README.md (9431B)
1 Cinderella CI 2 ============= 3 4 Build Status: ![Build Status according to Cinderella CI Build](http://cinderella.stefan-koch.name/cinderella.git/master.png) 5 6 Cinderella CI is a simple Continuous Integration solution for git repositories. 7 It is designed for people who do not want to work with big solutions like 8 Gitlab or Jenkins and probably also work with standard *bare* git repositories 9 (instead of Gitlab, gitea or similar). 10 11 Cinderella is a single binary that currently executes all builds directly 12 on the same machine. Positive: It ships as a single binary with dependencies 13 only to standard libraries like libc. It does not require Docker or similar. 14 Negative: Testing with a clean, bare OS is currently not in focus. It's 15 probably possible by starting up a fresh VM, copying cinderella onto it and 16 then executing it, but it's more effort on your side. 17 18 19 Usage 20 ----- 21 22 Cinderella expects a `.cinderella.toml` file with the CI configuration in the 23 root folder of your repository. When you execute Cinderella with the clone URL 24 of a git repository it will clone the URL into a temporary folder, search for 25 the CI configuration file and if available execute the build steps. 26 27 There is a sample hook in `hooks/post-update` which you can use in your remote 28 repository to execute Cinderella automatically each time you push to your 29 repository. 30 31 You can also manually execute Cinderella. To do so pass it the path to your 32 git repository and optionally the name of the branch you want to build: 33 34 ```bash 35 cinderella run https://github.com/aufziehvogel/Cinderella.git --branch master 36 ``` 37 38 You can also build a specific tag with: 39 40 ```bash 41 cinderella run https://github.com/aufziehvogel/Cinderella.git --tag 0.1.0 42 ``` 43 44 You can use a different path than `.cinderella.toml` for your CI configuration 45 file with the argument `-f` or `--file`. This argument is evaluated relatively 46 to the git work directory. If you want to use a CI configuration file local 47 to your shell directory use absolute paths. 48 49 ```bash 50 cinderella run https://github.com/aufziehvogel/Cinderella.git --file /home/user/cinderella-test.toml 51 ``` 52 53 54 Configuration Files 55 ------------------- 56 57 Cinderella uses two configuration files: 58 59 - **CI Configuration File**: The CI configuration file is usually called 60 `.cinderella.toml` and belongs to the project 61 that should be built. It defines under which circumstances Cinderella should 62 build the project (e.g. only tags, only specific branches) and which 63 commands the Cinderella engine has to execute to run the build. Without 64 this file, Cinderella will not run a build for the project. 65 - **Cinderella Configuration File**: The Cinderella configuration file belongs 66 to your Cinderella instance. It is usually called `config.toml` and is 67 located in the same folder as your Cinderella executable. It specifies 68 parameters that Cinderella needs to perform actions like sending e-mails, 69 writing output files or decrypting secrets. This file is optional. 70 71 72 CI Configuration Format 73 ----------------------- 74 75 The *CI configuration file* has to be saved to the root directory of your 76 repository as `.cinderella.toml`. 77 It is a TOML file with one table per build pipeline. 78 Common build pipelines are `test` or `build`. E.g. the following is a valid 79 configuration file executing a `test` phase and a `build-release` phase. 80 81 ```toml 82 [test] 83 commands = [ 84 "cargo test", 85 ] 86 87 [build-release] 88 commands = [ 89 "cargo build --release", 90 ] 91 ``` 92 93 All `commands` are executed as programs, i.e. no shell is involved. If you 94 want to execute one or multiple commands in a shell you have to call the 95 desired shell manually. 96 97 Pipelines are executed in the order in which they are defined. For the 98 given configuration file it is ensured that first `test` is being executed 99 followed by `build-release`. If an error occurs in any of the pipelines, 100 execution will be aborted and the following pipelines will not be executed. 101 102 ### Variables 103 104 You can use variables in the configuration file. All variables are denoted 105 with a percentage symbol (`%`) and will be replaced before the commands 106 are being sent to the shell. 107 Currently supported variables are: 108 109 - `%REFTYPE`: The type of reference that is built, `branch` or `tag` 110 - `%BRANCH`: The name of the branch that is built, if it is a branch 111 - `%TAG`: The name of the tag that is built, if it is a tag 112 113 ### Environment Variables 114 115 It is possible to use environment variables in your commands, e.g. 116 `commands = ["echo $HOME"]`. Cinderella will substitute them by their 117 values before the command gets sent to the operating system. 118 119 This is also true if you use `bash` or other shells in your commands list. 120 This means that in such cases the plaintext value of the environment 121 variable will be visible in your shell history. 122 123 ### Conditions 124 125 You can conditionally execute a pipeline with the `when` option, for example 126 to run a pipeline only for specific branches: 127 128 ```toml 129 [build-release] 130 commands = [ 131 "cargo build --release", 132 ] 133 when = "\"%BRANCH\" == \"master\"" 134 ``` 135 136 The condition will be executed with the Rust library 137 [evalexpr](https://docs.rs/evalexpr/5.0.5/evalexpr/index.html). 138 139 140 E-Mail Notification 141 ------------------- 142 143 You can send e-mail notifications on build failures. For this, create a file 144 called `config.toml` in the same directory as your Cinderella executable with 145 the following content (this file is called *Cinderella configuration file* 146 to distinguish it from the CI configuration file): 147 148 ```toml 149 [email] 150 to = "recipient@example.com" 151 from = "noreply@example.com" 152 server = "example.com" 153 user = "example" 154 password = "password" 155 ``` 156 157 If Cinderella finds a `config.toml` file with a table `email` it will enable 158 e-mail notifications. If you want to disable e-mail notifications again, 159 delete the table `email` from your Cinderella configuration file or delete 160 the whole Cinderella configuration file. 161 162 163 Encrypted Variables 164 ------------------- 165 166 **Warning:** I am not security expert and there has been no analysis regarding 167 the security of my implementation. I am using `sodiumoxide` internally, but 168 still I could do something wrong. If you want to use this feature on a public 169 repository, please review my implementation. I personally only use it for 170 internal repositories at the moment. If you find any vulnerabilities in my 171 implementation please tell me. 172 173 Sometimes a script needs to use credentials that you do not want to store in 174 a version control system in plaintext. For this use case, Cinderella supports 175 the storage of variables in an encrypted file. This file has to be 176 stored in `.cinderella/secrets`. 177 178 In plaintext create a TOML file `.cinderella/secrets.toml` that looks as 179 follows: 180 181 ```toml 182 USERNAME = "my-user" 183 PASSWORD = "my-secret" 184 ``` 185 186 Optionally, you can add the plaintext file to your `.gitignore`. 187 You can create an encrypted file `.cinderella/secrets` by running the 188 following command from your project's root directory: 189 190 ```bash 191 cinderella encrypt 192 ``` 193 194 After this step you may delete the `secrets.toml` if you want. 195 196 You can now use the variables in your build commands: 197 198 ```toml 199 [build-release] 200 commands = [ 201 ".cinderella/upload-to-ftp.sh %USERNAME %PASSWORD", 202 ] 203 ``` 204 205 To decrypt the encrypted file (and re-create `secrets.toml`) run: 206 207 ```bash 208 cinderella decrypt 209 ``` 210 211 The password you chose during encryption has to be set in the *Cinderella 212 configuration file* (this means that you have to use the same password for 213 all projects you test and build with Cinderella): 214 215 ```toml 216 [secrets] 217 password = "my-secret-for-decryption" 218 ``` 219 220 Of course, this means that an attacker on your server can decrypt all your 221 secrets. Secret encryption only ensures that credentials are not stored in your 222 repository in cleartext, but as soon as your server is compromised all your 223 credentials are compromised. 224 225 226 Badges 227 ------ 228 229 It's possible to generate build success/failure badges that can be displayed 230 on websites. To enable this feature add the following configuration: 231 232 ```toml 233 [dashboard] 234 folder = "/var/www/cinderella" 235 ``` 236 237 The build process will then write the badges into `folder`. Serving the data 238 via HTTP is your own responsibility, use any web server of your choice. 239 240 241 Open Points 242 ----------- 243 244 This is a list of open points that are subject to implementation: 245 246 - use virtual machines to execute unit tests, e.g. 247 [using qemu](https://stackoverflow.com/questions/3146013/qemu-guest-automation) 248 (a more high level abstraction like libvirt or vagrant would probably be 249 simpler, but I'd prefer low-level) 250 - add more system tests 251 - improve stability and error messages (sometimes I receive a rust crash 252 due to a failed expect/unwrap) 253 - keep a status of the last result per repository (to send *OK again* mails) 254 - allow cinderella to `run` with a non-git folder: Logic should be so that 255 user passes a URL or a path to `run` (same as now) and Cinderella checks 256 if this is a URL, a local git repository or a local folder without git and 257 then runs the correct `Source` and `WorkingCopy` 258 - introduce command shortcuts for commands that are often used but annoying 259 to write in their full form 260 - `"[bash] foo && bar"` for `"bash -c \"foo && bar\""` 261 - `"[python-venv env] pip install -r requirements.txt && ./foo"` for 262 `"bash -c \"source env/bin/activate && pip install -r requirements.txt && ./foo\""` 263 - send a mail with all compiler warnings? (or optionally to be 264 enabled/disabled in .cinderella.toml?); otherwise developers never see the 265 warnings