/// <summary> /// Get the password. This is generated realtime as a hash of the /// username itself using the installation salt. /// </summary> /// <returns></returns> public string GetWindowsPassword() { // On some setups there is policy enforcement... // https://technet.microsoft.com/en-us/library/hh994562(v=ws.11).aspx var pwd = "#" + UtilsEncryption.GetMD5(this.windowsUsername + this.globalSettings.installationSalt).Substring(0, 10) + UtilsEncryption.GetMD5(this.windowsUsername + this.globalSettings.installationSalt).Substring(10, 10).ToUpper(); return(pwd); }
/// <inheritdoc cref="IDownloaderInterface"/> public string GetNextId(string buildId = null) { // We won't limit build id's for local path downloader during // testing process. var istest = this.GlobalSettings.options.Contains("testenvironment"); if (!string.IsNullOrWhiteSpace(buildId) && !istest) { throw new Exception("LocalPathDownloader does not support deploying from a specific buildId."); } if (this.Settings.monitorChangesTo != null && this.Settings.monitorChangesTo.Any()) { StringBuilder signature = new StringBuilder(); var difo = new DirectoryInfo(this.Settings.path); foreach (var p in this.Settings.monitorChangesTo) { var files = difo.EnumerateFiles(p); foreach (var f in files) { signature.AppendLine(f.FullName + ":" + f.LastWriteTimeUtc.ToUnixTimestamp()); } } // Si cambia alguno de los ficheros esta firma cambiará. return("monitorchanges:" + UtilsEncryption.GetMD5(signature.ToString())); } // Por defecto usa el lastwritetime del directorio... esto en Windows es una mierda // porque no hay propagación vertical de esta información (i.e. si modificar un fichero // dentro del directorio la fecha del directorio no cambia). return("lastwritetime:" + (new DirectoryInfo(this.Settings.path)).LastWriteTimeUtc.ToUnixTimestamp()); }
/// <summary> /// Execute the publish/republish commands. /// </summary> /// <param name="command"></param> /// <param name="build"></param> protected void RunPublishCommand(Message command, utils.AppVeyor.Build build) { double lifetime = double.Parse(command.arguments[0]); // Limit the lifetime to 7 days if (lifetime > 168) { lifetime = 168; } // To prevent colision between projects, add a small project hash var projectHash = UtilsEncryption.GetShortHash(build.project.name, 2); // Use the branch name to generate a unique application name var appId = $"{Application.AutoDeployApplicationIdPrefix}{projectHash}_{build.branch}".ToLower(); // Use an in-code template to deploy string template = string.Format( @"id: '{0}' expires: {4} tags: '{6}' autodeploy: true downloader: type: 'appveyor' project: '{1}' username: '******' apitoken: '{5}' branch: '{3}' ", appId, this.Settings.project, this.Settings.username, build.branch, lifetime, this.Settings.apitoken, // Tag to indicate that this is an autodeployment. "autodeploy"); // Update the deployment template string templateFilePath = Path.Combine(this.app.GetGlobalSettings().applicationTemplateDir, appId + ".yml"); File.WriteAllText(templateFilePath, template); if ("republish".Equals(command.command, StringComparison.CurrentCultureIgnoreCase)) { bool doRemove = true; // To prevent infinite redeployment loops // we need to make sure that we do not remove // the application if currently installed version (if any) var application = this.app.GetInstalledApp(appId); var buildVersion = new Version("0.0.0"); var deployedVersion = new Version("0.0.0"); if (application != null) { var deployer = this.app.GetDeployer(application); Version.TryParse(build.version, out buildVersion); Version.TryParse(deployer.DeploymentActive?.artifact?.id, out deployedVersion); doRemove = buildVersion > deployedVersion; } if (doRemove) { this.Logger.LogInfo(false, "Application republish from version '{0}' to '{1}'", deployedVersion, buildVersion); this.app.RemoveAppById(appId, true); } } // Deploy from template... this.app.RedeployInstalledApplication(true, appId, false); // Get rid of the template, this is not useful anymore. File.Delete(templateFilePath); }
/// <summary> /// Cause initialization of Certes /// </summary> /// <param name="signerPath"></param> /// <param name="registrationPath"></param> /// <param name="email"></param> public void InitRegistration(string signerPath, string registrationPath, string email) { // Signer path y registrationpath son específicos de la librería vieja, pero usamos el directorio que indican // para guardar la configuración del registro de cuenta de certes. Como el registration depende del entorno, ponemos la AcmeUri en el hash del propio // nombre del fichero. string settingsFilePath = Path.Combine(Path.GetDirectoryName(signerPath), UtilsEncryption.GetMD5(email + "::" + this.AcmeUri), "certes.json"); UtilsSystem.EnsureDirectoryExists(settingsFilePath); // Initialization and renewal/revocation handling // We get the CertesWrapper object, that will do most of the job. // RS256 Let's generate a new key (RSA is good enough IMHO) var serviceUri = new Uri(this.AcmeUri); this.Logger.LogInfo(true, "Using Acme URI: " + serviceUri); CertesSettings settings; this.HttpClient = new HttpClient(); this.AcmeHttpClient = new AcmeHttpClient(serviceUri, this.HttpClient); if (File.Exists(settingsFilePath)) { // Si ya teníamos unos settings, siginifica que la cuenta ya está registrada settings = JsonConvert.DeserializeObject <CertesSettings>(File.ReadAllText(settingsFilePath)); this.AcmeContext = new AcmeContext(serviceUri, KeyFactory.FromDer(settings.Key), this.AcmeHttpClient); } else { // Hay que crear una nueva cuenta con su clave, y registrarla en ACME settings = new CertesSettings() { AccountEmail = email, ServiceUri = serviceUri, Key = KeyFactory.NewKey(KeyAlgorithm.RS256).ToDer() }; // Register the account this.AcmeContext = new AcmeContext(serviceUri, KeyFactory.FromDer(settings.Key), this.AcmeHttpClient); IAccountContext accountCtx = this.AcmeContext.NewAccount(settings.AccountEmail, true).Result; File.WriteAllText(settingsFilePath, JsonConvert.SerializeObject(settings)); Certes.Acme.Resource.Directory directory = this.AcmeContext.GetDirectory().Result; this.Logger.LogInfo(true, $"Successfully registered account {settings.AccountEmail} with certificate authority {serviceUri.AbsoluteUri}"); if ((directory.Meta != null) && (directory.Meta.TermsOfService != null)) { this.Logger.LogInfo(true, $"Please check the ACME Service ToS at: {directory.Meta.TermsOfService}"); } } this.CertesSettings = settings; }
/// <summary> /// Execute the opreation... /// </summary> /// <param name="destination"></param> /// <param name="forceDownload"></param> protected void DoExecute( string destination, bool forceDownload = false) { var uri = this.Config.uri; var maps = this.Config.maps; var filename = Path.GetFileName(uri); var tmpDir = UtilsSystem.GetTempPath("iischef_cache", UtilsEncryption.GetMD5(uri)); var tmpFile = UtilsSystem.CombinePaths(UtilsSystem.GetTempPath(), UtilsEncryption.GetMD5(uri) + "_" + filename); if (forceDownload && Directory.Exists(tmpDir)) { Directory.Delete(tmpDir, true); } if (Directory.Exists(tmpDir)) { var difo = new DirectoryInfo(tmpDir); if (!difo.EnumerateFiles("*", SearchOption.AllDirectories).Any()) { Directory.Delete(tmpDir, true); } } if (!Directory.Exists(tmpDir)) { var parsedUri = new Uri(uri); if (parsedUri.Scheme.Equals("file", StringComparison.CurrentCultureIgnoreCase)) { var path = Path.Combine(this.LocalArtifactPath, parsedUri.LocalPath.TrimStart("\\".ToCharArray())); File.Copy(path, tmpFile); } else { using (var wc = new WebClient()) { try { wc.Headers.Add( "User-Agent", "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.33 Safari/537.36"); wc.DownloadFile(uri, tmpFile); } catch (Exception ex) { throw new Exception("Could not download file: " + uri, ex); } } } UtilsSystem.EnsureDirectoryExists(tmpDir, true); if (tmpFile.EndsWith(".zip")) { ZipFile.ExtractToDirectory(tmpFile, tmpDir); } else { File.Move(tmpFile, UtilsSystem.CombinePaths(tmpDir, filename)); } File.Delete(tmpFile); } // Move the files according to the maps foreach (var map in maps) { var files = (new DirectoryInfo(tmpDir)).GetFiles(map.Key, SearchOption.AllDirectories); if (!files.Any()) { throw new Exception( string.Format( "No matching files found for pattern: {0} in package {1} ['{2}']", map.Key, uri, tmpDir)); } if (files.Count() == 1) { var dest = UtilsSystem.CombinePaths(destination, map.Value); UtilsSystem.EnsureDirectoryExists(dest); File.Copy(files.First().FullName, dest); } else { foreach (var f in files) { var subpath = f.FullName.Replace((new DirectoryInfo(tmpDir)).FullName, string.Empty); var dest = UtilsSystem.CombinePaths(destination, map.Value, subpath); UtilsSystem.EnsureDirectoryExists(dest); try { File.Copy(f.FullName, dest); } catch (Exception e) { throw new Exception($"Error copying file '{f.FullName}' to '{dest}'"); } } } } }
/// <summary> /// Provisions a certificate in the central store /// </summary> /// <param name="hostName">Domain to register</param> /// <param name="email">Registration e-mail</param> /// <param name="bindingInfo">IIS binding info</param> /// <param name="ownerSiteName">The site that owns the binding, used to assign identity and application pool permissions.</param> /// <param name="forceSelfSigned">Force a self-signed certificate</param> /// <param name="forceRenewal">Force renewal, even if renewal conditions are not met</param> /// <returns>The certificate's friendly name, ready to be bound in IIS</returns> public void ProvisionCertificateInIis( string hostName, string email, string bindingInfo, string ownerSiteName, bool forceSelfSigned = false, bool forceRenewal = false) { if (hostName.Contains("*")) { throw new Exception($"Provisioning certificates for wildcard host name '{hostName}' is not supported."); } var currentCertificate = UtilsIis.FindCertificateInCentralCertificateStore(hostName, this.Logger, out _); double remainingCertificateDays = (currentCertificate?.NotAfter - DateTime.Now)?.TotalDays ?? 0; this.Logger.LogInfo(true, "Total days remaining for certificate expiration: '{0}'", (int)Math.Floor(remainingCertificateDays)); // Trigger renovation. Do this differently on mock/prod environment. // Next renewal attempt is calculated based on previous renewal attempt var renewalState = this.GetCertificateRenewalState(hostName); // Legacy apps don't have this set, or when a certificate has been manually placed if (renewalState.NextRenewal == null && remainingCertificateDays > 1) { renewalState.NextRenewal = this.CalculateNextRenewalAttempt(hostName, (int)remainingCertificateDays); this.StoreCertificateRenewalState(renewalState); } int remainingDaysForNextRenewal = renewalState.NextRenewal == null ? 0 : (int)(renewalState.NextRenewal - DateTime.UtcNow).Value.TotalDays; int certificateTotalDuration = currentCertificate == null ? 0 : (int)(currentCertificate.NotAfter - currentCertificate.NotBefore).TotalDays; this.Logger.LogInfo(true, "Next renewal attempt for this site SSL targeted in '{0}' days.", remainingDaysForNextRenewal); // Check that the validationfailed request rate is not exceeded for this domain if (!forceRenewal && renewalState.FailedValidations.AsIterable().Count(i => (DateTime.UtcNow - i).TotalHours < 48) >= 2) { // Make this message verbos so that it will not flood the logs, the failed validation message will get logged // anyways and is sufficient. this.Logger.LogWarning(true, "The hostname '{0}' has reached the limit of two failed validations in the last 48 hours.", hostName); return; } if (!forceRenewal && !forceSelfSigned && remainingDaysForNextRenewal > 0 && remainingCertificateDays > 0) { this.Logger.LogWarning(true, "Next renewal attempt date not reached, skipping SSL provisioning."); return; } if (!forceRenewal && remainingDaysForNextRenewal > 0 && (remainingDaysForNextRenewal > certificateTotalDuration * 0.5) && certificateTotalDuration > 0) { this.Logger.LogWarning(false, "Certificate has not yet been through at least 50% of it's lifetime so it will not be renewed.'"); renewalState.NextRenewal = this.CalculateNextRenewalAttempt(hostName, (int)remainingCertificateDays); this.StoreCertificateRenewalState(renewalState); return; } // Check the general too many requests rate exceeded if (!forceRenewal && this.SimpleStoreRenewalStatus.Get <bool>("ssl-certificate-provider-too-many-requests", out var tooManyRequests)) { this.Logger.LogWarning(false, "Certificate provisioning temporarily disabled due to a Too Many Requests ACME error. Flag stored in {0}", tooManyRequests.StorePath); return; } this.Logger.LogInfo(false, "Attempting SSL certificate renewal for site '{0}' and host '{1}'", ownerSiteName, hostName); // Clear old validation failed requests if (renewalState.FailedValidations?.Any() == true) { // Only keep failed validations that happen in the last 5 days renewalState.FailedValidations = renewalState.FailedValidations .Where((i) => (DateTime.UtcNow - i).TotalDays < 5).ToList(); } // This is a little bit inconvenient but... the most reliable and compatible // way to do this is to setup a custom IIS website that uses the binding during // provisioning. long tempSiteId; List <Site> haltedSites = new List <Site>(); var tempSiteName = "cert-" + this.AppId; var tempSiteAppId = "cert-" + this.AppId; string tempHostName = "localcert-" + hostName; this.Logger.LogInfo(true, "Preparing temp site: " + tempSiteName); List <Site> conflictingSites; // Prepare the site using (ServerManager sm = new ServerManager()) { // Query the sites in a resilient way... conflictingSites = UtilsSystem.QueryEnumerable( sm.Sites, (s) => s.State == ObjectState.Started && s.Bindings.Any((i) => i.Host.Equals(hostName)), (s) => s, (s) => s.Name, this.Logger); } // Stop the sites that might prevent this one from starting foreach (var s in conflictingSites) { this.Logger.LogInfo(true, "Stopping site {0} to avoid binding collision.", s.Name); this.AppPoolUtils.WebsiteAction(s.Name, AppPoolActionType.Stop, skipApplicationPools: true); haltedSites.Add(s); } using (ServerManager sm = new ServerManager()) { // Make sure there is no other site (might be stuck?) var existingSite = (from p in sm.Sites where p.Name == tempSiteName select p).FirstOrDefault(); var tempSite = existingSite ?? sm.Sites.Add(tempSiteName, this.GetAcmeTemporarySiteRootForApplication(), 80); // Propagate application pool usage so that permissions are properly handled. var ownerSite = sm.Sites.First((i) => i.Name == ownerSiteName); tempSite.Applications.First().ApplicationPoolName = ownerSite.Applications.First().ApplicationPoolName; // Delete all bindings tempSite.Bindings.Clear(); tempSite.Bindings.Add(bindingInfo, "http"); tempSite.Bindings.Add($"{UtilsIis.LOCALHOST_ADDRESS}:80:" + tempHostName, "http"); tempSiteId = tempSite.Id; this.UtilsHosts.AddHostsMapping(UtilsIis.LOCALHOST_ADDRESS, tempHostName, tempSiteAppId); // Prepare the website contents var sourceDir = UtilsSystem.FindResourcePhysicalPath(typeof(IISDeployer), ".well-known"); UtilsSystem.CopyFilesRecursively(new DirectoryInfo(sourceDir), new DirectoryInfo(this.GetWellKnownSharedPathForApplication()), true); UtilsIis.CommitChanges(sm); } UtilsIis.WaitForSiteToBeAvailable(tempSiteName, this.Logger); UtilsIis.ConfigureAnonymousAuthForIisApplication(tempSiteName, this.Deployment.WindowsUsernameFqdn(), this.Deployment.GetWindowsPassword()); IAcmeSharpProvider provider = null; try { this.AppPoolUtils.WebsiteAction(tempSiteName, AppPoolActionType.Start); // Check that the site does work using the local binding var testDataUrl = $"http://{tempHostName}/.well-known/acme-challenge/test.html"; this.Logger.LogInfo(true, "Validating local challenge setup at: {0}", testDataUrl); if (!string.Equals(UtilsSystem.DownloadUriAsText(testDataUrl), "test data")) { throw new Exception($"Could not locally validate acme challenge site setup at {testDataUrl}"); } // Ssl registration configuration only depends on the e-mail and is signed as such string sslSignerAndRegistrationStoragePath = UtilsSystem.EnsureDirectoryExists( UtilsSystem.CombinePaths(this.StoragePath, "_ssl_config", StringFormating.Instance.ExtremeClean(email)), true); // Initialize the provider bool useMockProvider = this.MockEnvironment || forceSelfSigned; provider = useMockProvider ? (IAcmeSharpProvider) new AcmeSharpProviderMock(this.Logger, tempHostName) : this.GetAcmeProvider(this.Logger, hostName); var signerPath = Path.Combine(this.StoragePath, "_signer.xml"); var registrationPath = Path.Combine(sslSignerAndRegistrationStoragePath, "registration.json"); provider.InitRegistration(signerPath, registrationPath, email); string challengeUrl; string challengeContent; string challengeFilePath; try { provider.GenerateHttpChallenge( out challengeUrl, out challengeContent, out challengeFilePath); } catch (AcmeClient.AcmeWebException acmeException) { if (acmeException.Message.Contains("429")) { int waitHours = 1; this.SimpleStoreRenewalStatus.Set("ssl-certificate-provider-too-many-requests", true, 60 * waitHours); this.Logger.LogError("Let's encrypt too many requests issue. Certificate provisioning disabled for the next {0} hours.", waitHours); this.Logger.LogException(acmeException, EventLogEntryType.Warning); return; } throw; } // Write the challanege contents string challengeFullPath = Path.Combine(this.GetAcmeTemporarySiteRootForApplication(), challengeFilePath); File.WriteAllText( challengeFullPath, challengeContent); this.Logger.LogInfo(false, $"Veryfing challenge at '{challengeUrl}'"); try { // Validate that we can actually access the challenge ourselves! string contents = UtilsSystem.DownloadUriAsText(challengeUrl, false); if (!string.Equals(contents, challengeContent)) { throw new Exception( $"Could not validate ACME challenge, retrieved challenge '{contents}' does not match '{challengeContent}'"); } } catch (Exception e) { this.Logger.LogWarning(true, "Cannot self-verify auth challenge, this can sometimes happeen under some DNS setups. {0}", e.Message + Environment.NewLine + e.InnerException?.Message); } var challengeValidated = false; try { challengeValidated = provider.ValidateChallenge(); } catch (Exception e) { this.Logger.LogException(e, EventLogEntryType.Warning); } this.Logger.LogWarning(true, "Remote challenge validation success: " + (challengeValidated ? "Yes" : "No")); // Download the certificates to this temp location string temporaryCertificatePath = UtilsSystem.EnsureDirectoryExists(UtilsSystem.CombinePaths(this.StoragePath, this.AppId, "ssl_certificates", hostName), true); CertificatePaths certificatepaths = null; // This is here for testing purposes if (Environment.GetEnvironmentVariable("TEST_FAIL_CHALLENGE_VALIDATION") == true.ToString()) { challengeValidated = false; } if (!challengeValidated) { // There is a Failed Validation limit of 5 failures per account, per hostname, per hour. renewalState.FailedValidations = renewalState.FailedValidations ?? new List <DateTime>(); renewalState.FailedValidations.Add(DateTime.UtcNow); this.Logger.LogError( "Challenge could not be validated at '{0}'. If behind a load balancer, make sure that the site is deployed in ALL nodes, remove the self-signed certificate from the store and redeploy the application.", challengeUrl); this.StoreCertificateRenewalState(renewalState); } else { try { certificatepaths = provider.DownloadCertificate( UtilsEncryption.GetMD5(hostName), hostName, temporaryCertificatePath); } catch (AcmeClient.AcmeWebException acmeException) { this.Logger.LogException(acmeException, EventLogEntryType.Warning); } catch (WebException webException) { this.Logger.LogException(webException, EventLogEntryType.Warning); } catch (Exception e) { this.Logger.LogException(e, EventLogEntryType.Warning); } } if (certificatepaths == null && currentCertificate == null) { this.Logger.LogWarning(false, "Unable to acquire certificate and site does not have a valid existing one, using self-signed fallback."); provider = new AcmeSharpProviderMock(this.Logger, hostName); certificatepaths = provider.DownloadCertificate( UtilsEncryption.GetMD5(hostName), hostName, temporaryCertificatePath); } // Save this, use a fixed name certificate file if (certificatepaths != null) { string certificateFilePath = Path.Combine(UtilsIis.CentralStorePath(this.Logger), hostName + ".pfx"); UtilsSystem.RetryWhile( () => { File.Copy(certificatepaths.pfxPemFile, certificateFilePath, true); }, (e) => true, 2500, this.Logger); this.Logger.LogInfo(false, "Certificate file writen to '{0}'", certificateFilePath); // TODO: Activate this refreshing when it's prooved to work // UtilsIis.EnsureCertificateInCentralCertificateStoreIsRebound(hostName, this.Logger); } // Remove temporary certificates UtilsSystem.DeleteDirectory(temporaryCertificatePath, this.Logger); // Remove the already used challenge if it was validated. Otherwise keep it // for debugging purposes. if (challengeValidated && File.Exists(challengeFullPath)) { File.Delete(challengeFullPath); } // In the end, we always have a certificate. Program a renewal date according to the remaining expiration. currentCertificate = UtilsIis.FindCertificateInCentralCertificateStore(hostName, this.Logger, out _); remainingCertificateDays = (currentCertificate?.NotAfter - DateTime.Now)?.TotalDays ?? 0; // Add some randomness in renewal dates to avoid all certificates being renewed at once and reaching api limits renewalState.LastRenewal = DateTime.UtcNow; renewalState.NextRenewal = this.CalculateNextRenewalAttempt(hostName, (int)remainingCertificateDays); this.StoreCertificateRenewalState(renewalState); } finally { this.Logger.LogInfo(true, "Disposing temporary verification setup"); provider?.Dispose(); this.UtilsHosts.RemoveHostsMapping(tempSiteAppId); // Restore the original state of IIS!!! using (ServerManager sm = new ServerManager()) { var site = sm.Sites.Single(i => i.Id == tempSiteId); UtilsIis.RemoveSite(site, sm, this.Logger); UtilsIis.CommitChanges(sm); } // Give IIS some time to reconfigure itself and free resources. Thread.Sleep(1000); // Start the sites foreach (var site in haltedSites) { // Add some retry logic here because bringing the original sites online is critical UtilsSystem.RetryWhile(() => { this.AppPoolUtils.WebsiteAction(site.Name, AppPoolActionType.Start); }, (e) => true, 5000, this.Logger); } } }
/// <summary> /// Downloads (And extracts) single artifacts from jobs. /// </summary> /// <param name="applicationId"></param> /// <param name="build"></param> /// <param name="artifactRegex"></param> /// <param name="destinationPath"></param> /// <param name="logger"></param> public void DownloadSingleArtifactFromBuild( string applicationId, Build build, string artifactRegex, string destinationPath, ILoggerInterface logger) { UtilsSystem.EnsureDirectoryExists(destinationPath, true); // Use the first job in the build... var job = build.jobs.First(); var artifact = this.FindDefaultArtifactForBuild(job, build, artifactRegex); var filename = artifact.fileName; var extension = Path.GetExtension(filename); string downloadTemporaryDir = UtilsSystem.EnsureDirectoryExists(UtilsSystem.CombinePaths(this.TempDir, "_appveyor", "dld", applicationId), true); int artifactRetentionNum = 5; int artifactAgeHoursForStale = 24; // Do not touch the latest artifactRetentionNum artifacts or artifacts that are not older than artifactAgeHoursForStale hours var staleFiles = Directory.EnumerateFiles(downloadTemporaryDir) .Select((i) => new FileInfo(i)) .Where((i) => i.Extension.Equals(".zip", StringComparison.CurrentCultureIgnoreCase)) .OrderByDescending((i) => i.CreationTimeUtc) .Skip(artifactRetentionNum) .Where((i) => (DateTime.UtcNow - i.LastWriteTime).TotalHours > artifactAgeHoursForStale) .ToList(); foreach (var f in staleFiles) { // Make this fail proof, it's just a cleanup. try { this.Logger.LogInfo(true, "Removing stale artifact cache file {0}", f.FullName); f.Delete(); } catch { // ignored } } // Use a short hash as the temporary file name, because long paths can have issues... var tmpFile = UtilsSystem.CombinePaths(downloadTemporaryDir, UtilsEncryption.GetShortHash(JsonConvert.SerializeObject(build) + filename) + extension); if (Path.GetExtension(tmpFile)?.ToLower() != ".zip") { throw new NotImplementedException("AppVeyor artifacts should only be Zip Files."); } if (!File.Exists(tmpFile)) { // Use an intermediate .tmp file just in case the files does not finish to download, // if it exists, clear it. string tmpFileDownload = tmpFile + ".tmp"; if (File.Exists(tmpFileDownload)) { UtilsSystem.RetryWhile(() => File.Delete(tmpFileDownload), (e) => true, 4000, this.Logger); } var url = $"/api/buildjobs/{job.jobId}/artifacts/{filename}"; logger.LogInfo(true, "Downloading artifact from: '{0}' to '{1}'", url, tmpFileDownload); this.ExecuteApiCallToFile(url, tmpFileDownload); // Rename to the final cached artifact file logger.LogInfo(true, "Download succesful, moving to '{0}'", tmpFile); UtilsSystem.RetryWhile(() => File.Move(tmpFileDownload, tmpFile), (e) => true, 4000, this.Logger); } else { logger.LogInfo(true, "Skipping artifact download, already in local cache: {0}", tmpFile); } logger.LogInfo(true, "Unzipping {1} file to '{0}'...", destinationPath, UtilsSystem.BytesToString(new FileInfo(tmpFile).Length)); ZipFile.ExtractToDirectory(tmpFile, destinationPath); logger.LogInfo(true, "Unzipping finished."); }
/// <summary> /// Deploys an installed app. /// </summary> /// <param name="app"></param> /// <param name="force"></param> /// <param name="buildId"></param> /// <param name="sync"></param> protected Deployment _DeployApp( Application app, bool force = false, string buildId = null, bool sync = false) { DateTime start = DateTime.Now; // The parent application to inherit from (if needed) InstalledApplication parentApp = null; // Lo primero es ver si hay algo nuevo... var downloader = this.installedAppSettings.GetDownloader(this.GlobalSettings, this.Logger); if (!string.IsNullOrWhiteSpace(buildId)) { this.Logger.LogInfo(true, "Deploying specific version build: '{0}'", buildId); } string nextArtifactId; // Next artifact id might be pulled from a remote location, and this prompt to random failures (network, etc.) // so wrap this in a try/catch try { nextArtifactId = downloader.GetNextId(buildId == "latest" ? null : buildId); } catch (Exception e) { this.Logger.LogException(new Exception("Failure while looking for next build ID", e), EventLogEntryType.Warning); return(this.DeploymentActive); } string currentArtifactId = this.DeploymentActive != null ? this.DeploymentActive.artifact.id : string.Empty; bool isNew = this.DeploymentActive == null || this.DeploymentActive.artifact.id != nextArtifactId; // Check that Inherit application exists if (!string.IsNullOrEmpty(this.installedAppSettings.GetInherit())) { parentApp = app.GetInstalledApp(this.installedAppSettings.GetInherit()); if (parentApp == null) { throw new Exception( $"Application from inheritation: {this.installedAppSettings.GetInherit()}, can not be found"); } this.Logger.LogInfo(true, "Application configured to inherit from parent application '{0}'. Sync:{1}", parentApp.GetId(), sync ? "Yes" : "No"); } // Si no es nuevo y no estamos forzando, no hacer deploy. if (!isNew && !force) { this.Logger.LogInfo(true, "No new version found for Application {0}", this.installedAppSettings.GetId()); return(this.DeploymentActive); } // There is an existing deployment that had a manually enforced BuildId if (!string.IsNullOrEmpty(this.DeploymentActive?.enforceBuildId)) { if (force) { if (!string.IsNullOrWhiteSpace(buildId)) { // If there is a force and a buildId has been specified, override the next artifactId // with the requested BuildId, or if latest was specified use that. if (buildId != "latest") { nextArtifactId = buildId; } } else { // If no specific build was requested, override the nextArtifactId with // the stored build nextArtifactId = this.DeploymentActive.enforceBuildId; this.Logger.LogWarning(true, "Deploying stored version {0}", nextArtifactId); } } else if (buildId != this.DeploymentActive.enforceBuildId && buildId != "latest") { this.Logger.LogWarning(true, $"Deployment was skipped because previous deployment was a version-specific deployment. Previous buildId='{this.DeploymentActive.enforceBuildId}'. Requested buildId='{buildId}'. Use buildId='latest' to force deploying the latest succesful build or -Force to deploy this version."); return(this.DeploymentActive); } } this.Logger.LogInfo(false, "@@ Starting deployment for app: '{0}'", this.installedAppSettings.GetId()); this.Logger.LogInfo(false, "Current artifact: '{0}' || Previous artifact: '{1}'", nextArtifactId, currentArtifactId); // Specify a local temporary artifact location, in case this is supported by the downloader... // final path should be retrieved from artifact.localPath string preferredLocalArtifactPath = UtilsSystem.EnsureDirectoryExists( UtilsSystem.CombinePaths( this.GlobalSettings.GetDefaultApplicationStorage().path, "_tmp", this.installedAppSettings.GetId(), UtilsEncryption.GetShortHash(nextArtifactId, 12)), true); // Get from the ID... Artifact artifact = downloader.PullFromId(nextArtifactId, preferredLocalArtifactPath); if (string.IsNullOrWhiteSpace(this.GlobalSettings.id)) { throw new Exception("Environment settings cannot have an empty ID."); } this.Logger.LogInfo(false, "Environment id: '{0}'", this.GlobalSettings.id); this.Logger.LogInfo(false, "Environment options/tags: '{0}'", string.Join(",", this.GlobalSettings.getOptions())); this.Logger.LogInfo(false, "Pull artifact lapsed: {0}s", (DateTime.Now - start).TotalSeconds); start = DateTime.Now; // Look for a configuration file that fits this environment. string chefsettingsdir = UtilsSystem.CombinePaths(artifact.localPath, "chef"); // The final chef configuration files is a combination of Chef files var appSettings = this.LoadApplicationSettings( chefsettingsdir, this.GlobalSettings.id, artifact.artifactSettings.branch, out var loadedConfigurationFiles); // Storage for current deployment. Includes all possible environment data // in order to provide traceability + rollback capabilities. Deployment deployment = new Deployment( appSettings, this.GlobalSettings, artifact, this.installedAppSettings, parentApp); deployment.SetPreviousDeployment(this.DeploymentActive); // Check the deployment windows! var deploymentSettings = deployment.appSettings.getDeploymentSettings(); if (deploymentSettings != null) { if (deploymentSettings.deployment_windows != null && deploymentSettings.deployment_windows.Any()) { bool canDeploy = false; foreach (var deploymentWindow in deploymentSettings.deployment_windows) { TimeZoneInfo info = TimeZoneInfo.FindSystemTimeZoneById(deploymentWindow.Value.timezone); TimeSpan dtStart = TimeSpan.Parse(deploymentWindow.Value.start); TimeSpan dtEnd = TimeSpan.Parse(deploymentWindow.Value.end); DateTimeOffset localServerTime = DateTimeOffset.Now; DateTimeOffset windowTimeZone = TimeZoneInfo.ConvertTime(localServerTime, info); TimeSpan dtNow = windowTimeZone.TimeOfDay; if (dtStart <= dtEnd) { // start and stop times are in the same day if (dtNow >= dtStart && dtNow <= dtEnd) { // current time is between start and stop canDeploy = true; break; } } else { // start and stop times are in different days if (dtNow >= dtStart || dtNow <= dtEnd) { // current time is between start and stop canDeploy = true; break; } } } // Even if we are not in a deployment windows, // if we are forcing the deployment continue. if (!canDeploy && !force) { this.Logger.LogInfo(false, "Application deployment skipped. Current time not within allowed publishing windows."); return(this.DeploymentActive); } } } // Inform about the confiugration files that where used for loading deployment.SetRuntimeSetting("deployment.loaded_configuration_files", string.Join(",", loadedConfigurationFiles)); deployment.enforceBuildId = buildId == "latest" ? null : buildId; var deployersActive = this.DeploymentActive != null?this.DeploymentActive.GrabDeployers(this.Logger) : new DeployerCollection(this.GlobalSettings, null, this.Logger, parentApp); var servicesActive = this.DeploymentActive != null?this.DeploymentActive.GrabServices(this.Logger) : new DeployerCollection(this.GlobalSettings, null, this.Logger, parentApp); var deployers = deployment.GrabDeployers(this.Logger); var services = deployment.GrabServices(this.Logger); this.Logger.LogInfo(false, "Deployers and services gathered. Starting installation..."); var settingsConverter = new JObjectToKeyValueConverter(); try { // Deploy the application base storage (logs, runtime, etc.) deployers.DeployAll(); services.DeployAll(); // Move the application settings to runtime settings var userApplicationSettings = appSettings.getApplicationSettings(); foreach (var k in settingsConverter.NestedToKeyValue(userApplicationSettings)) { deployment.SetRuntimeSetting("app_settings." + k.Key, k.Value); } // Sync if (sync) { deployers.SyncAll(); services.SyncAll(); } // Time to hot switch the sites... we need to waitPauseMs for all // current requests to finish... because that way we ensure // that underlying storage updates will not collide if updates // are being deployed. servicesActive.StopAll(); deployersActive.StopAll(); // Some stuff requires the old services to be stopped in order to be deployed, such as IIS bindings and certificates deployers.BeforeDoneAll(); services.BeforeDoneAll(); var settingsToDeploy = deployment.GetRuntimeSettingsToDeploy(); // Store Key-Value settings in a JSON object (with keys as var jsonSettings = JsonConvert.SerializeObject( settingsToDeploy, Formatting.Indented); var jsonSettingsNested = JsonConvert.SerializeObject( settingsConverter.keyValueToNested(settingsToDeploy), Formatting.Indented); // Make sure we persist the settings AFTER all deployers have finished thri job deployers.DeploySettingsAll(jsonSettings, jsonSettingsNested); services.DeploySettingsAll(jsonSettings, jsonSettingsNested); // Time to start! deployers.StartAll(); services.StartAll(); DateTime dtStart = DateTime.Now; // Replace active configuration settings deployment.StoreInPath(this.activeDeploymentPathStorage); // Quitar el deployment anterior y si hay error seguir, // ya que los datos del deployment actual YA están guardados! servicesActive.UndeployAll(true); deployersActive.UndeployAll(true); // The done "event" is called on deployers // once everything is completed correctly. deployers.DoneAll(true); services.DoneAll(true); // Make sure that at least 2 seconds pass after deployment before // doing an OK to let IIS reconfigure. while ((DateTime.Now - dtStart).TotalSeconds < 1) { System.Threading.Thread.Sleep(500); } } catch (Exception e) { // Just in case.... log this ASAP this.Logger.LogException( new Exception("Error deploying APP: " + deployment.installedApplicationSettings.GetId(), e)); deployers.StopAll(true); deployers.UndeployAll(true); // Aquí hacemos un continue on error porque... estamos repescando algo que ya funcionaba // a toda costa queremos levantarlo! deployersActive.StartAll(true); servicesActive.StopAll(true); // In unit test rethrow to preserve stack trace in GUI if (UnitTestDetector.IsRunningInTests) { System.Runtime.ExceptionServices.ExceptionDispatchInfo.Capture(e) .Throw(); } else { throw new AlreadyHandledException(e.Message, e); } } finally { // Run cleanup, dot not fail if cleanup fails, it's just an extra... deployers.CleanupAll(true); services.CleanupAll(true); } // Done! this.Logger.LogInfo(false, "Deployment lapsed: {0}s", (DateTime.Now - start).TotalSeconds); return(deployment); }