diff options
| -rwxr-xr-x | .ci/check-bashisms.sh | 27 | ||||
| -rw-r--r-- | kubernetes/common/mongo/templates/statefulset.yaml | 19 | ||||
| -rw-r--r-- | tox.ini | 20 |
3 files changed, 55 insertions, 11 deletions
diff --git a/.ci/check-bashisms.sh b/.ci/check-bashisms.sh new file mode 100755 index 0000000000..0dae2255b7 --- /dev/null +++ b/.ci/check-bashisms.sh @@ -0,0 +1,27 @@ +#!/bin/sh + +# Copyright © 2021 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +if ! which checkbashisms >/dev/null && ! sudo yum install devscripts-minimal && ! sudo apt-get install devscripts +then + printf "checkbashisms command not found - please install it \n\ + (e.g. sudo apt-get install devscripts | yum install devscripts-minimal )\n" >&2 + exit 2 +fi +find . -not -path '*/.*' -name '*.sh' -exec checkbashisms {} + || exit 3 +find . -not -path '*/.*' -name '*.failover' -exec checkbashisms -f \{\} + || exit 4 +! find . -not -path '*/.*' -name '*.sh' -exec grep 'local .*=' {} + || exit 5 +! find . -not -path '*/.*' -name '*.failover' -exec grep 'local .*=' {} + || exit 6 +exit 0 diff --git a/kubernetes/common/mongo/templates/statefulset.yaml b/kubernetes/common/mongo/templates/statefulset.yaml index 11602054e8..e156db27db 100644 --- a/kubernetes/common/mongo/templates/statefulset.yaml +++ b/kubernetes/common/mongo/templates/statefulset.yaml @@ -39,6 +39,23 @@ spec: {{ include "common.podSecurityContext" . | indent 6 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" + initContainers: + # we shouldn't need this but for unknown reason, it's fsGroup is not + # applied + - name: fix-permission + command: + - /bin/sh + args: + - -c + - | + chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /data + image: {{ include "repositoryGenerator.image.busybox" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + securityContext: + runAsUser: 0 + volumeMounts: + - name: {{ include "common.fullname" . }}-data + mountPath: /data containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} @@ -72,7 +89,7 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - name: {{ include "common.fullname" . }}-data - mountPath: /var/lib/mongo + mountPath: /data/db resources: {{ include "common.resources" . | nindent 12 }} {{ include "common.containerSecurityContext" . | indent 10 }} {{- if .Values.nodeSelector }} @@ -57,17 +57,17 @@ commands = [testenv:checkbashisms] deps = -whitelist_externals = sh - find - checkbashisms +whitelist_externals = + {toxinidir}/.ci/check-bashisms.sh commands = - sh -c 'which checkbashisms>/dev/null || sudo yum install devscripts-minimal || sudo apt-get install devscripts \ - || (echo "checkbashisms command not found - please install it (e.g. sudo apt-get install devscripts | \ - yum install devscripts-minimal )" >&2 && exit 1)' - find . -not -path '*/\.*' -name *.sh -exec checkbashisms \{\} + - find . -not -path '*/\.*' -name *.failover -exec checkbashisms -f \{\} + - sh -c "! find . -not -path '*/\.*' -name *.sh -exec grep 'local .*=' \{\} + || exit 2" - sh -c "! find . -not -path '*/\.*' -name *.failover -exec grep 'local .*=' \{\} + || exit 2" + {toxinidir}/.ci/check-bashisms.sh + +[testenv:shellcheck] +basepython = python3 +deps = shellcheck-py +whitelist_externals = find +commands = + find . -not -path '*/\.*' -name *.sh -exec shellcheck \{\} + [testenv:autopep8] deps = |