
|
||||||
echo " DEBUG (attempt $i): All pods for $DEPLOY:"
|
echo " DEBUG (attempt $$i): All pods for $$DEPLOY:"
|
||||||
echo "$RAW" | jq -r '[.items[] | {
|
echo "$$RAW" | jq -r '[.items[] | {
|
||||||
name: .metadata.name,
|
name: .metadata.name,
|
||||||
ready: ([.status.containerStatuses[]? | .ready] | all),
|
ready: ([.status.containerStatuses[]? | .ready] | all),
|
||||||
phase: .status.phase,
|
phase: .status.phase,
|
||||||
|
|
@ -183,18 +183,18 @@ steps:
|
||||||
}] | .[] | " \(.name) ready=\(.ready) phase=\(.phase) restarts=\(.restarts)"' 2>/dev/null || echo " (no pods or parse error)"
|
}] | .[] | " \(.name) ready=\(.ready) phase=\(.phase) restarts=\(.restarts)"' 2>/dev/null || echo " (no pods or parse error)"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
RESULT=$(echo "$RAW" | \
|
RESULT=$$(echo "$$RAW" | \
|
||||||
jq --arg img "$EXPECTED_IMAGE" '[.items[] | select(
|
jq --arg img "$$EXPECTED_IMAGE" '[.items[] | select(
|
||||||
([.status.containerStatuses[]? | .ready] | all) and
|
([.status.containerStatuses[]? | .ready] | all) and
|
||||||
(.spec.containers[]? | .image | endswith($img))
|
(.spec.containers[]? | .image | endswith($$img))
|
||||||
) | {name: .metadata.name, started: .status.startTime}]')
|
) | {name: .metadata.name, started: .status.startTime}]')
|
||||||
|
|
||||||
COUNT=$(echo "$RESULT" | jq 'length' 2>/dev/null || echo 0)
|
COUNT=$$(echo "$$RESULT" | jq 'length' 2>/dev/null || echo 0)
|
||||||
echo " Attempt $i/60: $COUNT pod(s) ready with image matching $EXPECTED_IMAGE"
|
echo " Attempt $$i/60: $$COUNT pod(s) ready with image matching $$EXPECTED_IMAGE"
|
||||||
|
|
||||||
if [ "$COUNT" -gt 0 ] 2>/dev/null; then
|
if [ "$$COUNT" -gt 0 ] 2>/dev/null; then
|
||||||
echo "$RESULT" | jq -r '.[] | " \(.name) started=\(.started)"'
|
echo "$$RESULT" | jq -r '.[] | " \(.name) started=\(.started)"'
|
||||||
echo "$DEPLOY is live!"
|
echo "$$DEPLOY is live!"
|
||||||
FOUND=1
|
FOUND=1
|
||||||
break
|
break
|
||||||
fi
|
fi
|
||||||
|
|
@ -202,15 +202,15 @@ steps:
|
||||||
sleep 5
|
sleep 5
|
||||||
done
|
done
|
||||||
|
|
||||||
if [ "$FOUND" -ne 1 ]; then
|
if [ "$$FOUND" -ne 1 ]; then
|
||||||
echo " FINAL DEBUG: All pods for $DEPLOY:"
|
echo " FINAL DEBUG: All pods for $$DEPLOY:"
|
||||||
echo "$RAW" | jq -r '[.items[] | {
|
echo "$$RAW" | jq -r '[.items[] | {
|
||||||
name: .metadata.name,
|
name: .metadata.name,
|
||||||
ready: ([.status.containerStatuses[]? | .ready] | all),
|
ready: ([.status.containerStatuses[]? | .ready] | all),
|
||||||
phase: .status.phase,
|
phase: .status.phase,
|
||||||
restarts: ([.status.containerStatuses[]? | .restartCount] | add // 0)
|
restarts: ([.status.containerStatuses[]? | .restartCount] | add // 0)
|
||||||
}] | .[] | " \(.name) ready=\(.ready) phase=\(.phase) restarts=\(.restarts)"' 2>/dev/null || echo " (no pods or parse error)"
|
}] | .[] | " \(.name) ready=\(.ready) phase=\(.phase) restarts=\(.restarts)"' 2>/dev/null || echo " (no pods or parse error)"
|
||||||
echo "ERROR: No new ready pod for $DEPLOY with image $EXPECTED_IMAGE appeared within 5 minutes"
|
echo "ERROR: No new ready pod for $$DEPLOY with image $$EXPECTED_IMAGE appeared within 5 minutes"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue