github.com/ETCDEVTeam/janus@v0.2.4-0.20180611132348-f6c8fba730fa/README.md (about) 1 Janus is a tool for versioning and deploying builds to Google Cloud Provider (GCP) Storage from the CI 2 environment. 3 4 ## Install 5 6 #### CI System Requirements: 7 - [ ] __JSON GCP Service Account Key__, with access to GCP _Storage_ enabled. 8 - [ ] __CI environment variable `GCP_PASSWD`__ to be set if the key is encrypted. 9 - [ ] __openssl__ is required for key decryption. This is standard on Travis. AppVeyor may require that you add some extra things to your `PATH`, but you may not have to install anything extra. 10 - [ ] __gpg__ is required to verify the Janus binary. This is standard on Travis and AppVeyor. 11 - [ ] __gpg__ can also be used for key decryption (with symmetric cipher). This solution is more portable than `openssl` encryption. 12 - [ ] __rev__, __curl__, and a few other basic bash commands are required for the installer script. Standard on Travis, can be added to PATH for AppVeyor as per example below 13 14 #### Install Janus: 15 16 ##### Travis 17 ```shell 18 - curl -sL https://raw.githubusercontent.com/ETCDEVTeam/janus/master/get.sh | bash 19 - export PATH=./janusbin:$PATH 20 ``` 21 22 ##### AppVeyor 23 ```shell 24 - set PATH=C:\msys64\mingw64\bin;C:\msys64\usr\bin\;%PATH% 25 - curl -sL https://raw.githubusercontent.com/ETCDEVTeam/janus/master/get-windows.sh | bash 26 - set PATH=./janusbin;%PATH% 27 ``` 28 29 __Security note:__ The installer scripts `get.sh` and `get-windows.sh` will use GPG to verify the latest Janus release binary against 30 the signing GPG key downloaded from a [specific commit at ethereumproject/volunteer](https://raw.githubusercontent.com/ethereumproject/volunteer/7a78a94307d67a0b20e418568b7bccac83c3d143/Volunteer-Public-Keys/isaac.ardis%40gmail.com). 31 For an additional layer of security, you may use the provided installer script signatures (`./*.sig`) to verify the installer script itself before using Janus 32 to deploy from your CI build. For maximum security, use a locally tracked version of [the signing key](https://raw.githubusercontent.com/ethereumproject/volunteer/7a78a94307d67a0b20e418568b7bccac83c3d143/Volunteer-Public-Keys/isaac.ardis%40gmail.com) 33 in your own repo. Alternatively, you can mimic the installer script itself, and use `curl` to download the key from the specific commit as mentioned previously. The link is: 34 35 > https://raw.githubusercontent.com/ethereumproject/volunteer/7a78a94307d67a0b20e418568b7bccac83c3d143/Volunteer-Public-Keys/isaac.ardis%40gmail.com 36 37 In practice, this would look like: 38 ```yml 39 - curl -sLO https://raw.githubusercontent.com/ethereumproject/volunteer/7a78a94307d67a0b20e418568b7bccac83c3d143/Volunteer-Public-Keys/isaac.ardis%40gmail.com 40 - gpg --import isaac.ardis@gmail.com 41 - curl -sLO https://raw.githubusercontent.com/ETCDEVTeam/janus/master/get.sh 42 - curl -sLO https://raw.githubusercontent.com/ETCDEVTeam/janus/master/get.sh.sig 43 - gpg --verify get.sh.sig get.sh 44 - chmod +x get.sh 45 - bash get.sh 46 ``` 47 48 Note that if you implement this additional layer and the signing key changes, you'll need to update either your tracked version of the key or download link accordingly. 49 50 ## Usage 51 Janus has two subcommands: `deploy` and `version`. 52 53 #### Deploy 54 Janus can use an encrypted _or_ decrypted `.json` GCP service key file. In case of an _encrypted_ JSON key file, Janus will attempt to decrypt it using `openssl`, 55 and depends on an __environment variable `GCP_PASSWD`__ to be set. After successfully decrypting the key and deploying the files, Janus will automatically destroy (`rm`) the decrypted key from the CI. 56 57 | flag | example | description | 58 | --- | --- | --- | 59 | `-to` | `builds.etcdevteam.com/go-ethereum/v3.5.x/`| bucket, followed by 'directory' in which to hold the uploaded archive | 60 | `-files` | `./dist/*.zip` | file(s) to upload, can use relative or absolute path and/or wildcard globbing | 61 | `-key` | `./gcloud-travis.enc.json` | encrypted or decrypted JSON GCP service key file | 62 63 ```shell 64 $ janus deploy -to builds.etcdevteam.com/go-ethereum/v3.5.x/ -files ./dist/*.zip -key gcloud-service-encrypted-or-decrypted.json 65 > Deploying... 66 ``` 67 68 #### Version 69 `version` uses `git` subcommands to produce a 70 version number, as defined by `-format` 71 72 ```shell 73 $ janus version -format='v%M.%m.%P+%C-%S' 74 > v3.5.0+55-asdf123 75 ``` 76 77 `-format=value` takes the interpolated forms: 78 ```txt 79 %M, _M - major version 80 %m, _m - minor version 81 %P, _P - patch version 82 %B, _B - hybrid patch version: `(%P * 100) + %C` 83 %C, _C - commit count since last tag 84 %S, _S - HEAD sha1 (first 7 characters) 85 ``` 86 _Note_: you may use either `%M` or `_M` syntax to interpolate version variables, since escaping `%` in batch scripts is rather tricky. 87 88 So this: 89 90 | sed output (.txt) | format syntax | 91 | --- | --- | 92 | `version-base.txt` | `-format v%M.%m.x` | 93 | `version-app.txt` | `-format v%M.%m.%P+%C-%S` | 94 95 replaces this: 96 ```yml 97 - git describe --tags --always > version.txt 98 - sed -E 's/v([[:digit:]]+\.[[:digit:]]+)\.[[:digit:]]-([[:digit:]]+)-g([a-f0-9]+)/v\1.\2+\3/' version.txt > version-app.txt 99 - sed -E 's/v([[:digit:]]+\.[[:digit:]]+)\.[[:digit:]]-([[:digit:]]+).+/v\1.\2/' version.txt > version-only.txt 100 - sed -E 's/v([[:digit:]]+\.[[:digit:]]+)\.[[:digit:]]-([[:digit:]]+).+/v\1.x/' version.txt > version-base.txt 101 ``` 102 103 ## Examples and notes 104 Please visit the [/examples directory](./examples) to find example Travis and AppVeyor configuration files, deploy script, and service key. 105 106 ### Encrypting files 107 #### With OpenSSL 108 To encrypt file with `openssl` you should use following command: 109 ``` 110 openssl aes-256-cbc -e -in input_file.json -out output_file.json.enc 111 ``` 112 #### With GPG 113 To encrypt file with `gpg` you should use following command: 114 ``` 115 gpg --symmetric --cipher-algo AES-256 --output output_file.json.enc input_file.json 116 ``` 117 Different `--cipher-algo` may be used as well. 118 119 ### Gotchas 120 121 The same version of `openssl` should be used for file encryption and decryption. 122 123 ---- 124 125 If you use a `script` deploy for Travis, __ensure that the deploy script is executable__, eg. 126 ```yml 127 deploy: 128 skip_cleanup: true 129 provider: script 130 script: ./deploy.sh # <-- chmod +x 131 on: 132 branch: master 133 tags: true 134 ``` 135 136 ---- 137 138 An encrypted `GCP_PASSWD` _cannot_ be used between repos; __each GCP_PASSWD encryption should 139 be specific to a repo__. 140 141 For Appveyor and Travis there are two ways to establish environment 142 variables: 143 144 1. In the configuration file itself, eg. 145 146 ```bash 147 # Encrypt GCP_PASSWD for Travis 148 $ travis encrypt GCP_PASSWD=abcd 149 > MKhc0c07V1z75sGJuZl19lM2Mj5hIXuM5DxTI1hLxz0kfOel/TZSf4557ip5Mp0MRKkgXeTlP6bJQX3taVONVTT8ZFwj9m2gbiYYuOubx5mf17Fa2YwYmQ9G7HRmMvge6ypeI1uibyOv2fUNhIMeMLhuFTgkV1pw1R/oeXTD8U7TivgYTXy8/6iDf66NPpXWZNwJ0d5GfSybiT31gglubiC9ehnmDNIgDYRlO8vr7TdB9eTkX6gEiEhdvyLBu+ljLN2VznvTQoCsByq6yUPNSKDbTodcYXfugtWpksqnsSoinlGhVAMJE2jCT71gdeMHzIgo4xYxEB6GqfbnOot5knlgBmQo7tlPHD7gfCYfdB7WWKJW9lmUAGVwpWQup+rBLbuVhKvjgeevZy/5JkGghoiPh6Mw9txy/zmTS+QwlTA9m+blZcqAksNcT0TE68dGXxpvhzI+WDu3XjhQE31VWG7daw9QyZHlhkma2xCmM1zDHvpbiyPlTSAWQyUU2TgVOs4fIlMYbV/NSkB4zWz4TvhqJHv2AtFtXw9y+xoBgd2GidKR7YtAjjBOPjb+KmyZ470nwdmoe7tCZM6Y0FLlkeVjKRxS0sD2DOheZX/gzdsQt2L8XIzjCdcp2QhV1/h5WEQop9Lm1FO/bGco/2525l2ExR7AW8Phz7ot+/mpvQA= 150 ``` 151 152 ```yml 153 # .travis.yml 154 env: 155 global: 156 - secure: "MKhc0c07V1z75sGJuZl19lM2Mj5hIXuM5DxTI1hLxz0kfOel/TZSf4557ip5Mp0MRKkgXeTlP6bJQX3taVONVTT8ZFwj9m2gbiYYuOubx5mf17Fa2YwYmQ9G7HRmMvge6ypeI1uibyOv2fUNhIMeMLhuFTgkV1pw1R/oeXTD8U7TivgYTXy8/6iDf66NPpXWZNwJ0d5GfSybiT31gglubiC9ehnmDNIgDYRlO8vr7TdB9eTkX6gEiEhdvyLBu+ljLN2VznvTQoCsByq6yUPNSKDbTodcYXfugtWpksqnsSoinlGhVAMJE2jCT71gdeMHzIgo4xYxEB6GqfbnOot5knlgBmQo7tlPHD7gfCYfdB7WWKJW9lmUAGVwpWQup+rBLbuVhKvjgeevZy/5JkGghoiPh6Mw9txy/zmTS+QwlTA9m+blZcqAksNcT0TE68dGXxpvhzI+WDu3XjhQE31VWG7daw9QyZHlhkma2xCmM1zDHvpbiyPlTSAWQyUU2TgVOs4fIlMYbV/NSkB4zWz4TvhqJHv2AtFtXw9y+xoBgd2GidKR7YtAjjBOPjb+KmyZ470nwdmoe7tCZM6Y0FLlkeVjKRxS0sD2DOheZX/gzdsQt2L8XIzjCdcp2QhV1/h5WEQop9Lm1FO/bGco/2525l2ExR7AW8Phz7ot+/mpvQA=" 157 ``` 158 159 2. In the CI GUI under _Environment_ or _Settings_. In this case you should use 160 the _unencrypted_ password. Don't worry, it won't be visible in the logs. 161 162 In both cases, environment `GCP_PASSWD` will be now available for use. 163 164 ---- 165 166 > In ancient Roman religion and myth, Janus (/ˈdʒeɪnəs/; Latin: Iānus, pronounced [ˈjaː.nus]) is the god of beginnings, gates, transitions, time, duality, doorways,[1] passages, and endings. 167 - https://en.wikipedia.org/wiki/Janus