Initial commit

Author: fyhertz

.circleci/config.yml

@@ -0,0 +1,69 @@
+version: 2.1
+orbs:
+  codecov: codecov/[email protected]
+
+jobs:
+  test:
+    working_directory: ~/repo
+    parameters:
+      python-version:
+        type: string
+    docker:
+      - image: cimg/python:<< parameters.python-version >>
+    steps:
+      - checkout
+      - restore_cache:
+          keys:
+            - venv-<< parameters.python-version >>-{{ checksum "poetry.lock" }}
+      - run:
+          name: Install Dependencies
+          command: |
+            pip install poetry --user --upgrade
+            poetry config virtualenvs.in-project true
+            poetry install
+      - run:
+          name: Create Test Results Dir
+          command: mkdir -p test-reports/safety test-reports/mypy test-reports/pytest
+
+      - run:
+          name: Black
+          command: poetry run black . --check
+
+      - run:
+          name: isort
+          command: poetry run isort . --check
+
+      - run:
+          name: Safety
+          command: poetry export -f requirements.txt | poetry run safety check --stdin
+
+      - run:
+          name: mypy
+          command: poetry run mypy src --junit-xml=test-reports/mypy/results.xml
+
+      - run:
+          name: Unit Tests
+          command: |
+            poetry run pytest --junitxml=test-reports/pytest/results.xml --cov=src tests
+            poetry run coverage xml
+      - codecov/upload:
+          file: coverage.xml
+
+      - store_test_results:
+          path: test-reports
+
+      - run:
+          command: poetry run pip uninstall debops -y
+          name: Uninstall Package
+      - save_cache:
+          key: venv-<< parameters.python-version >>-{{ checksum "poetry.lock" }}
+          paths:
+            - ./.venv
+
+workflows:
+  tests:
+    jobs:
+      - test:
+          matrix:
+            parameters:
+              python-version: ["3.8"]

.flake8

@@ -0,0 +1,2 @@
+[flake8]
+max-line-length = 90

.gitignore

@@ -0,0 +1,118 @@
+output/*
+
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+pip-wheel-metadata/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+.hypothesis/
+.pytest_cache/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+.python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don’t work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# celery beat schedule file
+celerybeat-schedule
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# Pycharm
+.idea

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020 Upciti
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,98 @@
+# debops
+
+Are you tired of checking if your favorite devops tools are up-to-date? Are you using a debian based GNU/Linux distribution? 
+Debops is designed to generate Debian packages for common devops tools such as kubectl, kustomize, helm, ...,
+but it could be used to package any statically linked application. In short, it consumes a configuration file and outputs `.deb` packages.
+
+## Configuration file
+
+Written in YAML and composed of a list of package blueprints. A blueprint is defined by the following:
+
+
+| Field         | Meaning                                                                                        | Default      |
+| ------------- | ---------------------------------------------------------------------------------------------- | ------------ |
+| `name`        | Component name, e.g. `kustomize`                                                               |              | 
+| `version`     | Application release to package                                                                 |              |
+| `arch`        | Package architecture                                                                           | `amd64`      |
+| `revision`    | Package revistion                                                                              | `1`          |
+| `summary`     | Package short description                                                                      |              |
+| `description` | Package full description                                                                       | `Null`       |
+| `fetch`       | A binary to download, and a `sha256` checksum. `tar.gz` archives are extracted automatically   |              |
+| `script`      | A list of build instructions templated with jinja2 and intepreted with the default `shell`     |              |
+
+Example: 
+
+```yaml
+- name: kubectl
+  version: 1.20.1
+  summary: Command line client for controlling a Kubernetes cluster
+  description: |
+    kubectl is a command line client for running commands against Kubernetes clusters.
+  fetch:
+    url: https://storage.googleapis.com/kubernetes-release/release/v{{version}}/bin/linux/amd64/kubectl
+    sha256: 3f4b52a8072013e4cd34c9ea07e3c0c4e0350b227e00507fb1ae44a9adbf6785
+  script:
+    - mv kubectl {{src}}/usr/bin/
+```
+
+## Dependencies
+
+* Python >= 3.8
+* To build debian packages with `debops build` you need the following packages on your host:
+
+```shell
+sudo apt install build-essential fakeroot devscripts
+```
+
+## Usage example
+
+Install `debops` in a virtualenv or with [pipx](https://github.com/pipxproject/pipx)
+
+```shell
+pipx install debops
+```
+
+Then, in a test directory run:
+
+```shell
+curl https://raw.githubusercontent.com/upciti/debops/main/debops.yml
+debops generate
+debops build
+```
+
+To check for new releases run:
+
+```shell
+debops update
+```
+
+`debops` uses temp directories to cache downloaded binaries and to run build instructions:
+
+```shell
+tree /tmp/debops_*
+```
+
+The cache can be flushed with:
+```shell
+debops purge
+```
+
+## Development
+
+You will need [poetry](https://python-poetry.org/)
+
+```shell
+poetry install
+poetry run task check
+```
+
+## Important notes
+
+`debops` **DOES NOT** sandbox build instructions so if you do something like:
+
+```shell
+script:
+- rm -rf ~/*
+```
+
+You will loose your files... To make sure that you won't mess with your system, run it within a container.

debops.yml

@@ -0,0 +1,82 @@
+- name: kubectl
+  version: 1.20.1
+  summary: Command line client for controlling a Kubernetes cluster
+  description: |
+    kubectl is a command line client for running commands against Kubernetes clusters.
+  fetch:
+    url: https://storage.googleapis.com/kubernetes-release/release/v{{version}}/bin/linux/amd64/kubectl
+    sha256: 3f4b52a8072013e4cd34c9ea07e3c0c4e0350b227e00507fb1ae44a9adbf6785
+  script:
+    - mv kubectl {{src}}/usr/bin/
+
+- name: kustomize
+  version: 3.8.8
+  depends:
+    - kubectl
+  summary: Kubernetes native configuration management
+  description: |
+    kustomize lets you customize raw, template-free YAML files for multiple purposes,
+    leaving the original YAML untouched and usable as is.
+    kustomize targets kubernetes; it understands and can patch kubernetes style API objects.
+    It's like make, in that what it does is declared in a file,
+    and it's like sed, in that it emits edited text.
+  fetch:
+    url: https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v{{version}}/kustomize_v{{version}}_linux_amd64.tar.gz
+    sha256: 175938206f23956ec18dac3da0816ea5b5b485a8493a839da278faac82e3c303
+  script:
+    - mv kustomize {{src}}/usr/bin/
+
+- name: helm
+  version: 3.4.2
+  depends:
+    - kubectl
+  summary: The Kubernetes package manager
+  description: |
+    Tool for managing Kubernetes charts.
+    Charts are packages of pre-configured Kubernetes resources.
+  fetch:
+    url: https://get.helm.sh/helm-v{{version}}-linux-amd64.tar.gz
+    sha256: cacde7768420dd41111a4630e047c231afa01f67e49cc0c6429563e024da4b98
+  script:
+    - mv linux-amd64/helm {{src}}/usr/bin/
+
+- name: istioctl
+  version: 1.6.13
+  depends:
+    - kubectl
+  summary: Istio service mesh CLI
+  description: Istio is an open platform to connect, manage, and secure microservices.
+  fetch:
+    url: https://github.com/istio/istio/releases/download/{{version}}/istio-{{version}}-linux-amd64.tar.gz
+    sha256: 34ee63458f2cb65d8e0b9a2d67f386f13eb1c8c8456f72a02f389380d86bb2f4
+  script:
+    - install -d {{src}}/opt/istio
+    - mv * {{src}}/opt/istio/
+    - ln -s /opt/istio/istio-{{version}}/bin/istioctl {{src}}/usr/bin/istioctl
+
+- name: kubeseal
+  version: 0.13.1
+  summary: Secret management solution for k8s
+  description: Encrypt your Secret into a SealedSecret, which is safe to store - even to a public repository.
+  fetch:
+    url: https://github.com/bitnami-labs/sealed-secrets/releases/download/v{{version}}/kubeseal-linux-amd64
+    sha256: e6f2f5a8c22124a055c1b6bdbee7936c5b92bc44105a92441d86595b22d71604
+  script:
+    - install -m 755 kubeseal-linux-amd64 {{src}}/usr/bin/kubeseal
+
+- name: helmfile
+  version: 0.135.0
+  depends:
+    - kubectl
+    - helm
+  summary: Deploy Kubernetes Helm Charts
+  description: |
+    Helmfile is a declarative spec for deploying helm charts. It lets you...
+    - Keep a directory of chart value files and maintain changes in version control.
+    - Apply CI/CD to configuration changes.
+    - Periodically sync to avoid skew in environments.
+  fetch:
+    url: https://github.com/roboll/helmfile/releases/download/v{{version}}/helmfile_linux_amd64
+    sha256: d8aaea6c07401f9e32bc09f8fb601458cbf2d5d8d196e4e06935358e76d46d05
+  script:
+    - install -m 755 helmfile_linux_amd64 {{src}}/usr/bin/helmfile