From 04c3d543e8fa90e453e4d685add930869494d839 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rn-Michael=20Miehe?= Date: Thu, 20 Oct 2022 12:39:28 +0200 Subject: [PATCH 1/6] WEBHOOK env variables (Dockerfile) --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index 802ae22..739d7d9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -101,6 +101,8 @@ ENV \ OPTIONS_CLEANUP="" \ OPTIONS_RMFULL="" \ OPTIONS_RMINCR="" \ + WEBHOOK_URL="" \ + WEBHOOK_INSECURE="" \ \ ############## # ENCRYPTION # From 3501b598b4ebfa8b995da06a9932fa8f9d46406a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rn-Michael=20Miehe?= Date: Thu, 20 Oct 2022 17:12:29 +0200 Subject: [PATCH 2/6] WEBHOOK_FAIL_URL --- Dockerfile | 2 ++ README.md | 3 +++ libexec/kiwi-backup/run_command | 36 ++++++++++++++++++++++----------- 3 files changed, 29 insertions(+), 12 deletions(-) diff --git a/Dockerfile b/Dockerfile index 739d7d9..d880a03 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,6 +9,7 @@ RUN set -ex; \ # duplicity software dependencies apk --no-cache add \ ca-certificates \ + curl \ gettext \ gnupg \ lftp \ @@ -102,6 +103,7 @@ ENV \ OPTIONS_RMFULL="" \ OPTIONS_RMINCR="" \ WEBHOOK_URL="" \ + WEBHOOK_FAIL_URL="" \ WEBHOOK_INSECURE="" \ \ ############## diff --git a/README.md b/README.md index 344c075..21dc5ab 100644 --- a/README.md +++ b/README.md @@ -166,6 +166,9 @@ backup: # Webhook to be pinged on action (use "%%MSG%%" as a placeholder for a message) WEBHOOK_URL: "" + # Webhook to be pinged on failed action (use "%%MSG%%" as a placeholder for a message) + WEBHOOK_FAIL_URL: "" + # Allow self-signed certificates on webhook target WEBHOOK_INSECURE: "0" ``` diff --git a/libexec/kiwi-backup/run_command b/libexec/kiwi-backup/run_command index ec65ec2..0fc659b 100755 --- a/libexec/kiwi-backup/run_command +++ b/libexec/kiwi-backup/run_command @@ -19,20 +19,32 @@ if [ -n "${GPG_PASSPHRASE}" ]; then unset GPG_PASSPHRASE fi -# run webhook -if [ -n "${WEBHOOK_URL}" ]; then - wget_args="" - if [ "${WEBHOOK_INSECURE}" = "1" ]; then - wget_args="--no-check-certificate" - fi +# run start webhook +curl_args="" +if [ "${WEBHOOK_INSECURE}" = "1" ]; then + curl_args="--insecure" +fi - WEBHOOK_URL="$(echo "${WEBHOOK_URL}" | sed "s,%%MSG%%,running%20task%20${*},g" )" - wget -O /dev/null ${wget_args} "${WEBHOOK_URL}" 1>/dev/null 2>/dev/null +if [ -n "${WEBHOOK_URL}" ]; then + webhook_url="$(echo "${WEBHOOK_URL}" | sed "s,%%MSG%%,running%20task%20${*},g" )" + curl ${curl_args} "${webhook_url}" 1>/dev/null 2>/dev/null fi # hand over set -ex -exec $( \ - "${this_dir}/build_command" \ - "${@}" \ -) +eval "$( \ + "${this_dir}/build_command" \ + "${@}" \ +)" +exit_code="${?}" + +# run finish webhook +if [ "${exit_code}" -eq "0" ] && [ -n "${WEBHOOK_URL}" ]; then + webhook_url="$(echo "${WEBHOOK_URL}" | sed "s,%%MSG%%,task%20${*}%20finished%20successfully,g" )" + curl ${curl_args} "${webhook_url}" 1>/dev/null 2>/dev/null + +elif [ "${exit_code}" -ne "0" ] && [ -n "${WEBHOOK_URL}" ]; then + webhook_fail_url="$(echo "${WEBHOOK_FAIL_URL:-${WEBHOOK_URL}}" | sed "s,%%MSG%%,task%20${*}%20finished%20with%20status%20${exit_code},g" )" + curl ${curl_args} "${webhook_fail_url}" 1>/dev/null 2>/dev/null + +fi From 6803211e4846a08f453694da0e3937dc426e7fec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rn-Michael=20Miehe?= <40151420+ldericher@users.noreply.github.com> Date: Thu, 20 Oct 2022 22:23:06 +0200 Subject: [PATCH 3/6] run_webhook function --- libexec/kiwi-backup/run_command | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/libexec/kiwi-backup/run_command b/libexec/kiwi-backup/run_command index 0fc659b..304e45a 100755 --- a/libexec/kiwi-backup/run_command +++ b/libexec/kiwi-backup/run_command @@ -19,6 +19,19 @@ if [ -n "${GPG_PASSPHRASE}" ]; then unset GPG_PASSPHRASE fi +run_webhook() { + _rw_webhook_url="${1}" + _rw_message="${2}" + + _rw_curl_args="" + if [ "${WEBHOOK_INSECURE}" = "1" ]; then + _rw_curl_args="--insecure" + fi + + _rw_webhook_url="$(echo "${_rw_webhook_url}" | sed "s,%%MSG%%,,g" )" + curl ${_rw_curl_args} "${_rw_webhook_url}" 1>/dev/null 2>/dev/null +} + # run start webhook curl_args="" if [ "${WEBHOOK_INSECURE}" = "1" ]; then From 58cf8b79f5a3d9ea0a947efe6749f865ec80753d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rn-Michael=20Miehe?= <40151420+ldericher@users.noreply.github.com> Date: Thu, 20 Oct 2022 22:59:56 +0200 Subject: [PATCH 4/6] most basic URL encoding; actually use run_webhook --- libexec/kiwi-backup/run_command | 33 +++++++++++++-------------------- 1 file changed, 13 insertions(+), 20 deletions(-) diff --git a/libexec/kiwi-backup/run_command b/libexec/kiwi-backup/run_command index 304e45a..78b5c21 100755 --- a/libexec/kiwi-backup/run_command +++ b/libexec/kiwi-backup/run_command @@ -19,29 +19,24 @@ if [ -n "${GPG_PASSPHRASE}" ]; then unset GPG_PASSPHRASE fi -run_webhook() { - _rw_webhook_url="${1}" - _rw_message="${2}" +run_webhook() { #url #message + if [ -z "${WEBHOOK_URL}" ]; then + return 1 + fi + + _rw_message="$(echo "${2}" | sed "s,\s,%20,g" )" + _rw_webhook_url="$(echo "${1}" | sed "s,%%MSG%%,${_rw_message},g" )" _rw_curl_args="" if [ "${WEBHOOK_INSECURE}" = "1" ]; then _rw_curl_args="--insecure" fi - _rw_webhook_url="$(echo "${_rw_webhook_url}" | sed "s,%%MSG%%,,g" )" curl ${_rw_curl_args} "${_rw_webhook_url}" 1>/dev/null 2>/dev/null } # run start webhook -curl_args="" -if [ "${WEBHOOK_INSECURE}" = "1" ]; then - curl_args="--insecure" -fi - -if [ -n "${WEBHOOK_URL}" ]; then - webhook_url="$(echo "${WEBHOOK_URL}" | sed "s,%%MSG%%,running%20task%20${*},g" )" - curl ${curl_args} "${webhook_url}" 1>/dev/null 2>/dev/null -fi +run_webhook "${WEBHOOK_URL}" "running task ${*}" # hand over set -ex @@ -49,15 +44,13 @@ eval "$( \ "${this_dir}/build_command" \ "${@}" \ )" -exit_code="${?}" +exit_status="${?}" # run finish webhook -if [ "${exit_code}" -eq "0" ] && [ -n "${WEBHOOK_URL}" ]; then - webhook_url="$(echo "${WEBHOOK_URL}" | sed "s,%%MSG%%,task%20${*}%20finished%20successfully,g" )" - curl ${curl_args} "${webhook_url}" 1>/dev/null 2>/dev/null +if [ "${exit_status}" -eq "0" ]; then + run_webhook "${WEBHOOK_URL}" "task ${*} successful" -elif [ "${exit_code}" -ne "0" ] && [ -n "${WEBHOOK_URL}" ]; then - webhook_fail_url="$(echo "${WEBHOOK_FAIL_URL:-${WEBHOOK_URL}}" | sed "s,%%MSG%%,task%20${*}%20finished%20with%20status%20${exit_code},g" )" - curl ${curl_args} "${webhook_fail_url}" 1>/dev/null 2>/dev/null +else + run_webhook "${WEBHOOK_FAIL_URL:-${WEBHOOK_URL}}" "task ${*} failed, status ${exit_status}" fi From 069287989f0dc86f90c3a321d4f86ef7e2348b42 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rn-Michael=20Miehe?= <40151420+ldericher@users.noreply.github.com> Date: Thu, 20 Oct 2022 23:00:27 +0200 Subject: [PATCH 5/6] move function to file top --- libexec/kiwi-backup/run_command | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/libexec/kiwi-backup/run_command b/libexec/kiwi-backup/run_command index 78b5c21..0586850 100755 --- a/libexec/kiwi-backup/run_command +++ b/libexec/kiwi-backup/run_command @@ -6,19 +6,6 @@ this_dir="${this_script%/*}" # files duplicity_secrets_file="/root/duplicity_secrets" -# load secrets file -if [ -f "${duplicity_secrets_file}" ]; then - # shellcheck disable=SC1090 - . "${duplicity_secrets_file}" -fi - -# handle more verbose "GPG_PASSPHRASE" env var -if [ -n "${GPG_PASSPHRASE}" ]; then - PASSPHRASE="${GPG_PASSPHRASE:-${PASSPHRASE}}" - export PASSPHRASE - unset GPG_PASSPHRASE -fi - run_webhook() { #url #message if [ -z "${WEBHOOK_URL}" ]; then return 1 @@ -35,6 +22,19 @@ run_webhook() { #url #message curl ${_rw_curl_args} "${_rw_webhook_url}" 1>/dev/null 2>/dev/null } +# load secrets file +if [ -f "${duplicity_secrets_file}" ]; then + # shellcheck disable=SC1090 + . "${duplicity_secrets_file}" +fi + +# handle more verbose "GPG_PASSPHRASE" env var +if [ -n "${GPG_PASSPHRASE}" ]; then + PASSPHRASE="${GPG_PASSPHRASE:-${PASSPHRASE}}" + export PASSPHRASE + unset GPG_PASSPHRASE +fi + # run start webhook run_webhook "${WEBHOOK_URL}" "running task ${*}" From 7cb6247bcdf23ebb9058529a2a3eae67731e968d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rn-Michael=20Miehe?= <40151420+ldericher@users.noreply.github.com> Date: Mon, 24 Oct 2022 01:30:25 +0200 Subject: [PATCH 6/6] run_webhook into own script --- libexec/kiwi-backup/run_command | 25 ++++++------------------- libexec/kiwi-backup/run_webhook | 18 ++++++++++++++++++ 2 files changed, 24 insertions(+), 19 deletions(-) create mode 100755 libexec/kiwi-backup/run_webhook diff --git a/libexec/kiwi-backup/run_command b/libexec/kiwi-backup/run_command index 0586850..120f91b 100755 --- a/libexec/kiwi-backup/run_command +++ b/libexec/kiwi-backup/run_command @@ -6,22 +6,6 @@ this_dir="${this_script%/*}" # files duplicity_secrets_file="/root/duplicity_secrets" -run_webhook() { #url #message - if [ -z "${WEBHOOK_URL}" ]; then - return 1 - fi - - _rw_message="$(echo "${2}" | sed "s,\s,%20,g" )" - _rw_webhook_url="$(echo "${1}" | sed "s,%%MSG%%,${_rw_message},g" )" - - _rw_curl_args="" - if [ "${WEBHOOK_INSECURE}" = "1" ]; then - _rw_curl_args="--insecure" - fi - - curl ${_rw_curl_args} "${_rw_webhook_url}" 1>/dev/null 2>/dev/null -} - # load secrets file if [ -f "${duplicity_secrets_file}" ]; then # shellcheck disable=SC1090 @@ -36,7 +20,8 @@ if [ -n "${GPG_PASSPHRASE}" ]; then fi # run start webhook -run_webhook "${WEBHOOK_URL}" "running task ${*}" +/usr/local/libexec/kiwi-cron/run_webhook \ + "${WEBHOOK_URL}" "running task ${*}" "${WEBHOOK_INSECURE}" # hand over set -ex @@ -48,9 +33,11 @@ exit_status="${?}" # run finish webhook if [ "${exit_status}" -eq "0" ]; then - run_webhook "${WEBHOOK_URL}" "task ${*} successful" + /usr/local/libexec/kiwi-cron/run_webhook \ + "${WEBHOOK_URL}" "task ${*} successful" "${WEBHOOK_INSECURE}" else - run_webhook "${WEBHOOK_FAIL_URL:-${WEBHOOK_URL}}" "task ${*} failed, status ${exit_status}" + /usr/local/libexec/kiwi-cron/run_webhook \ + "${WEBHOOK_FAIL_URL:-${WEBHOOK_URL}}" "task ${*} failed, status ${exit_status}" "${WEBHOOK_INSECURE}" fi diff --git a/libexec/kiwi-backup/run_webhook b/libexec/kiwi-backup/run_webhook new file mode 100755 index 0000000..0447046 --- /dev/null +++ b/libexec/kiwi-backup/run_webhook @@ -0,0 +1,18 @@ +#!/bin/sh + +message="$(echo "${2}" | sed "s,\s,%20,g" )" +webhook_url="$(echo "${1}" | sed "s,%%MSG%%,${message},g" )" +webhook_insecure="${3:-0}" + + +if [ -z "${webhook_url}" ]; then + return 1 +fi + + +curl_args="" +if [ "${webhook_insecure}" = "1" ]; then + curl_args="--insecure" +fi + +curl ${curl_args} "${webhook_url}" 1>/dev/null 2>/dev/null