From a0c5442a4cb038777265a0249cac1237bd1e8ad8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Novotn=C3=BD?=
 <33942303+dragonraid@users.noreply.github.com>
Date: Sat, 9 Jan 2021 15:49:50 +0100
Subject: [PATCH] feature: add prerun script (#6)

---
 .gitignore   |  1 +
 Dockerfile   |  4 ++--
 README.md    | 19 +++++++++++--------
 src/index.js | 36 +++++++++++++++++++++++++++++++++++-
 4 files changed, 49 insertions(+), 11 deletions(-)

diff --git a/.gitignore b/.gitignore
index 6a0d87e..84ca74e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 node_modules
 .env*
+test_prerun_script.sh
diff --git a/Dockerfile b/Dockerfile
index efbc22d..0331d9c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -14,7 +14,7 @@ ADD https://github.com/roboll/helmfile/releases/download/${HELMFILE_VERSION}/hel
 
 COPY . .
 
-RUN npm install \
+RUN npm install --only=prod \
     && mv /tmp/helmfile_linux_amd64 /usr/local/bin/helmfile \
     && chmod +x /usr/local/bin/helmfile \
     && curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash \
@@ -26,6 +26,6 @@ RUN npm install \
 RUN mkdir -p ${HELM_PLUGIN_PATH} \
     && helm plugin install https://github.com/zendesk/helm-secrets \
     # copy must be executed as last command in order to copy all plugins it ${HELM_PLUGIN_PATH}
-    && cp -r /root/.cache/helm/plugins/* /opt/helm/plugins/
+    && cp -r /root/.cache/helm/plugins/* ${HELM_PLUGIN_PATH}
 
 ENTRYPOINT [ "node", "/app/src/index.js" ]
diff --git a/README.md b/README.md
index 3a9daee..682bbd9 100644
--- a/README.md
+++ b/README.md
@@ -20,14 +20,15 @@ env:
   inputKey3: inputValue3
 ```
 
-| Input      |                               Description |                        Example | Required |
-| :--------- | ----------------------------------------: | -----------------------------: | -------: |
-| TYPE       |                            processor type |                       `ubuntu` |      yes |
-| FILE       | path to file to be updated (JSON or YAML) |              `deploy/ami.json` |      yes |
-| KEY        |                 key in file to be updated |          `builders.source_ami` |      yes |
-| REPOSITORY |                                repository | `dragonraid/deployment-bumper` |      yes |
-| USERNAME   |                           github username |                   `dragonraid` |      yes |
-| PASSWORD   |  password or github personal access token |                         `xxxx` |      yes |
+| Input          |                                 Description |                        Example | Required |
+| :------------- | ------------------------------------------: | -----------------------------: | -------: |
+| TYPE           |                              processor type |                       `ubuntu` |      yes |
+| FILE           |   path to file to be updated (JSON or YAML) |              `deploy/ami.json` |      yes |
+| KEY            |                   key in file to be updated |          `builders.source_ami` |      yes |
+| REPOSITORY     |                                  repository | `dragonraid/deployment-bumper` |      yes |
+| USERNAME       |                             github username |                   `dragonraid` |      yes |
+| PASSWORD       |    password or github personal access token |                         `xxxx` |      yes |
+| PRE_RUN_SCRIPT | shell script to execute before running type |                  `./prerun.sh` |       no |
 
 ## Types
 
@@ -82,6 +83,8 @@ jobs:
 
 ### Helmfile lock
 
+**TYPE: `helmfile`**
+
 With this type you can update [helmfile](https://github.com/roboll/helmfile) lock files.
 Under the hood this type runs [helmfile deps](https://github.com/roboll/helmfile#deps) command.
 
diff --git a/src/index.js b/src/index.js
index cb5d2ca..43c50de 100644
--- a/src/index.js
+++ b/src/index.js
@@ -1,6 +1,13 @@
+const util = require('util');
+const exec = util.promisify(require('child_process').exec);
+const fs = require('fs').promises;
+
 const { Repository } = require('./github');
 const handlers = require('./handlers');
 
+const DEFAULT_SHELL = '/bin/bash';
+const PRE_RUN_SCRIPT_PERMISSIONS = 0o744;
+
 /**
  * Raw configuration.
  */
@@ -12,13 +19,16 @@ const RAW_CONFIG = {
     REPOSITORY: process.env.REPOSITORY || process.env.GITHUB_REPOSITORY,
     USERNAME: process.env.USERNAME || null,
     PASSWORD: process.env.PASSWORD || null,
+    PRE_RUN_SCRIPT: process.env.PRE_RUN_SCRIPT || null,
 };
 
 const CONFIG = {};
 
+// TODO: might be prudent to put helper functions from here to i.e. utils.js
+
 /**
  * This function processes RAW_CONFIG object. Reasoning is that environment
- * variables, that populates th Config can only contain string, but sometimes
+ * variables, that populates this Config can only contain string, but sometimes
  * we need other types. It also checks, if RAW_CONFIG object contains all
  * necessary properties and those properties are valid.
  */
@@ -36,6 +46,21 @@ const processConfig = () => {
     }
 };
 
+/**
+ * Execute custom shell script before calling processor
+ * @param {string} script - path to script
+ */
+const preRunScript = async (script) => {
+    console.log(`changing permissions of ${script} to 744`);
+    fs.chmod(script, PRE_RUN_SCRIPT_PERMISSIONS);
+    console.log(`Executing ${script}`);
+    const { stdout, stderr } = await exec(
+        script,
+        { shell: DEFAULT_SHELL },
+    );
+    console.log(stdout, stderr);
+};
+
 /**
  * Clone repository and checkout the feature branch
  * @param {string} branchName - feature branch name
@@ -72,6 +97,15 @@ const PROCESSOR_TYPES = {
         process.exit(1);
     }
 
+    if (CONFIG.PRE_RUN_SCRIPT) {
+        try {
+            await preRunScript(CONFIG.PRE_RUN_SCRIPT);
+        } catch (err) {
+            console.error(`Running ${CONFIG.PRE_RUN_SCRIPT} failed.`, err);
+            process.exit(1);
+        }
+    }
+
     try {
         const repository = await initializeRepo(
             `${CONFIG.BRANCH_PREFIX}/${CONFIG.BRANCH_NAME}`,