github.com/ETCDEVTeam/janus@v0.2.4-0.20180611132348-f6c8fba730fa/README.md

github.com/ETCDEVTeam/janus@v0.2.4-0.20180611132348-f6c8fba730fa/README.md (about)

     1  Janus is a tool for versioning and deploying builds to Google Cloud Provider (GCP) Storage from the CI
     2  environment.
     3  
     4  ## Install
     5  
     6  #### CI System Requirements:
     7  - [ ] __JSON GCP Service Account Key__, with access to GCP _Storage_ enabled.
     8  - [ ] __CI environment variable `GCP_PASSWD`__ to be set if the key is encrypted.
     9  - [ ] __openssl__ is required for key decryption. This is standard on Travis. AppVeyor may require that you add some extra things to your `PATH`, but you may not have to install anything extra.
    10  - [ ] __gpg__ is required to verify the Janus binary. This is standard on Travis and AppVeyor.
    11  - [ ] __gpg__ can also be used for key decryption (with symmetric cipher). This solution is more portable than `openssl` encryption.
    12  - [ ] __rev__, __curl__, and a few other basic bash commands are required for the installer script. Standard on Travis, can be added to PATH for AppVeyor as per example below
    13  
    14  #### Install Janus:
    15  
    16  ##### Travis
    17  ```shell
    18  - curl -sL https://raw.githubusercontent.com/ETCDEVTeam/janus/master/get.sh | bash
    19  - export PATH=./janusbin:$PATH
    20  ```
    21  
    22  ##### AppVeyor
    23  ```shell
    24  - set PATH=C:\msys64\mingw64\bin;C:\msys64\usr\bin\;%PATH%
    25  - curl -sL https://raw.githubusercontent.com/ETCDEVTeam/janus/master/get-windows.sh | bash
    26  - set PATH=./janusbin;%PATH%
    27  ```
    28  
    29  __Security note:__ The installer scripts `get.sh` and `get-windows.sh` will use GPG to verify the latest Janus release binary against
    30  the signing GPG key downloaded from a [specific commit at ethereumproject/volunteer](https://raw.githubusercontent.com/ethereumproject/volunteer/7a78a94307d67a0b20e418568b7bccac83c3d143/Volunteer-Public-Keys/isaac.ardis%40gmail.com).
    31  For an additional layer of security, you may use the provided installer script signatures (`./*.sig`) to verify the installer script itself before using Janus
    32  to deploy from your CI build. For maximum security, use a locally tracked version of [the signing key](https://raw.githubusercontent.com/ethereumproject/volunteer/7a78a94307d67a0b20e418568b7bccac83c3d143/Volunteer-Public-Keys/isaac.ardis%40gmail.com)
    33  in your own repo. Alternatively, you can mimic the installer script itself, and use `curl` to download the key from the specific commit as mentioned previously. The link is:
    34  
    35  > https://raw.githubusercontent.com/ethereumproject/volunteer/7a78a94307d67a0b20e418568b7bccac83c3d143/Volunteer-Public-Keys/isaac.ardis%40gmail.com
    36  
    37  In practice, this would look like:
    38  ```yml
    39   - curl -sLO https://raw.githubusercontent.com/ethereumproject/volunteer/7a78a94307d67a0b20e418568b7bccac83c3d143/Volunteer-Public-Keys/isaac.ardis%40gmail.com
    40   - gpg --import isaac.ardis@gmail.com
    41   - curl -sLO https://raw.githubusercontent.com/ETCDEVTeam/janus/master/get.sh
    42   - curl -sLO https://raw.githubusercontent.com/ETCDEVTeam/janus/master/get.sh.sig
    43   - gpg --verify get.sh.sig get.sh
    44   - chmod +x get.sh
    45   - bash get.sh
    46  ```
    47  
    48  Note that if you implement this additional layer and the signing key changes, you'll need to update either your tracked version of the key or download link accordingly.
    49  
    50  ## Usage
    51  Janus has two subcommands: `deploy` and `version`.
    52  
    53  #### Deploy
    54  Janus can use an encrypted _or_ decrypted `.json` GCP service key file. In case of an _encrypted_ JSON key file, Janus will attempt to decrypt it using `openssl`,
    55  and depends on an __environment variable `GCP_PASSWD`__ to be set. After successfully decrypting the key and deploying the files, Janus will automatically destroy (`rm`) the decrypted key from the CI.
    56  
    57  | flag | example | description |
    58  | --- | --- | --- |
    59  | `-to` | `builds.etcdevteam.com/go-ethereum/v3.5.x/`| bucket, followed by 'directory' in which to hold the uploaded archive |
    60  | `-files` | `./dist/*.zip` | file(s) to upload, can use relative or absolute path and/or wildcard globbing |
    61  | `-key` | `./gcloud-travis.enc.json` | encrypted or decrypted JSON GCP service key file |
    62  
    63  ```shell
    64  $ janus deploy -to builds.etcdevteam.com/go-ethereum/v3.5.x/ -files ./dist/*.zip -key gcloud-service-encrypted-or-decrypted.json
    65  > Deploying...
    66  ```
    67  
    68  #### Version
    69  `version` uses `git` subcommands to produce a
    70  version number, as defined by `-format`
    71  
    72  ```shell
    73  $ janus version -format='v%M.%m.%P+%C-%S'
    74  > v3.5.0+55-asdf123
    75  ```
    76  
    77  `-format=value` takes the interpolated forms:
    78  ```txt
    79  %M, _M - major version
    80  %m, _m - minor version
    81  %P, _P - patch version
    82  %B, _B - hybrid patch version: `(%P * 100) + %C`
    83  %C, _C - commit count since last tag
    84  %S, _S - HEAD sha1 (first 7 characters)
    85  ```
    86  _Note_: you may use either `%M` or `_M` syntax to interpolate version variables, since escaping `%` in batch scripts is rather tricky.
    87  
    88  So this:
    89  
    90  | sed output (.txt) | format syntax |
    91  | --- | --- |
    92  | `version-base.txt` | `-format v%M.%m.x` |
    93  | `version-app.txt` | `-format v%M.%m.%P+%C-%S` |
    94  
    95  replaces this:
    96  ```yml
    97  - git describe --tags --always > version.txt
    98  - sed -E 's/v([[:digit:]]+\.[[:digit:]]+)\.[[:digit:]]-([[:digit:]]+)-g([a-f0-9]+)/v\1.\2+\3/' version.txt > version-app.txt
    99  - sed -E 's/v([[:digit:]]+\.[[:digit:]]+)\.[[:digit:]]-([[:digit:]]+).+/v\1.\2/' version.txt > version-only.txt
   100  - sed -E 's/v([[:digit:]]+\.[[:digit:]]+)\.[[:digit:]]-([[:digit:]]+).+/v\1.x/' version.txt > version-base.txt
   101  ```
   102  
   103  ## Examples and notes
   104  Please visit the [/examples directory](./examples) to find example Travis and AppVeyor configuration files, deploy script, and service key.
   105  
   106  ### Encrypting files
   107  #### With OpenSSL
   108  To encrypt file with `openssl` you should use following command:
   109  ```
   110  openssl aes-256-cbc -e -in input_file.json -out output_file.json.enc
   111  ```
   112  #### With GPG
   113  To encrypt file with `gpg` you should use following command:
   114  ```
   115  gpg --symmetric --cipher-algo AES-256 --output output_file.json.enc input_file.json
   116  ```
   117  Different `--cipher-algo` may be used as well.
   118  
   119  ### Gotchas
   120  
   121  The same version of `openssl` should be used for file encryption and decryption.
   122  
   123  ----
   124  
   125  If you use a `script` deploy for Travis, __ensure that the deploy script is executable__, eg.
   126  ```yml
   127  deploy:
   128    skip_cleanup: true
   129    provider: script
   130    script: ./deploy.sh # <-- chmod +x
   131    on:
   132      branch: master
   133    tags: true
   134  ```
   135  
   136  ----
   137  
   138  An encrypted `GCP_PASSWD` _cannot_ be used between repos; __each GCP_PASSWD encryption should
   139  be specific to a repo__.
   140  
   141  For Appveyor and Travis there are two ways to establish environment
   142  variables:
   143  
   144  1. In the configuration file itself, eg.
   145  
   146  ```bash
   147  # Encrypt GCP_PASSWD for Travis
   148  $ travis encrypt GCP_PASSWD=abcd
   149  > MKhc0c07V1z75sGJuZl19lM2Mj5hIXuM5DxTI1hLxz0kfOel/TZSf4557ip5Mp0MRKkgXeTlP6bJQX3taVONVTT8ZFwj9m2gbiYYuOubx5mf17Fa2YwYmQ9G7HRmMvge6ypeI1uibyOv2fUNhIMeMLhuFTgkV1pw1R/oeXTD8U7TivgYTXy8/6iDf66NPpXWZNwJ0d5GfSybiT31gglubiC9ehnmDNIgDYRlO8vr7TdB9eTkX6gEiEhdvyLBu+ljLN2VznvTQoCsByq6yUPNSKDbTodcYXfugtWpksqnsSoinlGhVAMJE2jCT71gdeMHzIgo4xYxEB6GqfbnOot5knlgBmQo7tlPHD7gfCYfdB7WWKJW9lmUAGVwpWQup+rBLbuVhKvjgeevZy/5JkGghoiPh6Mw9txy/zmTS+QwlTA9m+blZcqAksNcT0TE68dGXxpvhzI+WDu3XjhQE31VWG7daw9QyZHlhkma2xCmM1zDHvpbiyPlTSAWQyUU2TgVOs4fIlMYbV/NSkB4zWz4TvhqJHv2AtFtXw9y+xoBgd2GidKR7YtAjjBOPjb+KmyZ470nwdmoe7tCZM6Y0FLlkeVjKRxS0sD2DOheZX/gzdsQt2L8XIzjCdcp2QhV1/h5WEQop9Lm1FO/bGco/2525l2ExR7AW8Phz7ot+/mpvQA=
   150  ```
   151  
   152  ```yml
   153  # .travis.yml
   154  env:
   155    global:
   156      - secure: "MKhc0c07V1z75sGJuZl19lM2Mj5hIXuM5DxTI1hLxz0kfOel/TZSf4557ip5Mp0MRKkgXeTlP6bJQX3taVONVTT8ZFwj9m2gbiYYuOubx5mf17Fa2YwYmQ9G7HRmMvge6ypeI1uibyOv2fUNhIMeMLhuFTgkV1pw1R/oeXTD8U7TivgYTXy8/6iDf66NPpXWZNwJ0d5GfSybiT31gglubiC9ehnmDNIgDYRlO8vr7TdB9eTkX6gEiEhdvyLBu+ljLN2VznvTQoCsByq6yUPNSKDbTodcYXfugtWpksqnsSoinlGhVAMJE2jCT71gdeMHzIgo4xYxEB6GqfbnOot5knlgBmQo7tlPHD7gfCYfdB7WWKJW9lmUAGVwpWQup+rBLbuVhKvjgeevZy/5JkGghoiPh6Mw9txy/zmTS+QwlTA9m+blZcqAksNcT0TE68dGXxpvhzI+WDu3XjhQE31VWG7daw9QyZHlhkma2xCmM1zDHvpbiyPlTSAWQyUU2TgVOs4fIlMYbV/NSkB4zWz4TvhqJHv2AtFtXw9y+xoBgd2GidKR7YtAjjBOPjb+KmyZ470nwdmoe7tCZM6Y0FLlkeVjKRxS0sD2DOheZX/gzdsQt2L8XIzjCdcp2QhV1/h5WEQop9Lm1FO/bGco/2525l2ExR7AW8Phz7ot+/mpvQA="
   157  ```
   158  
   159  2. In the CI GUI under _Environment_ or _Settings_. In this case you should use
   160  the _unencrypted_ password. Don't worry, it won't be visible in the logs.
   161  
   162  In both cases, environment `GCP_PASSWD` will be now available for use.
   163  
   164  ----
   165  
   166  > In ancient Roman religion and myth, Janus (/ˈdʒeɪnəs/; Latin: Iānus, pronounced [ˈjaː.nus]) is the god of beginnings, gates, transitions, time, duality, doorways,[1] passages, and endings.
   167  - https://en.wikipedia.org/wiki/Janus