This example demonstrates how to use the Moderne CLI to run recipes on all organizations (collection of repositories) using the Moderne platform.
Begin by copying the provided Dockerfile to your environment or cloning this entire repository.
From there, we will modify it depending on your organizational needs. Please note that the process requires access to several of your internal systems to function correctly. This includes your source control system, your artifact repository, and your Moderne tenant or DX instance.
If your internal services (artifact repository, source control, or the Moderne tenant) are accessed:
- Over HTTPS and they require SSL/TLS, but have certificates signed by a trusted-by-default root Certificate Authority.
- Over HTTP (never requiring SSL/TLS)
Please comment out the following lines from your Dockerfile:
# Configure trust store if self-signed certificates are in use for artifact repository, source control, or moderne tenant
COPY ${TRUSTED_CERTIFICATES_PATH} /usr/lib/jvm/temurin-17-jdk/lib/security/cacerts
If your internal services, instead, use self-signed certs, you will need to configure the CLI and JVMs installed within the Docker image to trust your organization's self-signed certificate:
When invoking, Docker, supply the TRUSTED_CERTIFICATES_PATH
argument pointing to an appropriate cacerts file.
If you are not sure where to get a suitable cacerts file, you can check out your local machine as you probably have one there. On JDK 8, you can find your cacerts file within its installation directory under jre/lib/security/cacerts
. On newer JDK versions, you can find your cacerts file within is installation directory under lib/security/cacerts
.
The CLI needs access to artifact repositories to download the LSTs which we will run recipes on. This is configured via the ARTIFACTORY_DOWNLOAD_URL
, ARTIFACTORY_UPLOAD_URL
, ARTIFACTORY_USER
, and ARTIFACTORY_PASSWORD
arguments in the Dockerfile.
ARTIFACTORY_DOWNLOAD_URL
should point to where the LSTs are stored.
ARTIFACTORY_UPLOAD_URL
should point to where you want the run logs to be uploaded.
Most source control systems require authentication to access their repositories. If your source control does not require authentication to git clone
repositories, comment out the following lines:
ADD .git-credentials /root/.git-credentials
RUN git config --global credential.helper store --file=/root/.git-credentials
In the more common scenario that your source control does require authentication, you will need to create and include a .git-credentials
file. You will want to supply the credentials for a service account with access to all repositories.
Each line of the .git-credentials
file specifies the username
and plaintext password
for a particular host
in the format:
https://username:password@host
For example:
https://sambsnyd:likescats@github.com
Connection to a Moderne tenant allows the CLI to list LSTs for downloading and get information about your organization. The MODERNE_TENANT
and MODERNE_TOKEN
arguments are required to connect to a Moderne tenant.
If you are connecting to a Moderne DX instance, you will need to provide the token it was configured to accept on startup. If you are connecting to a Moderne tenant, you will need to create and use a Moderne personal access token.
Once you've customized the Dockerfile
as needed, you can build the image with the following command, filling in your organization's specific values for the build arguments:
docker build -t moderne-mass-run:latest \
--build-arg MODERNE_TENANT=<> \
--build-arg MODERNE_TOKEN=<> \
--build-arg TRUSTED_CERTIFICATES_PATH=<> \
--build-arg ARTIFACTORY_DOWNLOAD_URL=<> \
--build-arg ARTIFACTORY_UPLOAD_URL=<> \
--build-arg ARTIFACTORY_USER=<> \
--build-arg ARTIFACTORY_PASSWORD=<> \
.
Now that you have a Docker image built, you will need to deploy it to the container management platform of your choice and have it run on a schedule. We will leave this as an exercise for the reader as there are many platforms and options for running this.