Publish WDL using a GitHub token & Docker

AlekseiLitkovetc · May 24, 2019 · f974b3a · f974b3a
1 parent 59ae51e
commit f974b3a
Show file tree

Hide file tree

Showing 7 changed files with 566 additions and 212 deletions.
diff --git a/core/src/main/resources/reference_local_provider_config.inc.conf b/core/src/main/resources/reference_local_provider_config.inc.conf
@@ -20,7 +20,7 @@ submit-docker = """
     -i \
     ${"--user " + docker_user} \
     --entrypoint ${job_shell} \
-    -v ${cwd}:${docker_cwd} \
+    -v ${cwd}:${docker_cwd}:delegated \
     ${docker} ${docker_script}
 
   # get the return code (working even if the container was detached)

diff --git a/publish/Dockerfile b/publish/Dockerfile
@@ -0,0 +1,7 @@
+# Alternatively instead of `FROM linuxbrew/brew` we could run all of the steps used to install brew in docker-setup.sh
+# https://github.com/Homebrew/brew/blob/0ff2afdfa8c5943a0e55d9bfe3cdb5d11da8342a/Dockerfile
+FROM linuxbrew/brew
+
+WORKDIR /cromwell-publish/
+COPY docker-setup.sh git-setup.sh ./
+RUN ./docker-setup.sh
diff --git a/publish/docker-build.sh b/publish/docker-build.sh
@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+# Builds and pushes the docker image used for publishing cromwell
+
+set -euo pipefail
+
+build_root="$( dirname "${BASH_SOURCE[0]}" )"
+docker build "${build_root}" -t broadinstitute/cromwell-publish
+docker push broadinstitute/cromwell-publish
diff --git a/publish/docker-setup.sh b/publish/docker-setup.sh
@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+
+# Installs required dependencies inside the docker image used for publishing cromwell
+
+set -eou pipefail
+
+apt-get update
+apt-get install \
+    apt-transport-https \
+    curl \
+    git \
+    gnupg \
+    openjdk-8-jdk \
+    -y --no-install-recommends
+
+# Install jq 1.6 to ensure --rawfile is supported
+curl -L https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 -o /usr/bin/jq
+chmod +x /usr/bin/jq
+
+# Install sbt via https://www.scala-sbt.org/1.0/docs/Installing-sbt-on-Linux.html
+echo "deb https://dl.bintray.com/sbt/debian /" | tee -a /etc/apt/sources.list.d/sbt.list
+apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 2EE0EA64E40A89B84B2DF73499E82A75642AC823
+apt-get update
+apt-get install sbt -y --no-install-recommends
+
+# Update sbt
+sbt sbtVersion
diff --git a/publish/git-setup.sh b/publish/git-setup.sh
@@ -0,0 +1,78 @@
+#!/usr/bin/env bash
+
+# Stores github credentials in a file
+# https://git-scm.com/book/en/v2/Git-Tools-Credential-Storage
+
+set -euo pipefail
+
+program="$(basename "$0")"
+
+usage () {
+    cat <<USAGE
+Usage: ${program} -t tokenFile -u user -e email [-n name] [-c credentialsFile]
+
+Options:
+    -t|--tokenFile <tokenFile>             : A file containing the GitHub token (required)
+    -u|--user <user>                       : The GitHub user name (required)
+    -e|--email <email>                     : The email used for commits (required)
+    -n|--name <name>                       : The full name used for commits (optional)
+    -c|--credentialsFile <credentialsFile> : The path to store the credentials (default ./githubCredentials)
+USAGE
+}
+
+credentialsFile="$PWD/githubCredentials"
+
+
+if ! OPTIONS=$(getopt -n "${program}" -o t:u:n:e:c: --long tokenFile:,user:,name:,email:,credentialsFile: -- "$@"); then
+    usage
+    exit 1
+fi
+
+eval set -- "${OPTIONS}"
+
+while [[ $# -gt 0 ]]
+do
+    case "$1" in
+        -t|--tokenFile       ) tokenFile="$2"; shift;;
+        -u|--user            ) user="$2"; shift;;
+        -e|--email           ) email="$2"; shift;;
+        -n|--name            ) name="$2"; shift;;
+        -c|--credentialsFile ) credentialsFile="$2"; shift;;
+        --                   ) ;;
+        *                    ) usage; exit 1;;
+    esac
+    shift
+done
+
+exit_error=1
+
+if [[ -z ${tokenFile:+x} ]]; then
+    echo "Error: Token file not specified" >&2
+    exit_error=0
+elif [[ ! -f "${tokenFile}" ]]; then
+    echo "Error: Token file does not exist" >&2
+    exit_error=0
+fi
+
+if [[ -z ${user:+x} ]]; then
+    echo "Error: User not specified" >&2
+    exit_error=0
+fi
+
+if [[ -z ${email:+x} ]]; then
+    echo "Error: Email not specified" >&2
+    exit_error=0
+fi
+
+if [[ ${exit_error} -eq 0 ]]; then
+    echo
+    usage
+    exit 1
+fi
+
+echo "https://${user}:$(cat "${tokenFile}")@github.com" > "${credentialsFile}"
+git config --global credential.helper "store --file ${credentialsFile}"
+git config --global user.email "${email}"
+if [[ -n ${name:+x} ]]; then
+    git config --global user.name "${name}"
+fi
diff --git a/publish/publish_inputs.json b/publish/publish_inputs.json
@@ -1,7 +1,6 @@
 {
-  "release_cromwell.githubToken": "<<GithubAPIToken (value, not path)>>",
-  "release_cromwell.organization": "<<broadinstitute for a real release, your github username if testing>>",
-  "release_cromwell.majorRelease": <<true for a major release, false for a minor release>>,
-  "release_cromwell.publishHomebrew": <<true for a major release, false for a minor release>>,
-  "release_cromwell.checkout_as_ssh": <<true for a 'git@' ssh-style checkout, false for an 'https:' style checkout>>
+  "publish_workflow.githubToken": "<<REQUIRED: GithubAPIToken (value, not path)>>",
+  "publish_workflow.organization": "<<REQUIRED: broadinstitute for a real release, your github username if testing>>",
+  "publish_workflow.majorRelease": <<OPTIONAL,: true for a major release, false for a minor release, default true>>,
+  "publish_workflow.publishHomebrew": <<OPTIONAL,: true to publish release to homebrew, false to skip, default true>>
 }