Jenkins: a job to check a Github organization’s public repositories list

By | 04/16/2019
 

Proceeding with a Github repositories checker.

To recall: the idea is to have such a check in case if somebody from developers accidentally will share our project’s private repository as public, or will create a public repository instead of making it as a private one – we will get a Slack alarm about such a new repository.

The tool to check and send Slack notification was written in the Go: checking public repositories list in Github. Go slices comparison. The first Golang experience post.

In this post – will create a Docker image and a Jenkin’s job which will be running each night to execute check.

Dockerfile

Create a Dockerfile.

Use golang:alpine and:

  1. copy the utility’s source file
  2. install Go’s dependencies
  3. build a binary to the /go/bin directory as github-checker executable file
  4. add default action – run /go/bin/github-checker

The file:

# alpine as mininal image
FROM golang:alpine
# git for go get
RUN apk update && apk add --no-cache git
# copy source from a current dir
COPY go-github-public-repos-checker.go .
# install deps
RUN go get -d -v
# build to /go/bin
RUN go build -o /go/bin/github-checker
# set default entrypoint
CMD ["/go/bin/github-checker"]

Read more about CMD vs ENTRYPOINT here>>>.

Build an image:

docker build -t projectname/projectname-github-checker:1.0 .

Check it.

Set environment variables:

export GITHUB_ORG_NAME="rtfmorg"
export ALLOWED_REPOS="org-repo-1-pub org-repo-2-pub"
export SLACK_CHANNEL="#general"
export SLACK_URL="https://hooks.slack.com/services/T16***WRE"

Run container passing variables with the -e:

docker run -ti -e GITHUB_ORG_NAME=${GITHUB_ORG_NAME} -e ALLOWED_REPOS="${ALLOWED_REPOS}" -e SLACK_CHANNEL=${SLACK_CHANNEL} -e SLACK_URL=${SLACK_URL} projectname/projectname-github-checker:1.0
Checking org-repo-1-pub
OK: repo org-repo-1-pub found in Allowed
Checking org-repo-2-pub
OK: repo org-repo-2-pub found in Allowed

Push to the DockerHub:

root@jenkins-production:/home/admin# docker push projectname/projectname-github-checker:1.0

Jenkins

Create a new job and start Docker via Pipeline script:

The script itself:

node {
    stage('Check repositories') {
        docker.image('projectname/projectname-github-checker:1.0').run("-e GITHUB_ORG_NAME=${GITHUB_ORG_NAME} \
        -e ALLOWED_REPOS=${ALLOWED_REPOS} \
        -e SLACK_CHANNEL=${SLACK_CHANNEL} \
        -e SLACK_URL=${SLACK_URL}")
    }
}

Add parameters which will be passed to the container.

SLACK_URL contains token so set it as Password Parameter.

ALLOWED_REPOS contains a list to be parsed by Go in the utility, so set in the quotes:

Add schedule, the crontab.guru can be used:

Run job, for testing – without one of our public repository in the ALLOWED_REPOS parameter:

Done.