From 981107d662ecfccae4fcfd9d484cca0cfb9221be Mon Sep 17 00:00:00 2001 From: Benjamin Renard Date: Mon, 22 Jan 2024 01:18:50 +0100 Subject: [PATCH] Initial release --- .gitignore | 3 + .pre-commit-config.yaml | 67 ++++++++++++++++++++ .woodpecker.yml | 67 ++++++++++++++++++++ README.md | 44 +++++++++++++ build.sh | 62 +++++++++++++++++++ check_woodpecker_upgrade | 129 +++++++++++++++++++++++++++++++++++++++ debian/compat | 1 + debian/control | 15 +++++ debian/copyright | 20 ++++++ debian/dirs | 1 + debian/install | 1 + debian/rules | 4 ++ debian/source/format | 1 + 13 files changed, 415 insertions(+) create mode 100644 .gitignore create mode 100644 .pre-commit-config.yaml create mode 100644 .woodpecker.yml create mode 100644 README.md create mode 100755 build.sh create mode 100755 check_woodpecker_upgrade create mode 100644 debian/compat create mode 100644 debian/control create mode 100644 debian/copyright create mode 100644 debian/dirs create mode 100644 debian/install create mode 100755 debian/rules create mode 100644 debian/source/format diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1be693d --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +*~ +.*.swp +/dist diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..c710eb1 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,67 @@ +# Pre-commit hooks to run tests and ensure code is cleaned. +# See https://pre-commit.com for more information +--- +repos: + - repo: https://github.com/astral-sh/ruff-pre-commit + rev: v0.1.6 + hooks: + - id: ruff + args: + - --fix + - repo: https://github.com/asottile/pyupgrade + rev: v3.3.1 + hooks: + - id: pyupgrade + args: ["--keep-percent-format", "--py37-plus"] + - repo: https://github.com/psf/black + rev: 22.12.0 + hooks: + - id: black + args: ["--target-version", "py37", "--line-length", "100"] + - repo: https://github.com/PyCQA/isort + rev: 5.11.5 + hooks: + - id: isort + args: ["--profile", "black", "--line-length", "100"] + - repo: https://github.com/PyCQA/flake8 + rev: 6.0.0 + hooks: + - id: flake8 + args: ["--max-line-length=100"] + - repo: https://github.com/codespell-project/codespell + rev: v2.2.2 + hooks: + - id: codespell + args: + - --ignore-words-list=fro,hass + - --skip="./.*,*.csv,*.json,*.ambr" + - --quiet-level=2 + exclude_types: [csv, json] + - repo: https://github.com/adrienverge/yamllint + rev: v1.32.0 + hooks: + - id: yamllint + args: ["-d {extends: relaxed, rules: {line-length: disable}}", "-s"] + - repo: https://github.com/pre-commit/mirrors-prettier + rev: v2.7.1 + hooks: + - id: prettier + - repo: local + hooks: + - id: pylint + name: pylint + entry: pylint + language: system + types: [python] + require_serial: true + - repo: https://github.com/Lucas-C/pre-commit-hooks-bandit + rev: v1.0.5 + hooks: + - id: python-bandit-vulnerability-check + name: bandit + args: [--skip, "B101", --recursive, mylib] + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.4.0 + hooks: + - id: check-executables-have-shebangs + stages: [manual] diff --git a/.woodpecker.yml b/.woodpecker.yml new file mode 100644 index 0000000..694e9e0 --- /dev/null +++ b/.woodpecker.yml @@ -0,0 +1,67 @@ +clone: + git: + image: woodpeckerci/plugin-git + tags: true + +steps: + tests: + image: brenard/python-pre-commit:latest + commands: + - DEBIAN_FRONTEND=noninteractive apt-get -qq update < /dev/null > /dev/null + - DEBIAN_FRONTEND=noninteractive apt-get -qq -y install --no-install-recommends python3-requests < /dev/null > /dev/null + - pre-commit run --all-files + + build: + image: brenard/debian-python-deb + when: + event: tag + depends_on: [tests] + commands: + - echo "$GPG_KEY"|base64 -d|gpg --import + - ./build.sh --quiet + secrets: [maintainer_name, maintainer_email, gpg_key, debian_codename] + + publish-dryrun: + group: publish + image: alpine + when: + event: tag + depends_on: [build] + commands: + - ls dist/* dist/check-woodpecker-upgrade-*/check_woodpecker_upgrade + + publish-gitea: + group: publish + image: plugins/gitea-release + when: + event: tag + depends_on: [build] + settings: + api_key: + from_secret: gitea_token + base_url: https://gitea.zionetrix.net + note: dist/release_notes.md + files: + - dist/check-woodpecker-upgrade-*/check_woodpecker_upgrade + - dist/*.deb + checksum: + - md5 + - sha512 + + publish-apt: + group: publish + image: brenard/aptly-publish + when: + event: tag + depends_on: [build] + settings: + api_url: + from_secret: apt_api_url + api_username: + from_secret: apt_api_username + api_password: + from_secret: apt_api_password + repo_name: + from_secret: apt_repo_name + path: dist + source_name: check-woodpecker-upgrade diff --git a/README.md b/README.md new file mode 100644 index 0000000..fce9c2d --- /dev/null +++ b/README.md @@ -0,0 +1,44 @@ +# Monitoring plugin to check Woodpecker CI instance upgrade status + +This Icinga/Nagios check plugin permit to check Woodpecker CI instance upgrade status by comparing the local woodpecker-server binary version against the latest stable release. + +## Installation + +``` +apt install git python3-requests +git clone https://gitea.zionetrix.net/bn8/check_woodpecker_upgrade.git /usr/local/src/check_woodpecker_upgrade +mkdir -p /usr/local/lib/nagios/plugins +ln -s /usr/local/src/check_woodpecker_upgrade/check_woodpecker_upgrade /usr/local/lib/nagios/plugins/ +echo "nagios ALL=NOPASSWD: /usr/local/lib/nagios/plugins/check_woodpecker_upgrade" > /etc/sudoers.d/nagios-woodpecker +chmod 0400 /etc/sudoers.d/nagios-woodpecker +echo "command[check_woodpecker_upgrade]=sudo /usr/local/lib/nagios/plugins/check_woodpecker_upgrade" > /etc/nagios/nrpe.d/woodpecker.cfg +service nagios-nrpe-server reload +``` + +## Usage + +``` +usage: check_woodpecker_upgrade [-h] [-d] [-p PATH] [-U URL] [--pre-release] [--draft] [-t TIMEOUT] + +options: + -h, --help show this help message and exit + -d, --debug + -p PATH, --path PATH Woodpecker CI bin path + -U URL, --url URL Woodpecker CI releases URL + --pre-release Allow pre-release (default: only stable release are considered) + --draft Allow draft release (default: only stable release are considered) + -t TIMEOUT, --timeout TIMEOUT + Specify timeout for HTTP requests (default: 20) +``` + +## Copyright + +Copyright (c) 2024 Benjamin Renard + +## License + +This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 3 as published by the Free Software Foundation. + +This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + +You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. diff --git a/build.sh b/build.sh new file mode 100755 index 0000000..326618e --- /dev/null +++ b/build.sh @@ -0,0 +1,62 @@ +#!/bin/bash + +QUIET_ARG="" +[ "$1" == "--quiet" ] && QUIET_ARG="--quiet" + +# Enter source directory +cd $( dirname $0 ) + +echo "Clean previous build..." +rm -fr dist + +echo "Detect version using git describe..." +VERSION="$( git describe --tags|sed 's/^[^0-9]*//' )" + +echo "Create building environemt..." +BDIR=dist/check-woodpecker-upgrade-$VERSION +mkdir -p $BDIR +[ -z "$QUIET_ARG" ] && RSYNC_ARG="-v" || RSYNC_ARG="" +rsync -a $RSYNC_ARG debian/ $BDIR/debian/ +cp check_woodpecker_upgrade $BDIR/ + +echo "Set VERSION=$VERSION in gitdch using sed..." +sed -i "s/^VERSION *=.*$/VERSION = '$VERSION'/" $BDIR/check_woodpecker_upgrade + +if [ -z "$DEBIAN_CODENAME" ] +then + echo "Retrieve debian codename using lsb_release..." + DEBIAN_CODENAME=$( lsb_release -c -s ) +else + echo "Use debian codename from environment ($DEBIAN_CODENAME)" +fi + +echo "Generate debian changelog using gitdch..." +GITDCH_ARGS=('--verbose') +[ -n "$QUIET_ARG" ] && GITDCH_ARGS=('--warning') +if [ -n "$MAINTAINER_NAME" ] +then + echo "Use maintainer name from environment ($MAINTAINER_NAME)" + GITDCH_ARGS+=("--maintainer-name" "${MAINTAINER_NAME}") +fi +if [ -n "$MAINTAINER_EMAIL" ] +then + echo "Use maintainer email from environment ($MAINTAINER_EMAIL)" + GITDCH_ARGS+=("--maintainer-email" "$MAINTAINER_EMAIL") +fi +gitdch \ + --package-name check-woodpecker-upgrade \ + --version "${VERSION}" \ + --code-name $DEBIAN_CODENAME \ + --output $BDIR/debian/changelog \ + --release-notes dist/release_notes.md \ + "${GITDCH_ARGS[@]}" + +if [ -n "$MAINTAINER_NAME" -a -n "$MAINTAINER_EMAIL" ] +then + echo "Set Maintainer field in debian control file ($MAINTAINER_NAME <$MAINTAINER_EMAIL>)..." + sed -i "s/^Maintainer: .*$/Maintainer: $MAINTAINER_NAME <$MAINTAINER_EMAIL>/" $BDIR/debian/control +fi + +echo "Build debian package..." +cd $BDIR +dpkg-buildpackage diff --git a/check_woodpecker_upgrade b/check_woodpecker_upgrade new file mode 100755 index 0000000..14d2a69 --- /dev/null +++ b/check_woodpecker_upgrade @@ -0,0 +1,129 @@ +#!/usr/bin/python3 +""" +Icinga/Nagios plugin to check Woodpecker CI instance upgrade status. + +Copyright (c) 2024 Benjamin Renard + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License version 3 +as published by the Free Software Foundation. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +""" + +import argparse +import logging +import re +import subprocess +import sys +import traceback + +import requests + +parser = argparse.ArgumentParser() + +parser.add_argument("-d", "--debug", action="store_true") +parser.add_argument( + "-p", "--path", type=str, help="Woodpecker CI bin path", default="woodpecker-server" +) +parser.add_argument( + "-U", + "--url", + type=str, + help="Woodpecker CI releases URL", + default="https://api.github.com/repos/woodpecker-ci/woodpecker/releases", +) +parser.add_argument( + "--pre-release", + action="store_true", + help="Allow pre-release (default: only stable release are considered)", +) +parser.add_argument( + "--draft", + action="store_true", + help="Allow draft release (default: only stable release are considered)", +) +parser.add_argument( + "-t", "--timeout", type=int, help="Specify timeout for HTTP requests (default: 20)", default=20 +) + +options = parser.parse_args() + +logging.basicConfig(level=logging.DEBUG if options.debug else logging.WARNING) + +CURRENT = None + +cmd = [options.path, "--version"] +logging.debug("Command use to retrieve current version of Woodpecker CI: %s", " ".join(cmd)) +OUTPUT = None +EXCEPTION = None +try: + OUTPUT = subprocess.check_output(cmd) + logging.debug("Output:\n%s", OUTPUT) + m = re.search("version ([^ ]+)$", OUTPUT.decode("utf8", errors="ignore")) + if m: + CURRENT = m.group(1).strip() +except Exception as err: # pylint: disable=broad-except + EXCEPTION = err +logging.debug("Current version: %s", CURRENT) + +if not CURRENT: + print("UNKNOWN - Fail to retrieve current Woodpecker CI") + print(f'Command: {" ".join(cmd)}') + print("Output:") + print(OUTPUT if OUTPUT else "") + print("Exception:") + print(EXCEPTION if EXCEPTION else "") + sys.exit(3) + +CURRENT = CURRENT.replace("+", "-") +logging.debug("Cleaned current version: %s", CURRENT) + +LATEST = None +try: + logging.debug("Get releases from %s...", options.url) + r = requests.get(options.url, timeout=options.timeout) + data = r.json() + logging.debug("Data retrieve:\n%s", data) + for item in data: + if not options.pre_release and item["prerelease"]: + logging.debug("Ignore pre-release %s", item["name"]) + continue + if not options.draft and item["draft"]: + logging.debug("Ignore draft release %s", item["name"]) + continue + LATEST = item + break +except Exception: # pylint: disable=broad-except + logging.debug( + "Exception occured retrieving latest Woodpecker CI release from the Github API:\n%s", + traceback.format_exc(), + ) + +if LATEST is None: + print("UNKNOWN - Fail to retrieve latest Woodpecker CI release from the Github API") + print(f"Current version: {CURRENT}") + sys.exit(3) + +logging.debug("Latest version is %s", LATEST["name"]) + +if LATEST["name"] == CURRENT: + print( + f"OK - The latest release of Woodpecker CI is currently used " + f"({LATEST['name']}, published on {LATEST['published_at']})" + ) + sys.exit(0) + +print( + "WARNING - The version of Woodpecker CI currently used is not the latest " + f"('{CURRENT}' vs '{LATEST['name']}', published on {LATEST['published_at']})" +) +print(f"URL: {LATEST['html_url']}") +sys.exit(1) diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..b4de394 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +11 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..3f040d0 --- /dev/null +++ b/debian/control @@ -0,0 +1,15 @@ +Source: check-woodpecker-upgrade +Section: admin +Priority: optional +Maintainer: Debian Zionetrix - check-woodpecker-upgrade +Build-Depends: debhelper (>> 11.0.0) +Standards-Version: 3.9.6 + +Package: check-woodpecker-upgrade +Architecture: all +Depends: ${misc:Depends}, python3, python3-requests +Description: Monitoring plugin to check Woodpecker CI instance upgrade status + This Icinga/Nagios check plugin permit to check Woodpecker CI instance upgrade + status by comparing the local woodpecker-server binary version against the latest + stable release. + diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..351298e --- /dev/null +++ b/debian/copyright @@ -0,0 +1,20 @@ +This package was written by Benjamin Renard . + +Copyright (C) 2023 Benjamin Renard + +check-woodpecker-upgrade is licensed under the GNU general public license, version 3. + +check-woodpecker-upgrade is free software; you can redistribute it and/or modify it under +the terms of the GNU General Public License as published by the Free Software +Foundation; either version 3, or (at your option) any later version. + +check-woodpecker-upgrade is distributed in the hope that it will be useful, but WITHOUT ANY +WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A +PARTICULAR PURPOSE. See the GNU General Public License for more details. + +You should have received a copy of the GNU General Public License along with +check-woodpecker-upgrade; see the file COPYING. If not, write to the Free Software +Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. + +On Debian systems, a copy of the GNU General Public License is available in +/usr/share/common-licenses/GPL-3 as part of the base-files package. diff --git a/debian/dirs b/debian/dirs new file mode 100644 index 0000000..b073cdc --- /dev/null +++ b/debian/dirs @@ -0,0 +1 @@ +usr/lib/nagios/plugins diff --git a/debian/install b/debian/install new file mode 100644 index 0000000..4569a8c --- /dev/null +++ b/debian/install @@ -0,0 +1 @@ +check_woodpecker_upgrade usr/lib/nagios/plugins diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..7451f59 --- /dev/null +++ b/debian/rules @@ -0,0 +1,4 @@ +#!/usr/bin/make -f +#export DH_VERBOSE=1 +%: + dh $@ diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..d3827e7 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +1.0