Merge pull request #25 from veertuinc/release/v1.2.0

[CLOUD-1516] [CLOUD-1515] release/v1.2.0

Author: NorseGaud

.goreleaser.yaml

@@ -8,8 +8,8 @@ before:
 builds:
   - main: cmd/anka-cloud-gitlab-executor/main.go
     ldflags: >
-      -X github.com/veertuinc/anka-cloud-gitlab-executor/internal/version.Version={{.Version}}
-      -X github.com/veertuinc/anka-cloud-gitlab-executor/internal/version.Commit={{.ShortCommit}}
+      -X github.com/veertuinc/anka-cloud-gitlab-executor/internal/version.version={{.Version}}
+      -X github.com/veertuinc/anka-cloud-gitlab-executor/internal/version.commit={{.ShortCommit}}
     env:
       - CGO_ENABLED=0
     goos:

README.md

@@ -11,7 +11,13 @@ A [Gitlab Runner Custom Executor](https://docs.gitlab.com/runner/executors/custo
 1. Download the binary to the same machine your Gitlab Runner is running on.
 2. Add the following `[runners.custom]` block to Gitlab Runner configuration:
     > By default, runner config is at `~/.gitlab-runner/config.toml`
+
+    > Any environment variables can be specified in the `environment` block and apply to all jobs. However, they are also available in the job's environment, so avoid placing SSH credentials and other sensitive variables in the `environment` block.
     ```
+    environment = [
+      "ANKA_CLOUD_CONTROLLER_URL=https://anka.contoller:8090",
+      "ANKA_CLOUD_TEMPLATE_ID=8c592f53-65a4-444e-9342-79d3ff07837c",
+    ]
     [runners.custom]
         config_exec = "/path/to/anka-cloud-gitlab-executor"
         config_args = ["config"]
@@ -48,16 +54,34 @@ Accepted values for booleans are: "1", "t", "T", "true", "TRUE", "True", "0", "f
 | ANKA_CLOUD_CA_CERT_PATH | ❌ | String | If Controller is using a self-signed cert, CA file can be passed in for the runner to use when communicating with Controller. **_The path is accessed locally by the Runner_** |
 | ANKA_CLOUD_CLIENT_CERT_PATH | ❌ | String | If Client Cert Authentication is enabled, this is the path for the Certificate. **_The path is accessed locally by the Runner_** |
 | ANKA_CLOUD_CLIENT_CERT_KEY_PATH | ❌ | String | If Client Cert Authentication is enabled, this is the path for the Key. **_The path is accessed locally by the Runner_** |
-| ANKA_CLOUD_SSH_USER_NAME | ❌ | String | SSH user name to use inside VM. Defaults to "anka" |
-| ANKA_CLOUD_SSH_PASSWORD | ❌ | String | SSH password to use inside VM. Defaults to "admin" |
 | ANKA_CLOUD_CUSTOM_HTTP_HEADERS | ❌ | Object | key-value JSON object for custom headers to set when communicatin with Controller. Both keys and values must be strings  |
 | ANKA_CLOUD_KEEP_ALIVE_ON_ERROR | ❌ | Boolean | Do not terminate Instance if job failed. This will leave the VM running until manually cleaned. Usually, this is used to inspect the VM post failing. If job was canceled, VM will be cleaned regardless of this variable. **There will be no indication for this behavior on the Job's output unless Gitlab Debug is enabled** |
 | ANKA_CLOUD_VM_VCPU | ❌ | Number | Set number of CPU num for the VM. Only works on `stopped` templates. Minimum value of 1 |
 | ANKA_CLOUD_VM_VRAM_MB | ❌ | Number | Set RAM in MiB for the VM. Only works on `stopped` templates. Minimum value of 1 |
 | ANKA_CLOUD_BUILDS_DIR | ❌ | String | Absolute path to a directory where builds are stored in the VM. If not supplied, "/tmp/builds" is used. |
 | ANKA_CLOUD_CACHE_DIR | ❌ | String | Absolute path to a directory where build caches are stored in the VM. If not supplied, "/tmp/cache" is used. |
+| ANKA_CLOUD_SSH_CONNECTION_ATTEMPTS | ❌ | Number | The attempts to make when sshing to the VM. Useful when VMs take a long time to start under stressful situations or slow disks (like EBS). Defaults to `4` -- Minimum value of 1 |
+| ANKA_CLOUD_SSH_CONNECTION_ATTEMPT_DELAY | ❌ | Number | The delay between ssh connection attempts in seconds. Defaults to `5` |
+| ANKA_CLOUD_SSH_USER_NAME | ❌ | String | SSH user name to use inside VM. Defaults to "anka". This can also be set via a command line flags to prevent this value from being exposed to the job. See example below. |
+| ANKA_CLOUD_SSH_PASSWORD | ❌ | String | SSH password to use inside VM. Defaults to "admin". This can also be set via a command line flags to prevent this value from being exposed to the job. See example below. |
+
+To prevent SSH credentials from being exposed to the job log, they can instead be specified via command line arguments in the config.toml > runner.custom:
+
+  > Note: values specified via job environment variables will override those provided via command line arguments.
+  ```
+    [runners.custom]
+        config_exec = "/path/to/anka-cloud-gitlab-executor"
+        config_args = ["config"]
+        prepare_exec = "/path/to/anka-cloud-gitlab-executor"
+        prepare_args = ["prepare"]
+        run_exec = "/path/to/anka-cloud-gitlab-executor"
+        run_args = ["run", "--ssh-username", "anka", "--ssh-password", "admin"]
+        cleanup_exec = "/path/to/anka-cloud-gitlab-executor"
+        cleanup_args = ["cleanup"]
+  ```
 
 ### Examples
+
 Example basic pipeline:
 ```
 variables:
@@ -153,3 +177,4 @@ This project produces a single binary, that accepts the current Gitlab stage as
 2. Prepare (Creates the Instance on the Anka Cloud, waiting for it to get scheduled)
 3. Run (Creates a remote shell on the VM, and pushes Gitlab provided script with stdin)
 4. Cleanup (Performs Termination request to the Anka Cloud Controller)
+

go.mod

@@ -4,12 +4,11 @@ go 1.20
 
 require (
 	github.com/spf13/cobra v1.7.0
-	golang.org/x/crypto v0.17.0
+	github.com/spf13/pflag v1.0.5
+	golang.org/x/crypto v0.21.0
 )
 
 require (
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	github.com/spf13/pflag v1.0.5 // indirect
-	golang.org/x/net v0.17.0 // indirect
-	golang.org/x/sys v0.15.0 // indirect
+	golang.org/x/sys v0.18.0 // indirect
 )

go.sum

@@ -6,17 +6,10 @@ github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
 github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
-golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
-golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
-golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY=
-golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
-golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
-golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
-golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
-golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
-golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
-golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
+golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
+golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
+golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

internal/command/run.go

@@ -102,13 +102,21 @@ func executeRun(ctx context.Context, env gitlab.Environment, args []string) erro
 	var sshClient *ssh.Client
 
 	// retry logic mimics what is done by the official Gitlab Runner (true for gitlab runner v16.7.0)
-	for i := 0; i < 3; i++ {
-		log.Printf("attempt #%d to establish ssh connection to %q\n", i, addr)
+	maxAttempts := env.SSHAttempts
+	if maxAttempts < 1 {
+		maxAttempts = 4
+	}
+	sshConnectionAttemptDelay := env.SSHConnectionAttemptDelay
+	if sshConnectionAttemptDelay < 1 {
+		sshConnectionAttemptDelay = 5
+	}
+	for i := 0; i < maxAttempts; i++ {
+		log.Printf("attempt #%d to establish ssh connection to %q\n", i+1, addr)
 		sshClient, err = ssh.Dial("tcp", addr, sshClientConfig)
 		if err == nil {
 			break
 		}
-		time.Sleep(3 * time.Second)
+		time.Sleep(time.Duration(sshConnectionAttemptDelay) * time.Second)
 	}
 	if err != nil {
 		return fmt.Errorf("failed to create new ssh client connection to %q: %w", addr, err)

internal/gitlab/vars.go

@@ -3,9 +3,12 @@ package gitlab
 import (
 	"encoding/json"
 	"fmt"
+
 	"os"
 	"strconv"
 	"strings"
+
+	flag "github.com/spf13/pflag"
 )
 
 const (
@@ -15,55 +18,59 @@ const (
 
 var (
 	// Custom Executor vars
-	varDebug             = ankaVar("DEBUG")
-	varControllerURL     = ankaVar("CONTROLLER_URL")
-	varTemplateId        = ankaVar("TEMPLATE_ID")
-	varTemplateTag       = ankaVar("TEMPLATE_TAG")
-	varNodeId            = ankaVar("NODE_ID")
-	varPriority          = ankaVar("PRIORITY")
-	varNodeGroupId       = ankaVar("NODE_GROUP_ID")
-	varCaCertPath        = ankaVar("CA_CERT_PATH")
-	varSkipTLSVerify     = ankaVar("SKIP_TLS_VERIFY")
-	varClientCertPath    = ankaVar("CLIENT_CERT_PATH")
-	varClientCertKeyPath = ankaVar("CLIENT_CERT_KEY_PATH")
-	varSshUserName       = ankaVar("SSH_USER_NAME")
-	varSshPassword       = ankaVar("SSH_PASSWORD")
-	varCustomHTTPHeaders = ankaVar("CUSTOM_HTTP_HEADERS")
-	varKeepAliveOnError  = ankaVar("KEEP_ALIVE_ON_ERROR")
-	varTemplateName      = ankaVar("TEMPLATE_NAME")
-	varBuildsDir         = ankaVar("BUILDS_DIR")
-	varCacheDir          = ankaVar("CACHE_DIR")
-	varVmVramMb          = ankaVar("VM_VRAM_MB")
-	varVmVcpu            = ankaVar("VM_VCPU")
+	varDebug                     = ankaVar("DEBUG")
+	varControllerURL             = ankaVar("CONTROLLER_URL")
+	varTemplateId                = ankaVar("TEMPLATE_ID")
+	varTemplateTag               = ankaVar("TEMPLATE_TAG")
+	varNodeId                    = ankaVar("NODE_ID")
+	varPriority                  = ankaVar("PRIORITY")
+	varNodeGroupId               = ankaVar("NODE_GROUP_ID")
+	varCaCertPath                = ankaVar("CA_CERT_PATH")
+	varSkipTLSVerify             = ankaVar("SKIP_TLS_VERIFY")
+	varClientCertPath            = ankaVar("CLIENT_CERT_PATH")
+	varClientCertKeyPath         = ankaVar("CLIENT_CERT_KEY_PATH")
+	varSshUserName               = ankaVar("SSH_USER_NAME")
+	varSshPassword               = ankaVar("SSH_PASSWORD")
+	varSshAttempts               = ankaVar("SSH_CONNECTION_ATTEMPTS")
+	varSshConnectionAttemptDelay = ankaVar("SSH_CONNECTION_ATTEMPT_DELAY")
+	varCustomHTTPHeaders         = ankaVar("CUSTOM_HTTP_HEADERS")
+	varKeepAliveOnError          = ankaVar("KEEP_ALIVE_ON_ERROR")
+	varTemplateName              = ankaVar("TEMPLATE_NAME")
+	varBuildsDir                 = ankaVar("BUILDS_DIR")
+	varCacheDir                  = ankaVar("CACHE_DIR")
+	varVmVramMb                  = ankaVar("VM_VRAM_MB")
+	varVmVcpu                    = ankaVar("VM_VCPU")
 
 	// Gitlab vars
 	varGitlabJobId     = gitlabVar("CI_JOB_ID")
 	varGitlabJobStatus = gitlabVar("CI_JOB_STATUS")
 )
 
 type Environment struct {
-	ControllerURL     string
-	Debug             bool
-	TemplateId        string
-	TemplateTag       string
-	NodeId            string
-	Priority          int
-	NodeGroupId       string
-	CaCertPath        string
-	SkipTLSVerify     bool
-	ClientCertPath    string
-	ClientCertKeyPath string
-	SSHUserName       string
-	SSHPassword       string
-	GitlabJobId       string
-	CustomHttpHeaders map[string]string
-	KeepAliveOnError  bool
-	GitlabJobStatus   jobStatus
-	TemplateName      string
-	BuildsDir         string
-	CacheDir          string
-	VmVramMb          int
-	VmVcpu            int
+	ControllerURL             string
+	Debug                     bool
+	TemplateId                string
+	TemplateTag               string
+	NodeId                    string
+	Priority                  int
+	NodeGroupId               string
+	CaCertPath                string
+	SkipTLSVerify             bool
+	ClientCertPath            string
+	ClientCertKeyPath         string
+	SSHUserName               string
+	SSHPassword               string
+	SSHAttempts               int
+	SSHConnectionAttemptDelay int
+	GitlabJobId               string
+	CustomHttpHeaders         map[string]string
+	KeepAliveOnError          bool
+	GitlabJobStatus           jobStatus
+	TemplateName              string
+	BuildsDir                 string
+	CacheDir                  string
+	VmVramMb                  int
+	VmVcpu                    int
 }
 
 type jobStatus string
@@ -75,8 +82,18 @@ var (
 	JobStatusRunning  jobStatus = "running"
 )
 
+var sshPassword = flag.String("ssh-password", "", "the password used to SSH into the VM")
+var sshUserName = flag.String("ssh-username", "", "the username used to SSH into the VM")
+
 func InitEnv() (Environment, error) {
-	e := Environment{}
+	// parse command line flags defined above
+	flag.Parse()
+	e := Environment{
+		// load initial values from command line flags
+		SSHPassword: *sshPassword,
+		SSHUserName: *sshUserName,
+	}
+
 	var ok bool
 	if e.ControllerURL, ok = os.LookupEnv(varControllerURL); !ok {
 		return e, fmt.Errorf("%w: %s", ErrMissingVar, varControllerURL)
@@ -90,8 +107,13 @@ func InitEnv() (Environment, error) {
 		return e, fmt.Errorf("%w: %s", ErrMissingVar, varGitlabJobId)
 	}
 
-	e.SSHUserName = os.Getenv(varSshUserName)
-	e.SSHPassword = os.Getenv(varSshPassword)
+	if os.Getenv(varSshUserName) != "" {
+		e.SSHUserName = os.Getenv(varSshUserName)
+	}
+	if os.Getenv(varSshPassword) != "" {
+		e.SSHPassword = os.Getenv(varSshPassword)
+	}
+
 	e.TemplateId = os.Getenv(varTemplateId)
 	e.TemplateName = os.Getenv(varTemplateName)
 	e.TemplateTag = os.Getenv(varTemplateTag)
@@ -159,6 +181,20 @@ func InitEnv() (Environment, error) {
 		e.VmVcpu = vcpu
 	}
 
+	if sshAttempts, ok, err := GetIntEnvVar(varSshAttempts); ok {
+		if err != nil {
+			return e, fmt.Errorf("%w %q: %w", ErrInvalidVar, varSshAttempts, err)
+		}
+		e.SSHAttempts = sshAttempts
+	}
+
+	if sshConnectionAttemptDelay, ok, err := GetIntEnvVar(varSshConnectionAttemptDelay); ok {
+		if err != nil {
+			return e, fmt.Errorf("%w %q: %w", ErrInvalidVar, varSshConnectionAttemptDelay, err)
+		}
+		e.SSHConnectionAttemptDelay = sshConnectionAttemptDelay
+	}
+
 	return e, nil
 }