From 10bdd3a83a513d786b9e2b2da6ef36c607c51ce5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Kautler?= Date: Mon, 20 May 2019 13:59:24 +0200 Subject: [PATCH] Import initial state --- .gitattributes | 16 + .gitignore | 37 +++ LICENSE | 202 +++++++++++++ README.md | 283 ++++++++++++++++++ .../agent/AgentParametersHelper.java | 42 +++ .../ssh_tunnel/agent/SshDetector.java | 194 ++++++++++++ .../agent/SshTunnelBuildFeatureAgentPart.java | 253 ++++++++++++++++ .../build-agent-plugin-ssh-tunnel.xml | 26 ++ build.gradle.kts | 27 ++ buildSrc/build.gradle.kts | 108 +++++++ buildSrc/settings.gradle.kts | 15 + .../kautler/DependencyOutdatedExtension.kt | 25 ++ .../net/kautler/GHMilestoneExtension.kt | 43 +++ .../src/main/kotlin/net/kautler/Properties.kt | 58 ++++ .../kotlin/net/kautler/PropertyExtension.kt | 22 ++ .../kotlin/net/kautler/ResultExtension.kt | 27 ++ .../main/kotlin/net/kautler/java.gradle.kts | 49 +++ .../kotlin/net/kautler/publishing.gradle.kts | 122 ++++++++ .../net/kautler/teamcity-agent.gradle.kts | 48 +++ .../kautler/teamcity-common-server.gradle.kts | 34 +++ .../net/kautler/teamcity-common.gradle.kts | 23 ++ .../net/kautler/teamcity-server.gradle.kts | 102 +++++++ .../kotlin/net/kautler/teamcity.gradle.kts | 64 ++++ .../kotlin/net/kautler/versions.gradle.kts | 165 ++++++++++ .../teamcity/ssh_tunnel/common/Constants.java | 63 ++++ .../ssh_tunnel/common/ModelBuilder.java | 92 ++++++ .../ssh_tunnel/common/ParametersHelper.java | 225 ++++++++++++++ .../teamcity/ssh_tunnel/common/Util.java | 39 +++ .../common/model/AddressPortPart.java | 117 ++++++++ .../ssh_tunnel/common/model/Connection.java | 97 ++++++ .../ssh_tunnel/common/model/Part.java | 44 +++ .../ssh_tunnel/common/model/SocketPart.java | 62 ++++ .../ssh_tunnel/common/model/SshTunnel.java | 117 ++++++++ common/src/main/resources/version.properties | 17 ++ .../resources/kotlin-dsl/SshTunnel.xml | 62 ++++ .../server/common/ServerParametersHelper.java | 82 +++++ .../server/common/SshTunnelBuildFeature.java | 89 ++++++ .../SshTunnelBuildParametersProvider.java | 41 +++ .../SshTunnelBuildRequirementsUpdater.java | 179 +++++++++++ .../build-server-plugin-ssh-tunnel.xml | 27 ++ .../sshTunnelBuildFeature.jsp | 268 +++++++++++++++++ gradle.properties | 19 ++ gradle/wrapper/gradle-wrapper.jar | Bin 0 -> 55616 bytes gradle/wrapper/gradle-wrapper.properties | 5 + gradlew | 188 ++++++++++++ gradlew.bat | 100 +++++++ settings.gradle.kts | 23 ++ 47 files changed, 3941 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 LICENSE create mode 100644 README.md create mode 100644 agent/src/main/java/net/kautler/teamcity/ssh_tunnel/agent/AgentParametersHelper.java create mode 100644 agent/src/main/java/net/kautler/teamcity/ssh_tunnel/agent/SshDetector.java create mode 100644 agent/src/main/java/net/kautler/teamcity/ssh_tunnel/agent/SshTunnelBuildFeatureAgentPart.java create mode 100644 agent/src/main/resources/META-INF/build-agent-plugin-ssh-tunnel.xml create mode 100644 build.gradle.kts create mode 100644 buildSrc/build.gradle.kts create mode 100644 buildSrc/settings.gradle.kts create mode 100644 buildSrc/src/main/kotlin/net/kautler/DependencyOutdatedExtension.kt create mode 100644 buildSrc/src/main/kotlin/net/kautler/GHMilestoneExtension.kt create mode 100644 buildSrc/src/main/kotlin/net/kautler/Properties.kt create mode 100644 buildSrc/src/main/kotlin/net/kautler/PropertyExtension.kt create mode 100644 buildSrc/src/main/kotlin/net/kautler/ResultExtension.kt create mode 100644 buildSrc/src/main/kotlin/net/kautler/java.gradle.kts create mode 100644 buildSrc/src/main/kotlin/net/kautler/publishing.gradle.kts create mode 100644 buildSrc/src/main/kotlin/net/kautler/teamcity-agent.gradle.kts create mode 100644 buildSrc/src/main/kotlin/net/kautler/teamcity-common-server.gradle.kts create mode 100644 buildSrc/src/main/kotlin/net/kautler/teamcity-common.gradle.kts create mode 100644 buildSrc/src/main/kotlin/net/kautler/teamcity-server.gradle.kts create mode 100644 buildSrc/src/main/kotlin/net/kautler/teamcity.gradle.kts create mode 100644 buildSrc/src/main/kotlin/net/kautler/versions.gradle.kts create mode 100644 common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/Constants.java create mode 100644 common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/ModelBuilder.java create mode 100644 common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/ParametersHelper.java create mode 100644 common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/Util.java create mode 100644 common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/model/AddressPortPart.java create mode 100644 common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/model/Connection.java create mode 100644 common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/model/Part.java create mode 100644 common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/model/SocketPart.java create mode 100644 common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/model/SshTunnel.java create mode 100644 common/src/main/resources/version.properties create mode 100644 commonServer/resources/kotlin-dsl/SshTunnel.xml create mode 100644 commonServer/src/main/java/net/kautler/teamcity/ssh_tunnel/server/common/ServerParametersHelper.java create mode 100644 commonServer/src/main/java/net/kautler/teamcity/ssh_tunnel/server/common/SshTunnelBuildFeature.java create mode 100644 commonServer/src/main/java/net/kautler/teamcity/ssh_tunnel/server/common/SshTunnelBuildParametersProvider.java create mode 100644 commonServer/src/main/java/net/kautler/teamcity/ssh_tunnel/server/common/SshTunnelBuildRequirementsUpdater.java create mode 100644 commonServer/src/main/resources/META-INF/build-server-plugin-ssh-tunnel.xml create mode 100644 commonServer/src/main/resources/buildServerResources/sshTunnelBuildFeature.jsp create mode 100644 gradle.properties create mode 100644 gradle/wrapper/gradle-wrapper.jar create mode 100644 gradle/wrapper/gradle-wrapper.properties create mode 100755 gradlew create mode 100755 gradlew.bat create mode 100644 settings.gradle.kts diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..07a42a0 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,16 @@ +# Copyright 2019 Björn Kautler +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +/gradlew eol=lf +/gradlew.bat eol=crlf diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e5c07b0 --- /dev/null +++ b/.gitignore @@ -0,0 +1,37 @@ +# Copyright 2019 Björn Kautler +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +/.gradle/ +/.idea/ +/build/ +/out/ +/downloads/ +/servers/ +/data/ +/teamcity-ssh-tunnel.iml + +/buildSrc/.gradle/ +/buildSrc/build/ + +/agent/build/ +/agent/out/ + +/common/build/ +/common/out/ + +/commonServer/build/ + +/server/build/ + +/serverPre2018.2/build/ diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..d645695 --- /dev/null +++ b/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/README.md b/README.md new file mode 100644 index 0000000..49a80f9 --- /dev/null +++ b/README.md @@ -0,0 +1,283 @@ +TeamCity SSH Tunnel +=================== + +This is a plugin for TeamCity that allows SSH Tunnels to be opened with port and socket forwarding as build feature. +This can, for example, be used to securely control Docker daemons on other hosts to implement continuous deployment. + + + +Table of Contents +----------------- +* [Installation](#installation) + * [TeamCity 2018.2 and newer](#teamcity-20182-and-newer) + * [TeamCity older than 2018.2](#teamcity-older-than-20182) +* [Requirements](#requirements) +* [Setup](#setup) + * [In XML Config Files](#in-xml-config-files) + * [In DSL Config Files](#in-xml-config-files) +* [Usage](#usage) + * [Example Use Case](#example-use-case) +* [License](#license) + + + +Installation +------------ + +Since TeamCity 2018.2, reloadable plugins that can be installed, unloaded, and loaded while TeamCity is running can be +used, which is supported by this plugin. Because of that, there are two different releases and two different methods to +install the plugin, but the method for older TeamCity versions would also work on newer versions if you prefer. + +### TeamCity 2018.2 and newer + +1. If you have not installed any plugins from the plugins repository before, + go to `Administration -> Plugins List -> Browse plugins repository` so that your TeamCity instance is known to + the plugins repository and optionally add your instance permanently from the pop-up in the lower right corner. + +2. Go to the [plugins repository page] and click on `GET -> Install to ...` + +3. Click `Install` + +4. Click `Enable` + +### TeamCity older than 2018.2 + +1. Download the ZIP file from the [plugins repository page] and place it as-is into + the `plugins` directory of your TeamCity data directory. Do not extract the ZIP file. + You can, for example, + * put the ZIP file manually into the data directory, if you know where it is located and how to access it + * go to `Administration -> Plugins List -> Upload plugin zip` and upload the ZIP via web interface + * go to `Administration -> Diagnostics -> Browse Data Directory`, + press `Upload new file`, and upload the ZIP via web interface to the `plugins` directory + +2. Delete the ZIP file of the old version from the `plugins` directory if you are updating from a previous version. + +3. After the ZIP file is placed where it is supposed to be, restart your TeamCity server, + as it does not recognize plugin changes until restart. + + + +Requirements +----- + +The plugin needs the "SSH Keys Manager" plugin - which is shipped with TeamCity - to be available and enabled. + +Additionally, on the build agent the `ssh` client tool needs to be installed. It can be available on the path. If it is +not, some common places in the filesystem are searched for the executable. If it is not found, as last option, the whole +filesystem is searched for an executable called `ssh`, which is tested for being an `ssh` client executable. If the +`ssh` client is available but is not found, a different than the automatically found one should be used, or the +filesystem scan should not be done, it can be configured on the build agent as a build agent property in +`conf/buildAgent.properties`, as a system property, both with the name `ssh.executable`, or as environment variable with +name `SSH_EXECUTABLE` in that order. The value should either be an executable name available on the path or an absolute +path. + + + +Setup +----- + +The plugin adds the `SSH Tunnel` build feature to TeamCity. +You can add the build feature to any build configuration template or build configuration. +You can add the build feature as often as you want to the same or to different hosts. +Multiple build features with the same connection properties in a build will only open +one SSH connection to the target host and open multiple port or socket forwards. + +
+
Name
+
The name for this forward. This is also used in the parameter names.
+
User
+
The user to connect as.
+
Uploaded SSH Key
+
+ The SSH key to authenticate with. The keys that are uploaded to TeamCity and are available + to the current build configuration or build configuration template are displayed for + selection. Username / password authentication or arbitrary SSH keys are + currently not supported, if you need them, please open a feature request. +
+
SSH Key Passphrase
+
+ The passphrase for the selected SSH key.
+ This field is only visible if the selected SSH key is actually encrypted and needs a passphrase. +
+
Host
+
The host to connect to.
+
Port
+
+ The port to connect to.
+ default: 22 +
+
Local Part
+
+ Either "Address and Port" to forward a local port on an address + or "Socket" to forward a local socket.
+ default: Address and Port +
+
Local Address
+
+ The local address to bind to.
+ This field is only visible if the selected local part is "Address and Port".
+ default: 127.0.0.1 +
+
Local Port
+
+ The local port to forward.
+ This field is only visible if the selected local part is "Address and Port".
+ default: <random port> +
+
Local Socket
+
+ The local socket to forward.
+ This field is only visible if the selected local part is "Socket". +
+
Remote Part
+
+ Either "Address and Port" to forward to a remote port on an address + or "Socket" to forward to a remote socket.
+
+
Remote Address
+
+ The remote address to forward to.
+ This field is only visible if the selected remote part is "Address and Port".
+ default: 127.0.0.1 +
+
Remote Port
+
+ The remote port to forward to.
+ This field is only visible if the selected remote part is "Address and Port".
+
+
Remote Socket
+
+ The remote socket to forward to.
+ This field is only visible if the selected local part is "Socket". +
+
+ +### In XML Config Files + +If you edit XML config files on the server directly or in versioned settings, the build feature will, for example, look +like the following (values that have their default value will be omitted). For TeamCity versions prior to 2019.1, the +`sshTunnelRequirement` parameter has to be present and set to `%ssh.executable%` as shown, so the build is only +run on compatible agents. For later TeamCity versions this should be omitted as the requirement can be requested +by the build feature implementation. The parameter will be set by a compatible agent automatically or be configured +there if needed (see [Requirements](#requirements)). If you omit the parameter it is not fatal, as the plugin does +its best to add or correct it automatically, but this is also not really supported by TeamCity, so it is better if you +add it as expected. + +```xml + + + + + + + + + + + + +``` + +### In DSL Config Files + +If you edit DSL config files in versioned settings, the build feature will, for example, look like the following (values +that have their default value will be omitted). For TeamCity versions prior to 2019.1, the `sshTunnelRequirement` +property has to be present and set to `%ssh.executable%` as shown, so the build is only run on compatible agents. For +later TeamCity versions this should be omitted as the requirement can be requested by the build feature implementation. +The parameter will be set by a compatible agent automatically or be configured there if needed +(see [Requirements](#requirements)). If you omit the parameter it is not fatal, as the plugin does its best to add or +correct it automatically, but this is also not really supported by TeamCity, so it is better if you +add it as expected. + +```kotlin +sshTunnel { + id = "docker_on_host_x" + name = "Docker on host X" + connection = c { + user = "teamcity" + sshKey = "my_host_x_key_name" + host = "my.host-x.net" + } + remotePart = remoteSocket { + socket = "/var/run/docker.sock" + } + // Omit this for TeamCity 2019.1 and later + sshTunnelRequirement = "%ssh.executable%" +} +``` + + + +Usage +----- + +After adding the build feature to a build configuration (or a build configuration template), the plugin opens the +configured SSH tunnels before the build starts, and any step in the build can use the established forwards. If the +establishing of the tunnel fails, the build fails as a whole. + +The plugin adds configuration properties to the build that can be used anywhere configuration properties are available, +like custom build scripts, build parameters, environment variables, and so on. All details of the configuration are +exposed as properties, including the actual local port of the forward if no explicit port was configured. The name of +the configured build feature is sanitized and included in the property name so that all build features settings are +accessible individually. Sanitized in this context means that any non-ASCII-alphanumeric character is replaced by an +underscore. + +The configuration properties that are available for each forward are: + +* `sshTunnel..connection.user` +* `sshTunnel..connection.sshKey` +* `sshTunnel..connection.host` +* `sshTunnel..connection.port` +* `sshTunnel..local.address` +* `sshTunnel..local.port` +* `sshTunnel..local.socket` +* `sshTunnel..remote.address` +* `sshTunnel..remote.port` +* `sshTunnel..remote.socket` + +Whereas for `local` and `remote`, either `address` and `port` together or `socket` exist, but not all three at once. + +### Example Use Case + +You want your build to be able to run docker commands on a remote docker daemon that only listens on the host where it +is running and you have SSH access to an account that is allowed to control the docker daemon on the target machine. + +In the configuration of the build feature, you give the name `Docker on host X`, appropriate connection properties, +nothing in the local part to use a random port listening on the localhost interface, and `Socket` with +`/var/run/docker.sock` for the remote part. + +If you use a tool that has configuration options for the docker daemon, you can use those. For example, if you use the +commandline `docker` client in a custom script runner, you can do something like +`docker -H %sshTunnel.Docker_on_host_X.local.address%:%sshTunnel.Docker_on_host_X.local.port% ps` to list the running +containers. + +Alternatively, you could add a parameter to your build configuration called `env.DOCKER_HOST` with value +`tcp://%sshTunnel.Docker_on_host_X.local.address%:%sshTunnel.Docker_on_host_X.local.port%` and then use any tool +communicating with the docker daemon as if the daemon was local, such as calling `docker ps` in a custom script runner +to list the running containers. + + + + +License +------- + +``` +Copyright 2019 Björn Kautler + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +``` + + + +[plugins repository page]: https://plugins.jetbrains.com/plugin/8973-ssh-tunnel diff --git a/agent/src/main/java/net/kautler/teamcity/ssh_tunnel/agent/AgentParametersHelper.java b/agent/src/main/java/net/kautler/teamcity/ssh_tunnel/agent/AgentParametersHelper.java new file mode 100644 index 0000000..7fefc0c --- /dev/null +++ b/agent/src/main/java/net/kautler/teamcity/ssh_tunnel/agent/AgentParametersHelper.java @@ -0,0 +1,42 @@ +/* + * Copyright 2019 Björn Kautler + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package net.kautler.teamcity.ssh_tunnel.agent; + +import jetbrains.buildServer.agent.ssh.AgentRunningBuildSshKeyManager; +import jetbrains.buildServer.ssh.TeamCitySshKey; +import net.kautler.teamcity.ssh_tunnel.common.ParametersHelper; +import org.jetbrains.annotations.NotNull; + +public class AgentParametersHelper extends ParametersHelper { + @NotNull + private final AgentRunningBuildSshKeyManager sshKeyManager; + + public AgentParametersHelper(@NotNull AgentRunningBuildSshKeyManager sshKeyManager) { + this.sshKeyManager = sshKeyManager; + } + + @Override + protected boolean isValidKeyName(String sshKeyName) { + return sshKeyManager.getKey(sshKeyName) != null; + } + + @Override + protected boolean isEncrypted(String sshKeyName) { + TeamCitySshKey sshKey = sshKeyManager.getKey(sshKeyName); + return (sshKey != null) && sshKey.isEncrypted(); + } +} diff --git a/agent/src/main/java/net/kautler/teamcity/ssh_tunnel/agent/SshDetector.java b/agent/src/main/java/net/kautler/teamcity/ssh_tunnel/agent/SshDetector.java new file mode 100644 index 0000000..2323d5a --- /dev/null +++ b/agent/src/main/java/net/kautler/teamcity/ssh_tunnel/agent/SshDetector.java @@ -0,0 +1,194 @@ +/* + * Copyright 2019 Björn Kautler + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package net.kautler.teamcity.ssh_tunnel.agent; + +import jetbrains.buildServer.agent.AgentLifeCycleAdapter; +import jetbrains.buildServer.agent.AgentLifeCycleListener; +import jetbrains.buildServer.agent.BuildAgent; +import jetbrains.buildServer.log.Loggers; +import jetbrains.buildServer.util.EventDispatcher; +import org.jetbrains.annotations.NotNull; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.InitializingBean; + +import java.io.IOException; +import java.nio.file.FileSystems; +import java.nio.file.FileVisitResult; +import java.nio.file.FileVisitor; +import java.nio.file.Path; +import java.nio.file.PathMatcher; +import java.nio.file.attribute.BasicFileAttributes; +import java.util.Objects; +import java.util.Optional; +import java.util.concurrent.atomic.AtomicLong; +import java.util.concurrent.atomic.AtomicReference; +import java.util.function.Supplier; +import java.util.stream.Stream; +import java.util.stream.StreamSupport; + +import static java.lang.Runtime.getRuntime; +import static java.lang.System.getenv; +import static java.lang.System.nanoTime; +import static java.lang.Thread.currentThread; +import static java.nio.file.FileVisitResult.CONTINUE; +import static java.nio.file.FileVisitResult.TERMINATE; +import static java.nio.file.Files.walkFileTree; +import static java.util.Locale.ENGLISH; +import static jetbrains.buildServer.util.StringUtil.isEmptyOrSpaces; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.SSH_EXECUTABLE_CONFIGURATION_PARAMETER_NAME; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.SSH_EXECUTABLE_ENVIRONMENT_VARIABLE_NAME; +import static net.kautler.teamcity.ssh_tunnel.common.Util.streamToString; + +public class SshDetector extends AgentLifeCycleAdapter implements InitializingBean { + private static final Logger LOG = LoggerFactory.getLogger(Loggers.AGENT_CATEGORY + '.' + SshDetector.class.getName()); + private static final PathMatcher SSH_FILE_NAME_MATCHER = FileSystems.getDefault().getPathMatcher("glob:ssh{,.*}"); + + @NotNull + private final EventDispatcher agentLifeCycleEventDispatcher; + + public SshDetector(@NotNull EventDispatcher agentLifeCycleEventDispatcher) { + this.agentLifeCycleEventDispatcher = agentLifeCycleEventDispatcher; + } + + @Override + public void afterPropertiesSet() { + agentLifeCycleEventDispatcher.addListener(this); + } + + @Override + public void beforeAgentConfigurationLoaded(@NotNull BuildAgent agent) { + Stream.>of( + () -> agent.getConfiguration().getConfigurationParameters().get(SSH_EXECUTABLE_CONFIGURATION_PARAMETER_NAME), + () -> System.getProperty(SSH_EXECUTABLE_CONFIGURATION_PARAMETER_NAME), + () -> getenv().get(SSH_EXECUTABLE_ENVIRONMENT_VARIABLE_NAME), + () -> Stream.of("ssh", "/usr/local/bin/ssh", "/usr/sbin/ssh", "/sbin/ssh", "/usr/bin/ssh", "/bin/ssh") + .filter(SshDetector::sshAvailableAtPath) + .findAny() + .orElse(null), + () -> { + LOG.warn("SSH executable not found in PATH or hard-coded paths. " + + "Going to search the whole file tree for an SSH executable. " + + "To prevent this or if the wrong one is found, " + + "you can configure the path to the SSH executable " + + "using an agent configuration property or system property named '{}' " + + "or an environment variable named '{}'.", + SSH_EXECUTABLE_CONFIGURATION_PARAMETER_NAME, SSH_EXECUTABLE_ENVIRONMENT_VARIABLE_NAME); + AtomicLong searchedFiles = new AtomicLong(); + AtomicLong nextLog = new AtomicLong(nanoTime() + 5_000_000_000L); + return StreamSupport.stream(FileSystems.getDefault().getRootDirectories().spliterator(), true) + .flatMap(rootDirectory -> { + try { + AtomicReference> sshExecutable = new AtomicReference<>(Optional.empty()); + walkFileTree(rootDirectory, new FileVisitor() { + @Override + public FileVisitResult preVisitDirectory(Path dir, BasicFileAttributes attrs) { + return CONTINUE; + } + + @Override + public FileVisitResult visitFile(Path file, BasicFileAttributes attrs) { + // log progress every 5 seconds + if (nanoTime() >= nextLog.get()) { + nextLog.addAndGet(5_000_000_000L); + LOG.info("Still walking the file tree. Searched path: {}. Current path: {}", searchedFiles.get(), file); + } + searchedFiles.incrementAndGet(); + if (!attrs.isDirectory() + && SSH_FILE_NAME_MATCHER.matches(file.getFileName()) + && file.toFile().canExecute() + && sshAvailableAtPath(file.toString())) { + sshExecutable.set(Optional.of(file.toString())); + return TERMINATE; + } else { + return CONTINUE; + } + } + + @Override + public FileVisitResult visitFileFailed(Path file, IOException exc) { + if (exc != null) { + if (LOG.isDebugEnabled()) { + LOG.info("Exception during walking the file tree for '{}' at {}", rootDirectory, file, exc); + } else { + LOG.debug("Exception during walking the file tree for '{}' at {}: {}", rootDirectory, file, exc.getMessage()); + } + } + return CONTINUE; + } + + @Override + public FileVisitResult postVisitDirectory(Path dir, IOException exc) { + if (exc != null) { + if (LOG.isDebugEnabled()) { + LOG.info("Exception during walking the file tree for '{}' at {}", rootDirectory, dir, exc); + } else { + LOG.debug("Exception during walking the file tree for '{}' at {}: {}", rootDirectory, dir, exc.getMessage()); + } + } + return CONTINUE; + } + }); + return sshExecutable.get().map(Stream::of).orElseGet(Stream::empty); + } catch (IOException ioe) { + if (LOG.isDebugEnabled()) { + LOG.info("Exception during walking the file tree for '{}'", rootDirectory, ioe); + } else { + LOG.debug("Exception during walking the file tree for '{}': {}", rootDirectory, ioe.getMessage()); + } + return Stream.empty(); + } + }) + .findAny() + .orElse(null); + }) + .map(Supplier::get) + .filter(Objects::nonNull) + .findFirst() + .ifPresent(sshExecutable -> agent.getConfiguration().addConfigurationParameter(SSH_EXECUTABLE_CONFIGURATION_PARAMETER_NAME, sshExecutable)); + } + + private static boolean sshAvailableAtPath(String sshPath) { + LOG.info("Testing potential ssh path {}", sshPath); + try { + Process process = getRuntime().exec(new String[] { sshPath, "-V" }); + int exitValue = process.waitFor(); + String stdout = streamToString(process.getInputStream()); + if (!isEmptyOrSpaces(stdout)) { + LOG.info("stdout ({}): {}", sshPath, stdout); + } + String stderr = streamToString(process.getErrorStream()); + if (!isEmptyOrSpaces(stderr)) { + LOG.info("stderr ({}): {}", sshPath, stderr); + } + if ((exitValue == 0) && stderr.toLowerCase(ENGLISH).contains("ssh")) { + LOG.info("SSH executable found at {}", sshPath); + return true; + } + } catch (InterruptedException ie) { + currentThread().interrupt(); + } catch (IOException ioe) { + if (LOG.isDebugEnabled()) { + LOG.debug("Exception during testing potential ssh path {}", sshPath, ioe); + } else { + LOG.info("Exception during testing potential ssh path {}: {}", sshPath, ioe.getMessage()); + } + } + LOG.info("SSH executable not found at {}", sshPath); + return false; + } +} diff --git a/agent/src/main/java/net/kautler/teamcity/ssh_tunnel/agent/SshTunnelBuildFeatureAgentPart.java b/agent/src/main/java/net/kautler/teamcity/ssh_tunnel/agent/SshTunnelBuildFeatureAgentPart.java new file mode 100644 index 0000000..e8a566a --- /dev/null +++ b/agent/src/main/java/net/kautler/teamcity/ssh_tunnel/agent/SshTunnelBuildFeatureAgentPart.java @@ -0,0 +1,253 @@ +/* + * Copyright 2019 Björn Kautler + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package net.kautler.teamcity.ssh_tunnel.agent; + +import jetbrains.buildServer.agent.AgentBuildFeature; +import jetbrains.buildServer.agent.AgentLifeCycleAdapter; +import jetbrains.buildServer.agent.AgentLifeCycleListener; +import jetbrains.buildServer.agent.AgentRunningBuild; +import jetbrains.buildServer.agent.BuildFinishedStatus; +import jetbrains.buildServer.agent.BuildProgressLogger; +import jetbrains.buildServer.agent.ssh.AgentRunningBuildSshKeyManager; +import jetbrains.buildServer.ssh.AskPassGenerator; +import jetbrains.buildServer.ssh.AskPassGeneratorUnix; +import jetbrains.buildServer.ssh.AskPassGeneratorWin; +import jetbrains.buildServer.ssh.TeamCitySshKey; +import jetbrains.buildServer.util.EventDispatcher; +import jetbrains.buildServer.util.FileUtil; +import jetbrains.buildServer.util.MultiMap; +import net.kautler.teamcity.ssh_tunnel.common.ModelBuilder; +import net.kautler.teamcity.ssh_tunnel.common.ParametersHelper; +import net.kautler.teamcity.ssh_tunnel.common.model.Connection; +import net.kautler.teamcity.ssh_tunnel.common.model.SshTunnel; +import org.jetbrains.annotations.NotNull; +import org.springframework.beans.factory.InitializingBean; + +import java.io.File; +import java.io.IOException; +import java.util.ArrayList; +import java.util.Collection; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Optional; +import java.util.concurrent.ConcurrentHashMap; +import java.util.concurrent.ConcurrentMap; +import java.util.stream.Stream; + +import static com.intellij.openapi.util.text.StringUtil.isNotEmpty; +import static java.lang.Thread.currentThread; +import static java.util.concurrent.TimeUnit.SECONDS; +import static java.util.stream.Collectors.toList; +import static java.util.stream.Collectors.toMap; +import static jetbrains.buildServer.ssh.Util.writeKey; +import static jetbrains.buildServer.util.FileUtil.createTempFile; +import static jetbrains.buildServer.util.FileUtil.readText; +import static jetbrains.buildServer.util.StringUtil.isEmptyOrSpaces; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.BUILD_FEATURE_ACTIVITY_TYPE; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.BUILD_FEATURE_TYPE; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.SSH_EXECUTABLE_CONFIGURATION_PARAMETER_NAME; + +public class SshTunnelBuildFeatureAgentPart extends AgentLifeCycleAdapter implements InitializingBean { + private static final String TUNNEL_ACTIVITY_PATTERN = "Tunnel via '%s' identified by key '%s'"; + private static final String TUNNEL_NOT_ESTABLISHED = "SSH Tunnel could not be established"; + private static final String TUNNEL_NOT_TERMINATED = "SSH Tunnel could not be terminated"; + + @NotNull + private final EventDispatcher agentLifeCycleEventDispatcher; + + @NotNull + private final AgentRunningBuildSshKeyManager agentRunningBuildSshKeyManager; + + @NotNull + private final ParametersHelper parametersHelper; + + private final ConcurrentMap> sshTunnelsPerBuild = new ConcurrentHashMap<>(); + private final ConcurrentMap> processesPerBuild = new ConcurrentHashMap<>(); + private final ConcurrentMap> filesToDeletePerBuild = new ConcurrentHashMap<>(); + private final ConcurrentMap stdoutPerProcess = new ConcurrentHashMap<>(); + private final ConcurrentMap stderrPerProcess = new ConcurrentHashMap<>(); + + public SshTunnelBuildFeatureAgentPart(@NotNull EventDispatcher agentLifeCycleEventDispatcher, + @NotNull AgentRunningBuildSshKeyManager agentRunningBuildSshKeyManager, + @NotNull ParametersHelper parametersHelper) { + this.agentLifeCycleEventDispatcher = agentLifeCycleEventDispatcher; + this.agentRunningBuildSshKeyManager = agentRunningBuildSshKeyManager; + this.parametersHelper = parametersHelper; + } + + @Override + public void afterPropertiesSet() { + agentLifeCycleEventDispatcher.addListener(this); + } + + @Override + public void buildStarted(@NotNull AgentRunningBuild runningBuild) { + sshTunnelsPerBuild.computeIfAbsent(runningBuild, this::getSshTunnels).stream() + .map(SshTunnel::getConfigParameters) + .map(Map::entrySet) + .flatMap(Collection::stream) + .collect(toMap(Map.Entry::getKey, Map.Entry::getValue)) + .forEach(runningBuild::addSharedConfigParameter); + } + + @Override + public void preparationFinished(@NotNull AgentRunningBuild runningBuild) { + BuildProgressLogger buildLogger = runningBuild.getBuildLogger(); + buildLogger.activityStarted("Establishing SSH Tunnels", BUILD_FEATURE_ACTIVITY_TYPE); + try { + MultiMap sshTunnelsPerConnection = sshTunnelsPerBuild.remove(runningBuild).stream() + .collect(MultiMap::new, + (map, sshTunnel) -> map.putValue(sshTunnel.getConnection(), sshTunnel), + (map1, map2) -> map2.entrySet().forEach(entry -> entry.getValue().forEach(value -> map1.putValue(entry.getKey(), value)))); + + String sshExecutable = runningBuild.getSharedConfigParameters().get(SSH_EXECUTABLE_CONFIGURATION_PARAMETER_NAME); + sshTunnelsPerConnection.entrySet().forEach(entry -> { + Connection connection = entry.getKey(); + buildLogger.activityStarted(String.format(TUNNEL_ACTIVITY_PATTERN, connection, connection.getSshKey()), BUILD_FEATURE_ACTIVITY_TYPE); + try { + List forwards = entry.getValue(); + + forwards.forEach(forward -> buildLogger.progressMessage(String.format("Forwarding '%#s'", forward))); + + List command = new ArrayList<>(); + command.add(sshExecutable); + command.add("-N"); + forwards.stream() + .flatMap(forward -> Stream.of("-L", String.format("%#s", forward))) + .forEachOrdered(command::add); + command.add("-p"); + command.add(connection.getPort()); + command.add("-l"); + command.add(connection.getUser()); + command.add("-i"); + TeamCitySshKey sshKey = agentRunningBuildSshKeyManager.getKey(connection.getSshKey()); + if (sshKey == null) { + throw new RuntimeException(String.format("SSH Key '%s' not found", connection.getSshKey())); + } + File buildTempDirectory = runningBuild.getBuildTempDirectory(); + File sshKeyFile = new File(writeKey(buildTempDirectory, sshKey)); + filesToDeletePerBuild.computeIfAbsent(runningBuild, key -> new ArrayList<>()).add(sshKeyFile); + command.add(sshKeyFile.getName()); + command.add(connection.getHost()); + + ProcessBuilder processBuilder = new ProcessBuilder(command).directory(sshKeyFile.getParentFile()); + + if (isNotEmpty(connection.getSshKeyPassphrase())) { + AskPassGenerator askPassGenerator = runningBuild.getAgentConfiguration().getSystemInfo().isWindows() ? new AskPassGeneratorWin() : new AskPassGeneratorUnix(); + File askPassFile = askPassGenerator.generate(buildTempDirectory, connection.getSshKeyPassphrase()); + filesToDeletePerBuild.get(runningBuild).add(askPassFile); + processBuilder.environment().put("SSH_ASKPASS", "./" + askPassFile.getName()); + } + + File stdout = createTempFile(buildTempDirectory, "teamcity", "sshTunnelStdout", true); + filesToDeletePerBuild.get(runningBuild).add(stdout); + File stderr = createTempFile(buildTempDirectory, "teamcity", "sshTunnelStderr", true); + filesToDeletePerBuild.get(runningBuild).add(stderr); + Process process = processBuilder.redirectOutput(stdout).redirectError(stderr).start(); + processesPerBuild.computeIfAbsent(runningBuild, key -> new HashMap<>()).put(connection, process); + stdoutPerProcess.put(process, stdout); + stderrPerProcess.put(process, stderr); + try { + process.waitFor(1, SECONDS); + } catch (InterruptedException ie) { + currentThread().interrupt(); + } + if (!process.isAlive()) { + buildLogger.buildFailureDescription(TUNNEL_NOT_ESTABLISHED); + runningBuild.stopBuild(TUNNEL_NOT_ESTABLISHED); + } + } catch (IOException ioe) { + throw new RuntimeException(ioe.getMessage(), ioe); + } finally { + buildLogger.activityFinished(String.format(TUNNEL_ACTIVITY_PATTERN, connection, connection.getSshKey()), BUILD_FEATURE_ACTIVITY_TYPE); + } + }); + } catch (Exception e) { + String message = e.getMessage(); + buildLogger.internalError(TUNNEL_NOT_ESTABLISHED, (message == null) ? "" : message, e); + buildLogger.buildFailureDescription(TUNNEL_NOT_ESTABLISHED); + runningBuild.stopBuild(TUNNEL_NOT_ESTABLISHED); + } finally { + buildLogger.activityFinished("Establishing SSH Tunnels", BUILD_FEATURE_ACTIVITY_TYPE); + } + } + + @Override + public void beforeBuildFinish(@NotNull AgentRunningBuild build, @NotNull BuildFinishedStatus buildStatus) { + BuildProgressLogger buildLogger = build.getBuildLogger(); + buildLogger.activityStarted("Terminating SSH Tunnels", BUILD_FEATURE_ACTIVITY_TYPE); + try { + Map processPerConnection = processesPerBuild.remove(build); + if (processPerConnection == null) { + return; + } + processPerConnection.forEach((connection, process) -> { + buildLogger.activityStarted(String.format(TUNNEL_ACTIVITY_PATTERN, connection, connection.getSshKey()), BUILD_FEATURE_ACTIVITY_TYPE); + try { + buildLogger.progressMessage("Terminate SSH Tunnel"); + if (process.isAlive()) { + try { + process.destroyForcibly().waitFor(); + } catch (InterruptedException ie) { + currentThread().interrupt(); + } + } else { + int exitValue = process.exitValue(); + if (exitValue != 0) { + buildLogger.buildFailureDescription(TUNNEL_NOT_ESTABLISHED); + build.stopBuild(TUNNEL_NOT_ESTABLISHED); + } + buildLogger.progressMessage("exit code: " + exitValue); + } + String stdout = readText(stdoutPerProcess.remove(process)); + if (!isEmptyOrSpaces(stdout)) { + buildLogger.progressMessage("stdout: " + stdout); + } + String stderr = readText(stderrPerProcess.remove(process)); + if (!isEmptyOrSpaces(stderr)) { + buildLogger.warning("stderr: " + stderr); + } + } catch (IOException ioe) { + throw new RuntimeException(ioe.getMessage(), ioe); + } finally { + buildLogger.activityFinished(String.format(TUNNEL_ACTIVITY_PATTERN, connection, connection.getSshKey()), BUILD_FEATURE_ACTIVITY_TYPE); + } + }); + Optional.ofNullable(filesToDeletePerBuild.remove(build)).ifPresent(files -> files.forEach(FileUtil::delete)); + } catch (Exception e) { + String message = e.getMessage(); + buildLogger.internalError(TUNNEL_NOT_TERMINATED, (message == null) ? "" : message, e); + buildLogger.buildFailureDescription(TUNNEL_NOT_TERMINATED); + build.stopBuild(TUNNEL_NOT_TERMINATED); + } finally { + buildLogger.activityFinished("Terminating SSH Tunnels", BUILD_FEATURE_ACTIVITY_TYPE); + } + } + + private List getSshTunnels(@NotNull AgentRunningBuild runningBuild) { + return runningBuild.getBuildFeaturesOfType(BUILD_FEATURE_TYPE).stream() + .map(AgentBuildFeature::getParameters) + .peek(parameters -> { + if (!parametersHelper.validate(parameters).isEmpty()) { + throw new RuntimeException(parametersHelper.describeParameters(parameters)); + } + }) + .map(ModelBuilder::buildSshTunnel) + .collect(toList()); + } +} diff --git a/agent/src/main/resources/META-INF/build-agent-plugin-ssh-tunnel.xml b/agent/src/main/resources/META-INF/build-agent-plugin-ssh-tunnel.xml new file mode 100644 index 0000000..b4b93e2 --- /dev/null +++ b/agent/src/main/resources/META-INF/build-agent-plugin-ssh-tunnel.xml @@ -0,0 +1,26 @@ + + + + + + + + + diff --git a/build.gradle.kts b/build.gradle.kts new file mode 100644 index 0000000..5ca220b --- /dev/null +++ b/build.gradle.kts @@ -0,0 +1,27 @@ +/* + * Copyright 2019 Björn Kautler + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +plugins { + net.kautler.versions + net.kautler.teamcity + net.kautler.publishing +} + +subprojects { + description = "${rootProject.description} ($name)" +} + +defaultTasks("build") diff --git a/buildSrc/build.gradle.kts b/buildSrc/build.gradle.kts new file mode 100644 index 0000000..c3fafd8 --- /dev/null +++ b/buildSrc/build.gradle.kts @@ -0,0 +1,108 @@ +/* + * Copyright 2019 Björn Kautler + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import com.fasterxml.jackson.databind.ObjectMapper +import com.github.benmanes.gradle.versions.reporter.result.Result +import org.jetbrains.kotlin.gradle.tasks.KotlinCompile + +plugins { + `kotlin-dsl` + id("com.github.ben-manes.versions") version "0.21.0" +} + +buildscript { + repositories { + // have both in case JCenter is again refusing to work properly and Maven Central first + mavenCentral() + jcenter() + } + dependencies { + classpath("com.fasterxml.jackson.core:jackson-databind:2.9.9") + } +} + +repositories { + // have both in case JCenter is again refusing to work properly and Maven Central first + mavenCentral() + jcenter() + @Suppress("UnstableApiUsage") + gradlePluginPortal() +} + +dependencies { + implementation(gradlePlugin("com.github.ben-manes.versions:0.21.0")) + implementation(gradlePlugin("org.ajoberstar.grgit:3.1.1")) + implementation(gradlePlugin("com.github.rodm.teamcity-environments:1.2")) + implementation(gradlePlugin("com.github.rodm.teamcity-common:1.2")) + implementation(gradlePlugin("com.github.rodm.teamcity-agent:1.2")) + implementation(gradlePlugin("com.github.rodm.teamcity-server:1.2")) + implementation(gradlePlugin("net.researchgate.release:2.8.0")) + implementation(gradlePlugin("net.wooga.github:1.4.0")) + implementation("com.fasterxml.jackson.core:jackson-databind:2.9.9") + implementation("org.kohsuke:github-api:1.95") +} + +kotlinDslPluginOptions { + experimentalWarning(false) +} + +tasks.withType().configureEach { + kotlinOptions { + allWarningsAsErrors = true + } +} + +tasks.dependencyUpdates { + checkForGradleUpdate = false + + resolutionStrategy { + componentSelection { + all { + if (Regex("""(?i)[.-](?:${listOf( + "alpha", + "beta", + "rc", + "cr", + "m", + "preview", + "test", + "pre", + "b", + "ea" + ).joinToString("|")})[.\d-]*""").containsMatchIn(candidate.version)) { + reject("preliminary release") + } + } + } + } + + outputFormatter = closureOf { + gradle = null + file("build/dependencyUpdates/report.json") + .apply { parentFile.mkdirs() } + .also { + ObjectMapper().writerWithDefaultPrettyPrinter().writeValue(it, this) + } + } +} + +@Suppress("UnstableApiUsage") +operator fun Property.invoke(value: T) = set(value) + +fun gradlePlugin(plugin: String): String = plugin.let { + val (id, version) = it.split(":", limit = 2) + "$id:$id.gradle.plugin:$version" +} diff --git a/buildSrc/settings.gradle.kts b/buildSrc/settings.gradle.kts new file mode 100644 index 0000000..f982e61 --- /dev/null +++ b/buildSrc/settings.gradle.kts @@ -0,0 +1,15 @@ +/* + * Copyright 2019 Björn Kautler + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ diff --git a/buildSrc/src/main/kotlin/net/kautler/DependencyOutdatedExtension.kt b/buildSrc/src/main/kotlin/net/kautler/DependencyOutdatedExtension.kt new file mode 100644 index 0000000..ed7f696 --- /dev/null +++ b/buildSrc/src/main/kotlin/net/kautler/DependencyOutdatedExtension.kt @@ -0,0 +1,25 @@ +/* + * Copyright 2019 Björn Kautler + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package net.kautler + +import com.github.benmanes.gradle.versions.reporter.result.DependencyOutdated + +fun DependencyOutdated.matches(group: String, name: String, oldVersion: String? = null, newVersion: String? = null) = + (this.group == group) + && (this.name == name) + && oldVersion?.let { it == version } ?: true + && newVersion?.let { it == this.available.milestone } ?: true diff --git a/buildSrc/src/main/kotlin/net/kautler/GHMilestoneExtension.kt b/buildSrc/src/main/kotlin/net/kautler/GHMilestoneExtension.kt new file mode 100644 index 0000000..773442e --- /dev/null +++ b/buildSrc/src/main/kotlin/net/kautler/GHMilestoneExtension.kt @@ -0,0 +1,43 @@ +/* + * Copyright 2019 Björn Kautler + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package net.kautler + +import org.kohsuke.github.GHMilestone +import org.kohsuke.github.GitHub + +fun GHMilestone.updateTitle(title: String) { + val requesterClass = Class.forName("org.kohsuke.github.Requester") + + val constructor = requesterClass.getDeclaredConstructor(GitHub::class.java) + constructor.isAccessible = true + var requester = constructor.newInstance(root) + + val withMethod = requesterClass.getDeclaredMethod("_with", String::class.java, Object::class.java) + withMethod.isAccessible = true + requester = withMethod.invoke(requester, "title", title) + + val methodMethod = requesterClass.getDeclaredMethod("method", String::class.java) + methodMethod.isAccessible = true + requester = methodMethod.invoke(requester, "PATCH") + + val getApiRouteMethod = GHMilestone::class.java.getDeclaredMethod("getApiRoute") + getApiRouteMethod.isAccessible = true + + val toMethod = requesterClass.getDeclaredMethod("to", String::class.java) + toMethod.isAccessible = true + toMethod.invoke(requester, getApiRouteMethod.invoke(this)) +} diff --git a/buildSrc/src/main/kotlin/net/kautler/Properties.kt b/buildSrc/src/main/kotlin/net/kautler/Properties.kt new file mode 100644 index 0000000..1124481 --- /dev/null +++ b/buildSrc/src/main/kotlin/net/kautler/Properties.kt @@ -0,0 +1,58 @@ +/* + * Copyright 2019 Björn Kautler + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package net.kautler + +import org.gradle.api.Project +import kotlin.properties.ReadOnlyProperty +import kotlin.reflect.KProperty + +abstract class Property( + private val project: Project, + private var propertyName: String?, + private val default: T +) : ReadOnlyProperty { + protected abstract fun doGetValue(project: Project, propertyName: String): T? + + fun getValue() = doGetValue(project, propertyName!!) ?: default + + override fun getValue(thisRef: Any, property: KProperty<*>) = doGetValue(project, propertyName!!) ?: default + + operator fun provideDelegate(thisRef: Any, property: KProperty<*>) = this.apply { + propertyName = propertyName ?: property.name + } +} + +class StringProperty( + project: Project, + propertyName: String? = null, + default: String? = null +) : Property(project, propertyName, default) { + override fun doGetValue(project: Project, propertyName: String) = findProperty(project, propertyName) +} + +class BooleanProperty( + project: Project, + propertyName: String? = null, + default: Boolean = false +) : Property(project, propertyName, default) { + override fun doGetValue(project: Project, propertyName: String) = findProperty(project, propertyName)?.toBoolean() +} + +private fun findProperty(project: Project, propertyName: String) = ( + project.findProperty("${project.rootProject.name}.$propertyName") + ?: project.findProperty(propertyName)) + as String? diff --git a/buildSrc/src/main/kotlin/net/kautler/PropertyExtension.kt b/buildSrc/src/main/kotlin/net/kautler/PropertyExtension.kt new file mode 100644 index 0000000..94150b9 --- /dev/null +++ b/buildSrc/src/main/kotlin/net/kautler/PropertyExtension.kt @@ -0,0 +1,22 @@ +/* + * Copyright 2019 Björn Kautler + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package net.kautler + +import org.gradle.api.provider.Property + +@Suppress("UnstableApiUsage") +operator fun Property.invoke(value: T) = set(value) diff --git a/buildSrc/src/main/kotlin/net/kautler/ResultExtension.kt b/buildSrc/src/main/kotlin/net/kautler/ResultExtension.kt new file mode 100644 index 0000000..eb9411a --- /dev/null +++ b/buildSrc/src/main/kotlin/net/kautler/ResultExtension.kt @@ -0,0 +1,27 @@ +/* + * Copyright 2019 Björn Kautler + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package net.kautler + +import com.github.benmanes.gradle.versions.reporter.result.Result + +fun Result.updateCounts() { + val dependencyGroups = listOf(current, outdated, exceeded, unresolved) + dependencyGroups.forEach { + it.count = it.dependencies.size + } + count = dependencyGroups.map { it.count }.sum() +} diff --git a/buildSrc/src/main/kotlin/net/kautler/java.gradle.kts b/buildSrc/src/main/kotlin/net/kautler/java.gradle.kts new file mode 100644 index 0000000..305eefb --- /dev/null +++ b/buildSrc/src/main/kotlin/net/kautler/java.gradle.kts @@ -0,0 +1,49 @@ +/* + * Copyright 2019 Bjoern Kautler + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package net.kautler + +import org.gradle.api.JavaVersion.VERSION_1_8 +import org.gradle.api.JavaVersion.toVersion +import kotlin.text.Charsets.UTF_8 + +plugins { + java +} + +base { + archivesBaseName = "ssh-tunnel" +} + +java { + sourceCompatibility = VERSION_1_8 +} + +tasks.jar { + archiveAppendix(project.name) +} + +tasks.withType().configureEach { + options.apply { + encoding = UTF_8.name() + if (JavaVersion.current().isJava9Compatible) { + compilerArgs.apply { + add("--release") + add(toVersion(targetCompatibility).majorVersion) + } + } + } +} diff --git a/buildSrc/src/main/kotlin/net/kautler/publishing.gradle.kts b/buildSrc/src/main/kotlin/net/kautler/publishing.gradle.kts new file mode 100644 index 0000000..bfe8f3d --- /dev/null +++ b/buildSrc/src/main/kotlin/net/kautler/publishing.gradle.kts @@ -0,0 +1,122 @@ +/* + * Copyright 2019 Bjoern Kautler + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package net.kautler + +import net.researchgate.release.GitAdapter.GitConfig +import net.researchgate.release.ReleasePlugin +import org.ajoberstar.grgit.Grgit +import org.kohsuke.github.GHIssueState.OPEN +import org.kohsuke.github.GitHub +import wooga.gradle.github.publish.tasks.GithubPublish +import kotlin.LazyThreadSafetyMode.NONE +import com.github.rodm.teamcity.tasks.PublishTask + +plugins { + id("net.researchgate.release") + id("net.wooga.github") +} + +val releaseVersion = !version.toString().endsWith("-SNAPSHOT") + +extra["release.useAutomaticVersion"] = BooleanProperty(project, "release.useAutomaticVersion").getValue() +extra["release.releaseVersion"] = StringProperty(project, "release.releaseVersion").getValue() +extra["release.newVersion"] = StringProperty(project, "release.newVersion").getValue() +extra["github.token"] = StringProperty(project, "github.token").getValue() + +release { + tagTemplate = "v\$version" + val gitConfig = getProperty("git") as GitConfig + gitConfig.signTag = true +} + +tasks.afterReleaseBuild { + dependsOn(provider { allprojects.map { it.tasks.withType() } }) +} + +val grgit: Grgit? by project + +val githubRepositoryName by lazy(NONE) { + grgit?.let { + it.remote.list() + .find { it.name == "origin" } + ?.let { + Regex("""(?x) + (?: + ://([^@]++@)?+github\.com(?::\d++)?+/ | + ([^@]++@)?+github\.com: + ) + (?.*) + \.git + """) + .find(it.url) + ?.let { it.groups["repositoryName"]!!.value } + } + } ?: "Vampire/teamcity-ssh-tunnel" +} + +val releaseTagName by lazy(NONE) { plugins.findPlugin(ReleasePlugin::class)!!.tagName()!! } + +val github by lazy(NONE) { GitHub.connectUsingOAuth(extra["github.token"] as String)!! } + +val releaseBody by lazy(NONE) { + grgit?.let { + it.log { + github.getRepository(githubRepositoryName).latestRelease?.run { excludes.add(tagName) } + } + .filter { !it.shortMessage.startsWith("[Gradle Release Plugin] ") } + .joinToString("\n") { "- ${it.shortMessage} [${it.id}]" } + } ?: "" +} + +tasks.githubPublish { + val serverPluginTasks = provider { allprojects.map { it.tasks.findByName("serverPlugin") }.filterNotNull() } + enabled = releaseVersion + dependsOn(serverPluginTasks) + repositoryName(githubRepositoryName) + tagName(releaseTagName) + releaseName(releaseTagName) + body { releaseBody } + draft(true) + from(serverPluginTasks) +} + +tasks.afterReleaseBuild { + dependsOn(tasks.withType()) +} + +val finishMilestone by tasks.registering { + enabled = releaseVersion + shouldRunAfter(tasks.withType()) + + @Suppress("UnstableApiUsage") + doLast("finish milestone") { + github.getRepository(githubRepositoryName)!!.run { + listMilestones(OPEN) + .find { it.title == "Next Version" }!! + .run { + updateTitle(releaseTagName) + close() + } + + createMilestone("Next Version", null) + } + } +} + +tasks.afterReleaseBuild { + dependsOn(finishMilestone) +} diff --git a/buildSrc/src/main/kotlin/net/kautler/teamcity-agent.gradle.kts b/buildSrc/src/main/kotlin/net/kautler/teamcity-agent.gradle.kts new file mode 100644 index 0000000..681b44b --- /dev/null +++ b/buildSrc/src/main/kotlin/net/kautler/teamcity-agent.gradle.kts @@ -0,0 +1,48 @@ +/* + * Copyright 2019 Bjoern Kautler + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package net.kautler + +plugins { + java + id("com.github.rodm.teamcity-agent") +} + +apply() + +teamcity { + agent { + archiveName = "ssh-tunnel" + + descriptor { + pluginDeployment { + useSeparateClassloader = true + } + + dependencies { + plugin("ssh-manager") + } + } + } +} + +dependencies { + val teamcityHomeDir: File by project + val versions: Map by project + implementation(project(":common")) + provided(files("$teamcityHomeDir/buildAgent/plugins/ssh-manager/ssh-manager.jar")) + provided("org.slf4j:slf4j-api:${versions["slf4j"]}") +} diff --git a/buildSrc/src/main/kotlin/net/kautler/teamcity-common-server.gradle.kts b/buildSrc/src/main/kotlin/net/kautler/teamcity-common-server.gradle.kts new file mode 100644 index 0000000..dd2c821 --- /dev/null +++ b/buildSrc/src/main/kotlin/net/kautler/teamcity-common-server.gradle.kts @@ -0,0 +1,34 @@ +/* + * Copyright 2019 Bjoern Kautler + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package net.kautler + +import com.github.rodm.teamcity.TeamCityPlugin + +plugins { + java +} + +apply() +apply() + +dependencies { + val teamcityHomeDir: File by project + val versions: Map by project + implementation(project(":common")) + compileOnly(files("$teamcityHomeDir/webapps/ROOT/WEB-INF/plugins/ssh-manager/server/ssh-manager.jar")) + compileOnly("org.jetbrains.teamcity:server-api:${versions["teamcity"]}") +} diff --git a/buildSrc/src/main/kotlin/net/kautler/teamcity-common.gradle.kts b/buildSrc/src/main/kotlin/net/kautler/teamcity-common.gradle.kts new file mode 100644 index 0000000..6f68039 --- /dev/null +++ b/buildSrc/src/main/kotlin/net/kautler/teamcity-common.gradle.kts @@ -0,0 +1,23 @@ +/* + * Copyright 2019 Bjoern Kautler + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package net.kautler + +plugins { + id("com.github.rodm.teamcity-common") +} + +apply() diff --git a/buildSrc/src/main/kotlin/net/kautler/teamcity-server.gradle.kts b/buildSrc/src/main/kotlin/net/kautler/teamcity-server.gradle.kts new file mode 100644 index 0000000..6a8b9e5 --- /dev/null +++ b/buildSrc/src/main/kotlin/net/kautler/teamcity-server.gradle.kts @@ -0,0 +1,102 @@ +/* + * Copyright 2019 Bjoern Kautler + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package net.kautler + +import com.github.rodm.teamcity.tasks.PublishTask +import javax.naming.ConfigurationException + +plugins { + java + id("com.github.rodm.teamcity-server") +} + +apply() + +val jetbrainsUsername by StringProperty(project, "jetbrains.username") +val jetbrainsPassword by StringProperty(project, "jetbrains.password") + +teamcity { + if (project.name == "serverPre2018.2") { + val versions: Map by project + version = versions["teamcity2018.1"] + } + + server { + descriptor { + name = "ssh-tunnel" + displayName = "SSH Tunnel" + version = project.version.toString() + description = rootProject.description + downloadUrl = "https://github.com/Vampire/teamcity-ssh-tunnel/releases/latest" + email = "Bjoern@Kautler.net" + // work-around for https://github.com/gradle/gradle/issues/9383 + vendorName = "Bj\u00f6rn Kautler" + vendorUrl = "https://github.com/Vampire/teamcity-ssh-tunnel" + useSeparateClassloader = true + + if (project.name == "serverPre2018.2") { + maximumBuild = "59999" + } else { + allowRuntimeReload = true + minimumBuild = "60000" + } + + dependencies { + plugin("ssh-manager") + } + } + + files { + from(project(":commonServer").file("resources")) { + include("kotlin-dsl/**") + } + } + + publish { + username = jetbrainsUsername + password = jetbrainsPassword + } + } +} + +// do this with taskGraph.whenReady as doFirst is too late for the mandatory inputs +// if inputs get optional, for example to support tokens, this can be changed to doFirst +gradle.taskGraph.whenReady { + if (allTasks.any { it is PublishTask }) { + if (jetbrainsUsername.isNullOrBlank()) { + throw ConfigurationException( + "Please set the JetBrains username with project property 'jetbrains.username' " + + "or '${rootProject.name}.jetbrains.username'. " + + "If both are set, the latter will be effective.") + } + if (jetbrainsPassword.isNullOrBlank()) { + throw ConfigurationException( + "Please set the JetBrains password with project property 'jetbrains.password' " + + "or '${rootProject.name}.jetbrains.password'. " + + "If both are set, the latter will be effective.") + } + } +} + +tasks.jar { + enabled = false +} + +dependencies { + agent(project(path = ":agent", configuration = "plugin")) + server(project(":commonServer")) +} diff --git a/buildSrc/src/main/kotlin/net/kautler/teamcity.gradle.kts b/buildSrc/src/main/kotlin/net/kautler/teamcity.gradle.kts new file mode 100644 index 0000000..e757f99 --- /dev/null +++ b/buildSrc/src/main/kotlin/net/kautler/teamcity.gradle.kts @@ -0,0 +1,64 @@ +/* + * Copyright 2019 Bjoern Kautler + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package net.kautler + +plugins { + id("com.github.rodm.teamcity-environments") +} + +configure(listOf(project(":server"), project(":serverPre2018.2"))) { + apply() +} + +teamcity { + val versions: Map by project + version = versions["teamcity"] + + environments { + val teamcityEnvironment = environments.create("teamcity") { + version = versions["teamcityTest"] + val serverPlugin by project(":server").tasks.existing + plugins(serverPlugin) + } + + extra["teamcityHomeDir"] = teamcityEnvironment.homeDir ?: file("${teamcity.environments.baseHomeDir}/Teamcity-${teamcityEnvironment.version}") + + environments.register("teamcity2018.2") { + version = versions["teamcity2018.2Test"] + val serverPlugin by project(":server").tasks.existing + plugins(serverPlugin) + } + + environments.register("teamcity2018.1") { + version = versions["teamcity2018.1Test"] + val serverPlugin by project(":serverPre2018.2").tasks.existing + plugins(serverPlugin) + } + } +} + +project(":common") { + apply() +} + +project(":agent") { + apply() +} + +project(":commonServer") { + apply() +} diff --git a/buildSrc/src/main/kotlin/net/kautler/versions.gradle.kts b/buildSrc/src/main/kotlin/net/kautler/versions.gradle.kts new file mode 100644 index 0000000..0638527 --- /dev/null +++ b/buildSrc/src/main/kotlin/net/kautler/versions.gradle.kts @@ -0,0 +1,165 @@ +/* + * Copyright 2019 Bjoern Kautler + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package net.kautler + +import com.fasterxml.jackson.databind.ObjectMapper +import com.github.benmanes.gradle.versions.reporter.PlainTextReporter +import com.github.benmanes.gradle.versions.reporter.result.Result +import com.github.benmanes.gradle.versions.updates.gradle.GradleReleaseChannel.CURRENT +import org.ajoberstar.grgit.Grgit +import java.time.Instant.now +import kotlin.LazyThreadSafetyMode.NONE + +plugins { + id("org.ajoberstar.grgit") + id("com.github.ben-manes.versions") +} + +allprojects { + version = when (project.name) { + "serverPre2018.2" -> version.toString().replaceFirst(Regex("(?:-SNAPSHOT)?+$"), "+a$0") + "server" -> version.toString().replaceFirst(Regex("(?:-SNAPSHOT)?+$"), "+b$0") + else -> version + } +} + +repositories { + // have both in case JCenter is again refusing to work properly and Maven Central first + mavenCentral() + jcenter() +} + +val versions by extra(mapOf( + // production versions + "teamcity" to "2019.1", + "teamcityTest" to "2019.1", + "teamcity2018.2Test" to "2018.2.4", + "teamcity2018.1" to "2018.1.2", + "teamcity2018.1Test" to "2018.1.5", + "slf4j" to "1.7.26" +)) + +val buildVcsNumber get() = project.findProperty("build.vcs.number") as String? + +project(":common").afterEvaluate { + normalization { + runtimeClasspath { + ignore("version.properties") + } + } + + val commitId by lazy(NONE) { + val grgit: Grgit? by project + when { + !buildVcsNumber.isNullOrBlank() -> buildVcsNumber + grgit != null -> grgit!!.head().id + (if (grgit!!.status().isClean) "" else "-dirty") + else -> "" + } + } + + tasks.named("processResources") { + val now = now() + inputs.property("version", version) + inputs.property("commitId", commitId) + inputs.property("buildTimestamp", now) + filesMatching("version.properties") { + expand( + "version" to version, + "commitId" to commitId, + "buildTimestamp" to now + ) + } + } +} + +tasks.dependencyUpdates { + gradleReleaseChannel = CURRENT.id + + resolutionStrategy { + componentSelection { + all { + if (Regex("""(?i)[.-](?:${listOf( + "alpha", + "beta", + "rc", + "cr", + "m", + "preview", + "test", + "pre", + "b", + "ea" + ).joinToString("|")})[.\d-]*""").containsMatchIn(candidate.version)) { + reject("preliminary release") + } + } + } + } + + outputFormatter = closureOf { + val buildSrcResultFile = file("buildSrc/build/dependencyUpdates/report.json") + if (buildSrcResultFile.isFile) { + val buildSrcResult = ObjectMapper().readValue(buildSrcResultFile, Result::class.java)!! + current.dependencies.addAll(buildSrcResult.current.dependencies) + outdated.dependencies.addAll(buildSrcResult.outdated.dependencies) + exceeded.dependencies.addAll(buildSrcResult.exceeded.dependencies) + unresolved.dependencies.addAll(buildSrcResult.unresolved.dependencies) + } + + val ignored = outdated.dependencies.filter { + it.matches("org.gradle.kotlin.kotlin-dsl", "org.gradle.kotlin.kotlin-dsl.gradle.plugin") || + it.matches("org.jetbrains.kotlin", "kotlin-reflect") || + it.matches("org.jetbrains.kotlin", "kotlin-sam-with-receiver") || + it.matches("org.jetbrains.kotlin", "kotlin-scripting-compiler-embeddable") || + it.matches("org.jetbrains.kotlin", "kotlin-stdlib-jdk8") || + it.matches("org.jetbrains.teamcity", "server-api", versions["teamcity2018.1"]) || + it.matches("org.jetbrains.teamcity", "server-web-api", versions["teamcity2018.1"]) || + it.matches("org.jetbrains.teamcity", "tests-support", versions["teamcity2018.1"]) + } + + outdated.dependencies.removeAll(ignored) + updateCounts() + + PlainTextReporter(project, revisionLevel(), gradleReleaseChannelLevel()) + .write(System.out, this) + + if (ignored.isNotEmpty()) { + println("\nThe following dependencies have later ${revisionLevel()} versions but were ignored:") + ignored.forEach { + println(" - ${it.group}:${it.name} [${it.version} -> ${it.available.getProperty(revisionLevel())}]") + it.projectUrl?.let { println(" $it") } + } + } + + if (gradle.current.isFailure || (unresolved.count != 0)) { + throw RuntimeException("Unresolved libraries found") + } + + if (gradle.current.isUpdateAvailable || (outdated.count != 0)) { + throw RuntimeException("Outdated libraries found") + } + } +} + +val buildSrcDependencyUpdates by tasks.registering(GradleBuild::class) { + dir = file("buildSrc") + tasks = listOf("dependencyUpdates") +} + +tasks.dependencyUpdates { + dependsOn(buildSrcDependencyUpdates) +} diff --git a/common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/Constants.java b/common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/Constants.java new file mode 100644 index 0000000..de80668 --- /dev/null +++ b/common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/Constants.java @@ -0,0 +1,63 @@ +/* + * Copyright 2019 Björn Kautler + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package net.kautler.teamcity.ssh_tunnel.common; + +import java.math.BigInteger; +import java.util.List; + +import static java.util.Arrays.asList; + +public class Constants { + public static final String SSH_TUNNEL_REQUIREMENT_PROPERTY_NAME = "sshTunnelRequirement"; + public static final String NAME_PROPERTY_NAME = "name"; + public static final String USER_PROPERTY_NAME = "user"; + public static final String SSH_KEY_PROPERTY_NAME = "teamcitySshKey"; + public static final String SSH_KEY_PASSPHRASE_PROPERTY_NAME = "secure:teamcitySshKeyPassphrase"; + public static final String HOST_PROPERTY_NAME = "host"; + public static final String PORT_PROPERTY_NAME = "port"; + public static final String LOCAL_PART_PROPERTY_NAME = "localPart"; + public static final String LOCAL_ADDRESS_PROPERTY_NAME = "localAddress"; + public static final String LOCAL_PORT_PROPERTY_NAME = "localPort"; + public static final String LOCAL_SOCKET_PROPERTY_NAME = "localSocket"; + public static final String REMOTE_PART_PROPERTY_NAME = "remotePart"; + public static final String REMOTE_ADDRESS_PROPERTY_NAME = "remoteAddress"; + public static final String REMOTE_PORT_PROPERTY_NAME = "remotePort"; + public static final String REMOTE_SOCKET_PROPERTY_NAME = "remoteSocket"; + + public static final String ADDRESS_PORT_PART_NAME = "ADDRESS_PORT"; + public static final String SOCKET_PART_NAME = "SOCKET"; + + public static final String BUILD_FEATURE_TYPE = "ssh-tunnel-build-feature"; + public static final String BUILD_FEATURE_ACTIVITY_TYPE = "CUSTOM_SSH_TUNNELS"; + public static final String SSH_EXECUTABLE_CONFIGURATION_PARAMETER_NAME = "ssh.executable"; + public static final String SSH_EXECUTABLE_ENVIRONMENT_VARIABLE_NAME = "SSH_EXECUTABLE"; + public static final String SSH_EXECUTABLE_REQUIREMENT_ID = SSH_EXECUTABLE_CONFIGURATION_PARAMETER_NAME + "-exists"; + + public static final BigInteger MAX_PORT_NUMBER = BigInteger.valueOf(65_535); + public static final int MIN_VERSION_SUPPORTING_BUILD_FEATURE_REQUIREMENTS = 65_000; + + public static final List VALID_PROPERTY_NAMES = asList( + SSH_TUNNEL_REQUIREMENT_PROPERTY_NAME, NAME_PROPERTY_NAME, + USER_PROPERTY_NAME, SSH_KEY_PROPERTY_NAME, SSH_KEY_PASSPHRASE_PROPERTY_NAME, HOST_PROPERTY_NAME, PORT_PROPERTY_NAME, + LOCAL_PART_PROPERTY_NAME, LOCAL_ADDRESS_PROPERTY_NAME, LOCAL_PORT_PROPERTY_NAME, LOCAL_SOCKET_PROPERTY_NAME, + REMOTE_PART_PROPERTY_NAME, REMOTE_ADDRESS_PROPERTY_NAME, REMOTE_PORT_PROPERTY_NAME, REMOTE_SOCKET_PROPERTY_NAME); + public static final List VALID_PART_NAMES = asList(ADDRESS_PORT_PART_NAME, SOCKET_PART_NAME); + + private Constants() { + throw new UnsupportedOperationException(); + } +} diff --git a/common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/ModelBuilder.java b/common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/ModelBuilder.java new file mode 100644 index 0000000..de9e3df --- /dev/null +++ b/common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/ModelBuilder.java @@ -0,0 +1,92 @@ +/* + * Copyright 2019 Björn Kautler + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package net.kautler.teamcity.ssh_tunnel.common; + +import net.kautler.teamcity.ssh_tunnel.common.model.AddressPortPart; +import net.kautler.teamcity.ssh_tunnel.common.model.Connection; +import net.kautler.teamcity.ssh_tunnel.common.model.Part; +import net.kautler.teamcity.ssh_tunnel.common.model.SocketPart; +import net.kautler.teamcity.ssh_tunnel.common.model.SshTunnel; + +import java.util.Map; + +import static net.kautler.teamcity.ssh_tunnel.common.Constants.ADDRESS_PORT_PART_NAME; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.HOST_PROPERTY_NAME; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.LOCAL_ADDRESS_PROPERTY_NAME; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.LOCAL_PART_PROPERTY_NAME; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.LOCAL_PORT_PROPERTY_NAME; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.LOCAL_SOCKET_PROPERTY_NAME; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.NAME_PROPERTY_NAME; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.PORT_PROPERTY_NAME; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.REMOTE_ADDRESS_PROPERTY_NAME; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.REMOTE_PART_PROPERTY_NAME; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.REMOTE_PORT_PROPERTY_NAME; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.REMOTE_SOCKET_PROPERTY_NAME; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.SOCKET_PART_NAME; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.SSH_KEY_PASSPHRASE_PROPERTY_NAME; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.SSH_KEY_PROPERTY_NAME; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.USER_PROPERTY_NAME; + +public class ModelBuilder { + public static SshTunnel buildSshTunnel(Map params) { + Part remotePart; + switch (params.getOrDefault(REMOTE_PART_PROPERTY_NAME, "")) { + case ADDRESS_PORT_PART_NAME: + String address = params.get(REMOTE_ADDRESS_PROPERTY_NAME); + String port = params.get(REMOTE_PORT_PROPERTY_NAME); + remotePart = new AddressPortPart(address, port); + break; + + case SOCKET_PART_NAME: + String socket = params.get(REMOTE_SOCKET_PROPERTY_NAME); + remotePart = new SocketPart(socket); + break; + + default: + throw new AssertionError("missing case: " + params.get(REMOTE_PART_PROPERTY_NAME)); + } + + Part localPart; + switch (params.getOrDefault(LOCAL_PART_PROPERTY_NAME, "")) { + case ADDRESS_PORT_PART_NAME: + String address = params.get(LOCAL_ADDRESS_PROPERTY_NAME); + String port = params.get(LOCAL_PORT_PROPERTY_NAME); + localPart = new AddressPortPart(address, port); + break; + + case SOCKET_PART_NAME: + String socket = params.get(LOCAL_SOCKET_PROPERTY_NAME); + localPart = new SocketPart(socket); + break; + + default: + localPart = null; + break; + } + + String name = params.get(NAME_PROPERTY_NAME); + + String user = params.get(USER_PROPERTY_NAME); + String sshKey = params.get(SSH_KEY_PROPERTY_NAME); + String sshKeyPassphrase = params.get(SSH_KEY_PASSPHRASE_PROPERTY_NAME); + String host = params.get(HOST_PROPERTY_NAME); + String port = params.get(PORT_PROPERTY_NAME); + Connection connection = new Connection(user, sshKey, sshKeyPassphrase, host, port); + + return new SshTunnel(name, connection, localPart, remotePart); + } +} diff --git a/common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/ParametersHelper.java b/common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/ParametersHelper.java new file mode 100644 index 0000000..e1c7d68 --- /dev/null +++ b/common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/ParametersHelper.java @@ -0,0 +1,225 @@ +/* + * Copyright 2019 Björn Kautler + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package net.kautler.teamcity.ssh_tunnel.common; + +import jetbrains.buildServer.util.Couple; +import jetbrains.buildServer.util.MultiMap; + +import java.math.BigInteger; +import java.util.Collection; +import java.util.Map; + +import static java.math.BigInteger.ZERO; +import static java.util.stream.Collectors.joining; +import static jetbrains.buildServer.parameters.ReferencesResolverUtil.isReference; +import static jetbrains.buildServer.util.StringUtil.isEmpty; +import static jetbrains.buildServer.util.StringUtil.isNotEmpty; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.ADDRESS_PORT_PART_NAME; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.HOST_PROPERTY_NAME; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.LOCAL_ADDRESS_PROPERTY_NAME; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.LOCAL_PART_PROPERTY_NAME; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.LOCAL_PORT_PROPERTY_NAME; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.LOCAL_SOCKET_PROPERTY_NAME; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.MAX_PORT_NUMBER; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.NAME_PROPERTY_NAME; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.PORT_PROPERTY_NAME; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.REMOTE_ADDRESS_PROPERTY_NAME; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.REMOTE_PART_PROPERTY_NAME; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.REMOTE_PORT_PROPERTY_NAME; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.REMOTE_SOCKET_PROPERTY_NAME; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.SOCKET_PART_NAME; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.SSH_KEY_PASSPHRASE_PROPERTY_NAME; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.SSH_KEY_PROPERTY_NAME; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.USER_PROPERTY_NAME; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.VALID_PART_NAMES; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.VALID_PROPERTY_NAMES; +import static net.kautler.teamcity.ssh_tunnel.common.ModelBuilder.buildSshTunnel; + +public abstract class ParametersHelper { + public String describeParameters(Map parameters) { + MultiMap invalidProperties = validate(parameters); + return invalidProperties.isEmpty() + ? buildSshTunnel(parameters).toString() + : "Parameters are invalid:\n- " + invalidProperties.values().stream() + .flatMap(Collection::stream) + .distinct() + .collect(joining("\n- ")); + } + + /** + * Properties map passed as argument can be verified or modified by the processor + * (for example, one could remove all properties with empty values from this map). + * + * @param properties properties to process + * @return map of invalid property names to reasons + */ + public MultiMap validate(Map properties) { + MultiMap invalidProperties = properties.keySet().stream() + .filter(name -> !VALID_PROPERTY_NAMES.contains(name)) + .map(name -> Couple.of(name, String.format("Parameter '%s' is unknown", name))) + .collect(MultiMap::new, + (map, invalidProperty) -> map.putValue(invalidProperty.a, invalidProperty.b), + (map1, map2) -> map2.entrySet().forEach(entry -> entry.getValue().forEach(value -> map1.putValue(entry.getKey(), value)))); + + VALID_PROPERTY_NAMES.forEach(propertyName -> properties.computeIfPresent(propertyName, (name, value) -> value.trim())); + + if (isEmpty(properties.get(NAME_PROPERTY_NAME))) { + invalidProperties.putValue(NAME_PROPERTY_NAME, "Name must be specified"); + } + + if (isEmpty(properties.get(USER_PROPERTY_NAME))) { + invalidProperties.putValue(USER_PROPERTY_NAME, "User must be specified"); + } + + String sshKeyName = properties.get(SSH_KEY_PROPERTY_NAME); + if (isEmpty(sshKeyName)) { + invalidProperties.putValue(SSH_KEY_PROPERTY_NAME, "SSH key must be specified"); + } else if (isValidKeyName(sshKeyName)) { + boolean sshKeyEncrypted = isEncrypted(sshKeyName); + boolean sshKeyPassphraseGiven = isNotEmpty(properties.get(SSH_KEY_PASSPHRASE_PROPERTY_NAME)); + if (sshKeyEncrypted && !sshKeyPassphraseGiven) { + invalidProperties.putValue(SSH_KEY_PASSPHRASE_PROPERTY_NAME, "SSH key passphrase must be specified for encrypted SSH key"); + } else if (!sshKeyEncrypted && sshKeyPassphraseGiven) { + invalidProperties.putValue(SSH_KEY_PASSPHRASE_PROPERTY_NAME, "SSH key passphrase must not be specified for unencrypted SSH key"); + } + } else { + invalidProperties.putValue(SSH_KEY_PROPERTY_NAME, String.format("SSH key '%s' not found", sshKeyName)); + } + + if (isEmpty(properties.get(HOST_PROPERTY_NAME))) { + invalidProperties.putValue(HOST_PROPERTY_NAME, "Host must be specified"); + } + + if (isNotEmpty(properties.get(PORT_PROPERTY_NAME)) && !isReference(properties.get(PORT_PROPERTY_NAME))) { + try { + BigInteger port = new BigInteger(properties.get(PORT_PROPERTY_NAME)); + if (port.compareTo(ZERO) < 0) { + invalidProperties.putValue(PORT_PROPERTY_NAME, "Port if given must be a number between 0 and 65535"); + } else if (port.compareTo(MAX_PORT_NUMBER) > 0) { + invalidProperties.putValue(PORT_PROPERTY_NAME, "Port if given must be a number between 0 and 65535"); + } + } catch (NumberFormatException nfe) { + invalidProperties.putValue(PORT_PROPERTY_NAME, "Port if given must be a number between 0 and 65535"); + } + } + + boolean localAddressGiven = isNotEmpty(properties.get(LOCAL_ADDRESS_PROPERTY_NAME)); + boolean localPortGiven = isNotEmpty(properties.get(LOCAL_PORT_PROPERTY_NAME)); + boolean localSocketGiven = isNotEmpty(properties.get(LOCAL_SOCKET_PROPERTY_NAME)); + if (isEmpty(properties.get(LOCAL_PART_PROPERTY_NAME))) { + if ((localAddressGiven || localPortGiven) && localSocketGiven) { + invalidProperties.putValue(LOCAL_PART_PROPERTY_NAME, "Local part must be specified"); + } else if (localSocketGiven) { + properties.put(LOCAL_PART_PROPERTY_NAME, SOCKET_PART_NAME); + } else { + properties.put(LOCAL_PART_PROPERTY_NAME, ADDRESS_PORT_PART_NAME); + } + } + + boolean remotePortGiven = isNotEmpty(properties.get(REMOTE_PORT_PROPERTY_NAME)); + boolean remoteSocketGiven = isNotEmpty(properties.get(REMOTE_SOCKET_PROPERTY_NAME)); + if (isEmpty(properties.get(REMOTE_PART_PROPERTY_NAME))) { + if ((remotePortGiven && remoteSocketGiven) || (!remotePortGiven && !remoteSocketGiven)) { + invalidProperties.putValue(REMOTE_PART_PROPERTY_NAME, "Remote part must be specified"); + } else if (remoteSocketGiven) { + properties.put(REMOTE_PART_PROPERTY_NAME, SOCKET_PART_NAME); + } else { + properties.put(REMOTE_PART_PROPERTY_NAME, ADDRESS_PORT_PART_NAME); + } + } + + if (!VALID_PART_NAMES.contains(properties.getOrDefault(LOCAL_PART_PROPERTY_NAME, ADDRESS_PORT_PART_NAME))) { + invalidProperties.putValue(LOCAL_PART_PROPERTY_NAME, "Local part value is invalid"); + } + + if (!VALID_PART_NAMES.contains(properties.getOrDefault(REMOTE_PART_PROPERTY_NAME, ADDRESS_PORT_PART_NAME))) { + invalidProperties.putValue(REMOTE_PART_PROPERTY_NAME, "Remote part value is invalid"); + } + + switch (properties.getOrDefault(LOCAL_PART_PROPERTY_NAME, "")) { + case ADDRESS_PORT_PART_NAME: + properties.remove(LOCAL_SOCKET_PROPERTY_NAME); + + if (localPortGiven && !isReference(properties.get(LOCAL_PORT_PROPERTY_NAME))) { + try { + BigInteger localPort = new BigInteger(properties.get(LOCAL_PORT_PROPERTY_NAME)); + if (localPort.compareTo(ZERO) < 0) { + invalidProperties.putValue(LOCAL_PORT_PROPERTY_NAME, "Local port if given must be a number between 0 and 65535"); + } else if (localPort.compareTo(MAX_PORT_NUMBER) > 0) { + invalidProperties.putValue(LOCAL_PORT_PROPERTY_NAME, "Local port if given must be a number between 0 and 65535"); + } + } catch (NumberFormatException nfe) { + invalidProperties.putValue(LOCAL_PORT_PROPERTY_NAME, "Local port if given must be a number between 0 and 65535"); + } + } else if (!localAddressGiven) { + properties.remove(LOCAL_PART_PROPERTY_NAME); + } + break; + + case SOCKET_PART_NAME: + properties.remove(LOCAL_ADDRESS_PROPERTY_NAME); + properties.remove(LOCAL_PORT_PROPERTY_NAME); + + if (!localSocketGiven) { + invalidProperties.putValue(LOCAL_SOCKET_PROPERTY_NAME, "Local socket must be specified"); + } + break; + + default: + break; + } + + switch (properties.getOrDefault(REMOTE_PART_PROPERTY_NAME, "")) { + case ADDRESS_PORT_PART_NAME: + properties.remove(REMOTE_SOCKET_PROPERTY_NAME); + + if (remotePortGiven && !isReference(properties.get(REMOTE_PORT_PROPERTY_NAME))) { + try { + BigInteger remotePort = new BigInteger(properties.get(REMOTE_PORT_PROPERTY_NAME)); + if (remotePort.compareTo(ZERO) < 0) { + invalidProperties.putValue(REMOTE_PORT_PROPERTY_NAME, "Remote port must be a number between 0 and 65535"); + } else if (remotePort.compareTo(MAX_PORT_NUMBER) > 0) { + invalidProperties.putValue(REMOTE_PORT_PROPERTY_NAME, "Remote port must be a number between 0 and 65535"); + } + } catch (NumberFormatException nfe) { + invalidProperties.putValue(REMOTE_PORT_PROPERTY_NAME, "Remote port must be a number between 0 and 65535"); + } + } else { + invalidProperties.putValue(REMOTE_PORT_PROPERTY_NAME, "Remote port must be specified"); + } + break; + + case SOCKET_PART_NAME: + properties.remove(REMOTE_ADDRESS_PROPERTY_NAME); + properties.remove(REMOTE_PORT_PROPERTY_NAME); + + if (!remoteSocketGiven) { + invalidProperties.putValue(REMOTE_SOCKET_PROPERTY_NAME, "Remote socket must be specified"); + } + break; + + default: + break; + } + + return invalidProperties; + } + + protected abstract boolean isValidKeyName(String shKeyName); + + protected abstract boolean isEncrypted(String shKeyName); +} diff --git a/common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/Util.java b/common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/Util.java new file mode 100644 index 0000000..852aba6 --- /dev/null +++ b/common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/Util.java @@ -0,0 +1,39 @@ +/* + * Copyright 2019 Björn Kautler + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package net.kautler.teamcity.ssh_tunnel.common; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; + +import static java.nio.charset.Charset.defaultCharset; +import static java.util.stream.Collectors.joining; + +public class Util { + private Util() { + throw new UnsupportedOperationException(); + } + + public static String streamToString(InputStream input) { + try (BufferedReader buffer = new BufferedReader(new InputStreamReader(input, defaultCharset()))) { + return buffer.lines().collect(joining("\n")).trim(); + } catch (IOException e) { + return ""; + } + } +} diff --git a/common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/model/AddressPortPart.java b/common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/model/AddressPortPart.java new file mode 100644 index 0000000..ef8291e --- /dev/null +++ b/common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/model/AddressPortPart.java @@ -0,0 +1,117 @@ +/* + * Copyright 2019 Björn Kautler + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package net.kautler.teamcity.ssh_tunnel.common.model; + +import java.io.IOException; +import java.net.InetAddress; +import java.net.ServerSocket; +import java.util.Formatter; +import java.util.HashMap; +import java.util.Map; +import java.util.Objects; +import java.util.concurrent.atomic.AtomicInteger; + +import static java.lang.Integer.parseInt; +import static java.util.FormattableFlags.ALTERNATE; +import static java.util.FormattableFlags.LEFT_JUSTIFY; +import static java.util.FormattableFlags.UPPERCASE; +import static jetbrains.buildServer.util.StringUtil.isEmptyOrSpaces; + +public final class AddressPortPart implements Part { + private final String address; + private final String port; + private final AtomicInteger randomPort = new AtomicInteger(); + + public AddressPortPart() { + this(null, null); + } + + public AddressPortPart(String address, String port) { + this.address = isEmptyOrSpaces(address) ? "127.0.0.1" : address; + this.port = isEmptyOrSpaces(port) ? null : port; + } + + public String getAddress() { + return address; + } + + public int getPort() { + if (port == null) { + return randomPort.updateAndGet(port -> { + if (port == 0) { + try (ServerSocket serverSocket = new ServerSocket(0, 0, InetAddress.getByName(address))) { + return serverSocket.getLocalPort(); + } catch (IOException ioe) { + throw new RuntimeException("could not determine dynamic local port", ioe); + } + } else { + return port; + } + }); + } else { + return parseInt(port); + } + } + + @Override + public Map getConfigParameters(String prefix, boolean emulationMode) { + Map result = new HashMap<>(); + result.put(prefix + "address", address); + result.put(prefix + "port", (emulationMode && (port == null)) ? "0" : String.valueOf(getPort())); + return result; + } + + @Override + public void formatTo(Formatter formatter, int flags, int width, int precision) { + boolean alternate = (flags & ALTERNATE) != 0; + boolean uppercase = (flags & UPPERCASE) != 0; + boolean leftJustify = (flags & LEFT_JUSTIFY) != 0; + + String result = alternate ? String.format("%s:%d", address, getPort()) : toString(); + if (uppercase) { + result = result.toUpperCase(formatter.locale()); + } + + formatter.format(String.format("%%%s%s%ss", + leftJustify ? "-" : "", + (width == -1) ? "" : width, + (precision == -1) ? "" : "." + precision), result); + } + + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if ((o == null) || (getClass() != o.getClass())) { + return false; + } + AddressPortPart that = (AddressPortPart) o; + return Objects.equals(address, that.address) + && Objects.equals(port, that.port); + } + + @Override + public int hashCode() { + return Objects.hash(address, port); + } + + @Override + public String toString() { + return String.format("%s:%s", address, port == null ? "" : port); + } +} diff --git a/common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/model/Connection.java b/common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/model/Connection.java new file mode 100644 index 0000000..c9f9122 --- /dev/null +++ b/common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/model/Connection.java @@ -0,0 +1,97 @@ +/* + * Copyright 2019 Björn Kautler + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package net.kautler.teamcity.ssh_tunnel.common.model; + +import java.util.HashMap; +import java.util.Map; +import java.util.Objects; + +import static jetbrains.buildServer.util.StringUtil.isEmptyOrSpaces; + +public final class Connection { + private final String user; + private final String sshKey; + private final String sshKeyPassphrase; + private final String host; + private final String port; + + public Connection(String user, String sshKey, String sshKeyPassphrase, String host, String port) { + Objects.requireNonNull(user, "'user' must not be 'null'"); + Objects.requireNonNull(sshKey, "'sshKey' must not be 'null'"); + Objects.requireNonNull(host, "'host' must not be 'null'"); + this.sshKey = sshKey; + this.sshKeyPassphrase = sshKeyPassphrase; + this.user = user; + this.host = host; + this.port = isEmptyOrSpaces(port) ? "22" : port; + } + + public String getUser() { + return user; + } + + public String getSshKey() { + return sshKey; + } + + public String getSshKeyPassphrase() { + return sshKeyPassphrase; + } + + public String getHost() { + return host; + } + + public String getPort() { + return port; + } + + public Map getConfigParameters(String prefix, boolean emulationMode) { + Map result = new HashMap<>(); + result.put(prefix + "user", user); + result.put(prefix + "sshKey", sshKey); + result.put(prefix + "host", host); + result.put(prefix + "port", port); + return result; + } + + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if ((o == null) || (getClass() != o.getClass())) { + return false; + } + Connection that = (Connection) o; + return Objects.equals(user, that.user) + && Objects.equals(sshKey, that.sshKey) + && Objects.equals(sshKeyPassphrase, that.sshKeyPassphrase) + && Objects.equals(host, that.host) + && Objects.equals(port, that.port); + } + + @Override + public int hashCode() { + return Objects.hash(user, sshKey, sshKeyPassphrase, host, port); + } + + @Override + public String toString() { + return String.format("%s@%s:%s", user, host, port); + } +} diff --git a/common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/model/Part.java b/common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/model/Part.java new file mode 100644 index 0000000..edf4ec4 --- /dev/null +++ b/common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/model/Part.java @@ -0,0 +1,44 @@ +/* + * Copyright 2019 Björn Kautler + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package net.kautler.teamcity.ssh_tunnel.common.model; + +import java.util.Formattable; +import java.util.Formatter; +import java.util.Map; + +import static java.util.FormattableFlags.LEFT_JUSTIFY; +import static java.util.FormattableFlags.UPPERCASE; + +public interface Part extends Formattable { + Map getConfigParameters(String prefix, boolean emulationMode); + + @Override + default void formatTo(Formatter formatter, int flags, int width, int precision) { + boolean uppercase = (flags & UPPERCASE) != 0; + boolean leftJustify = (flags & LEFT_JUSTIFY) != 0; + + String result = toString(); + if (uppercase) { + result = result.toUpperCase(formatter.locale()); + } + + formatter.format(String.format("%%%s%s%ss", + leftJustify ? "-" : "", + (width == -1) ? "" : width, + (precision == -1) ? "" : "." + precision), result); + } +} diff --git a/common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/model/SocketPart.java b/common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/model/SocketPart.java new file mode 100644 index 0000000..d9ad964 --- /dev/null +++ b/common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/model/SocketPart.java @@ -0,0 +1,62 @@ +/* + * Copyright 2019 Björn Kautler + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package net.kautler.teamcity.ssh_tunnel.common.model; + +import java.util.Map; +import java.util.Objects; + +import static java.util.Collections.singletonMap; + +public final class SocketPart implements Part { + private final String socket; + + public SocketPart(String socket) { + Objects.requireNonNull(socket, "'socket' must not be 'null'"); + this.socket = socket; + } + + public String getSocket() { + return socket; + } + + @Override + public Map getConfigParameters(String prefix, boolean emulationMode) { + return singletonMap(prefix + "socket", socket); + } + + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if ((o == null) || (getClass() != o.getClass())) { + return false; + } + SocketPart that = (SocketPart) o; + return Objects.equals(socket, that.socket); + } + + @Override + public int hashCode() { + return Objects.hash(socket); + } + + @Override + public String toString() { + return socket; + } +} diff --git a/common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/model/SshTunnel.java b/common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/model/SshTunnel.java new file mode 100644 index 0000000..c26a5c7 --- /dev/null +++ b/common/src/main/java/net/kautler/teamcity/ssh_tunnel/common/model/SshTunnel.java @@ -0,0 +1,117 @@ +/* + * Copyright 2019 Björn Kautler + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package net.kautler.teamcity.ssh_tunnel.common.model; + +import java.util.Formattable; +import java.util.Formatter; +import java.util.HashMap; +import java.util.Map; +import java.util.Objects; + +import static java.util.FormattableFlags.ALTERNATE; +import static java.util.FormattableFlags.LEFT_JUSTIFY; +import static java.util.FormattableFlags.UPPERCASE; +import static jetbrains.buildServer.util.StringUtil.replaceNonAlphaNumericChars; + +public class SshTunnel implements Formattable { + private final String name; + private final Connection connection; + private final Part localPart; + private final Part remotePart; + + public SshTunnel(String name, Connection connection, Part localPart, Part remotePart) { + Objects.requireNonNull(name, "'name' must not be 'null'"); + Objects.requireNonNull(connection, "'connection' must not be 'null'"); + Objects.requireNonNull(remotePart, "'remotePart' must not be 'null'"); + this.name = name; + this.connection = connection; + this.localPart = localPart == null ? new AddressPortPart() : localPart; + this.remotePart = remotePart; + } + + public String getName() { + return name; + } + + public Connection getConnection() { + return connection; + } + + public Part getLocalPart() { + return localPart; + } + + public Part getRemotePart() { + return remotePart; + } + + public Map getConfigParameters() { + return getConfigParameters(false); + } + + public Map getConfigParameters(boolean emulationMode) { + String prefix = String.format("sshTunnel.%s.", replaceNonAlphaNumericChars(name, '_')); + Map result = new HashMap<>(); + result.putAll(connection.getConfigParameters(prefix + "connection.", emulationMode)); + result.putAll(localPart.getConfigParameters(prefix + "local.", emulationMode)); + result.putAll(remotePart.getConfigParameters(prefix + "remote.", emulationMode)); + return result; + } + + @Override + public void formatTo(Formatter formatter, int flags, int width, int precision) { + boolean alternate = (flags & ALTERNATE) != 0; + boolean uppercase = (flags & UPPERCASE) != 0; + boolean leftJustify = (flags & LEFT_JUSTIFY) != 0; + + String result = alternate ? String.format("%#s:%#s", localPart, remotePart) : toString(); + if (uppercase) { + result = result.toUpperCase(formatter.locale()); + } + + formatter.format(String.format("%%%s%s%ss", + leftJustify ? "-" : "", + (width == -1) ? "" : width, + (precision == -1) ? "" : "." + precision), result); + } + + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if ((o == null) || (getClass() != o.getClass())) { + return false; + } + SshTunnel sshTunnel = (SshTunnel) o; + return Objects.equals(name, sshTunnel.name) + && Objects.equals(connection, sshTunnel.connection) + && Objects.equals(localPart, sshTunnel.localPart) + && Objects.equals(remotePart, sshTunnel.remotePart); + } + + @Override + public int hashCode() { + return Objects.hash(name, connection, localPart, remotePart); + } + + @Override + public String toString() { + return String.format("Open an SSH tunnel via '%s' identified by key '%s' from '%s' to '%s' with name '%s'", + connection, connection.getSshKey(), localPart, remotePart, name); + } +} diff --git a/common/src/main/resources/version.properties b/common/src/main/resources/version.properties new file mode 100644 index 0000000..c021d8e --- /dev/null +++ b/common/src/main/resources/version.properties @@ -0,0 +1,17 @@ +# Copyright 2019 Björn Kautler +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +version = $version +commitId = $commitId +buildTimestamp = $buildTimestamp diff --git a/commonServer/resources/kotlin-dsl/SshTunnel.xml b/commonServer/resources/kotlin-dsl/SshTunnel.xml new file mode 100644 index 0000000..f01c032 --- /dev/null +++ b/commonServer/resources/kotlin-dsl/SshTunnel.xml @@ -0,0 +1,62 @@ + + + + + + + + A [build feature](https://github.com/Vampire/teamcity-ssh-tunnel) which opens an SSH tunnel with given forward during a build + + + + + Adds a [build feature](https://github.com/Vampire/teamcity-ssh-tunnel) which opens an SSH tunnel with given forward during a build + + + + + + + + + + + + + + + + + + + diff --git a/commonServer/src/main/java/net/kautler/teamcity/ssh_tunnel/server/common/ServerParametersHelper.java b/commonServer/src/main/java/net/kautler/teamcity/ssh_tunnel/server/common/ServerParametersHelper.java new file mode 100644 index 0000000..c221d4c --- /dev/null +++ b/commonServer/src/main/java/net/kautler/teamcity/ssh_tunnel/server/common/ServerParametersHelper.java @@ -0,0 +1,82 @@ +/* + * Copyright 2019 Björn Kautler + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package net.kautler.teamcity.ssh_tunnel.server.common; + +import jetbrains.buildServer.serverSide.ProjectManager; +import jetbrains.buildServer.serverSide.SBuildServer; +import jetbrains.buildServer.ssh.SecureServerSshKeyManager; +import jetbrains.buildServer.ssh.ServerSshKeyManager; +import jetbrains.buildServer.ssh.TeamCitySshKey; +import jetbrains.buildServer.util.MultiMap; +import net.kautler.teamcity.ssh_tunnel.common.Constants; +import net.kautler.teamcity.ssh_tunnel.common.ParametersHelper; +import org.jetbrains.annotations.NotNull; + +import java.util.List; +import java.util.Map; + +import static java.lang.Integer.parseInt; +import static java.util.stream.Collectors.toList; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.MIN_VERSION_SUPPORTING_BUILD_FEATURE_REQUIREMENTS; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.SSH_TUNNEL_REQUIREMENT_PROPERTY_NAME; + +public class ServerParametersHelper extends ParametersHelper { + @NotNull + private final ProjectManager projectManager; + + @NotNull + private final ServerSshKeyManager sshKeyManager; + + @NotNull + private final SBuildServer buildServer; + + public ServerParametersHelper(@NotNull ProjectManager projectManager, + @NotNull SecureServerSshKeyManager sshKeyManager, + @NotNull SBuildServer buildServer) { + this.projectManager = projectManager; + this.sshKeyManager = sshKeyManager; + this.buildServer = buildServer; + } + + @Override + public MultiMap validate(Map properties) { + MultiMap result = super.validate(properties); + // part of work-around for missing BuildFeature#getRequirements + if (parseInt(buildServer.getBuildNumber()) >= MIN_VERSION_SUPPORTING_BUILD_FEATURE_REQUIREMENTS) { + properties.remove(SSH_TUNNEL_REQUIREMENT_PROPERTY_NAME); + } + return result; + } + + @Override + protected boolean isValidKeyName(String sshKeyName) { + return projectManager.getActiveProjects().stream() + .flatMap(project -> sshKeyManager.getOwnKeys(project).stream()) + .anyMatch(teamCitySshKey -> teamCitySshKey.getName().equals(sshKeyName)); + } + + @Override + protected boolean isEncrypted(String sshKeyName) { + List encrypted = projectManager.getActiveProjects().stream() + .flatMap(project -> sshKeyManager.getOwnKeys(project).stream()) + .filter(teamCitySshKey -> teamCitySshKey.getName().equals(sshKeyName)) + .map(TeamCitySshKey::isEncrypted) + .distinct() + .collect(toList()); + return (encrypted.size() == 1) && encrypted.get(0); + } +} diff --git a/commonServer/src/main/java/net/kautler/teamcity/ssh_tunnel/server/common/SshTunnelBuildFeature.java b/commonServer/src/main/java/net/kautler/teamcity/ssh_tunnel/server/common/SshTunnelBuildFeature.java new file mode 100644 index 0000000..5882623 --- /dev/null +++ b/commonServer/src/main/java/net/kautler/teamcity/ssh_tunnel/server/common/SshTunnelBuildFeature.java @@ -0,0 +1,89 @@ +/* + * Copyright 2019 Björn Kautler + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package net.kautler.teamcity.ssh_tunnel.server.common; + +import jetbrains.buildServer.requirements.Requirement; +import jetbrains.buildServer.serverSide.BuildFeature; +import jetbrains.buildServer.serverSide.InvalidProperty; +import jetbrains.buildServer.serverSide.PropertiesProcessor; +import jetbrains.buildServer.web.openapi.PluginDescriptor; +import net.kautler.teamcity.ssh_tunnel.common.ParametersHelper; +import org.jetbrains.annotations.NotNull; +import org.jetbrains.annotations.Nullable; + +import java.util.Collection; +import java.util.HashMap; +import java.util.Map; + +import static java.util.Collections.singleton; +import static java.util.stream.Collectors.toList; +import static jetbrains.buildServer.requirements.RequirementType.EXISTS; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.BUILD_FEATURE_TYPE; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.SSH_EXECUTABLE_CONFIGURATION_PARAMETER_NAME; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.SSH_EXECUTABLE_REQUIREMENT_ID; + +public class SshTunnelBuildFeature extends BuildFeature { + @NotNull + private final ParametersHelper parametersHelper; + + private final String editParametersUrl; + + public SshTunnelBuildFeature(@NotNull ParametersHelper parametersHelper, @NotNull PluginDescriptor descriptor) { + this.parametersHelper = parametersHelper; + editParametersUrl = descriptor.getPluginResourcesPath("sshTunnelBuildFeature.jsp"); + } + + @NotNull + @Override + public String getType() { + return BUILD_FEATURE_TYPE; + } + + @NotNull + @Override + public String getDisplayName() { + return "SSH Tunnel"; + } + + @Nullable + @Override + public String getEditParametersUrl() { + return editParametersUrl; + } + + @NotNull + @Override + public String describeParameters(@NotNull Map params) { + return parametersHelper.describeParameters(new HashMap<>(params)); + } + + @Nullable + @Override + public PropertiesProcessor getParametersProcessor() { + return properties -> parametersHelper.validate(properties).entrySet().stream() + .map(entry -> new InvalidProperty(entry.getKey(), String.join("; ", entry.getValue()))) + .collect(toList()); + } + + @NotNull + @Override + // This was added in 2019.1, in previous versions this method should simply be ignored + // and a work-around to add this requirement is in effect in this plugin + public Collection getRequirements(Map params) { + return singleton(new Requirement(SSH_EXECUTABLE_REQUIREMENT_ID, SSH_EXECUTABLE_CONFIGURATION_PARAMETER_NAME, null, EXISTS)); + } +} diff --git a/commonServer/src/main/java/net/kautler/teamcity/ssh_tunnel/server/common/SshTunnelBuildParametersProvider.java b/commonServer/src/main/java/net/kautler/teamcity/ssh_tunnel/server/common/SshTunnelBuildParametersProvider.java new file mode 100644 index 0000000..c45bbf8 --- /dev/null +++ b/commonServer/src/main/java/net/kautler/teamcity/ssh_tunnel/server/common/SshTunnelBuildParametersProvider.java @@ -0,0 +1,41 @@ +/* + * Copyright 2019 Björn Kautler + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package net.kautler.teamcity.ssh_tunnel.server.common; + +import jetbrains.buildServer.serverSide.ParametersDescriptor; +import jetbrains.buildServer.serverSide.SBuild; +import jetbrains.buildServer.serverSide.parameters.AbstractBuildParametersProvider; +import net.kautler.teamcity.ssh_tunnel.common.ModelBuilder; +import org.jetbrains.annotations.NotNull; + +import java.util.Collection; + +import static java.util.stream.Collectors.toList; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.BUILD_FEATURE_TYPE; + +public class SshTunnelBuildParametersProvider extends AbstractBuildParametersProvider { + @NotNull + @Override + public Collection getParametersAvailableOnAgent(@NotNull SBuild build) { + return build.getBuildFeaturesOfType(BUILD_FEATURE_TYPE).stream() + .map(ParametersDescriptor::getParameters) + .map(ModelBuilder::buildSshTunnel) + .map(sshTunnel -> sshTunnel.getConfigParameters(true)) + .flatMap(configParameters -> configParameters.keySet().stream()) + .collect(toList()); + } +} diff --git a/commonServer/src/main/java/net/kautler/teamcity/ssh_tunnel/server/common/SshTunnelBuildRequirementsUpdater.java b/commonServer/src/main/java/net/kautler/teamcity/ssh_tunnel/server/common/SshTunnelBuildRequirementsUpdater.java new file mode 100644 index 0000000..415d277 --- /dev/null +++ b/commonServer/src/main/java/net/kautler/teamcity/ssh_tunnel/server/common/SshTunnelBuildRequirementsUpdater.java @@ -0,0 +1,179 @@ +/* + * Copyright 2019 Björn Kautler + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package net.kautler.teamcity.ssh_tunnel.server.common; + +import jetbrains.buildServer.serverSide.BuildTypeIdentity; +import jetbrains.buildServer.serverSide.BuildTypeSettings; +import jetbrains.buildServer.serverSide.BuildTypeTemplate; +import jetbrains.buildServer.serverSide.ProjectManager; +import jetbrains.buildServer.serverSide.ProjectsModelListener; +import jetbrains.buildServer.serverSide.ProjectsModelListenerAdapter; +import jetbrains.buildServer.serverSide.SBuildServer; +import jetbrains.buildServer.serverSide.SBuildType; +import jetbrains.buildServer.serverSide.SProject; +import jetbrains.buildServer.users.SUser; +import jetbrains.buildServer.util.EventDispatcher; +import jetbrains.buildServer.vcs.VcsRootInstance; +import org.jetbrains.annotations.NotNull; +import org.jetbrains.annotations.Nullable; +import org.springframework.beans.factory.InitializingBean; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import static java.lang.Integer.parseInt; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.BUILD_FEATURE_TYPE; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.MIN_VERSION_SUPPORTING_BUILD_FEATURE_REQUIREMENTS; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.SSH_EXECUTABLE_CONFIGURATION_PARAMETER_NAME; +import static net.kautler.teamcity.ssh_tunnel.common.Constants.SSH_TUNNEL_REQUIREMENT_PROPERTY_NAME; + +public class SshTunnelBuildRequirementsUpdater extends ProjectsModelListenerAdapter implements InitializingBean { + @NotNull + private final EventDispatcher projectsModelEventDispatcher; + + @NotNull + private final ProjectManager projectManager; + + @NotNull + private final SBuildServer buildServer; + + private final List recursionLocks = new ArrayList<>(); + + public SshTunnelBuildRequirementsUpdater(@NotNull EventDispatcher projectsModelEventDispatcher, + @NotNull ProjectManager projectManager, + @NotNull SBuildServer buildServer) { + this.projectsModelEventDispatcher = projectsModelEventDispatcher; + this.projectManager = projectManager; + this.buildServer = buildServer; + } + + @Override + public void afterPropertiesSet() { + // part of work-around for missing BuildFeature#getRequirements + if (parseInt(buildServer.getBuildNumber()) < MIN_VERSION_SUPPORTING_BUILD_FEATURE_REQUIREMENTS) { + projectsModelEventDispatcher.addListener(this); + } + } + + @Override + public void projectRestored(@NotNull String projectId) { + SProject project = projectManager.getProjects().stream() + .filter(p -> projectId.equals(p.getProjectId())) + .findAny() + .orElseThrow(AssertionError::new); + project.getBuildTypeTemplates().forEach(this::buildTypeSettingsPersisted); + project.getBuildTypes().forEach(this::buildTypeSettingsPersisted); + } + + @Override + public void buildTypeTemplatePersisted(@NotNull BuildTypeTemplate buildTypeTemplate) { + buildTypeSettingsPersisted(buildTypeTemplate); + } + + @Override + public void buildTypePersisted(@NotNull SBuildType buildType) { + buildTypeSettingsPersisted(buildType); + } + + private void buildTypeSettingsPersisted(@NotNull T buildTypeSettings) { + if (recursionLocks.contains(buildTypeSettings)) { + return; + } + buildTypeSettings.getBuildFeaturesOfType(BUILD_FEATURE_TYPE).forEach(buildFeature -> { + Map parameters = buildFeature.getParameters(); + String sshTunnelRequirementPropertyValue = '%' + SSH_EXECUTABLE_CONFIGURATION_PARAMETER_NAME + '%'; + if (!sshTunnelRequirementPropertyValue.equals(parameters.get(SSH_TUNNEL_REQUIREMENT_PROPERTY_NAME))) { + Map correctedParameters = new HashMap<>(parameters); + correctedParameters.put(SSH_TUNNEL_REQUIREMENT_PROPERTY_NAME, sshTunnelRequirementPropertyValue); + buildTypeSettings.updateBuildFeature(buildFeature.getId(), buildFeature.getType(), correctedParameters); + persistBuildTypeSettings(buildTypeSettings, String.format( + "Add build requirement for configuration parameter '%s' to build configuration '%s'", + SSH_EXECUTABLE_CONFIGURATION_PARAMETER_NAME, + buildTypeSettings.getName())); + } + }); + } + + private void persistBuildTypeSettings(@NotNull BuildTypeSettings buildTypeSettings, String description) { + recursionLocks.add(buildTypeSettings); + try { + SProject buildTypeSettingsProject = buildTypeSettings.getProject(); + buildTypeSettings.persist(new ConfigAction(description, buildTypeSettingsProject)); + } finally { + recursionLocks.remove(buildTypeSettings); + } + } + + private static class ConfigAction implements jetbrains.buildServer.serverSide.ConfigAction { + private final String description; + private final SProject buildTypeSettingsProject; + private String cancelReason; + + public ConfigAction(String description, SProject buildTypeSettingsProject) { + this.description = description; + this.buildTypeSettingsProject = buildTypeSettingsProject; + } + + @Override + public long getId() { + return -1; + } + + @NotNull + @Override + public String getUserName(@NotNull VcsRootInstance root) { + return "ssh-tunnel"; + } + + @NotNull + @Override + public String getDescription() { + return description; + } + + @Nullable + @Override + public SProject getProject() { + return buildTypeSettingsProject; + } + + @Nullable + @Override + public SUser getUser() { + return null; + } + + @Override + public void cancelCommit(@NotNull String reason) { + cancelReason = reason; + } + + @Nullable + @Override + public String getCommitCancelReason() { + return cancelReason; + } + + @NotNull + @Override + public String describe(boolean verbose) { + return description; + } + } +} diff --git a/commonServer/src/main/resources/META-INF/build-server-plugin-ssh-tunnel.xml b/commonServer/src/main/resources/META-INF/build-server-plugin-ssh-tunnel.xml new file mode 100644 index 0000000..b2be159 --- /dev/null +++ b/commonServer/src/main/resources/META-INF/build-server-plugin-ssh-tunnel.xml @@ -0,0 +1,27 @@ + + + + + + + + + + diff --git a/commonServer/src/main/resources/buildServerResources/sshTunnelBuildFeature.jsp b/commonServer/src/main/resources/buildServerResources/sshTunnelBuildFeature.jsp new file mode 100644 index 0000000..6705f4f --- /dev/null +++ b/commonServer/src/main/resources/buildServerResources/sshTunnelBuildFeature.jsp @@ -0,0 +1,268 @@ +<%@ page import="java.lang.Integer" %> +<%@ page import="net.kautler.teamcity.ssh_tunnel.common.Constants" %> + +<%@ include file="/include.jsp" %> +<%@ taglib prefix="admin" tagdir="/WEB-INF/tags/admin" %> + +<%-- + ~ Copyright 2019 Björn Kautler + ~ + ~ Licensed under the Apache License, Version 2.0 (the "License"); + ~ you may not use this file except in compliance with the License. + ~ You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the License is distributed on an "AS IS" BASIS, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ~ See the License for the specific language governing permissions and + ~ limitations under the License. + --%> + + + + + + + This build feature opens an SSH tunnel with local forward during a build. + + + + + + + <%-- part of work-around for missing BuildFeature#getRequirements --%> + + + + + + + + + + Connection  + + The connection properties for the carrier connection + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Local Part  + + Either local address / port or local socket can be specified (default: 127.0.0.1:<random port>) + + + + + + + + + + Address and Port + Socket + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Remote Part  + + Either remote address / port or remote socket must be specified + + + + + + + + + + Address and Port + Socket + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/gradle.properties b/gradle.properties new file mode 100644 index 0000000..ab8e627 --- /dev/null +++ b/gradle.properties @@ -0,0 +1,19 @@ +# Copyright 2019 Björn Kautler +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +org.gradle.caching = true + +group = net.kautler +description = Open an SSH tunnel with port and socket forwards as build feature on TeamCity +version = 1.0.0-SNAPSHOT diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar new file mode 100644 index 0000000000000000000000000000000000000000..5c2d1cf016b3885f6930543d57b744ea8c220a1a GIT binary patch literal 55616 zcmafaW0WS*vSoFbZJS-TZP!<}ZQEV8ZQHihW!tvx>6!c9%-lQoy;&DmfdT@8fB*sl68LLCKtKQ283+jS?^Q-bNq|NIAW8=eB==8_)^)r*{C^$z z{u;{v?IMYnO`JhmPq7|LA_@Iz75S9h~8`iX>QrjrmMeu{>hn4U;+$dor zz+`T8Q0f}p^Ao)LsYq74!W*)&dTnv}E8;7H*Zetclpo2zf_f>9>HT8;`O^F8;M%l@ z57Z8dk34kG-~Wg7n48qF2xwPp;SOUpd1}9Moir5$VSyf4gF)Mp-?`wO3;2x9gYj59oFwG>?Leva43@e(z{mjm0b*@OAYLC`O9q|s+FQLOE z!+*Y;%_0(6Sr<(cxE0c=lS&-FGBFGWd_R<5$vwHRJG=tB&Mi8@hq_U7@IMyVyKkOo6wgR(<% zQw1O!nnQl3T9QJ)Vh=(`cZM{nsEKChjbJhx@UQH+G>6p z;beBQ1L!3Zl>^&*?cSZjy$B3(1=Zyn~>@`!j%5v7IBRt6X`O)yDpVLS^9EqmHxBcisVG$TRwiip#ViN|4( zYn!Av841_Z@Ys=T7w#>RT&iXvNgDq3*d?$N(SznG^wR`x{%w<6^qj&|g})La;iD?`M=p>99p><39r9+e z`dNhQ&tol5)P#;x8{tT47i*blMHaDKqJs8!Pi*F{#)9%USFxTVMfMOy{mp2ZrLR40 z2a9?TJgFyqgx~|j0eA6SegKVk@|Pd|_6P$HvwTrLTK)Re`~%kg8o9`EAE1oAiY5Jgo=H}0*D?tSCn^=SIN~fvv453Ia(<1|s07aTVVtsRxY6+tT3589iQdi^ zC92D$ewm9O6FA*u*{Fe_=b`%q`pmFvAz@hfF@OC_${IPmD#QMpPNo0mE9U=Ch;k0L zZteokPG-h7PUeRCPPYG%H!WswC?cp7M|w42pbtwj!m_&4%hB6MdLQe&}@5-h~! zkOt;w0BbDc0H!RBw;1UeVckHpJ@^|j%FBZlC} zsm?nFOT$`F_i#1_gh4|n$rDe>0md6HvA=B%hlX*3Z%y@a&W>Rq`Fe(8smIgxTGb#8 zZ`->%h!?QCk>v*~{!qp=w?a*};Y**1uH`)OX`Gi+L%-d6{rV?@}MU#qfCU(!hLz;kWH=0A%W7E^pA zD;A%Jg5SsRe!O*0TyYkAHe&O9z*Ij-YA$%-rR?sc`xz_v{>x%xY39!8g#!Z0#03H( z{O=drKfb0cbx1F*5%q81xvTDy#rfUGw(fesh1!xiS2XT;7_wBi(Rh4i(!rR^9=C+- z+**b9;icxfq@<7}Y!PW-0rTW+A^$o*#ZKenSkxLB$Qi$%gJSL>x!jc86`GmGGhai9 zOHq~hxh}KqQHJeN$2U{M>qd*t8_e&lyCs69{bm1?KGTYoj=c0`rTg>pS6G&J4&)xp zLEGIHSTEjC0-s-@+e6o&w=h1sEWWvJUvezID1&exb$)ahF9`(6`?3KLyVL$|c)CjS zx(bsy87~n8TQNOKle(BM^>1I!2-CZ^{x6zdA}qeDBIdrfd-(n@Vjl^9zO1(%2pP9@ zKBc~ozr$+4ZfjmzEIzoth(k?pbI87=d5OfjVZ`Bn)J|urr8yJq`ol^>_VAl^P)>2r)s+*3z5d<3rP+-fniCkjmk=2hTYRa@t zCQcSxF&w%mHmA?!vaXnj7ZA$)te}ds+n8$2lH{NeD4mwk$>xZCBFhRy$8PE>q$wS`}8pI%45Y;Mg;HH+}Dp=PL)m77nKF68FggQ-l3iXlVZuM2BDrR8AQbK;bn1%jzahl0; zqz0(mNe;f~h8(fPzPKKf2qRsG8`+Ca)>|<&lw>KEqM&Lpnvig>69%YQpK6fx=8YFj zHKrfzy>(7h2OhUVasdwKY`praH?>qU0326-kiSyOU_Qh>ytIs^htlBA62xU6xg?*l z)&REdn*f9U3?u4$j-@ndD#D3l!viAUtw}i5*Vgd0Y6`^hHF5R=No7j8G-*$NWl%?t z`7Nilf_Yre@Oe}QT3z+jOUVgYtT_Ym3PS5(D>kDLLas8~F+5kW%~ZYppSrf1C$gL* zCVy}fWpZ3s%2rPL-E63^tA|8OdqKsZ4TH5fny47ENs1#^C`_NLg~H^uf3&bAj#fGV zDe&#Ot%_Vhj$}yBrC3J1Xqj>Y%&k{B?lhxKrtYy;^E9DkyNHk5#6`4cuP&V7S8ce9 zTUF5PQIRO7TT4P2a*4;M&hk;Q7&{(83hJe5BSm=9qt~;U)NTf=4uKUcnxC`;iPJeI zW#~w?HIOM+0j3ptB0{UU{^6_#B*Q2gs;1x^YFey(%DJHNWz@e_NEL?$fv?CDxG`jk zH|52WFdVsZR;n!Up;K;4E$|w4h>ZIN+@Z}EwFXI{w_`?5x+SJFY_e4J@|f8U08%dd z#Qsa9JLdO$jv)?4F@&z_^{Q($tG`?|9bzt8ZfH9P`epY`soPYqi1`oC3x&|@m{hc6 zs0R!t$g>sR@#SPfNV6Pf`a^E?q3QIaY30IO%yKjx#Njj@gro1YH2Q(0+7D7mM~c>C zk&_?9Ye>B%*MA+77$Pa!?G~5tm`=p{NaZsUsOgm6Yzclr_P^2)r(7r%n(0?4B#$e7 z!fP;+l)$)0kPbMk#WOjm07+e?{E)(v)2|Ijo{o1+Z8#8ET#=kcT*OwM#K68fSNo%< zvZFdHrOrr;>`zq!_welWh!X}=oN5+V01WJn7=;z5uo6l_$7wSNkXuh=8Y>`TjDbO< z!yF}c42&QWYXl}XaRr0uL?BNPXlGw=QpDUMo`v8pXzzG(=!G;t+mfCsg8 zJb9v&a)E!zg8|%9#U?SJqW!|oBHMsOu}U2Uwq8}RnWeUBJ>FtHKAhP~;&T4mn(9pB zu9jPnnnH0`8ywm-4OWV91y1GY$!qiQCOB04DzfDDFlNy}S{$Vg9o^AY!XHMueN<{y zYPo$cJZ6f7``tmlR5h8WUGm;G*i}ff!h`}L#ypFyV7iuca!J+C-4m@7*Pmj9>m+jh zlpWbud)8j9zvQ`8-oQF#u=4!uK4kMFh>qS_pZciyq3NC(dQ{577lr-!+HD*QO_zB9 z_Rv<#qB{AAEF8Gbr7xQly%nMA%oR`a-i7nJw95F3iH&IX5hhy3CCV5y>mK4)&5aC*12 zI`{(g%MHq<(ocY5+@OK-Qn-$%!Nl%AGCgHl>e8ogTgepIKOf3)WoaOkuRJQt%MN8W z=N-kW+FLw=1^}yN@*-_c>;0N{-B!aXy#O}`%_~Nk?{e|O=JmU8@+92Q-Y6h)>@omP=9i~ zi`krLQK^!=@2BH?-R83DyFkejZkhHJqV%^} zUa&K22zwz7b*@CQV6BQ9X*RB177VCVa{Z!Lf?*c~PwS~V3K{id1TB^WZh=aMqiws5)qWylK#^SG9!tqg3-)p_o(ABJsC!0;0v36;0tC= z!zMQ_@se(*`KkTxJ~$nIx$7ez&_2EI+{4=uI~dwKD$deb5?mwLJ~ema_0Z z6A8Q$1~=tY&l5_EBZ?nAvn$3hIExWo_ZH2R)tYPjxTH5mAw#3n-*sOMVjpUrdnj1DBm4G!J+Ke}a|oQN9f?!p-TcYej+(6FNh_A? zJ3C%AOjc<8%9SPJ)U(md`W5_pzYpLEMwK<_jgeg-VXSX1Nk1oX-{yHz z-;CW!^2ds%PH{L{#12WonyeK5A=`O@s0Uc%s!@22etgSZW!K<%0(FHC+5(BxsXW@e zAvMWiO~XSkmcz%-@s{|F76uFaBJ8L5H>nq6QM-8FsX08ug_=E)r#DC>d_!6Nr+rXe zzUt30Du_d0oSfX~u>qOVR*BmrPBwL@WhF^5+dHjWRB;kB$`m8|46efLBXLkiF|*W= zg|Hd(W}ZnlJLotYZCYKoL7YsQdLXZ!F`rLqLf8n$OZOyAzK`uKcbC-n0qoH!5-rh&k-`VADETKHxrhK<5C zhF0BB4azs%j~_q_HA#fYPO0r;YTlaa-eb)Le+!IeP>4S{b8&STp|Y0if*`-A&DQ$^ z-%=i73HvEMf_V6zSEF?G>G-Eqn+|k`0=q?(^|ZcqWsuLlMF2!E*8dDAx%)}y=lyMa z$Nn0_f8YN8g<4D>8IL3)GPf#dJYU@|NZqIX$;Lco?Qj=?W6J;D@pa`T=Yh z-ybpFyFr*3^gRt!9NnbSJWs2R-S?Y4+s~J8vfrPd_&_*)HBQ{&rW(2X>P-_CZU8Y9 z-32><7|wL*K+3{ZXE5}nn~t@NNT#Bc0F6kKI4pVwLrpU@C#T-&f{Vm}0h1N3#89@d zgcx3QyS;Pb?V*XAq;3(W&rjLBazm69XX;%^n6r}0!CR2zTU1!x#TypCr`yrII%wk8 z+g)fyQ!&xIX(*>?T}HYL^>wGC2E}euj{DD_RYKK@w=yF+44367X17)GP8DCmBK!xS zE{WRfQ(WB-v>DAr!{F2-cQKHIjIUnLk^D}7XcTI#HyjSiEX)BO^GBI9NjxojYfQza zWsX@GkLc7EqtP8(UM^cq5zP~{?j~*2T^Bb={@PV)DTkrP<9&hxDwN2@hEq~8(ZiF! z3FuQH_iHyQ_s-#EmAC5~K$j_$cw{+!T>dm#8`t%CYA+->rWp09jvXY`AJQ-l%C{SJ z1c~@<5*7$`1%b}n7ivSo(1(j8k+*Gek(m^rQ!+LPvb=xA@co<|(XDK+(tb46xJ4) zcw7w<0p3=Idb_FjQ@ttoyDmF?cT4JRGrX5xl&|ViA@Lg!vRR}p#$A?0=Qe+1)Mizl zn;!zhm`B&9t0GA67GF09t_ceE(bGdJ0mbXYrUoV2iuc3c69e;!%)xNOGG*?x*@5k( zh)snvm0s&gRq^{yyeE)>hk~w8)nTN`8HJRtY0~1f`f9ue%RV4~V(K*B;jFfJY4dBb z*BGFK`9M-tpWzayiD>p_`U(29f$R|V-qEB;+_4T939BPb=XRw~8n2cGiRi`o$2qm~ zN&5N7JU{L*QGM@lO8VI)fUA0D7bPrhV(GjJ$+@=dcE5vAVyCy6r&R#4D=GyoEVOnu z8``8q`PN-pEy>xiA_@+EN?EJpY<#}BhrsUJC0afQFx7-pBeLXR9Mr+#w@!wSNR7vxHy@r`!9MFecB4O zh9jye3iSzL0@t3)OZ=OxFjjyK#KSF|zz@K}-+HaY6gW+O{T6%Zky@gD$6SW)Jq;V0 zt&LAG*YFO^+=ULohZZW*=3>7YgND-!$2}2)Mt~c>JO3j6QiPC-*ayH2xBF)2m7+}# z`@m#q{J9r~Dr^eBgrF(l^#sOjlVNFgDs5NR*Xp;V*wr~HqBx7?qBUZ8w)%vIbhhe) zt4(#1S~c$Cq7b_A%wpuah1Qn(X9#obljoY)VUoK%OiQZ#Fa|@ZvGD0_oxR=vz{>U* znC(W7HaUDTc5F!T77GswL-jj7e0#83DH2+lS-T@_^SaWfROz9btt*5zDGck${}*njAwf}3hLqKGLTeV&5(8FC+IP>s;p{L@a~RyCu)MIa zs~vA?_JQ1^2Xc&^cjDq02tT_Z0gkElR0Aa$v@VHi+5*)1(@&}gEXxP5Xon?lxE@is z9sxd|h#w2&P5uHJxWgmtVZJv5w>cl2ALzri;r57qg){6`urTu(2}EI?D?##g=!Sbh z*L*>c9xN1a3CH$u7C~u_!g81`W|xp=54oZl9CM)&V9~ATCC-Q!yfKD@vp#2EKh0(S zgt~aJ^oq-TM0IBol!w1S2j7tJ8H7;SR7yn4-H}iz&U^*zW95HrHiT!H&E|rSlnCYr z7Y1|V7xebn=TFbkH;>WIH6H>8;0?HS#b6lCke9rSsH%3AM1#2U-^*NVhXEIDSFtE^ z=jOo1>j!c__Bub(R*dHyGa)@3h?!ls1&M)d2{?W5#1|M@6|ENYYa`X=2EA_oJUw=I zjQ)K6;C!@>^i7vdf`pBOjH>Ts$97}B=lkb07<&;&?f#cy3I0p5{1=?O*#8m$C_5TE zh}&8lOWWF7I@|pRC$G2;Sm#IJfhKW@^jk=jfM1MdJP(v2fIrYTc{;e5;5gsp`}X8-!{9{S1{h+)<@?+D13s^B zq9(1Pu(Dfl#&z|~qJGuGSWDT&u{sq|huEsbJhiqMUae}K*g+R(vG7P$p6g}w*eYWn zQ7luPl1@{vX?PMK%-IBt+N7TMn~GB z!Ldy^(2Mp{fw_0;<$dgHAv1gZgyJAx%}dA?jR=NPW1K`FkoY zNDgag#YWI6-a2#&_E9NMIE~gQ+*)i<>0c)dSRUMHpg!+AL;a;^u|M1jp#0b<+#14z z+#LuQ1jCyV_GNj#lHWG3e9P@H34~n0VgP#(SBX=v|RSuOiY>L87 z#KA{JDDj2EOBX^{`a;xQxHtY1?q5^B5?up1akjEPhi1-KUsK|J9XEBAbt%^F`t0I- zjRYYKI4OB7Zq3FqJFBZwbI=RuT~J|4tA8x)(v2yB^^+TYYJS>Et`_&yge##PuQ%0I z^|X!Vtof}`UuIxPjoH8kofw4u1pT5h`Ip}d8;l>WcG^qTe>@x63s#zoJiGmDM@_h= zo;8IZR`@AJRLnBNtatipUvL^(1P_a;q8P%&voqy#R!0(bNBTlV&*W9QU?kRV1B*~I zWvI?SNo2cB<7bgVY{F_CF$7z!02Qxfw-Ew#p!8PC#! z1sRfOl`d-Y@&=)l(Sl4CS=>fVvor5lYm61C!!iF3NMocKQHUYr0%QM}a4v2>rzPfM zUO}YRDb7-NEqW+p_;e0{Zi%0C$&B3CKx6|4BW`@`AwsxE?Vu}@Jm<3%T5O&05z+Yq zkK!QF(vlN}Rm}m_J+*W4`8i~R&`P0&5!;^@S#>7qkfb9wxFv@(wN@$k%2*sEwen$a zQnWymf+#Uyv)0lQVd?L1gpS}jMQZ(NHHCKRyu zjK|Zai0|N_)5iv)67(zDBCK4Ktm#ygP|0(m5tU`*AzR&{TSeSY8W=v5^=Ic`ahxM-LBWO+uoL~wxZmgcSJMUF9q%<%>jsvh9Dnp^_e>J_V=ySx4p?SF0Y zg4ZpZt@!h>WR76~P3_YchYOak7oOzR|`t+h!BbN}?zd zq+vMTt0!duALNWDwWVIA$O=%{lWJEj;5(QD()huhFL5=6x_=1h|5ESMW&S|*oxgF# z-0GRIb ziolwI13hJ-Rl(4Rj@*^=&Zz3vD$RX8bFWvBM{niz(%?z0gWNh_vUvpBDoa>-N=P4c zbw-XEJ@txIbc<`wC883;&yE4ayVh>+N($SJ01m}fumz!#!aOg*;y4Hl{V{b;&ux3& zBEmSq2jQ7#IbVm3TPBw?2vVN z0wzj|Y6EBS(V%Pb+@OPkMvEKHW~%DZk#u|A18pZMmCrjWh%7J4Ph>vG61 zRBgJ6w^8dNRg2*=K$Wvh$t>$Q^SMaIX*UpBG)0bqcvY%*by=$EfZAy{ZOA#^tB(D( zh}T(SZgdTj?bG9u+G{Avs5Yr1x=f3k7%K|eJp^>BHK#~dsG<&+=`mM@>kQ-cAJ2k) zT+Ht5liXdc^(aMi9su~{pJUhe)!^U&qn%mV6PS%lye+Iw5F@Xv8E zdR4#?iz+R4--iiHDQmQWfNre=iofAbF~1oGTa1Ce?hId~W^kPuN(5vhNx++ZLkn?l zUA7L~{0x|qA%%%P=8+-Ck{&2$UHn#OQncFS@uUVuE39c9o~#hl)v#!$X(X*4ban2c z{buYr9!`H2;6n73n^W3Vg(!gdBV7$e#v3qubWALaUEAf@`ava{UTx%2~VVQbEE(*Q8_ zv#me9i+0=QnY)$IT+@3vP1l9Wrne+MlZNGO6|zUVG+v&lm7Xw3P*+gS6e#6mVx~(w zyuaXogGTw4!!&P3oZ1|4oc_sGEa&m3Jsqy^lzUdJ^y8RlvUjDmbC^NZ0AmO-c*&m( zSI%4P9f|s!B#073b>Eet`T@J;3qY!NrABuUaED6M^=s-Q^2oZS`jVzuA z>g&g$!Tc>`u-Q9PmKu0SLu-X(tZeZ<%7F+$j3qOOftaoXO5=4!+P!%Cx0rNU+@E~{ zxCclYb~G(Ci%o{}4PC(Bu>TyX9slm5A^2Yi$$kCq-M#Jl)a2W9L-bq5%@Pw^ zh*iuuAz`x6N_rJ1LZ7J^MU9~}RYh+EVIVP+-62u+7IC%1p@;xmmQ`dGCx$QpnIUtK z0`++;Ddz7{_R^~KDh%_yo8WM$IQhcNOALCIGC$3_PtUs?Y44@Osw;OZ()Lk=(H&Vc zXjkHt+^1@M|J%Q&?4>;%T-i%#h|Tb1u;pO5rKst8(Cv2!3U{TRXdm&>fWTJG)n*q&wQPjRzg%pS1RO9}U0*C6fhUi&f#qoV`1{U<&mWKS<$oVFW>{&*$6)r6Rx)F4W zdUL8Mm_qNk6ycFVkI5F?V+cYFUch$92|8O^-Z1JC94GU+Nuk zA#n3Z1q4<6zRiv%W5`NGk*Ym{#0E~IA6*)H-=RmfWIY%mEC0? zSih7uchi`9-WkF2@z1ev6J_N~u;d$QfSNLMgPVpHZoh9oH-8D*;EhoCr~*kJ<|-VD z_jklPveOxWZq40E!SV@0XXy+~Vfn!7nZ1GXsn~U$>#u0d*f?RL9!NMlz^qxYmz|xt zz6A&MUAV#eD%^GcP#@5}QH5e7AV`}(N2#(3xpc!7dDmgu7C3TpgX5Z|$%Vu8=&SQI zdxUk*XS-#C^-cM*O>k}WD5K81e2ayyRA)R&5>KT1QL!T!%@}fw{>BsF+-pzu>;7{g z^CCSWfH;YtJGT@+An0Ded#zM9>UEFOdR_Xq zS~!5R*{p1Whq62ynHo|n$4p7&d|bal{iGsxAY?opi3R${)Zt*8YyOU!$TWMYXF?|i zPXYr}wJp#EH;keSG5WYJ*(~oiu#GDR>C4%-HpIWr7v`W`lzQN-lb?*vpoit z8FqJ)`LC4w8fO8Fu}AYV`awF2NLMS4$f+?=KisU4P6@#+_t)5WDz@f*qE|NG0*hwO z&gv^k^kC6Fg;5>Gr`Q46C{6>3F(p0QukG6NM07rxa&?)_C*eyU(jtli>9Zh#eUb(y zt9NbC-bp0>^m?i`?$aJUyBmF`N0zQ% zvF_;vLVI{tq%Ji%u*8s2p4iBirv*uD(?t~PEz$CfxVa=@R z^HQu6-+I9w>a35kX!P)TfnJDD!)j8!%38(vWNe9vK0{k*`FS$ABZ`rdwfQe@IGDki zssfXnsa6teKXCZUTd^qhhhUZ}>GG_>F0~LG7*<*x;8e39nb-0Bka(l)%+QZ_IVy3q zcmm2uKO0p)9|HGxk*e_$mX2?->&-MXe`=Fz3FRTFfM!$_y}G?{F9jmNgD+L%R`jM1 zIP-kb=3Hlsb35Q&qo(%Ja(LwQj>~!GI|Hgq65J9^A!ibChYB3kxLn@&=#pr}BwON0Q=e5;#sF8GGGuzx6O}z%u3l?jlKF&8Y#lUA)Cs6ZiW8DgOk|q z=YBPAMsO7AoAhWgnSKae2I7%7*Xk>#AyLX-InyBO?OD_^2^nI4#;G|tBvg3C0ldO0 z*`$g(q^es4VqXH2t~0-u^m5cfK8eECh3Rb2h1kW%%^8A!+ya3OHLw$8kHorx4(vJO zAlVu$nC>D{7i?7xDg3116Y2e+)Zb4FPAdZaX}qA!WW{$d?u+sK(iIKqOE-YM zH7y^hkny24==(1;qEacfFU{W{xSXhffC&DJV&oqw`u~WAl@=HIel>KC-mLs2ggFld zsSm-03=Jd^XNDA4i$vKqJ|e|TBc19bglw{)QL${Q(xlN?E;lPumO~;4w_McND6d+R zsc2p*&uRWd`wTDszTcWKiii1mNBrF7n&LQp$2Z<}zkv=8k2s6-^+#siy_K1`5R+n( z++5VOU^LDo(kt3ok?@$3drI`<%+SWcF*`CUWqAJxl3PAq!X|q{al;8%HfgxxM#2Vb zeBS756iU|BzB>bN2NP=AX&!{uZXS;|F`LLd9F^97UTMnNks_t7EPnjZF`2ocD2*u+ z?oKP{xXrD*AKGYGkZtlnvCuazg6g16ZAF{Nu%w+LCZ+v_*`0R$NK)tOh_c#cze;o$ z)kY(eZ5Viv<5zl1XfL(#GO|2FlXL#w3T?hpj3BZ&OAl^L!7@ zy;+iJWYQYP?$(`li_!|bfn!h~k#=v-#XXyjTLd+_txOqZZETqSEp>m+O0ji7MxZ*W zSdq+yqEmafrsLErZG8&;kH2kbCwluSa<@1yU3^Q#5HmW(hYVR0E6!4ZvH;Cr<$`qf zSvqRc`Pq_9b+xrtN3qLmds9;d7HdtlR!2NV$rZPCh6>(7f7M}>C^LeM_5^b$B~mn| z#)?`E=zeo9(9?{O_ko>51~h|c?8{F=2=_-o(-eRc z9p)o51krhCmff^U2oUi#$AG2p-*wSq8DZ(i!Jmu1wzD*)#%J&r)yZTq`3e|v4>EI- z=c|^$Qhv}lEyG@!{G~@}Wbx~vxTxwKoe9zn%5_Z^H$F1?JG_Kadc(G8#|@yaf2-4< zM1bdQF$b5R!W1f`j(S>Id;CHMzfpyjYEC_95VQ*$U3y5piVy=9Rdwg7g&)%#6;U%b2W}_VVdh}qPnM4FY9zFP(5eR zWuCEFox6e;COjs$1RV}IbpE0EV;}5IP}Oq|zcb*77PEDIZU{;@_;8*22{~JRvG~1t zc+ln^I+)Q*+Ha>(@=ra&L&a-kD;l$WEN;YL0q^GE8+})U_A_StHjX_gO{)N>tx4&F zRK?99!6JqktfeS-IsD@74yuq*aFJoV{5&K(W`6Oa2Qy0O5JG>O`zZ-p7vBGh!MxS;}}h6(96Wp`dci3DY?|B@1p8fVsDf$|0S zfE{WL5g3<9&{~yygYyR?jK!>;eZ2L#tpL2)H#89*b zycE?VViXbH7M}m33{#tI69PUPD=r)EVPTBku={Qh{ zKi*pht1jJ+yRhVE)1=Y()iS9j`FesMo$bjLSqPMF-i<42Hxl6%y7{#vw5YT(C}x0? z$rJU7fFmoiR&%b|Y*pG?7O&+Jb#Z%S8&%o~fc?S9c`Dwdnc4BJC7njo7?3bp#Yonz zPC>y`DVK~nzN^n}jB5RhE4N>LzhCZD#WQseohYXvqp5^%Ns!q^B z&8zQN(jgPS(2ty~g2t9!x9;Dao~lYVujG-QEq{vZp<1Nlp;oj#kFVsBnJssU^p-4% zKF_A?5sRmA>d*~^og-I95z$>T*K*33TGBPzs{OMoV2i+(P6K|95UwSj$Zn<@Rt(g%|iY z$SkSjYVJ)I<@S(kMQ6md{HxAa8S`^lXGV?ktLX!ngTVI~%WW+p#A#XTWaFWeBAl%U z&rVhve#Yse*h4BC4nrq7A1n>Rlf^ErbOceJC`o#fyCu@H;y)`E#a#)w)3eg^{Hw&E7);N5*6V+z%olvLj zp^aJ4`h*4L4ij)K+uYvdpil(Z{EO@u{BcMI&}5{ephilI%zCkBhBMCvOQT#zp|!18 zuNl=idd81|{FpGkt%ty=$fnZnWXxem!t4x{ zat@68CPmac(xYaOIeF}@O1j8O?2jbR!KkMSuix;L8x?m01}|bS2=&gsjg^t2O|+0{ zlzfu5r5_l4)py8uPb5~NHPG>!lYVynw;;T-gk1Pl6PQ39Mwgd2O+iHDB397H)2grN zHwbd>8i%GY>Pfy7;y5X7AN>qGLZVH>N_ZuJZ-`z9UA> zfyb$nbmPqxyF2F;UW}7`Cu>SS%0W6h^Wq5e{PWAjxlh=#Fq+6SiPa-L*551SZKX&w zc9TkPv4eao?kqomkZ#X%tA{`UIvf|_=Y7p~mHZKqO>i_;q4PrwVtUDTk?M7NCssa?Y4uxYrsXj!+k@`Cxl;&{NLs*6!R<6k9$Bq z%grLhxJ#G_j~ytJpiND8neLfvD0+xu>wa$-%5v;4;RYYM66PUab)c9ruUm%d{^s{# zTBBY??@^foRv9H}iEf{w_J%rV<%T1wv^`)Jm#snLTIifjgRkX``x2wV(D6(=VTLL4 zI-o}&5WuwBl~(XSLIn5~{cGWorl#z+=(vXuBXC#lp}SdW=_)~8Z(Vv!#3h2@pdA3d z{cIPYK@Ojc9(ph=H3T7;aY>(S3~iuIn05Puh^32WObj%hVN(Y{Ty?n?Cm#!kGNZFa zW6Ybz!tq|@erhtMo4xAus|H8V_c+XfE5mu|lYe|{$V3mKnb1~fqoFim;&_ZHN_=?t zysQwC4qO}rTi}k8_f=R&i27RdBB)@bTeV9Wcd}Rysvod}7I%ujwYbTI*cN7Kbp_hO z=eU521!#cx$0O@k9b$;pnCTRtLIzv){nVW6Ux1<0@te6`S5%Ew3{Z^9=lbL5$NFvd4eUtK?%zgmB;_I&p`)YtpN`2Im(?jPN<(7Ua_ZWJRF(CChv`(gHfWodK%+joy>8Vaa;H1w zIJ?!kA|x7V;4U1BNr(UrhfvjPii7YENLIm`LtnL9Sx z5E9TYaILoB2nSwDe|BVmrpLT43*dJ8;T@1l zJE)4LEzIE{IN}+Nvpo3=ZtV!U#D;rB@9OXYw^4QH+(52&pQEcZq&~u9bTg63ikW9! z=!_RjN2xO=F+bk>fSPhsjQA;)%M1My#34T`I7tUf>Q_L>DRa=>Eo(sapm>}}LUsN% zVw!C~a)xcca`G#g*Xqo>_uCJTz>LoWGSKOwp-tv`yvfqw{17t`9Z}U4o+q2JGP^&9 z(m}|d13XhYSnEm$_8vH-Lq$A^>oWUz1)bnv|AVn_0FwM$vYu&8+qUg$+qP}nwrykD zwmIF?wr$()X@33oz1@B9zi+?Th^nZnsES)rb@O*K^JL~ZH|pRRk$i0+ohh?Il)y&~ zQaq{}9YxPt5~_2|+r#{k#~SUhO6yFq)uBGtYMMg4h1qddg!`TGHocYROyNFJtYjNe z3oezNpq6%TP5V1g(?^5DMeKV|i6vdBq)aGJ)BRv;K(EL0_q7$h@s?BV$)w31*c(jd z{@hDGl3QdXxS=#?0y3KmPd4JL(q(>0ikTk6nt98ptq$6_M|qrPi)N>HY>wKFbnCKY z%0`~`9p)MDESQJ#A`_>@iL7qOCmCJ(p^>f+zqaMuDRk!z01Nd2A_W^D%~M73jTqC* zKu8u$$r({vP~TE8rPk?8RSjlRvG*BLF}ye~Su%s~rivmjg2F z24dhh6-1EQF(c>Z1E8DWY)Jw#9U#wR<@6J)3hjA&2qN$X%piJ4s={|>d-|Gzl~RNu z##iR(m;9TN3|zh+>HgTI&82iR>$YVoOq$a(2%l*2mNP(AsV=lR^>=tIP-R9Tw!BYnZROx`PN*JiNH>8bG}&@h0_v$yOTk#@1;Mh;-={ZU7e@JE(~@@y0AuETvsqQV@7hbKe2wiWk@QvV=Kz`%@$rN z_0Hadkl?7oEdp5eaaMqBm;#Xj^`fxNO^GQ9S3|Fb#%{lN;1b`~yxLGEcy8~!cz{!! z=7tS!I)Qq%w(t9sTSMWNhoV#f=l5+a{a=}--?S!rA0w}QF!_Eq>V4NbmYKV&^OndM z4WiLbqeC5+P@g_!_rs01AY6HwF7)$~%Ok^(NPD9I@fn5I?f$(rcOQjP+z?_|V0DiN zb}l0fy*el9E3Q7fVRKw$EIlb&T0fG~fDJZL7Qn8*a5{)vUblM)*)NTLf1ll$ zpQ^(0pkSTol`|t~`Y4wzl;%NRn>689mpQrW=SJ*rB;7}w zVHB?&sVa2%-q@ANA~v)FXb`?Nz8M1rHKiZB4xC9<{Q3T!XaS#fEk=sXI4IFMnlRqG+yaFw< zF{}7tcMjV04!-_FFD8(FtuOZx+|CjF@-xl6-{qSFF!r7L3yD()=*Ss6fT?lDhy(h$ zt#%F575$U(3-e2LsJd>ksuUZZ%=c}2dWvu8f!V%>z3gajZ!Dlk zm=0|(wKY`c?r$|pX6XVo6padb9{EH}px)jIsdHoqG^(XH(7}r^bRa8BC(%M+wtcB? z6G2%tui|Tx6C3*#RFgNZi9emm*v~txI}~xV4C`Ns)qEoczZ>j*r zqQCa5k90Gntl?EX!{iWh=1t$~jVoXjs&*jKu0Ay`^k)hC^v_y0xU~brMZ6PPcmt5$ z@_h`f#qnI$6BD(`#IR0PrITIV^~O{uo=)+Bi$oHA$G* zH0a^PRoeYD3jU_k%!rTFh)v#@cq`P3_y=6D(M~GBud;4 zCk$LuxPgJ5=8OEDlnU!R^4QDM4jGni}~C zy;t2E%Qy;A^bz_5HSb5pq{x{g59U!ReE?6ULOw58DJcJy;H?g*ofr(X7+8wF;*3{rx>j&27Syl6A~{|w{pHb zeFgu0E>OC81~6a9(2F13r7NZDGdQxR8T68&t`-BK zE>ZV0*0Ba9HkF_(AwfAds-r=|dA&p`G&B_zn5f9Zfrz9n#Rvso`x%u~SwE4SzYj!G zVQ0@jrLwbYP=awX$21Aq!I%M{x?|C`narFWhp4n;=>Sj!0_J!k7|A0;N4!+z%Oqlk z1>l=MHhw3bi1vT}1!}zR=6JOIYSm==qEN#7_fVsht?7SFCj=*2+Ro}B4}HR=D%%)F z?eHy=I#Qx(vvx)@Fc3?MT_@D))w@oOCRR5zRw7614#?(-nC?RH`r(bb{Zzn+VV0bm zJ93!(bfrDH;^p=IZkCH73f*GR8nDKoBo|!}($3^s*hV$c45Zu>6QCV(JhBW=3(Tpf z=4PT6@|s1Uz+U=zJXil3K(N6;ePhAJhCIo`%XDJYW@x#7Za);~`ANTvi$N4(Fy!K- z?CQ3KeEK64F0@ykv$-0oWCWhYI-5ZC1pDqui@B|+LVJmU`WJ=&C|{I_))TlREOc4* zSd%N=pJ_5$G5d^3XK+yj2UZasg2) zXMLtMp<5XWWfh-o@ywb*nCnGdK{&S{YI54Wh2|h}yZ})+NCM;~i9H@1GMCgYf`d5n zwOR(*EEkE4-V#R2+Rc>@cAEho+GAS2L!tzisLl${42Y=A7v}h;#@71_Gh2MV=hPr0_a% z0!={Fcv5^GwuEU^5rD|sP;+y<%5o9;#m>ssbtVR2g<420(I-@fSqfBVMv z?`>61-^q;M(b3r2z{=QxSjyH=-%99fpvb}8z}d;%_8$$J$qJg1Sp3KzlO_!nCn|g8 zzg8skdHNsfgkf8A7PWs;YBz_S$S%!hWQ@G>guCgS--P!!Ui9#%GQ#Jh?s!U-4)7ozR?i>JXHU$| zg0^vuti{!=N|kWorZNFX`dJgdphgic#(8sOBHQdBkY}Qzp3V%T{DFb{nGPgS;QwnH9B9;-Xhy{? z(QVwtzkn9I)vHEmjY!T3ifk1l5B?%%TgP#;CqG-?16lTz;S_mHOzu#MY0w}XuF{lk z*dt`2?&plYn(B>FFXo+fd&CS3q^hquSLVEn6TMAZ6e*WC{Q2e&U7l|)*W;^4l~|Q= zt+yFlLVqPz!I40}NHv zE2t1meCuGH%<`5iJ(~8ji#VD{?uhP%F(TnG#uRZW-V}1=N%ev&+Gd4v!0(f`2Ar-Y z)GO6eYj7S{T_vxV?5^%l6TF{ygS_9e2DXT>9caP~xq*~oE<5KkngGtsv)sdCC zaQH#kSL%c*gLj6tV)zE6SGq|0iX*DPV|I`byc9kn_tNQkPU%y<`rj zMC}lD<93=Oj+D6Y2GNMZb|m$^)RVdi`&0*}mxNy0BW#0iq!GGN2BGx5I0LS>I|4op z(6^xWULBr=QRpbxIJDK~?h;K#>LwQI4N<8V?%3>9I5l+e*yG zFOZTIM0c3(q?y9f7qDHKX|%zsUF%2zN9jDa7%AK*qrI5@z~IruFP+IJy7!s~TE%V3 z_PSSxXlr!FU|Za>G_JL>DD3KVZ7u&}6VWbwWmSg?5;MabycEB)JT(eK8wg`^wvw!Q zH5h24_E$2cuib&9>Ue&@%Cly}6YZN-oO_ei5#33VvqV%L*~ZehqMe;)m;$9)$HBsM zfJ96Hk8GJyWwQ0$iiGjwhxGgQX$sN8ij%XJzW`pxqgwW=79hgMOMnC|0Q@ed%Y~=_ z?OnjUB|5rS+R$Q-p)vvM(eFS+Qr{_w$?#Y;0Iknw3u(+wA=2?gPyl~NyYa3me{-Su zhH#8;01jEm%r#5g5oy-f&F>VA5TE_9=a0aO4!|gJpu470WIrfGo~v}HkF91m6qEG2 zK4j=7C?wWUMG$kYbIp^+@)<#ArZ$3k^EQxraLk0qav9TynuE7T79%MsBxl3|nRn?L zD&8kt6*RJB6*a7=5c57wp!pg)p6O?WHQarI{o9@3a32zQ3FH8cK@P!DZ?CPN_LtmC6U4F zlv8T2?sau&+(i@EL6+tvP^&=|aq3@QgL4 zOu6S3wSWeYtgCnKqg*H4ifIQlR4hd^n{F+3>h3;u_q~qw-Sh;4dYtp^VYymX12$`? z;V2_NiRt82RC=yC+aG?=t&a81!gso$hQUb)LM2D4Z{)S zI1S9f020mSm(Dn$&Rlj0UX}H@ zv={G+fFC>Sad0~8yB%62V(NB4Z|b%6%Co8j!>D(VyAvjFBP%gB+`b*&KnJ zU8s}&F+?iFKE(AT913mq;57|)q?ZrA&8YD3Hw*$yhkm;p5G6PNiO3VdFlnH-&U#JH zEX+y>hB(4$R<6k|pt0?$?8l@zeWk&1Y5tlbgs3540F>A@@rfvY;KdnVncEh@N6Mfi zY)8tFRY~Z?Qw!{@{sE~vQy)0&fKsJpj?yR`Yj+H5SDO1PBId3~d!yjh>FcI#Ug|^M z7-%>aeyQhL8Zmj1!O0D7A2pZE-$>+-6m<#`QX8(n)Fg>}l404xFmPR~at%$(h$hYD zoTzbxo`O{S{E}s8Mv6WviXMP}(YPZoL11xfd>bggPx;#&pFd;*#Yx%TtN1cp)MuHf z+Z*5CG_AFPwk624V9@&aL0;=@Ql=2h6aJoqWx|hPQQzdF{e7|fe(m){0==hk_!$ou zI|p_?kzdO9&d^GBS1u+$>JE-6Ov*o{mu@MF-?$r9V>i%;>>Fo~U`ac2hD*X}-gx*v z1&;@ey`rA0qNcD9-5;3_K&jg|qvn@m^+t?8(GTF0l#|({Zwp^5Ywik@bW9mN+5`MU zJ#_Ju|jtsq{tv)xA zY$5SnHgHj}c%qlQG72VS_(OSv;H~1GLUAegygT3T-J{<#h}))pk$FjfRQ+Kr%`2ZiI)@$96Nivh82#K@t>ze^H?R8wHii6Pxy z0o#T(lh=V>ZD6EXf0U}sG~nQ1dFI`bx;vivBkYSVkxXn?yx1aGxbUiNBawMGad;6? zm{zp?xqAoogt=I2H0g@826=7z^DmTTLB11byYvAO;ir|O0xmNN3Ec0w%yHO({-%q(go%?_X{LP?=E1uXoQgrEGOfL1?~ zI%uPHC23dn-RC@UPs;mxq6cFr{UrgG@e3ONEL^SoxFm%kE^LBhe_D6+Ia+u0J=)BC zf8FB!0J$dYg33jb2SxfmkB|8qeN&De!%r5|@H@GiqReK(YEpnXC;-v~*o<#JmYuze zW}p-K=9?0=*fZyYTE7A}?QR6}m_vMPK!r~y*6%My)d;x4R?-=~MMLC_02KejX9q6= z4sUB4AD0+H4ulSYz4;6mL8uaD07eXFvpy*i5X@dmx--+9`ur@rcJ5<L#s%nq3MRi4Dpr;#28}dl36M{MkVs4+Fm3Pjo5qSV)h}i(2^$Ty|<7N z>*LiBzFKH30D!$@n^3B@HYI_V1?yM(G$2Ml{oZ}?frfPU+{i|dHQOP^M0N2#NN_$+ zs*E=MXUOd=$Z2F4jSA^XIW=?KN=w6{_vJ4f(ZYhLxvFtPozPJv9k%7+z!Zj+_0|HC zMU0(8`8c`Sa=%e$|Mu2+CT22Ifbac@7Vn*he`|6Bl81j`44IRcTu8aw_Y%;I$Hnyd zdWz~I!tkWuGZx4Yjof(?jM;exFlUsrj5qO=@2F;56&^gM9D^ZUQ!6TMMUw19zslEu zwB^^D&nG96Y+Qwbvgk?Zmkn9%d{+V;DGKmBE(yBWX6H#wbaAm&O1U^ zS4YS7j2!1LDC6|>cfdQa`}_^satOz6vc$BfFIG07LoU^IhVMS_u+N=|QCJao0{F>p z-^UkM)ODJW9#9*o;?LPCRV1y~k9B`&U)jbTdvuxG&2%!n_Z&udT=0mb@e;tZ$_l3bj6d0K2;Ya!&)q`A${SmdG_*4WfjubB)Mn+vaLV+)L5$yD zYSTGxpVok&fJDG9iS8#oMN{vQneO|W{Y_xL2Hhb%YhQJgq7j~X7?bcA|B||C?R=Eo z!z;=sSeKiw4mM$Qm>|aIP3nw36Tbh6Eml?hL#&PlR5xf9^vQGN6J8op1dpLfwFg}p zlqYx$610Zf?=vCbB_^~~(e4IMic7C}X(L6~AjDp^;|=d$`=!gd%iwCi5E9<6Y~z0! zX8p$qprEadiMgq>gZ_V~n$d~YUqqqsL#BE6t9ufXIUrs@DCTfGg^-Yh5Ms(wD1xAf zTX8g52V!jr9TlWLl+whcUDv?Rc~JmYs3haeG*UnV;4bI=;__i?OSk)bF3=c9;qTdP zeW1exJwD+;Q3yAw9j_42Zj9nuvs%qGF=6I@($2Ue(a9QGRMZTd4ZAlxbT5W~7(alP1u<^YY!c3B7QV z@jm$vn34XnA6Gh1I)NBgTmgmR=O1PKp#dT*mYDPRZ=}~X3B8}H*e_;;BHlr$FO}Eq zJ9oWk0y#h;N1~ho724x~d)A4Z-{V%F6#e5?Z^(`GGC}sYp5%DKnnB+i-NWxwL-CuF+^JWNl`t@VbXZ{K3#aIX+h9-{T*+t(b0BM&MymW9AA*{p^&-9 zWpWQ?*z(Yw!y%AoeoYS|E!(3IlLksr@?Z9Hqlig?Q4|cGe;0rg#FC}tXTmTNfpE}; z$sfUYEG@hLHUb$(K{A{R%~%6MQN|Bu949`f#H6YC*E(p3lBBKcx z-~Bsd6^QsKzB0)$FteBf*b3i7CN4hccSa-&lfQz4qHm>eC|_X!_E#?=`M(bZ{$cvU zZpMbr|4omp`s9mrgz@>4=Fk3~8Y7q$G{T@?oE0<(I91_t+U}xYlT{c&6}zPAE8ikT z3DP!l#>}i!A(eGT+@;fWdK#(~CTkwjs?*i4SJVBuNB2$6!bCRmcm6AnpHHvnN8G<| zuh4YCYC%5}Zo;BO1>L0hQ8p>}tRVx~O89!${_NXhT!HUoGj0}bLvL2)qRNt|g*q~B z7U&U7E+8Ixy1U`QT^&W@ZSRN|`_Ko$-Mk^^c%`YzhF(KY9l5))1jSyz$&>mWJHZzHt0Jje%BQFxEV}C00{|qo5_Hz7c!FlJ|T(JD^0*yjkDm zL}4S%JU(mBV|3G2jVWU>DX413;d+h0C3{g3v|U8cUj`tZL37Sf@1d*jpwt4^B)`bK zZdlwnPB6jfc7rIKsldW81$C$a9BukX%=V}yPnaBz|i6(h>S)+Bn44@i8RtBZf0XetH&kAb?iAL zD%Ge{>Jo3sy2hgrD?15PM}X_)(6$LV`&t*D`IP)m}bzM)+x-xRJ zavhA)>hu2cD;LUTvN38FEtB94ee|~lIvk~3MBPzmTsN|7V}Kzi!h&za#NyY zX^0BnB+lfBuW!oR#8G&S#Er2bCVtA@5FI`Q+a-e?G)LhzW_chWN-ZQmjtR

eWu-UOPu^G}|k=o=;ffg>8|Z*qev7qS&oqA7%Z{4Ezb!t$f3& z^NuT8CSNp`VHScyikB1YO{BgaBVJR&>dNIEEBwYkfOkWN;(I8CJ|vIfD}STN z{097)R9iC@6($s$#dsb*4BXBx7 zb{6S2O}QUk>upEfij9C2tjqWy7%%V@Xfpe)vo6}PG+hmuY1Tc}peynUJLLmm)8pshG zb}HWl^|sOPtYk)CD-7{L+l(=F zOp}fX8)|n{JDa&9uI!*@jh^^9qP&SbZ(xxDhR)y|bjnn|K3MeR3gl6xcvh9uqzb#K zYkVjnK$;lUky~??mcqN-)d5~mk{wXhrf^<)!Jjqc zG~hX0P_@KvOKwV=X9H&KR3GnP3U)DfqafBt$e10}iuVRFBXx@uBQ)sn0J%%c<;R+! zQz;ETTVa+ma>+VF%U43w?_F6s0=x@N2(oisjA7LUOM<$|6iE|$WcO67W|KY8JUV_# zg7P9K3Yo-c*;EmbsqT!M4(WT`%9uk+s9Em-yB0bE{B%F4X<8fT!%4??vezaJ(wJhj zfOb%wKfkY3RU}7^FRq`UEbB-#A-%7)NJQwQd1As=!$u#~2vQ*CE~qp`u=_kL<`{OL zk>753UqJVx1-4~+d@(pnX-i zV4&=eRWbJ)9YEGMV53poXpv$vd@^yd05z$$@i5J7%>gYKBx?mR2qGv&BPn!tE-_aW zg*C!Z&!B zH>3J16dTJC(@M0*kIc}Jn}jf=f*agba|!HVm|^@+7A?V>Woo!$SJko*Jv1mu>;d}z z^vF{3u5Mvo_94`4kq2&R2`32oyoWc2lJco3`Ls0Ew4E7*AdiMbn^LCV%7%mU)hr4S3UVJjDLUoIKRQ)gm?^{1Z}OYzd$1?a~tEY ztjXmIM*2_qC|OC{7V%430T?RsY?ZLN$w!bkDOQ0}wiq69){Kdu3SqW?NMC))S}zq^ zu)w!>E1!;OrXO!RmT?m&PA;YKUjJy5-Seu=@o;m4*Vp$0OipBl4~Ub)1xBdWkZ47=UkJd$`Z}O8ZbpGN$i_WtY^00`S8=EHG#Ff{&MU1L(^wYjTchB zMTK%1LZ(eLLP($0UR2JVLaL|C2~IFbWirNjp|^=Fl48~Sp9zNOCZ@t&;;^avfN(NpNfq}~VYA{q%yjHo4D>JB>XEv(~Z!`1~SoY=9v zTq;hrjObE_h)cmHXLJ>LC_&XQ2BgGfV}e#v}ZF}iF97bG`Nog&O+SA`2zsn%bbB309}I$ zYi;vW$k@fC^muYBL?XB#CBuhC&^H)F4E&vw(5Q^PF{7~}(b&lF4^%DQzL0(BVk?lM zTHXTo4?Ps|dRICEiux#y77_RF8?5!1D-*h5UY&gRY`WO|V`xxB{f{DHzBwvt1W==r zdfAUyd({^*>Y7lObr;_fO zxDDw7X^dO`n!PLqHZ`by0h#BJ-@bAFPs{yJQ~Ylj^M5zWsxO_WFHG}8hH>OK{Q)9` zSRP94d{AM(q-2x0yhK@aNMv!qGA5@~2tB;X?l{Pf?DM5Y*QK`{mGA? zjx;gwnR~#Nep12dFk<^@-U{`&`P1Z}Z3T2~m8^J&7y}GaMElsTXg|GqfF3>E#HG=j zMt;6hfbfjHSQ&pN9(AT8q$FLKXo`N(WNHDY!K6;JrHZCO&ISBdX`g8sXvIf?|8 zX$-W^ut!FhBxY|+R49o44IgWHt}$1BuE|6|kvn1OR#zhyrw}4H*~cpmFk%K(CTGYc zNkJ8L$eS;UYDa=ZHWZy`rO`!w0oIcgZnK&xC|93#nHvfb^n1xgxf{$LB`H1ao+OGb zKG_}>N-RHSqL(RBdlc7J-Z$Gaay`wEGJ_u-lo88{`aQ*+T~+x(H5j?Q{uRA~>2R+} zB+{wM2m?$->unwg8-GaFrG%ZmoHEceOj{W21)Mi2lAfT)EQuNVo+Do%nHPuq7Ttt7 z%^6J5Yo64dH671tOUrA7I2hL@HKZq;S#Ejxt;*m-l*pPj?=i`=E~FAXAb#QH+a}-% z#3u^pFlg%p{hGiIp>05T$RiE*V7bPXtkz(G<+^E}Risi6F!R~Mbf(Qz*<@2&F#vDr zaL#!8!&ughWxjA(o9xtK{BzzYwm_z2t*c>2jI)c0-xo8ahnEqZ&K;8uF*!Hg0?Gd* z=eJK`FkAr>7$_i$;kq3Ks5NNJkNBnw|1f-&Ys56c9Y@tdM3VTTuXOCbWqye9va6+ZSeF0eh} zYb^ct&4lQTfNZ3M3(9?{;s><(zq%hza7zcxlZ+`F8J*>%4wq8s$cC6Z=F@ zhbvdv;n$%vEI$B~B)Q&LkTse!8Vt};7Szv2@YB!_Ztp@JA>rc(#R1`EZcIdE+JiI% zC2!hgYt+~@%xU?;ir+g92W`*j z3`@S;I6@2rO28zqj&SWO^CvA5MeNEhBF+8-U0O0Q1Co=I^WvPl%#}UFDMBVl z5iXV@d|`QTa$>iw;m$^}6JeuW zjr;{)S2TfK0Q%xgHvONSJb#NA|LOmg{U=k;R?&1tQbylMEY4<1*9mJh&(qo`G#9{X zYRs)#*PtEHnO;PV0G~6G`ca%tpKgb6<@)xc^SQY58lTo*S$*sv5w7bG+8YLKYU`8{ zNBVlvgaDu7icvyf;N&%42z2L4(rR<*Jd48X8Jnw zN>!R$%MZ@~Xu9jH?$2Se&I|ZcW>!26BJP?H7og0hT(S`nXh6{sR36O^7%v=31T+eL z)~BeC)15v>1m#(LN>OEwYFG?TE0_z)MrT%3SkMBBjvCd6!uD+03Jz#!s#Y~b1jf>S z&Rz5&8rbLj5!Y;(Hx|UY(2aw~W(8!3q3D}LRE%XX(@h5TnP@PhDoLVQx;6|r^+Bvs zaR55cR%Db9hZ<<|I%dDkone+8Sq7dqPOMnGoHk~-R*#a8w$c)`>4U`k+o?2|E>Sd4 zZ0ZVT{95pY$qKJ54K}3JB!(WcES>F+x56oJBRg))tMJ^#Qc(2rVcd5add=Us6vpBNkIg9b#ulk%!XBU zV^fH1uY(rGIAiFew|z#MM!qsVv%ZNb#why9%9In4Kj-hDYtMdirWLFzn~de!nnH(V zv0>I3;X#N)bo1$dFzqo(tzmvqNUKraAz~?)OSv42MeM!OYu;2VKn2-s7#fucX`|l~ zplxtG1Pgk#(;V=`P_PZ`MV{Bt4$a7;aLvG@KQo%E=;7ZO&Ws-r@XL+AhnPn>PAKc7 zQ_iQ4mXa-a4)QS>cJzt_j;AjuVCp8g^|dIV=DI0>v-f_|w5YWAX61lNBjZEZax3aV znher(j)f+a9_s8n#|u=kj0(unR1P-*L7`{F28xv054|#DMh}q=@rs@-fbyf(2+52L zN>hn3v!I~%jfOV=j(@xLOsl$Jv-+yR5{3pX)$rIdDarl7(C3)})P`QoHN|y<<2n;` zJ0UrF=Zv}d=F(Uj}~Yv9(@1pqUSRa5_bB*AvQ|Z-6YZ*N%p(U z<;Bpqr9iEBe^LFF!t{1UnRtaH-9=@p35fMQJ~1^&)(2D|^&z?m z855r&diVS6}jmt2)A7LZDiv;&Ys6@W5P{JHY!!n7W zvj3(2{1R9Y=TJ|{^2DK&be*ZaMiRHw>WVI^701fC) zAp1?8?oiU%Faj?Qhou6S^d11_7@tEK-XQ~%q!!7hha-Im^>NcRF7OH7s{IO7arZQ{ zE8n?2><7*!*lH}~usWPWZ}2&M+)VQo7C!AWJSQc>8g_r-P`N&uybK5)p$5_o;+58Q z-Ux2l<3i|hxqqur*qAfHq=)?GDchq}ShV#m6&w|mi~ar~`EO_S=fb~<}66U>5i7$H#m~wR;L~4yHL2R&;L*u7-SPdHxLS&Iy76q$2j#Pe)$WulRiCICG*t+ zeehM8`!{**KRL{Q{8WCEFLXu3+`-XF(b?c1Z~wg?c0lD!21y?NLq?O$STk3NzmrHM zsCgQS5I+nxDH0iyU;KKjzS24GJmG?{D`08|N-v+Egy92lBku)fnAM<}tELA_U`)xKYb=pq|hejMCT1-rg0Edt6(*E9l9WCKI1a=@c99swp2t6Tx zFHy`8Hb#iXS(8c>F~({`NV@F4w0lu5X;MH6I$&|h*qfx{~DJ*h5e|61t1QP}tZEIcjC%!Fa)omJTfpX%aI+OD*Y(l|xc0$1Zip;4rx; zV=qI!5tSuXG7h?jLR)pBEx!B15HCoVycD&Z2dlqN*MFQDb!|yi0j~JciNC!>){~ zQQgmZvc}0l$XB0VIWdg&ShDTbTkArryp3x)T8%ulR;Z?6APx{JZyUm=LC-ACkFm`6 z(x7zm5ULIU-xGi*V6x|eF~CN`PUM%`!4S;Uv_J>b#&OT9IT=jx5#nydC4=0htcDme zDUH*Hk-`Jsa>&Z<7zJ{K4AZE1BVW%zk&MZ^lHyj8mWmk|Pq8WwHROz0Kwj-AFqvR)H2gDN*6dzVk>R3@_CV zw3Z@6s^73xW)XY->AFwUlk^4Q=hXE;ckW=|RcZFchyOM0vqBW{2l*QR#v^SZNnT6j zZv|?ZO1-C_wLWVuYORQryj29JA; zS4BsxfVl@X!W{!2GkG9fL4}58Srv{$-GYngg>JuHz!7ZPQbfIQr4@6ZC4T$`;Vr@t zD#-uJ8A!kSM*gA&^6yWi|F}&59^*Rx{qn3z{(JYxrzg!X2b#uGd>&O0e=0k_2*N?3 zYXV{v={ONL{rW~z_FtFj7kSSJZ?s);LL@W&aND7blR8rlvkAb48RwJZlOHA~t~RfC zOD%ZcOzhYEV&s9%qns0&ste5U!^MFWYn`Od()5RwIz6%@Ek+Pn`s79unJY-$7n-Uf z&eUYvtd)f7h7zG_hDiFC!psCg#q&0c=GHKOik~$$>$Fw*k z;G)HS$IR)Cu72HH|JjeeauX;U6IgZ_IfxFCE_bGPAU25$!j8Etsl0Rk@R`$jXuHo8 z3Hhj-rTR$Gq(x)4Tu6;6rHQhoCvL4Q+h0Y+@Zdt=KTb0~wj7-(Z9G%J+aQu05@k6JHeCC|YRFWGdDCV}ja;-yl^9<`>f=AwOqML1a~* z9@cQYb?!+Fmkf}9VQrL8$uyq8k(r8)#;##xG9lJ-B)Fg@15&To(@xgk9SP*bkHlxiy8I*wJQylh(+9X~H-Is!g&C!q*eIYuhl&fS&|w)dAzXBdGJ&Mp$+8D| zZaD<+RtjI90QT{R0YLk6_dm=GfCg>7;$ zlyLsNYf@MfLH<}ott5)t2CXiQos zFLt^`%ygB2Vy^I$W3J_Rt4olRn~Gh}AW(`F@LsUN{d$sR%bU&3;rsD=2KCL+4c`zv zlI%D>9-)U&R3;>d1Vdd5b{DeR!HXDm44Vq*u?`wziLLsFUEp4El;*S0;I~D#TgG0s zBXYZS{o|Hy0A?LVNS)V4c_CFwyYj-E#)4SQq9yaf`Y2Yhk7yHSdos~|fImZG5_3~~o<@jTOH@Mc7`*xn-aO5F zyFT-|LBsm(NbWkL^oB-Nd31djBaYebhIGXhsJyn~`SQ6_4>{fqIjRp#Vb|~+Qi}Mdz!Zsw= zz?5L%F{c{;Cv3Q8ab>dsHp)z`DEKHf%e9sT(aE6$az?A}3P`Lm(~W$8Jr=;d8#?dm_cmv>2673NqAOenze z=&QW`?TQAu5~LzFLJvaJ zaBU3mQFtl5z?4XQDBWNPaH4y)McRpX#$(3o5Nx@hVoOYOL&-P+gqS1cQ~J;~1roGH zVzi46?FaI@w-MJ0Y7BuAg*3;D%?<_OGsB3)c|^s3A{UoAOLP8scn`!5?MFa|^cTvq z#%bYG3m3UO9(sH@LyK9-LSnlVcm#5^NRs9BXFtRN9kBY2mPO|@b7K#IH{B{=0W06) zl|s#cIYcreZ5p3j>@Ly@35wr-q8z5f9=R42IsII=->1stLo@Q%VooDvg@*K(H@*5g zUPS&cM~k4oqp`S+qp^*nxzm^0mg3h8ppEHQ@cXyQ=YKV-6)FB*$KCa{POe2^EHr{J zOxcVd)s3Mzs8m`iV?MSp=qV59blW9$+$P+2;PZDRUD~sr*CQUr&EDiCSfH@wuHez+ z`d5p(r;I7D@8>nbZ&DVhT6qe+accH;<}q$8Nzz|d1twqW?UV%FMP4Y@NQ`3(+5*i8 zP9*yIMP7frrneG3M9 zf>GsjA!O#Bifr5np-H~9lR(>#9vhE6W-r`EjjeQ_wdWp+rt{{L5t5t(Ho|4O24@}4 z_^=_CkbI`3;~sXTnnsv=^b3J}`;IYyvb1gM>#J9{$l#Zd*W!;meMn&yXO7x`Epx_Y zm-1wlu~@Ii_7D}>%tzlXW;zQT=uQXSG@t$<#6-W*^vy7Vr2TCpnix@7!_|aNXEnN<-m?Oq;DpN*x6f>w za1Wa5entFEDtA0SD%iZv#3{wl-S`0{{i3a9cmgNW`!TH{J*~{@|5f%CKy@uk*8~af zt_d34U4y&3y9IZ5cXxLQ?(XjH5?q3Z0KxK~y!-CUyWG6{<)5lkhbox0HnV&7^zNBn zjc|?X!Y=63(Vg>#&Wx%=LUr5{i@~OdzT#?P8xu#P*I_?Jl7xM4dq)4vi}3Wj_c=XI zSbc)@Q2Et4=(nBDU{aD(F&*%Ix!53_^0`+nOFk)}*34#b0Egffld|t_RV91}S0m)0 zap{cQDWzW$geKzYMcDZDAw480!1e1!1Onpv9fK9Ov~sfi!~OeXb(FW)wKx335nNY! za6*~K{k~=pw`~3z!Uq%?MMzSl#s%rZM{gzB7nB*A83XIGyNbi|H8X>a5i?}Rs+z^; z2iXrmK4|eDOu@{MdS+?@(!-Ar4P4?H_yjTEMqm7`rbV4P275(-#TW##v#Dt14Yn9UB-Sg3`WmL0+H~N;iC`Mg%pBl?1AAOfZ&e; z*G=dR>=h_Mz@i;lrGpIOQwezI=S=R8#);d*;G8I(39ZZGIpWU)y?qew(t!j23B9fD z?Uo?-Gx3}6r8u1fUy!u)7LthD2(}boE#uhO&mKBau8W8`XV7vO>zb^ZVWiH-DOjl2 zf~^o1CYVU8eBdmpAB=T%i(=y}!@3N%G-*{BT_|f=egqtucEtjRJJhSf)tiBhpPDpgzOpG12UgvOFnab&16Zn^2ZHjs)pbd&W1jpx%%EXmE^ zdn#R73^BHp3w%&v!0~azw(Fg*TT*~5#dJw%-UdxX&^^(~V&C4hBpc+bPcLRZizWlc zjR;$4X3Sw*Rp4-o+a4$cUmrz05RucTNoXRINYG*DPpzM&;d1GNHFiyl(_x#wspacQ zL)wVFXz2Rh0k5i>?Ao5zEVzT)R(4Pjmjv5pzPrav{T(bgr|CM4jH1wDp6z*_jnN{V ziN56m1T)PBp1%`OCFYcJJ+T09`=&=Y$Z#!0l0J2sIuGQtAr>dLfq5S;{XGJzNk@a^ zk^eHlC4Gch`t+ue3RviiOlhz81CD9z~d|n5;A>AGtkZMUQ#f>5M14f2d}2 z8<*LNZvYVob!p9lbmb!0jt)xn6O&JS)`}7v}j+csS3e;&Awj zoNyjnqLzC(QQ;!jvEYUTy73t_%16p)qMb?ihbU{y$i?=a7@JJoXS!#CE#y}PGMK~3 zeeqqmo7G-W_S97s2eed^erB2qeh4P25)RO1>MH7ai5cZJTEevogLNii=oKG)0(&f` z&hh8cO{of0;6KiNWZ6q$cO(1)9r{`}Q&%p*O0W7N--sw3Us;)EJgB)6iSOg(9p_mc zRw{M^qf|?rs2wGPtjVKTOMAfQ+ZNNkb$Ok0;Pe=dNc7__TPCzw^H$5J0l4D z%p(_0w(oLmn0)YDwrcFsc*8q)J@ORBRoZ54GkJpxSvnagp|8H5sxB|ZKirp%_mQt_ z81+*Y8{0Oy!r8Gmih48VuRPwoO$dDW@h53$C)duL4_(osryhwZSj%~KsZ?2n?b`Z* z#C8aMdZxYmCWSM{mFNw1ov*W}Dl=%GQpp90qgZ{(T}GOS8#>sbiEU;zYvA?=wbD5g+ahbd1#s`=| zV6&f#ofJC261~Ua6>0M$w?V1j##jh-lBJ2vQ%&z`7pO%frhLP-1l)wMs=3Q&?oth1 zefkPr@3Z(&OL@~|<0X-)?!AdK)ShtFJ;84G2(izo3cCuKc{>`+aDoziL z6gLTL(=RYeD7x^FYA%sPXswOKhVa4i(S4>h&mLvS##6-H?w8q!B<8Alk>nQEwUG)SFXK zETfcTwi=R3!ck|hSM`|-^N3NWLav&UTO{a9=&Tuz-Kq963;XaRFq#-1R18fi^Gb-; zVO>Q{Oe<^b0WA!hkBi9iJp3`kGwacXX2CVQ0xQn@Y2OhrM%e4)Ea7Y*Df$dY2BpbL zv$kX}*#`R1uNA(7lk_FAk~{~9Z*Si5xd(WKQdD&I?8Y^cK|9H&huMU1I(251D7(LL z+){kRc=ALmD;#SH#YJ+|7EJL6e~w!D7_IrK5Q=1DCulUcN(3j`+D_a|GP}?KYx}V+ zx_vLTYCLb0C?h;e<{K0`)-|-qfM16y{mnfX(GGs2H-;-lRMXyb@kiY^D;i1haxoEk zsQ7C_o2wv?;3KS_0w^G5#Qgf*>u)3bT<3kGQL-z#YiN9QH7<(oDdNlSdeHD zQJN-U*_wJM_cU}1YOH=m>DW~{%MAPxL;gLdU6S5xLb$gJt#4c2KYaEaL8ORWf=^(l z-2`8^J;&YG@vb9em%s~QpU)gG@24BQD69;*y&-#0NBkxumqg#YYomd2tyo0NGCr8N z5<5-E%utH?Ixt!(Y4x>zIz4R^9SABVMpLl(>oXnBNWs8w&xygh_e4*I$y_cVm?W-^ ze!9mPy^vTLRclXRGf$>g%Y{(#Bbm2xxr_Mrsvd7ci|X|`qGe5=54Zt2Tb)N zlykxE&re1ny+O7g#`6e_zyjVjRi5!DeTvSJ9^BJqQ*ovJ%?dkaQl!8r{F`@KuDEJB3#ho5 zmT$A&L=?}gF+!YACb=%Y@}8{SnhaGCHRmmuAh{LxAn0sg#R6P_^cJ-9)+-{YU@<^- zlYnH&^;mLVYE+tyjFj4gaAPCD4CnwP75BBXA`O*H(ULnYD!7K14C!kGL_&hak)udZ zkQN8)EAh&9I|TY~F{Z6mBv7sz3?<^o(#(NXGL898S3yZPTaT|CzZpZ~pK~*9Zcf2F zgwuG)jy^OTZD`|wf&bEdq4Vt$ir-+qM7BosXvu`>W1;iFN7yTvcpN_#at)Q4n+(Jh zYX1A-24l9H5jgY?wdEbW{(6U1=Kc?Utren80bP`K?J0+v@{-RDA7Y8yJYafdI<7-I z_XA!xeh#R4N7>rJ_?(VECa6iWhMJ$qdK0Ms27xG&$gLAy(|SO7_M|AH`fIY)1FGDp zlsLwIDshDU;*n`dF@8vV;B4~jRFpiHrJhQ6TcEm%OjWTi+KmE7+X{19 z>e!sg0--lE2(S0tK}zD&ov-{6bMUc%dNFIn{2^vjXWlt>+uxw#d)T6HNk6MjsfN~4 zDlq#Jjp_!wn}$wfs!f8NX3Rk#9)Q6-jD;D9D=1{$`3?o~caZjXU*U32^JkJ$ZzJ_% zQWNfcImxb!AV1DRBq`-qTV@g1#BT>TlvktYOBviCY!13Bv?_hGYDK}MINVi;pg)V- z($Bx1Tj`c?1I3pYg+i_cvFtcQ$SV9%%9QBPg&8R~Ig$eL+xKZY!C=;M1|r)$&9J2x z;l^a*Ph+isNl*%y1T4SviuK1Nco_spQ25v5-}7u?T9zHB5~{-+W*y3p{yjn{1obqf zYL`J^Uz8zZZN8c4Dxy~)k3Ws)E5eYi+V2C!+7Sm0uu{xq)S8o{9uszFTnE>lPhY=5 zdke-B8_*KwWOd%tQs_zf0x9+YixHp+Qi_V$aYVc$P-1mg?2|_{BUr$6WtLdIX2FaF zGmPRTrdIz)DNE)j*_>b9E}sp*(1-16}u za`dgT`KtA3;+e~9{KV48RT=CGPaVt;>-35}%nlFUMK0y7nOjoYds7&Ft~#>0$^ciZ zM}!J5Mz{&|&lyG^bnmh?YtR z*Z5EfDxkrI{QS#Iq752aiA~V)DRlC*2jlA|nCU!@CJwxO#<=j6ssn;muv zhBT9~35VtwsoSLf*(7vl&{u7d_K_CSBMbzr zzyjt&V5O#8VswCRK3AvVbS7U5(KvTPyUc0BhQ}wy0z3LjcdqH8`6F3!`)b3(mOSxL z>i4f8xor(#V+&#ph~ycJMcj#qeehjxt=~Na>dx#Tcq6Xi4?BnDeu5WBBxt603*BY& zZ#;o1kv?qpZjwK-E{8r4v1@g*lwb|8w@oR3BTDcbiGKs)a>Fpxfzh&b ziQANuJ_tNHdx;a*JeCo^RkGC$(TXS;jnxk=dx++D8|dmPP<0@ z$wh#ZYI%Rx$NKe-)BlJzB*bot0ras3I%`#HTMDthGtM_G6u-(tSroGp1Lz+W1Y`$@ zP`9NK^|IHbBrJ#AL3!X*g3{arc@)nuqa{=*2y+DvSwE=f*{>z1HX(>V zNE$>bbc}_yAu4OVn;8LG^naq5HZY zh{Hec==MD+kJhy6t=Nro&+V)RqORK&ssAxioc7-L#UQuPi#3V2pzfh6Ar400@iuV5 z@r>+{-yOZ%XQhsSfw%;|a4}XHaloW#uGluLKux0II9S1W4w=X9J=(k&8KU()m}b{H zFtoD$u5JlGfpX^&SXHlp$J~wk|DL^YVNh2w(oZ~1*W156YRmenU;g=mI zw({B(QVo2JpJ?pJqu9vijk$Cn+%PSw&b4c@uU6vw)DjGm2WJKt!X}uZ43XYlDIz%& z=~RlgZpU-tu_rD`5!t?289PTyQ zZgAEp=zMK>RW9^~gyc*x%vG;l+c-V?}Bm;^{RpgbEnt_B!FqvnvSy)T=R zGa!5GACDk{9801o@j>L8IbKp#!*Td5@vgFKI4w!5?R{>@^hd8ax{l=vQnd2RDHopo zwA+qb2cu4Rx9^Bu1WNYT`a(g}=&&vT`&Sqn-irxzX_j1=tIE#li`Hn=ht4KQXp zzZj`JO+wojs0dRA#(bXBOFn**o+7rPY{bM9m<+UBF{orv$#yF8)AiOWfuas5Fo`CJ zqa;jAZU^!bh8sjE7fsoPn%Tw11+vufr;NMm3*zC=;jB{R49e~BDeMR+H6MGzDlcA^ zKg>JEL~6_6iaR4i`tSfUhkgPaLXZ<@L7poRF?dw_DzodYG{Gp7#24<}=18PBT}aY` z{)rrt`g}930jr3^RBQNA$j!vzTh#Mo1VL`QCA&US?;<2`P+xy8b9D_Hz>FGHC2r$m zW>S9ywTSdQI5hh%7^e`#r#2906T?))i59O(V^Rpxw42rCAu-+I3y#Pg6cm#&AX%dy ze=hv0cUMxxxh1NQEIYXR{IBM&Bk8FK3NZI3z+M>r@A$ocd*e%x-?W;M0pv50p+MVt zugo<@_ij*6RZ;IPtT_sOf2Zv}-3R_1=sW37GgaF9Ti(>V z1L4ju8RzM%&(B}JpnHSVSs2LH#_&@`4Kg1)>*)^i`9-^JiPE@=4l$+?NbAP?44hX&XAZy&?}1;=8c(e0#-3bltVWg6h=k!(mCx=6DqOJ-I!-(g;*f~DDe={{JGtH7=UY|0F zNk(YyXsGi;g%hB8x)QLpp;;`~4rx>zr3?A|W$>xj>^D~%CyzRctVqtiIz7O3pc@r@JdGJiH@%XR_9vaYoV?J3K1cT%g1xOYqhXfSa`fg=bCLy% zWG74UTdouXiH$?H()lyx6QXt}AS)cOa~3IdBxddcQp;(H-O}btpXR-iwZ5E)di9Jf zfToEu%bOR11xf=Knw7JovRJJ#xZDgAvhBDF<8mDu+Q|!}Z?m_=Oy%Ur4p<71cD@0OGZW+{-1QT?U%_PJJ8T!0d2*a9I2;%|A z9LrfBU!r9qh4=3Mm3nR_~X-EyNc<;?m`?dKUNetCnS)}_-%QcWuOpw zAdZF`4c_24z&m{H9-LIL`=Hrx%{IjrNZ~U<7k6p{_wRkR84g>`eUBOQd3x5 zT^kISYq)gGw?IB8(lu1=$#Vl?iZdrx$H0%NxW)?MO$MhRHn8$F^&mzfMCu>|`{)FL z`ZgOt`z%W~^&kzMAuWy9=q~$ldBftH0}T#(K5e8;j~!x$JjyspJ1IISI?ON5OIPB$ z-5_|YUMb+QUsiv3R%Ys4tVYW+x$}dg;hw%EdoH%SXMp`)v?cxR4wic{X9pVBH>=`#`Kcj!}x4 zV!`6tj|*q?jZdG(CSevn(}4Ogij5 z-kp;sZs}7oNu0x+NHs~(aWaKGV@l~TBkmW&mPj==N!f|1e1SndS6(rPxsn7dz$q_{ zL0jSrihO)1t?gh8N zosMjR3n#YC()CVKv zos2TbnL&)lHEIiYdz|%6N^vAUvTs6?s|~kwI4uXjc9fim`KCqW3D838Xu{48p$2?I zOeEqQe1}JUZECrZSO_m=2<$^rB#B6?nrFXFpi8jw)NmoKV^*Utg6i8aEW|^QNJuW& z4cbXpHSp4|7~TW(%JP%q9W2~@&@5Y5%cXL#fMhV59AGj<3$Hhtfa>24DLk{7GZUtr z5ql**-e58|mbz%5Kk~|f!;g+Ze^b);F+5~^jdoq#m+s?Y*+=d5ruym%-Tnn8htCV; zDyyUrWydgDNM&bI{yp<_wd-q&?Ig+BN-^JjWo6Zu3%Eov^Ja>%eKqrk&7kUqeM8PL zs5D}lTe_Yx;e=K`TDya!-u%y$)r*Cr4bSfN*eZk$XT(Lv2Y}qj&_UaiTevxs_=HXjnOuBpmT> zBg|ty8?|1rD1~Ev^6=C$L9%+RkmBSQxlnj3j$XN?%QBstXdx+Vl!N$f2Ey`i3p@!f zzqhI3jC(TZUx|sP%yValu^nzEV96o%*CljO>I_YKa8wMfc3$_L()k4PB6kglP@IT#wBd*3RITYADL}g+hlzLYxFmCt=_XWS}=jg8`RgJefB57z(2n&&q>m ze&F(YMmoRZW7sQ;cZgd(!A9>7mQ2d#!-?$%G8IQ0`p1|*L&P$GnU0i0^(S;Rua4v8 z_7Qhmv#@+kjS-M|($c*ZOo?V2PgT;GKJyP1REABlZhPyf!kR(0UA7Bww~R<7_u6#t z{XNbiKT&tjne(&=UDZ+gNxf&@9EV|fblS^gxNhI-DH;|`1!YNlMcC{d7I{u_E~cJOalFEzDY|I?S3kHtbrN&}R3k zK(Ph_Ty}*L3Et6$cUW`0}**BY@44KtwEy(jW@pAt`>g> z&8>-TmJiDwc;H%Ae%k6$ndZlfKruu1GocgZrLN=sYI52}_I%d)~ z6z40!%W4I6ch$CE2m>Dl3iwWIbcm27QNY#J!}3hqc&~(F8K{^gIT6E&L!APVaQhj^ zjTJEO&?**pivl^xqfD(rpLu;`Tm1MV+Wtd4u>X6u5V{Yp%)xH$k410o{pGoKdtY0t@GgqFN zO=!hTcYoa^dEPKvPX4ukgUTmR#q840gRMMi%{3kvh9gt(wK;Fniqu9A%BMsq?U&B5DFXC8t8FBN1&UIwS#=S zF(6^Eyn8T}p)4)yRvs2rCXZ{L?N6{hgE_dkH_HA#L3a0$@UMoBw6RE9h|k_rx~%rB zUqeEPL|!Pbp|up2Q=8AcUxflck(fPNJYP1OM_4I(bc24a**Qnd-@;Bkb^2z8Xv?;3yZp*| zoy9KhLo=;8n0rPdQ}yAoS8eb zAtG5QYB|~z@Z(Fxdu`LmoO>f&(JzsO|v0V?1HYsfMvF!3| zka=}6U13(l@$9&=1!CLTCMS~L01CMs@Abl4^Q^YgVgizWaJa%{7t)2sVcZg0mh7>d z(tN=$5$r?s={yA@IX~2ot9`ZGjUgVlul$IU4N}{ zIFBzY3O0;g$BZ#X|VjuTPKyw*|IJ+&pQ` z(NpzU`o=D86kZ3E5#!3Ry$#0AW!6wZe)_xZ8EPidvJ0f+MQJZ6|ZJ$CEV6;Yt{OJnL`dewc1k>AGbkK9Gf5BbB-fg? zgC4#CPYX+9%LLHg@=c;_Vai_~#ksI~)5|9k(W()g6ylc(wP2uSeJ$QLATtq%e#zpT zp^6Y)bV+e_pqIE7#-hURQhfQvIZpMUzD8&-t$esrKJ}4`ZhT|woYi>rP~y~LRf`*2!6 z6prDzJ~1VOlYhYAuBHcu9m>k_F>;N3rpLg>pr;{EDkeQPHfPv~woj$?UTF=txmaZy z?RrVthxVcqUM;X*(=UNg4(L|0d250Xk)6GF&DKD@r6{aZo;(}dnO5@CP7pMmdsI)- zeYH*@#+|)L8x7)@GNBu0Npyyh6r z^~!3$x&w8N)T;|LVgnwx1jHmZn{b2V zO|8s#F0NZhvux?0W9NH5;qZ?P_JtPW86)4J>AS{0F1S0d}=L2`{F z_y;o;17%{j4I)znptnB z%No1W>o}H2%?~CFo~0j?pzWk?dV4ayb!s{#>Yj`ZJ!H)xn}*Z_gFHy~JDis)?9-P=z4iOQg{26~n?dTms7)+F}? zcXvnHHnnbNTzc!$t+V}=<2L<7l(84v1I3b;-)F*Q?cwLNlgg{zi#iS)*rQ5AFWe&~ zWHPPGy{8wEC9JSL?qNVY76=es`bA{vUr~L7f9G@mP}2MNF0Qhv6Sgs`r_k!qRbSXK zv16Qqq`rFM9!4zCrCeiVS~P2e{Pw^A8I?p?NSVR{XfwlQo*wj|Ctqz4X-j+dU7eGkC(2y`(P?FM?P4gKki3Msw#fM6paBq#VNc>T2@``L{DlnnA-_*i10Kre&@-H!Z7gzn9pRF61?^^ z8dJ5kEeVKb%Bly}6NLV}<0(*eZM$QTLcH#+@iWS^>$Of_@Mu1JwM!>&3evymgY6>C_)sK+n|A5G6(3RJz0k>(z2uLdzXeTw)e4*g!h} zn*UvIx-Ozx<3rCF#C`khSv`Y-b&R4gX>d5osr$6jlq^8vi!M$QGx05pJZoY#RGr*J zsJmOhfodAzYQxv-MoU?m_|h^aEwgEHt5h_HMkHwtE+OA03(7{hm1V?AlYAS7G$u5n zO+6?51qo@aQK5#l6pM`kD5OmI28g!J2Z{5kNlSuKl=Yj3QZ|bvVHU}FlM+{QV=<=) z+b|%Q!R)FE z@ycDMSKV2?*XfcAc5@IOrSI&3&aR$|oAD8WNA6O;p~q-J@ll{x`jP<*eEpIYOYnT zer_t=dYw6a0avjQtKN&#n&(KJ5Kr$RXPOp1@Fq#0Of zTXQkq4qQxKWR>x#d{Hyh?6Y)U07;Q$?BTl7mx2bSPY_juXub1 z%-$)NKXzE<%}q>RX25*oeMVjiz&r_z;BrQV-(u>!U>C*OisXNU*UftsrH6vAhTEm@ zoKA`?fZL1sdd!+G@*NNvZa>}37u^x8^T>VH0_6Bx{3@x5NAg&55{2jUE-w3zCJNJi z^IlU=+DJz-9K&4c@7iKj(zlj@%V}27?vYmxo*;!jZVXJMeDg;5T!4Y1rxNV-e$WAu zkk6^Xao8HC=w2hpLvM(!xwo|~$eG6jJj39zyQHf)E+NPJlfspUhzRv&_qr8+Z1`DA zz`EV=A)d=;2&J;eypNx~q&Ir_7e_^xXg(L9>k=X4pxZ3y#-ch$^TN}i>X&uwF%75c(9cjO6`E5 z16vbMYb!lEIM?jxn)^+Ld8*hmEXR4a8TSfqwBg1(@^8$p&#@?iyGd}uhWTVS`Mlpa zGc+kV)K7DJwd46aco@=?iASsx?sDjbHoDVU9=+^tk46|Fxxey1u)_}c1j z^(`5~PU%og1LdSBE5x4N&5&%Nh$sy0oANXwUcGa>@CCMqP`4W$ZPSaykK|giiuMIw zu#j)&VRKWP55I(5K1^cog|iXgaK1Z%wm%T;;M3X`-`TTWaI}NtIZj;CS)S%S(h}qq zRFQ#{m4Qk$7;1i*0PC^|X1@a1pcMq1aiRSCHq+mnfj^FS{oxWs0McCN-lK4>SDp#` z7=Duh)kXC;lr1g3dqogzBBDg6>et<<>m>KO^|bI5X{+eMd^-$2xfoP*&e$vdQc7J% zmFO~OHf7aqlIvg%P`Gu|3n;lKjtRd@;;x#$>_xU(HpZos7?ShZlQSU)bY?qyQM3cHh5twS6^bF8NBKDnJgXHa)? zBYv=GjsZuYC2QFS+jc#uCsaEPEzLSJCL=}SIk9!*2Eo(V*SAUqKw#?um$mUIbqQQb zF1Nn(y?7;gP#@ws$W76>TuGcG=U_f6q2uJq?j#mv7g;llvqu{Yk~Mo>id)jMD7;T> zSB$1!g)QpIf*f}IgmV;!B+3u(ifW%xrD=`RKt*PDC?M5KI)DO`VXw(7X-OMLd3iVU z0CihUN(eNrY;m?vwK{55MU`p1;JDF=6ITN$+!q8W#`iIsN8;W7H?`htf%RS9Lh+KQ z_p_4?qO4#*`t+8l-N|kAKDcOt zoHsqz_oO&n?@4^Mr*4YrkDX44BeS*0zaA1j@*c}{$;jUxRXx1rq7z^*NX6d`DcQ}L z6*cN7e%`2#_J4z8=^GM6>%*i>>X^_0u9qn%0JTUo)c0zIz|7a`%_UnB)-I1cc+ z0}jAK0}jBl|6-2VT759oxBnf%-;7vs>7Mr}0h3^$0`5FAy}2h{ps5%RJA|^~6uCqg zxBMK5bQVD{Aduh1lu4)`Up*&( zCJQ>nafDb#MuhSZ5>YmD@|TcrNv~Q%!tca;tyy8Iy2vu2CeA+AsV^q*Wohg%69XYq zP0ppEDEYJ9>Se&X(v=U#ibxg()m=83pLc*|otbG;`CYZ z*YgsakGO$E$E_$|3bns7`m9ARe%myU3$DE;RoQ<6hR8e;%`pxO1{GXb$cCZl9lVnJ$(c` z``G?|PhXaz`>)rb7jm2#v7=(W?@ zjUhrNndRFMQ}%^^(-nmD&J>}9w@)>l;mhRr@$}|4ueOd?U9ZfO-oi%^n4{#V`i}#f zqh<@f^%~(MnS?Z0xsQI|Fghrby<&{FA+e4a>c(yxFL!Pi#?DW!!YI{OmR{xEC7T7k zS_g*9VWI}d0IvIXx*d5<7$5Vs=2^=ews4qZGmAVyC^9e;wxJ%BmB(F5*&!yyABCtLVGL@`qW>X9K zpv=W~+EszGef=am3LG+#yIq5oLXMnZ_dxSLQ_&bwjC^0e8qN@v!p?7mg02H<9`uaJ zy0GKA&YQV2CxynI3T&J*m!rf4@J*eo235*!cB1zEMQZ%h5>GBF;8r37K0h?@|E*0A zIHUg0y7zm(rFKvJS48W7RJwl!i~<6X2Zw+Fbm9ekev0M;#MS=Y5P(kq^(#q11zsvq zDIppe@xOMnsOIK+5BTFB=cWLalK#{3eE>&7fd11>l2=MpNKjsZT2kmG!jCQh`~Fu0 z9P0ab`$3!r`1yz8>_7DYsO|h$kIsMh__s*^KXv?Z1O8|~sEz?Y{+GDzze^GPjk$E$ zXbA-1gd77#=tn)YKU=;JE?}De0)WrT%H9s3`fn|%YibEdyZov3|MJ>QWS>290eCZj z58i<*>dC9=kz?s$sP_9kK1p>nV3qvbleExyq56|o+oQsb{ZVmuu1n~JG z0sUvo_i4fSM>xRs8rvG$*+~GZof}&ISxn(2JU*K{L<3+b{bBw{68H&Uiup@;fWWl5 zgB?IWMab0LkXK(Hz#yq>scZbd2%=B?DO~^q9tarlzZysN+g}n0+v);JhbjUT8AYrt z3?;0r%p9zLJv1r$%q&HKF@;3~0wVwO!U5m;J`Mm|`Nc^80sZd+Wj}21*SPoF82hCF zoK?Vw;4ioafdAkZxT1er-LLVi-*0`@2Ur&*!b?0U>R;no+S%)xoBuBxRw$?weN-u~tKE}8xb@7Gs%(aC;e1-LIlSfXDK(faFW)mnHdrLc3`F z6ZBsT^u0uVS&il=>YVX^*5`k!P4g1)2LQmz{?&dgf`7JrA4ZeE0sikL`k!Eb6r=g0 z{aCy_0I>fxSAXQYz3lw5G|ivg^L@(x-uch!AphH+d;E4`175`R0#b^)Zp>EM1Ks=zx6_261>!7 z{7F#a{Tl@Tpw9S`>7_i|PbScS-(dPJv9_0-FBP_aa@Gg^2IoKNZM~#=sW$SH3MJ|{ zsQy8F43lX7hYx<{v^Q9`2QsMzeen3cGpiTgzVp- z`aj3&Wv0(he1qKI!2jpGpO-i0Wpcz%vdn`2o9x&3;^nsZPt3c \(.*\)$'` + if expr "$link" : '/.*' > /dev/null; then + PRG="$link" + else + PRG=`dirname "$PRG"`"/$link" + fi +done +SAVED="`pwd`" +cd "`dirname \"$PRG\"`/" >/dev/null +APP_HOME="`pwd -P`" +cd "$SAVED" >/dev/null + +APP_NAME="Gradle" +APP_BASE_NAME=`basename "$0"` + +# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' + +# Use the maximum available, or set MAX_FD != -1 to use that value. +MAX_FD="maximum" + +warn () { + echo "$*" +} + +die () { + echo + echo "$*" + echo + exit 1 +} + +# OS specific support (must be 'true' or 'false'). +cygwin=false +msys=false +darwin=false +nonstop=false +case "`uname`" in + CYGWIN* ) + cygwin=true + ;; + Darwin* ) + darwin=true + ;; + MINGW* ) + msys=true + ;; + NONSTOP* ) + nonstop=true + ;; +esac + +CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar + +# Determine the Java command to use to start the JVM. +if [ -n "$JAVA_HOME" ] ; then + if [ -x "$JAVA_HOME/jre/sh/java" ] ; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD="$JAVA_HOME/jre/sh/java" + else + JAVACMD="$JAVA_HOME/bin/java" + fi + if [ ! -x "$JAVACMD" ] ; then + die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." + fi +else + JAVACMD="java" + which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." +fi + +# Increase the maximum file descriptors if we can. +if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then + MAX_FD_LIMIT=`ulimit -H -n` + if [ $? -eq 0 ] ; then + if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then + MAX_FD="$MAX_FD_LIMIT" + fi + ulimit -n $MAX_FD + if [ $? -ne 0 ] ; then + warn "Could not set maximum file descriptor limit: $MAX_FD" + fi + else + warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" + fi +fi + +# For Darwin, add options to specify how the application appears in the dock +if $darwin; then + GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" +fi + +# For Cygwin, switch paths to Windows format before running java +if $cygwin ; then + APP_HOME=`cygpath --path --mixed "$APP_HOME"` + CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` + JAVACMD=`cygpath --unix "$JAVACMD"` + + # We build the pattern for arguments to be converted via cygpath + ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` + SEP="" + for dir in $ROOTDIRSRAW ; do + ROOTDIRS="$ROOTDIRS$SEP$dir" + SEP="|" + done + OURCYGPATTERN="(^($ROOTDIRS))" + # Add a user-defined pattern to the cygpath arguments + if [ "$GRADLE_CYGPATTERN" != "" ] ; then + OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" + fi + # Now convert the arguments - kludge to limit ourselves to /bin/sh + i=0 + for arg in "$@" ; do + CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` + CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option + + if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition + eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` + else + eval `echo args$i`="\"$arg\"" + fi + i=$((i+1)) + done + case $i in + (0) set -- ;; + (1) set -- "$args0" ;; + (2) set -- "$args0" "$args1" ;; + (3) set -- "$args0" "$args1" "$args2" ;; + (4) set -- "$args0" "$args1" "$args2" "$args3" ;; + (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; + (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; + (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; + (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; + (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; + esac +fi + +# Escape application args +save () { + for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done + echo " " +} +APP_ARGS=$(save "$@") + +# Collect all arguments for the java command, following the shell quoting and substitution rules +eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" + +# by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong +if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then + cd "$(dirname "$0")" +fi + +exec "$JAVACMD" "$@" diff --git a/gradlew.bat b/gradlew.bat new file mode 100755 index 0000000..9991c50 --- /dev/null +++ b/gradlew.bat @@ -0,0 +1,100 @@ +@rem +@rem Copyright 2015 the original author or authors. +@rem +@rem Licensed under the Apache License, Version 2.0 (the "License"); +@rem you may not use this file except in compliance with the License. +@rem You may obtain a copy of the License at +@rem +@rem http://www.apache.org/licenses/LICENSE-2.0 +@rem +@rem Unless required by applicable law or agreed to in writing, software +@rem distributed under the License is distributed on an "AS IS" BASIS, +@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +@rem See the License for the specific language governing permissions and +@rem limitations under the License. +@rem + +@if "%DEBUG%" == "" @echo off +@rem ########################################################################## +@rem +@rem Gradle startup script for Windows +@rem +@rem ########################################################################## + +@rem Set local scope for the variables with windows NT shell +if "%OS%"=="Windows_NT" setlocal + +set DIRNAME=%~dp0 +if "%DIRNAME%" == "" set DIRNAME=. +set APP_BASE_NAME=%~n0 +set APP_HOME=%DIRNAME% + +@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m" + +@rem Find java.exe +if defined JAVA_HOME goto findJavaFromJavaHome + +set JAVA_EXE=java.exe +%JAVA_EXE% -version >NUL 2>&1 +if "%ERRORLEVEL%" == "0" goto init + +echo. +echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:findJavaFromJavaHome +set JAVA_HOME=%JAVA_HOME:"=% +set JAVA_EXE=%JAVA_HOME%/bin/java.exe + +if exist "%JAVA_EXE%" goto init + +echo. +echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:init +@rem Get command-line arguments, handling Windows variants + +if not "%OS%" == "Windows_NT" goto win9xME_args + +:win9xME_args +@rem Slurp the command line arguments. +set CMD_LINE_ARGS= +set _SKIP=2 + +:win9xME_args_slurp +if "x%~1" == "x" goto execute + +set CMD_LINE_ARGS=%* + +:execute +@rem Setup the command line + +set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar + +@rem Execute Gradle +"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% + +:end +@rem End local scope for the variables with windows NT shell +if "%ERRORLEVEL%"=="0" goto mainEnd + +:fail +rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of +rem the _cmd.exe /c_ return code! +if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 +exit /b 1 + +:mainEnd +if "%OS%"=="Windows_NT" endlocal + +:omega diff --git a/settings.gradle.kts b/settings.gradle.kts new file mode 100644 index 0000000..c065559 --- /dev/null +++ b/settings.gradle.kts @@ -0,0 +1,23 @@ +/* + * Copyright 2019 Björn Kautler + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +rootProject.name = "teamcity-ssh-tunnel" + +include("common") +include("agent") +include("commonServer") +include("server") +include("serverPre2018.2")