update

#!/bin/bash

##
## i-doit virtual appliance
## Update software packages on CI/CD environment
##

##
## Copyright (C) 2018-20 synetics GmbH, <https://i-doit.com/>
##
## This program is free software: you can redistribute it and/or modify
## it under the terms of the GNU Affero General Public License as published by
## the Free Software Foundation, either version 3 of the License, or
## (at your option) any later version.
##
## This program is distributed in the hope that it will be useful,
## but WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
## GNU Affero General Public License for more details.
##
## You should have received a copy of the GNU Affero General Public License
## along with this program. If not, see <http://www.gnu.org/licenses/>.
##

set -euo pipefail
#IFS=$'\n\t'

##
## Configuration
##

: "${BUILD_HOST:=""}"
: "${BUILD_PASSWORD:=""}"
: "${DRY_RUN:="0"}"

function execute {
    checkBuildHost || abort "Job failed"
    updateDistPackages || abort "Job failed"
    installPacker || abort "Job failed"
    # TODO Add commands to update VMware Workstation!
    #updateVMwareWorkstation || abort "Job failed"
}

function checkBuildHost {
    log "Check build host"

    for command in apt-get curl gpg sudo; do
        runCommandOnBuildHost "command -v $command" || return 1
    done
}

function updateDistPackages {
    log "Update distribution packages"

    runSudoCommandOnBuildHost \
        "apt-get update" || \
        return 1

    runSudoCommandOnBuildHost \
        "apt-get full-upgrade -y" || \
        return 1

    runSudoCommandOnBuildHost \
        "apt-get autoremove -y" || \
        return 1

    runSudoCommandOnBuildHost \
        "apt-get clean" || \
        return 1
}

function installPacker {
    local latestVersion="1.5.6"

    log "Latest release version: $latestVersion"

    log "Install packer"

    cat << EOF > /tmp/hashicorp.asc
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1

mQENBFMORM0BCADBRyKO1MhCirazOSVwcfTr1xUxjPvfxD3hjUwHtjsOy/bT6p9f
W2mRPfwnq2JB5As+paL3UGDsSRDnK9KAxQb0NNF4+eVhr/EJ18s3wwXXDMjpIifq
fIm2WyH3G+aRLTLPIpscUNKDyxFOUbsmgXAmJ46Re1fn8uKxKRHbfa39aeuEYWFA
3drdL1WoUngvED7f+RnKBK2G6ZEpO+LDovQk19xGjiMTtPJrjMjZJ3QXqPvx5wca
KSZLr4lMTuoTI/ZXyZy5bD4tShiZz6KcyX27cD70q2iRcEZ0poLKHyEIDAi3TM5k
SwbbWBFd5RNPOR0qzrb/0p9ksKK48IIfH2FvABEBAAG0K0hhc2hpQ29ycCBTZWN1
cml0eSA8c2VjdXJpdHlAaGFzaGljb3JwLmNvbT6JATgEEwECACIFAlMORM0CGwMG
CwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEFGFLYc0j/xMyWIIAIPhcVqiQ59n
Jc07gjUX0SWBJAxEG1lKxfzS4Xp+57h2xxTpdotGQ1fZwsihaIqow337YHQI3q0i
SqV534Ms+j/tU7X8sq11xFJIeEVG8PASRCwmryUwghFKPlHETQ8jJ+Y8+1asRydi
psP3B/5Mjhqv/uOK+Vy3zAyIpyDOMtIpOVfjSpCplVRdtSTFWBu9Em7j5I2HMn1w
sJZnJgXKpybpibGiiTtmnFLOwibmprSu04rsnP4ncdC2XRD4wIjoyA+4PKgX3sCO
klEzKryWYBmLkJOMDdo52LttP3279s7XrkLEE7ia0fXa2c12EQ0f0DQ1tGUvyVEW
WmJVccm5bq25AQ0EUw5EzQEIANaPUY04/g7AmYkOMjaCZ6iTp9hB5Rsj/4ee/ln9
wArzRO9+3eejLWh53FoN1rO+su7tiXJA5YAzVy6tuolrqjM8DBztPxdLBbEi4V+j
2tK0dATdBQBHEh3OJApO2UBtcjaZBT31zrG9K55D+CrcgIVEHAKY8Cb4kLBkb5wM
skn+DrASKU0BNIV1qRsxfiUdQHZfSqtp004nrql1lbFMLFEuiY8FZrkkQ9qduixo
mTT6f34/oiY+Jam3zCK7RDN/OjuWheIPGj/Qbx9JuNiwgX6yRj7OE1tjUx6d8g9y
0H1fmLJbb3WZZbuuGFnK6qrE3bGeY8+AWaJAZ37wpWh1p0cAEQEAAYkBHwQYAQIA
CQUCUw5EzQIbDAAKCRBRhS2HNI/8TJntCAClU7TOO/X053eKF1jqNW4A1qpxctVc
z8eTcY8Om5O4f6a/rfxfNFKn9Qyja/OG1xWNobETy7MiMXYjaa8uUx5iFy6kMVaP
0BXJ59NLZjMARGw6lVTYDTIvzqqqwLxgliSDfSnqUhubGwvykANPO+93BBx89MRG
unNoYGXtPlhNFrAsB1VR8+EyKLv2HQtGCPSFBhrjuzH3gxGibNDDdFQLxxuJWepJ
EK1UbTS4ms0NgZ2Uknqn1WRU1Ki7rE4sTy68iZtWpKQXZEJa0IGnuI2sSINGcXCJ
oEIgXTMyCILo34Fa/C6VCm2WBgz9zZO8/rHIiQm1J5zqz0DrDwKBUM9C
=LYpS
-----END PGP PUBLIC KEY BLOCK-----
EOF

    scp /tmp/hashicorp.asc "$BUILD_HOST":/tmp/ || return 1

    rm /tmp/hashicorp.asc || return 1

    runCommandOnBuildHost \
        "gpg --import /tmp/hashicorp.asc" || \
        return 1

    runCommandOnBuildHost \
        "curl -L --silent \
        https://releases.hashicorp.com/packer/${latestVersion}/packer_${latestVersion}_linux_amd64.zip \
        -o /tmp/packer_${latestVersion}_linux_amd64.zip" || \
        return 1

    runCommandOnBuildHost \
        "curl -L --silent \
        https://releases.hashicorp.com/packer/${latestVersion}/packer_${latestVersion}_SHA256SUMS \
        -o /tmp/packer_${latestVersion}_SHA256SUMS" || \
        return 1

    runCommandOnBuildHost \
        "curl -L --silent \
        https://releases.hashicorp.com/packer/${latestVersion}/packer_${latestVersion}_SHA256SUMS.sig \
        -o /tmp/packer_${latestVersion}_SHA256SUMS.sig" || \
        return 1

    runCommandOnBuildHost \
        "gpg --verify \
        /tmp/packer_${latestVersion}_SHA256SUMS.sig \
        /tmp/packer_${latestVersion}_SHA256SUMS" || \
        return 1

    runCommandOnBuildHost \
        "cd /tmp/ && \
        sha256sum --check --ignore-missing --strict \
        packer_${latestVersion}_SHA256SUMS" || \
        return 1

    runCommandOnBuildHost \
        "unzip \
        /tmp/packer_${latestVersion}_linux_amd64.zip \
        -d /tmp/" || \
        return 1

    runSudoCommandOnBuildHost \
        "mv /tmp/packer /usr/local/bin" || \
        return 1

    runCommandOnBuildHost \
        "rm \
        /tmp/hashicorp.asc \
        /tmp/packer_${latestVersion}_linux_amd64.zip \
        /tmp/packer_${latestVersion}_SHA256SUMS \
        /tmp/packer_${latestVersion}_SHA256SUMS.sig " || \
        return 1
}

function runSudoCommandOnBuildHost {
    local command="echo \"$BUILD_PASSWORD\" | sudo -E -S $1"

    runCommandOnHost "$BUILD_HOST" "$command" || return 1
}

function runCommandOnBuildHost {
    local command="$1"

    runCommandOnHost "$BUILD_HOST" "$command" || return 1
}

function runCommandOnHost {
    local hostname="$1"
    local command="$2"

    log "Run remotely on ${hostname}:"
    log "> $command"

    test "$DRY_RUN" -gt 0 && return 0

    # shellcheck disable=SC2029
    if ssh "$hostname" "$command"; then
        return 0
    else
        log "Command failed with exit code $?"
        return 1
    fi
}

function setUp {
    test "$(whoami)" != root || \
        log "Please do not run this script as root user"

    test -n "$BUILD_HOST" || \
        abort "Environment variable \"BUILD_HOST\" is missing"

    test -n "$BUILD_PASSWORD" || \
        abort "Environment variable \"BUILD_PASSWORD\" is missing"

    for command in ssh scp; do
        command -v "$command" > /dev/null || \
            abort "Command \"${command}\" is missing"
    done
}

function finish {
    log "Done. Have fun :-)"
    exit 0
}

function abort {
    log "$1"
    exit 1
}

function log {
    echo -e "$1"
}

if [[ "${BASH_SOURCE[0]}" = "$0" ]]; then
    setUp && execute && finish
fi