Initial release

.gitignore

@@ -0,0 +1,3 @@
+*~
+.*.swp
+/dist

.pre-commit-config.yaml

@@ -0,0 +1,67 @@
+# Pre-commit hooks to run tests and ensure code is cleaned.
+# See https://pre-commit.com for more information
+---
+repos:
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.1.6
+    hooks:
+      - id: ruff
+        args:
+          - --fix
+  - repo: https://github.com/asottile/pyupgrade
+    rev: v3.3.1
+    hooks:
+      - id: pyupgrade
+        args: ["--keep-percent-format", "--py37-plus"]
+  - repo: https://github.com/psf/black
+    rev: 22.12.0
+    hooks:
+      - id: black
+        args: ["--target-version", "py37", "--line-length", "100"]
+  - repo: https://github.com/PyCQA/isort
+    rev: 5.11.5
+    hooks:
+      - id: isort
+        args: ["--profile", "black", "--line-length", "100"]
+  - repo: https://github.com/PyCQA/flake8
+    rev: 6.0.0
+    hooks:
+      - id: flake8
+        args: ["--max-line-length=100"]
+  - repo: https://github.com/codespell-project/codespell
+    rev: v2.2.2
+    hooks:
+      - id: codespell
+        args:
+          - --ignore-words-list=fro,hass
+          - --skip="./.*,*.csv,*.json,*.ambr"
+          - --quiet-level=2
+        exclude_types: [csv, json]
+  - repo: https://github.com/adrienverge/yamllint
+    rev: v1.32.0
+    hooks:
+      - id: yamllint
+        args: ["-d {extends: relaxed, rules: {line-length: disable}}", "-s"]
+  - repo: https://github.com/pre-commit/mirrors-prettier
+    rev: v2.7.1
+    hooks:
+      - id: prettier
+  - repo: local
+    hooks:
+      - id: pylint
+        name: pylint
+        entry: pylint
+        language: system
+        types: [python]
+        require_serial: true
+  - repo: https://github.com/Lucas-C/pre-commit-hooks-bandit
+    rev: v1.0.5
+    hooks:
+      - id: python-bandit-vulnerability-check
+        name: bandit
+        args: [--skip, "B101", --recursive, mylib]
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.4.0
+    hooks:
+      - id: check-executables-have-shebangs
+        stages: [manual]

.woodpecker.yml

@@ -0,0 +1,64 @@
+clone:
+  git:
+    image: woodpeckerci/plugin-git
+    tags: true
+
+steps:
+  tests:
+    image: brenard/python-pre-commit:latest
+    commands:
+      - DEBIAN_FRONTEND=noninteractive apt-get -qq update < /dev/null > /dev/null
+      - DEBIAN_FRONTEND=noninteractive apt-get -qq -y install --no-install-recommends python3-requests < /dev/null > /dev/null
+      - pre-commit run --all-files
+
+  build:
+    image: brenard/debian-python-deb
+    when:
+      event: tag
+    depends_on: [tests]
+    commands:
+      - echo "$GPG_KEY"|base64 -d|gpg --import
+      - ./build.sh --quiet
+    secrets: [maintainer_name, maintainer_email, gpg_key, debian_codename]
+
+  publish-dryrun:
+    image: alpine
+    when:
+      event: tag
+    depends_on: [build]
+    commands:
+      - ls dist/* dist/check-woodpecker-upgrade-*/check_woodpecker_upgrade
+
+  publish-gitea:
+    image: plugins/gitea-release
+    when:
+      event: tag
+    depends_on: [build]
+    settings:
+      api_key:
+        from_secret: gitea_token
+      base_url: https://gitea.zionetrix.net
+      note: dist/release_notes.md
+      files:
+        - dist/check-woodpecker-upgrade-*/check_woodpecker_upgrade
+        - dist/*.deb
+      checksum:
+        - md5
+        - sha512
+
+  publish-apt:
+    image: brenard/aptly-publish
+    when:
+      event: tag
+    depends_on: [build]
+    settings:
+      api_url:
+        from_secret: apt_api_url
+      api_username:
+        from_secret: apt_api_username
+      api_password:
+        from_secret: apt_api_password
+      repo_name:
+        from_secret: apt_repo_name
+      path: dist
+      source_name: check-woodpecker-upgrade

README.md

@@ -0,0 +1,44 @@
+# Monitoring plugin to check Woodpecker CI instance upgrade status
+
+This Icinga/Nagios check plugin permit to check Woodpecker CI instance upgrade status by comparing the local woodpecker-server binary version against the latest stable release.
+
+## Installation
+
+```
+apt install git python3-requests
+git clone https://gitea.zionetrix.net/bn8/check_woodpecker_upgrade.git /usr/local/src/check_woodpecker_upgrade
+mkdir -p /usr/local/lib/nagios/plugins
+ln -s /usr/local/src/check_woodpecker_upgrade/check_woodpecker_upgrade /usr/local/lib/nagios/plugins/
+echo "nagios ALL=NOPASSWD: /usr/local/lib/nagios/plugins/check_woodpecker_upgrade" > /etc/sudoers.d/nagios-woodpecker
+chmod 0400 /etc/sudoers.d/nagios-woodpecker
+echo "command[check_woodpecker_upgrade]=sudo /usr/local/lib/nagios/plugins/check_woodpecker_upgrade" > /etc/nagios/nrpe.d/woodpecker.cfg
+service nagios-nrpe-server reload
+```
+
+## Usage
+
+```
+usage: check_woodpecker_upgrade [-h] [-d] [-p PATH] [-U URL] [--pre-release] [--draft] [-t TIMEOUT]
+
+options:
+  -h, --help            show this help message and exit
+  -d, --debug
+  -p PATH, --path PATH  Woodpecker CI bin path
+  -U URL, --url URL     Woodpecker CI releases URL
+  --pre-release         Allow pre-release (default: only stable release are considered)
+  --draft               Allow draft release (default: only stable release are considered)
+  -t TIMEOUT, --timeout TIMEOUT
+                        Specify timeout for HTTP requests (default: 20)
+```
+
+## Copyright
+
+Copyright (c) 2024 Benjamin Renard <brenard@zionetrix.net>
+
+## License
+
+This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 3 as published by the Free Software Foundation.
+
+This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

build.sh

@@ -0,0 +1,62 @@
+#!/bin/bash
+
+QUIET_ARG=""
+[ "$1" == "--quiet" ] && QUIET_ARG="--quiet"
+
+# Enter source directory
+cd $( dirname $0 )
+
+echo "Clean previous build..."
+rm -fr dist
+
+echo "Detect version using git describe..."
+VERSION="$( git describe --tags|sed 's/^[^0-9]*//' )"
+
+echo "Create building environemt..."
+BDIR=dist/check-woodpecker-upgrade-$VERSION
+mkdir -p $BDIR
+[ -z "$QUIET_ARG" ] && RSYNC_ARG="-v" || RSYNC_ARG=""
+rsync -a $RSYNC_ARG debian/ $BDIR/debian/
+cp check_woodpecker_upgrade $BDIR/
+
+echo "Set VERSION=$VERSION in gitdch using sed..."
+sed -i "s/^VERSION *=.*$/VERSION = '$VERSION'/" $BDIR/check_woodpecker_upgrade
+
+if [ -z "$DEBIAN_CODENAME" ]
+then
+	echo "Retrieve debian codename using lsb_release..."
+	DEBIAN_CODENAME=$( lsb_release -c -s )
+else
+	echo "Use debian codename from environment ($DEBIAN_CODENAME)"
+fi
+
+echo "Generate debian changelog using gitdch..."
+GITDCH_ARGS=('--verbose')
+[ -n "$QUIET_ARG" ] && GITDCH_ARGS=('--warning')
+if [ -n "$MAINTAINER_NAME" ]
+then
+	echo "Use maintainer name from environment ($MAINTAINER_NAME)"
+	GITDCH_ARGS+=("--maintainer-name" "${MAINTAINER_NAME}")
+fi
+if [ -n "$MAINTAINER_EMAIL" ]
+then
+	echo "Use maintainer email from environment ($MAINTAINER_EMAIL)"
+	GITDCH_ARGS+=("--maintainer-email" "$MAINTAINER_EMAIL")
+fi
+gitdch \
+	--package-name check-woodpecker-upgrade \
+	--version "${VERSION}" \
+	--code-name $DEBIAN_CODENAME \
+	--output $BDIR/debian/changelog \
+	--release-notes dist/release_notes.md \
+	"${GITDCH_ARGS[@]}"
+
+if [ -n "$MAINTAINER_NAME" -a -n "$MAINTAINER_EMAIL" ]
+then
+	echo "Set Maintainer field in debian control file ($MAINTAINER_NAME <$MAINTAINER_EMAIL>)..."
+	sed -i "s/^Maintainer: .*$/Maintainer: $MAINTAINER_NAME <$MAINTAINER_EMAIL>/" $BDIR/debian/control
+fi
+
+echo "Build debian package..."
+cd $BDIR
+dpkg-buildpackage

check_woodpecker_upgrade

@@ -0,0 +1,129 @@
+#!/usr/bin/python3
+"""
+Icinga/Nagios plugin to check Woodpecker CI instance upgrade status.
+
+Copyright (c) 2024 Benjamin Renard <brenard@zionetrix.net>
+
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License version 3
+as published by the Free Software Foundation.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+"""
+
+import argparse
+import logging
+import re
+import subprocess
+import sys
+import traceback
+
+import requests
+
+parser = argparse.ArgumentParser()
+
+parser.add_argument("-d", "--debug", action="store_true")
+parser.add_argument(
+    "-p", "--path", type=str, help="Woodpecker CI bin path", default="woodpecker-server"
+)
+parser.add_argument(
+    "-U",
+    "--url",
+    type=str,
+    help="Woodpecker CI releases URL",
+    default="https://api.github.com/repos/woodpecker-ci/woodpecker/releases",
+)
+parser.add_argument(
+    "--pre-release",
+    action="store_true",
+    help="Allow pre-release (default: only stable release are considered)",
+)
+parser.add_argument(
+    "--draft",
+    action="store_true",
+    help="Allow draft release (default: only stable release are considered)",
+)
+parser.add_argument(
+    "-t", "--timeout", type=int, help="Specify timeout for HTTP requests (default: 20)", default=20
+)
+
+options = parser.parse_args()
+
+logging.basicConfig(level=logging.DEBUG if options.debug else logging.WARNING)
+
+CURRENT = None
+
+cmd = [options.path, "--version"]
+logging.debug("Command use to retrieve current version of Woodpecker CI: %s", " ".join(cmd))
+OUTPUT = None
+EXCEPTION = None
+try:
+    OUTPUT = subprocess.check_output(cmd)
+    logging.debug("Output:\n%s", OUTPUT)
+    m = re.search("version ([^ ]+)$", OUTPUT.decode("utf8", errors="ignore"))
+    if m:
+        CURRENT = m.group(1).strip()
+except Exception as err:  # pylint: disable=broad-except
+    EXCEPTION = err
+logging.debug("Current version: %s", CURRENT)
+
+if not CURRENT:
+    print("UNKNOWN - Fail to retrieve current Woodpecker CI")
+    print(f'Command: {" ".join(cmd)}')
+    print("Output:")
+    print(OUTPUT if OUTPUT else "")
+    print("Exception:")
+    print(EXCEPTION if EXCEPTION else "")
+    sys.exit(3)
+
+CURRENT = CURRENT.replace("+", "-")
+logging.debug("Cleaned current version: %s", CURRENT)
+
+LATEST = None
+try:
+    logging.debug("Get releases from %s...", options.url)
+    r = requests.get(options.url, timeout=options.timeout)
+    data = r.json()
+    logging.debug("Data retrieve:\n%s", data)
+    for item in data:
+        if not options.pre_release and item["prerelease"]:
+            logging.debug("Ignore pre-release %s", item["name"])
+            continue
+        if not options.draft and item["draft"]:
+            logging.debug("Ignore draft release %s", item["name"])
+            continue
+        LATEST = item
+        break
+except Exception:  # pylint: disable=broad-except
+    logging.debug(
+        "Exception occurred retrieving latest Woodpecker CI release from the Github API:\n%s",
+        traceback.format_exc(),
+    )
+
+if LATEST is None:
+    print("UNKNOWN - Fail to retrieve latest Woodpecker CI release from the Github API")
+    print(f"Current version: {CURRENT}")
+    sys.exit(3)
+
+logging.debug("Latest version is %s", LATEST["name"])
+
+if LATEST["name"] == CURRENT:
+    print(
+        f"OK - The latest release of Woodpecker CI is currently used "
+        f"({LATEST['name']}, published on {LATEST['published_at']})"
+    )
+    sys.exit(0)
+
+print(
+    "WARNING - The version of Woodpecker CI currently used is not the latest "
+    f"('{CURRENT}' vs '{LATEST['name']}', published on {LATEST['published_at']})"
+)
+print(f"URL: {LATEST['html_url']}")
+sys.exit(1)

debian/compat

@@ -0,0 +1 @@
+11

debian/control

@@ -0,0 +1,15 @@
+Source: check-woodpecker-upgrade
+Section: admin
+Priority: optional
+Maintainer: Debian Zionetrix - check-woodpecker-upgrade <debian+check-woodpecker-upgrade@zionetrix.net>
+Build-Depends: debhelper (>> 11.0.0)
+Standards-Version: 3.9.6
+
+Package: check-woodpecker-upgrade
+Architecture: all
+Depends: ${misc:Depends}, python3, python3-requests
+Description: Monitoring plugin to check Woodpecker CI instance upgrade status
+ This Icinga/Nagios check plugin permit to check Woodpecker CI instance upgrade
+ status by comparing the local woodpecker-server binary version against the latest
+ stable release.
+

debian/copyright

@@ -0,0 +1,20 @@
+This package was written by Benjamin Renard <brenard@zionetrix.net>.
+
+Copyright (C) 2023 Benjamin Renard <brenard@zionetrix.net>
+
+check-woodpecker-upgrade is licensed under the GNU general public license, version 3.
+
+check-woodpecker-upgrade is free software; you can redistribute it and/or modify it under
+the terms of the GNU General Public License as published by the Free Software
+Foundation; either version 3, or (at your option) any later version.
+
+check-woodpecker-upgrade is distributed in the hope that it will be useful, but WITHOUT ANY
+WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License along with
+check-woodpecker-upgrade; see the file COPYING.  If not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+
+On Debian systems, a copy of the GNU General Public License is available in
+/usr/share/common-licenses/GPL-3 as part of the base-files package.

debian/dirs

@@ -0,0 +1 @@
+usr/lib/nagios/plugins

debian/install

@@ -0,0 +1 @@
+check_woodpecker_upgrade usr/lib/nagios/plugins

debian/rules

@@ -0,0 +1,4 @@
+#!/usr/bin/make -f
+#export DH_VERBOSE=1
+%:
+	dh  $@

debian/source/format

@@ -0,0 +1 @@
+1.0