feat: proper running python script

.github/workflows/secret-scan.yml

@@ -25,7 +25,7 @@ jobs:
  # https://megalinter.io/configuration/
  VALIDATE_ALL_CODEBASE: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }}
  ENABLE: EDITORCONFIG
- FILTER_REGEX_EXCLUDE: (LICENSE|CODE_OF_CONDUCT\.md|.idea)
+ FILTER_REGEX_EXCLUDE: (LICENSE|CODE_OF_CONDUCT\.md|.idea|app.ini)
 
  trufflehog:
  name: Trufflehog

.gitignore

@@ -1,7 +1,7 @@
-### dotenv template
+### dotenv ###
 .env
 
-### JetBrains template
+### JetBrains ###
 # Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
 # Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
 
@@ -80,59 +80,74 @@ fabric.properties
 # Android studio 3.1+ serialized cache file
 .idea/caches/build_file_checksums.ser
 
-### Linux template
-*~
+### JetBrains Patch ###
+# Comment Reason: https://github.com/joeblau/gitignore.io/issues/186#issuecomment-215987721
 
-# temporary files which can be created if a process still has a handle open of a deleted file
-.fuse_hidden*
-
-# KDE directory preferences
-.directory
-
-# Linux trash folder which might appear on any partition or disk
-.Trash-*
-
-# .nfs files are created when an open file is removed but is still being accessed
-.nfs*
-
-### Backup template
-*.bak
-*.gho
-*.ori
-*.orig
-*.tmp
-
-### Ansible template
-*.retry
-
-### Vim template
-# Swap
-[._]*.s[a-v][a-z]
-!*.svg # comment out if you don't need vector files
-[._]*.sw[a-p]
-[._]s[a-rt-v][a-z]
-[._]ss[a-gi-z]
-[._]sw[a-p]
-
-# Session
-Session.vim
-Sessionx.vim
-
-# Temporary
-.netrwhist
-*~
-# Auto-generated tag files
-tags
-# Persistent undo
-[._]*.un~
-
-### Pulumi template
-# Ignore temp build directory for Pulumi
-# Info: https://www.pulumi.com/docs/
-
-.pulumi/
+# *.iml
+# modules.xml
+# .idea/misc.xml
+# *.ipr
 
-### Python template
+# Sonarlint plugin
+# https://plugins.jetbrains.com/plugin/7973-sonarlint
+.idea/**/sonarlint/
+
+# SonarQube Plugin
+# https://plugins.jetbrains.com/plugin/7238-sonarqube-community-plugin
+.idea/**/sonarIssues.xml
+
+# Markdown Navigator plugin
+# https://plugins.jetbrains.com/plugin/7896-markdown-navigator-enhanced
+.idea/**/markdown-navigator.xml
+.idea/**/markdown-navigator-enh.xml
+.idea/**/markdown-navigator/
+
+# Cache file creation bug
+# See https://youtrack.jetbrains.com/issue/JBR-2257
+.idea/$CACHE_FILE$
+
+# CodeStream plugin
+# https://plugins.jetbrains.com/plugin/12206-codestream
+.idea/codestream.xml
+
+# Azure Toolkit for IntelliJ plugin
+# https://plugins.jetbrains.com/plugin/8053-azure-toolkit-for-intellij
+.idea/**/azureSettings.xml
+
+### macOS ###
+# General
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+### macOS Patch ###
+# iCloud generated files
+*.icloud
+
+### Python ###
 # Byte-compiled / optimized / DLL files
 __pycache__/
 *.py[cod]
@@ -255,7 +270,6 @@ celerybeat.pid
 *.sage.py
 
 # Environments
-.env
 .venv
 env/
 venv/
@@ -294,3 +308,31 @@ cython_debug/
 # option (not recommended) you can uncomment the following to ignore the entire idea folder.
 #.idea/
 
+### Python Patch ###
+# Poetry local configuration file - https://python-poetry.org/docs/configuration/#local-configuration
+poetry.toml
+
+# ruff
+.ruff_cache/
+
+# LSP config files
+pyrightconfig.json
+
+### VisualStudioCode ###
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+!.vscode/*.code-snippets
+
+# Local History for Visual Studio Code
+.history/
+
+# Built Visual Studio Code Extensions
+*.vsix
+
+### VisualStudioCode Patch ###
+# Ignore all local history of files
+.history
+.ionide

requirements.txt

@@ -0,0 +1,9 @@
+bcrypt==4.1.2
+certifi==2024.2.2
+cffi==1.16.0
+cryptography==42.0.5
+paramiko==3.4.0
+pycparser==2.22
+PyNaCl==1.5.0
+sentry-sdk==1.44.0
+urllib3==2.2.1

setup.py

@@ -1,4 +1,15 @@
-SERVICE_MAPPING = {
+import platform
+import subprocess
+import time
+import sys
+import os
+from pathlib import Path
+from paramiko.client import SSHClient
+from paramiko.config import SSHConfig
+import sentry_sdk
+
+
+SERVICE_MAPPING: dict[str, list[str]] = {
  "tanzanite.gems.teknologiumum.com": [
  "traefik",
  "bot",
@@ -31,7 +42,71 @@
  ],
 }
 
+SUDO_PASSWORD: dict[str, str] = {
+ "tanzanite.gems.teknologiumum.com": os.getenv("TANZANITE_SUDO_PASSWORD", ""),
+ "painite.gems.teknologiumum.com": os.getenv("PAINITE_SUDO_PASSWORD", ""),
+ "hibonite.gems.teknologiumum.com": os.getenv("HIBONITE_SUDO_PASSWORD", ""),
+}
+
+def ping(host: str) -> bool:
+ """
+ Returns True if host (str) responds to a ping request.
+ Remember that a host may not respond to a ping (ICMP) request even if the host name is valid.
+ """
+
+ # Option for the number of packets as a function of
+ param = '-n' if platform.system().lower()=='windows' else '-c'
+
+ # Building the command. Ex: "ping -c 1 google.com"
+ command = ['ping', param, '1', host]
+
+ return subprocess.call(command) == 0
+
+
 if __name__ == "__main__":
+ sentry_sdk.init(dsn=os.getenv("SENTRY_DSN"))
+
  for server, containers in SERVICE_MAPPING.items():
- # SSH to server
- # Copy directory with rsync
+ # Check if server is available
+ for i in range(10):
+ server_up = ping(server)
+ if server_up:
+ break
+ else:
+ if i + 1 == 10:
+ # We've waited too long
+ print(f"Waited too long while trying to reach for {server}")
+ exit(4200)
+
+ # Wait for 10 seconds before the next ping
+ print("Retrying in 10 seconds")
+ time.sleep(10)
+ continue
+
+ for container in containers:
+ # Copy directory to destination
+ subprocess.call(f"rsync -avz --progress {container} {server}:{container}".split(" "), stdout=sys.stdout, stderr=sys.stderr)
+
+ ssh_config = SSHConfig.from_path(f"{Path.home()}/.ssh/config")
+ server_config = ssh_config.lookup(server)
+
+ with SSHClient() as client:
+ client.load_system_host_keys(f"{Path.home()}/.ssh/known_hosts")
+ client.connect(hostname=server_config.get("hostname"), 
+ port=server_config.as_int("port"), 
+ username=server_config.get("user"),
+ key_filename=server_config.get("identityfile"))
+
+ for container in containers:
+ print(f"Running commands for {container} on {server}")
+ _, o1, e1 = client.exec_command(f"echo '{SUDO_PASSWORD[server]}' | sudo -S bash -c 'cd {container}; if [ -f \"setup.sh\" ]; then\n sudo ./setup.sh\nfi'")
+ for c in iter(lambda: o1.read(1), b""):
+ sys.stdout.buffer.write(c)
+ for c in iter(lambda: e1.read(1), b""):
+ sys.stderr.buffer.write(c)
+
+ _, o2, e2 = client.exec_command(f"echo '{SUDO_PASSWORD[server]}' | sudo -S bash -c 'cd {container}; docker compose up -d'")
+ for c in iter(lambda: o2.read(1), b""):
+ sys.stdout.buffer.write(c)
+ for c in iter(lambda: e2.read(1), b""):
+ sys.stderr.buffer.write(c)