405c1d5acc
Rationale: this is about security of any currently running service, not about keeping services up. Any service might have been put down for any reason.
54 lines
1.4 KiB
Bash
Executable File
54 lines
1.4 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
set -eu
|
|
|
|
function fail_one()
|
|
{
|
|
echo >&2 "FAILURE when processing $CONTAINER_ID ($NAME_OF_CONTAINER), step: " "$@"
|
|
RC=1
|
|
}
|
|
|
|
cd -P "$(dirname "$(readlink -f "$0")" )"
|
|
|
|
if [[ "$PWD" != "$(printf %q "$PWD" )" ]]
|
|
then
|
|
echo >&2 "WARNING: path seems unsafe: $PWD"
|
|
fi
|
|
|
|
SCRIPT_ROOT="$PWD"
|
|
cd ..
|
|
INFRA_ROOT="$PWD"
|
|
|
|
CONTAINER_IDS=( "$@" )
|
|
|
|
if [[ "${#CONTAINER_IDS[@]}" == 0 ]]
|
|
then
|
|
echo "No container ID supplied on command line, doing them all."
|
|
mapfile -t CONTAINER_IDS < <( docker ps --format "{{.ID}}" )
|
|
fi
|
|
|
|
RC=0
|
|
|
|
echo Will process these containers:
|
|
printf '%s\n' "${CONTAINER_IDS[@]}"
|
|
|
|
for CONTAINER_ID in "${CONTAINER_IDS[@]}"
|
|
do
|
|
echo "Processing $CONTAINER_ID"
|
|
TMPFILE=$(mktemp)
|
|
docker exec -u root $CONTAINER_ID bash -c "export LC_ALL=C ; apt-get update ; apt-get upgrade --dry-run" | tee $TMPFILE
|
|
trap "rm $TMPFILE" EXIT
|
|
if grep "0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded." $TMPFILE
|
|
then
|
|
echo "No update needed."
|
|
continue
|
|
fi
|
|
|
|
PATH_OF_CONTAINER="$( docker inspect --format='{{ index .Config.Labels "com.docker.compose.project.working_dir" }}' $CONTAINER_ID )"
|
|
NAME_OF_CONTAINER="$( docker inspect --format='{{ .Name }}' $CONTAINER_ID )"
|
|
cd $PATH_OF_CONTAINER
|
|
docker-compose pull || { fail_one "pull" ; continue ; }
|
|
docker-compose build --no-cache || { fail_one "build" ; continue ; }
|
|
docker-compose up -d || { fail_one "switch to newly built container" ; continue ; }
|
|
done
|