Merge pull request #22 from python-discord/revitalisation

Revitalisation

3 files changed, 182 insertions, 0 deletions

diff --git a/scripts/.profile b/scripts/.profile
new file mode 100644
index 0000000..bd46a17
--- /dev/null
+++ b/scripts/.profile
@@ -0,0 +1,32 @@
+nsjpy() {
+    local MEM_MAX=52428800
+
+    # All arguments except the last are considered to be for NsJail, not Python.
+    local nsj_args=""
+    while [ "$#" -gt 1 ]; do
+        nsj_args="${nsj_args:+${nsj_args} }$1"
+        shift
+    done
+
+    # Set up cgroups and disable memory swapping.
+    mkdir -p /sys/fs/cgroup/pids/NSJAIL
+    mkdir -p /sys/fs/cgroup/memory/NSJAIL
+    echo "${MEM_MAX}" > /sys/fs/cgroup/memory/NSJAIL/memory.limit_in_bytes
+    echo "${MEM_MAX}" > /sys/fs/cgroup/memory/NSJAIL/memory.memsw.limit_in_bytes
+
+    nsjail \
+        -Mo \
+        --rlimit_as 700 \
+        --chroot / \
+        -E LANG=en_US.UTF-8 \
+        -R/usr -R/lib -R/lib64 \
+        --user 65534 \
+        --group 65534 \
+        --time_limit 2 \
+        --disable_proc \
+        --iface_no_lo \
+        --cgroup_pids_max=1 \
+        --cgroup_mem_max="${MEM_MAX}" \
+        $nsj_args -- \
+        /snekbox/.venv/bin/python3 -Iq -c "$@"
+}
diff --git a/scripts/check_dockerfiles.sh b/scripts/check_dockerfiles.sh
new file mode 100755
index 0000000..c84c61f
--- /dev/null
+++ b/scripts/check_dockerfiles.sh
@@ -0,0 +1,86 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+exec 3>&1 # New file descriptor to stdout
+
+BASE_URL="https://dev.azure.com/\
+python-discord/${SYSTEM_TEAMPROJECTID}/_apis/build/builds?\
+queryOrder=finishTimeDescending&\
+resultFilter=succeeded&\
+\$top=1&\
+repositoryType=${BUILD_REPOSITORY_PROVIDER}&\
+repositoryId=${BUILD_REPOSITORY_NAME}&\
+api-version=5.0"
+
+get_build() {
+    set -e # Poor Ubuntu LTS doesn't have Bash 4.4's inherit_errexit
+
+    local branch="${1:?"get_build: argument 1 'branch' is unset"}"
+    local url="${BASE_URL}&branchName=${branch}"
+
+    printf '%s\n' "Retrieving the latest successful build using ${url}" >&3
+
+    local response
+    response="$(curl -sSL "${url}")"
+
+    if [[ -z "${response}" ]] \
+        || ! count="$(printf '%s' "${response}" | jq -re '.count')" \
+        || (( "${count}" < 1 ))
+    then
+        return 1
+    else
+        printf '%s' "${response}"
+    fi
+}
+
+# Get the previous commit
+if [[ "${BUILD_REASON}" = "PullRequest" ]]; then
+    if ! prev_commit="$(
+            get_build "${BUILD_SOURCEBRANCH}" \
+            | jq -re '.value[0].triggerInfo."pr.sourceSha"'
+        )"
+    then
+        echo \
+            "Could not retrieve the previous build's commit." \
+            "Falling back to the head of the target branch."
+
+        prev_commit="origin/${SYSTEM_PULLREQUEST_TARGETBRANCH}"
+    fi
+elif ! prev_commit="$(
+        get_build "${BUILD_SOURCEBRANCH}" \
+        | jq -re '.value[0].sourceVersion'
+    )"
+then
+    echo \
+        "No previous build was found." \
+        "Either the previous build is too old and was deleted" \
+        "or the branch was empty before this build." \
+        "All images will be built."
+    exit 0
+fi
+
+# Compare diffs
+head="$(git rev-parse HEAD)"
+printf '%s\n' "Comparing HEAD (${head}) against ${prev_commit}."
+
+if git diff --quiet "${prev_commit}" -- docker/base.Dockerfile; then
+    echo "No changes detected in docker/base.Dockerfile."
+    echo "##vso[task.setvariable variable=BASE_CHANGED;isOutput=true]False"
+else
+    # Always rebuild the venv if the base changes.
+    exit 0
+fi
+
+if git diff --quiet "${prev_commit}" -- docker/venv.Dockerfile Pipfile*; then
+    echo "No changes detected in docker/venv.Dockerfile or the Pipfiles."
+    echo "##vso[task.setvariable variable=VENV_CHANGED;isOutput=true]False"
+elif master_commit="$(
+        get_build "refs/heads/master" \
+        | jq -re '.value[0].sourceVersion'
+    )" \
+    && git diff --quiet "${master_commit}" -- docker/base.Dockerfile
+then
+    # Though base image hasn't changed, it's still needed to build the venv.
+    echo "Can pull base image from Docker Hub; no changes made since master."
+    echo "##vso[task.setvariable variable=BASE_PULL;isOutput=true]True"
+fi
diff --git a/scripts/dev.sh b/scripts/dev.sh
new file mode 100755
index 0000000..8f5b24f
--- /dev/null
+++ b/scripts/dev.sh
@@ -0,0 +1,64 @@
+#!/usr/bin/env sh
+
+# Sets up a development environment and runs a shell in a docker container.
+# Usage: dev.sh [--build [--clean]] [ash_args ...]
+
+if [ "$1" = "--build" ]; then
+    shift
+    printf "Building pythondiscord/snekbox-venv:dev..."
+
+    docker build \
+        -t pythondiscord/snekbox-venv:dev \
+        -f docker/venv.Dockerfile \
+        --build-arg DEV=1 \
+        -q \
+        . \
+        >/dev/null \
+    && printf " done!\n" || exit "$?"
+
+    if [ "$1" = "--clean" ]; then
+        shift
+        dangling_imgs=$(docker images -f "dangling=true" -q)
+
+        if [ -n "${dangling_imgs}" ]; then
+            printf "Removing dangling images..."
+
+            docker rmi $dangling_imgs >/dev/null \
+            && printf " done!\n" || exit "$?"
+        fi
+    fi
+fi
+
+# Keep the container up in the background so it doesn't have to be restarted
+# for the ownership fix.
+# The volume is mounted to same the path in the container as the source
+# directory on the host to ensure coverage can find the source files.
+docker run \
+    --tty \
+    --detach \
+    --name snekbox_test \
+    --privileged \
+    --network host \
+    --hostname pdsnk-dev \
+    -e PYTHONDONTWRITEBYTECODE=1 \
+    -e PIPENV_PIPFILE="/snekbox/Pipfile" \
+    -e ENV="${PWD}/scripts/.profile" \
+    --volume "${PWD}":"${PWD}" \
+    --workdir "${PWD}"\
+    --entrypoint /bin/ash \
+    pythondiscord/snekbox-venv:dev \
+    >/dev/null \
+
+# Execute the given command(s)
+docker exec -it snekbox_test /bin/ash "$@"
+
+# Fix ownership of coverage file
+# BusyBox doesn't support --reference for chown
+docker exec \
+    -it \
+    -e CWD="${PWD}" \
+    snekbox_test \
+    /bin/ash \
+    -c 'chown "$(stat -c "%u:%g" "${CWD}")" "${CWD}/.coverage"'
+
+docker rm -f snekbox_test >/dev/null # Stop and remove the container