jenkins pre-commit-hooks + aliases for git+brew

2020-06-29 13:34:06 +02:00 · 2020-06-29 13:34:06 +02:00 · 7c1f1f8bf2
commit 7c1f1f8bf2
parent 36722b7086
7 changed files with 75 additions and 7 deletions
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -42,6 +42,14 @@ repos:
        pass_filenames: false
        args: [-l=infra] #NOTE: that this is the directory you created earlier to host your terraform
        verbose: true
+-   repo: https://github.com/askulkarni2/pre-commit-docker-jenkinslint
+    rev: master
+    hooks:
+    -   id: docker-jenkinslint
+        language: docker_image
+        entry: --entrypoint /usr/local/bin/run-jflint.sh askulkarni2/jenkinslint
+        files: Jenkinsfile
+
 #- repo: https://github.com/ansible/ansible-lint.git
 #  rev: v4.1.0
 #  hooks:
--- a/dot_git-template/.pre-commit-config.yaml
+++ b/dot_git-template/.pre-commit-config.yaml
@ -42,6 +42,14 @@ repos:
        pass_filenames: false
        args: [-l=infra] #NOTE: that this is the directory you created earlier to host your terraform
        verbose: true
+-   repo: https://github.com/askulkarni2/pre-commit-docker-jenkinslint
+    rev: master
+    hooks:
+    -   id: docker-jenkinslint
+        language: docker_image
+        entry: --entrypoint /usr/local/bin/run-jflint.sh askulkarni2/jenkinslint
+        files: Jenkinsfile
+
 #- repo: https://github.com/ansible/ansible-lint.git
 #  rev: v4.1.0
 #  hooks:
--- a/6
+++ b/6
@ -7,9 +7,9 @@ export PATH="$PATH:$HOME/.rvm/bin"
 export PROXY_HOST=""
 export JETBRAINS_LICENSE_SERVER=""

-if test -f "$HOME/.secrets"; then
-    chmod +x "$HOME/.secrets"
-    source "$HOME/.secrets"
+if test -f "$HOME/.scripts/secrets.sh"; then
+    chmod +x "$HOME/.scripts/secrets.sh"
+    source "$HOME/.scripts/secrets.sh"
    alias proxy='ssh -D 8000 -N $(whoami)@$PROXY_HOST -i ~/.ssh/id_ed25519'
 fi

--- a/dot_scripts/ansible/macinsecure_playbook.yaml
+++ b/dot_scripts/ansible/macinsecure_playbook.yaml
@ -0,0 +1,38 @@
+---
+- hosts: localhost
+  connection: local
+  become_method: sudo
+  become: yes
+
+  tasks:
+   - name: Check yubikey binaries are installed
+     stat:
+       path: "{{ item }}"
+     with_items:
+      - /usr/local/bin/ykpamcfg
+      - "/Applications/YubiKey\ Manager.app/Contents/MacOS/ykman"
+
+   - name: Check Yubico is recognized
+     shell: "'/Applications/YubiKey Manager.app/Contents/MacOS/ykman' list | awk '{print $6}'"
+     register: yubicoChallenge
+     failed_when: "yubicoChallenge.rc != 0 or yubicoChallenge.stdout == ''"
+
+   - name: Get current user
+     become: false
+     local_action: command whoami
+     register: username_on_host
+
+   - name: Check yubico challenge exists
+     stat:
+       path: "/Users/{{ username_on_host.stdout }}/.yubico/challenge-{{ yubicoChallenge.stdout }}"
+
+   - name: Ensure yubikey is needed for authentication at login screen
+     lineinfile:
+       path: "{{ item }}"
+       regexp: '^auth.*pam_yubico.so.*'
+       line: "auth       required       /usr/local/lib/security/pam_yubico.so mode=challenge-response"
+       insertbefore: "^account    required       pam_opendirectory.so"
+       state: absent
+     with_items:
+       - /etc/pam.d/screensaver
+       - /etc/pam.d/authorization
--- a/1
+++ b/1
@ -10,7 +10,6 @@ alias grep='rg'
 alias npmlist='npm list -g --depth 0'
 alias lg='lazygit'
 alias lzd='lazydocker'
-alias setorigin='grset origin'
 alias neworigin='setorigin'
 alias origin='setorigin'
 alias gpar='gitpushallremote'
--- a/15
+++ b/15
@ -290,6 +290,11 @@ function vaultgetsecret {
    local secret_string=$(echo "\$ANSIBLE_VAULT;1.1;AES256\n$secret")
    echo "$secret_string" | awk '{$1=$1;print}' | ansible-vault decrypt --vault-password-file=$VAULT_PASSWORD_FILE
 }
+function setorigin {
+    gra origin "$1" 2>/dev/null
+    grset origin "$1"
+    copyhooks
+}
 function gitpushallremote {
    grv
    grv | grep push | awk '{print $1}' | while read -r remote
@ -298,6 +303,12 @@ function gitpushallremote {
        git push --all "$remote"
    done
 }
+function clone {
+    local folder=$(echo $1 | cut -d'/' -f2 | cut -d'.' -f1)
+    gcls "$1"
+    cd "$folder"
+    copyhooks
+}
 function colorpic {
    local picture_url="$1"
    echo "Colorizing $picture_url"
@ -306,3 +317,7 @@ function colorpic {
    echo "Display in progress..."
    eval "\curl -s $result_url | imgcat"
 }
+function brewadd {
+    brew install "$1"
+    ansible 127.0.0.1 -m lineinfile -a "path=~/Brewfile line='brew \"$1\"'"
+}
--- a/6
+++ b/6
@ -132,9 +132,9 @@ export PROXY_HOST=""
 export COLORPIC_APIKEY=""
 export VAULT_PASSWORD_FILE=""

-if test -f "$HOME/.secrets"; then
-    chmod +x "$HOME/.secrets"
-    source "$HOME/.secrets"
+if test -f "$HOME/.scripts/secrets.sh"; then
+    chmod +x "$HOME/.scripts/secrets.sh"
+    source "$HOME/.scripts/secrets.sh"
 fi

 export REPO_PATH=$HOME/Code