re-wrap all bundle invocations with flock refs #18770

[arvados.git] / tools / arvbox / lib / arvbox / docker / service / gitolite / run-service

#!/bin/bash
# Copyright (C) The Arvados Authors. All rights reserved.
#
# SPDX-License-Identifier: AGPL-3.0

exec 2>&1
set -eux -o pipefail

. /usr/local/lib/arvbox/common.sh

if test "$1" != "--only-deps" ; then
  while [ ! -f $ARVADOS_CONTAINER_PATH/api.ready ]; do
    sleep 1
  done
fi

mkdir -p $ARVADOS_CONTAINER_PATH/git

export ARVADOS_API_HOST=$localip:${services[controller-ssl]}
export ARVADOS_API_HOST_INSECURE=1
export ARVADOS_API_TOKEN=$(cat $ARVADOS_CONTAINER_PATH/superuser_token)

export USER=git
export USERNAME=git
export LOGNAME=git
export HOME=$ARVADOS_CONTAINER_PATH/git

cd ~arvbox

mkdir -p ~arvbox/.ssh ~git/.ssh
chmod 0700 ~arvbox/.ssh ~git/.ssh

if ! test -s ~arvbox/.ssh/id_rsa ; then
    ssh-keygen -t rsa -P '' -f .ssh/id_rsa
    cp ~arvbox/.ssh/id_rsa ~arvbox/.ssh/id_rsa.pub ~git/.ssh
fi

if test -s ~arvbox/.ssh/known_hosts ; then
    ssh-keygen -f ".ssh/known_hosts" -R localhost
fi

if ! test -f $ARVADOS_CONTAINER_PATH/gitolite-setup ; then
    cd ~git

    # Do a no-op login to populate known_hosts
    # with the hostkey, so it won't try to ask
    # about it later.
    cp .ssh/id_rsa.pub .ssh/authorized_keys
    ssh -o stricthostkeychecking=no git@localhost true
    rm .ssh/authorized_keys

    cp /usr/local/lib/arvbox/gitolite.rc .gitolite.rc

    gitolite setup -pk .ssh/id_rsa.pub

    if ! test -d gitolite-admin ; then
        git clone git@localhost:gitolite-admin
    fi

    cd gitolite-admin
    git config user.email arvados
    git config user.name arvados
    git config push.default simple
    git push

    touch $ARVADOS_CONTAINER_PATH/gitolite-setup
else
    # Do a no-op login to populate known_hosts
    # with the hostkey, so it won't try to ask
    # about it later.  Don't run anything,
    # get the default gitolite behavior.
    ssh -o stricthostkeychecking=no git@localhost
fi

prefix=$(arv --format=uuid user current | cut -d- -f1)

if ! test -s $ARVADOS_CONTAINER_PATH/arvados-git-uuid ; then
    repo_uuid=$(arv --format=uuid repository create --repository "{\"owner_uuid\":\"$prefix-tpzed-000000000000000\", \"name\":\"arvados\"}")
    echo $repo_uuid > $ARVADOS_CONTAINER_PATH/arvados-git-uuid
fi

repo_uuid=$(cat $ARVADOS_CONTAINER_PATH/arvados-git-uuid)

if ! test -s $ARVADOS_CONTAINER_PATH/arvados-git-link-uuid ; then
    all_users_group_uuid="$prefix-j7d0g-fffffffffffffff"

    set +e
    read -rd $'\000' newlink <<EOF
{
 "tail_uuid":"$all_users_group_uuid",
 "head_uuid":"$repo_uuid",
 "link_class":"permission",
 "name":"can_read"
}
EOF
    set -e
    link_uuid=$(arv --format=uuid link create --link "$newlink")
    echo $link_uuid > $ARVADOS_CONTAINER_PATH/arvados-git-link-uuid
fi

if ! test -d $ARVADOS_CONTAINER_PATH/git/repositories/$repo_uuid.git ; then
    git clone --bare /usr/src/arvados $ARVADOS_CONTAINER_PATH/git/repositories/$repo_uuid.git
else
    git --git-dir=$ARVADOS_CONTAINER_PATH/git/repositories/$repo_uuid.git fetch -f /usr/src/arvados main:main
fi

cd /usr/src/arvados/services/api

if test -s $ARVADOS_CONTAINER_PATH/api_rails_env ; then
  RAILS_ENV=$(cat $ARVADOS_CONTAINER_PATH/api_rails_env)
else
  RAILS_ENV=development
fi

git_user_key=$(cat ~git/.ssh/id_rsa.pub)

cat > config/arvados-clients.yml <<EOF
$RAILS_ENV:
  gitolite_url: $ARVADOS_CONTAINER_PATH/git/repositories/gitolite-admin.git
  gitolite_tmp: $ARVADOS_CONTAINER_PATH/git
  arvados_api_host: $localip:${services[controller-ssl]}
  arvados_api_token: "$ARVADOS_API_TOKEN"
  arvados_api_host_insecure: false
  gitolite_arvados_git_user_key: "$git_user_key"
EOF

while true ; do
    flock $GEMLOCK bundle exec script/arvados-git-sync.rb $RAILS_ENV
    sleep 120
done