diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..32ca3fe --- /dev/null +++ b/.dockerignore @@ -0,0 +1,6 @@ +docker-images +scyllaridae +.git +.github + + diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml new file mode 100644 index 0000000..7fae5a8 --- /dev/null +++ b/.github/workflows/build-push.yml @@ -0,0 +1,67 @@ +name: build-push-ar +on: + workflow_call: + inputs: + dockerFile: + required: true + type: string +jobs: + build-push-ar: + runs-on: ubuntu-latest + timeout-minutes: 15 + permissions: + contents: read + id-token: write + steps: + - uses: 'actions/checkout@v4' + + - name: Extract branch name as docker tag + shell: bash + run: |- + BRANCH=$(echo "${GITHUB_REF#refs/heads/}" | sed 's/[^a-zA-Z0-9._-]//g' | awk '{print substr($0, length($0)-120)}') + echo "branch=$BRANCH" >> $GITHUB_OUTPUT + id: extract_branch + + - name: Extract tag name + shell: bash + run: |- + t=$(echo ${GITHUB_SHA} | cut -c1-7) + echo "tag=$t" >> $GITHUB_OUTPUT + id: extract_tag + + - name: Setup docker build + shell: bash + run: |- + # put the YML file in place so it's copied into the Docker container + DIR=$(dirname "${{ inputs.dockerFile }}") + cp $DIR/scyllaridae.yml . + # name the docker image after the folder name prefixed by scyllaridae + # e.g. scyllaridae-curl + echo "image=scyllaridae-$(basename $DIR)" >> $GITHUB_OUTPUT + id: setup + + - id: 'auth' + name: 'Authenticate to Google Cloud' + uses: 'google-github-actions/auth@v1' + with: + workload_identity_provider: ${{ secrets.GCLOUD_OIDC_POOL }} + create_credentials_file: true + service_account: ${{ secrets.GSA }} + token_format: 'access_token' + + - uses: 'docker/login-action@v3' + name: 'Docker login' + with: + registry: 'us-docker.pkg.dev' + username: 'oauth2accesstoken' + password: '${{ steps.auth.outputs.access_token }}' + + - name: Build and push + uses: docker/build-push-action@v5 + with: + context: . + file: ${{ inputs.dockerFile }} + push: true + tags: | + us-docker.pkg.dev/${{ secrets.GCLOUD_PROJECT }}/public/${{steps.setup.outputs.image}}:${{steps.extract_branch.outputs.branch}}-${{steps.extract_tag.outputs.tag}} + us-docker.pkg.dev/${{ secrets.GCLOUD_PROJECT }}/public/${{steps.setup.outputs.image}}:${{steps.extract_branch.outputs.branch}} diff --git a/.github/workflows/lint-test-build.yml b/.github/workflows/lint-test-build.yml new file mode 100644 index 0000000..13937aa --- /dev/null +++ b/.github/workflows/lint-test-build.yml @@ -0,0 +1,60 @@ +name: lint-test +on: + push: + +permissions: + contents: read + +jobs: + + lint-test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - uses: actions/setup-go@v4 + + - name: golangci-lint + uses: golangci/golangci-lint-action@v3 + with: + version: v1.54 + + - name: Install dependencies + run: go get . + + - name: Build + run: go build -v ./... + + - name: Put fixture in place + run: cp scyllaridae.example.yml scyllaridae.yml + + - name: Test with the Go CLI + run: go test -v ./... + + find-images: + name: Find docker images needing built + runs-on: ubuntu-latest + outputs: + dockerFiles: ${{ steps.images.outputs.dockerFiles }} + steps: + - uses: actions/checkout@v4 + - name: Find docker files + id: images + run: | + dockerFiles=$(find docker-images -name Dockerfile | jq -c --raw-input --slurp 'split("\n")| .[0:-1]') + echo "dockerFiles=$dockerFiles" >> $GITHUB_OUTPUT + env: + GITHUB_REF: ${{ github.ref }} + + build-push: + needs: [find-images] + strategy: + matrix: + dockerFile: ${{ fromJson(needs.find-images.outputs.dockerFiles )}} + uses: .github/workflows/build-push + with: + dockerFile: "public/${{ matrix.dockerFile }}" + permissions: + contents: read + id-token: write + secrets: inherit diff --git a/.github/workflows/lint-test.yml b/.github/workflows/lint-test.yml deleted file mode 100644 index dc85d7a..0000000 --- a/.github/workflows/lint-test.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: lint-test -on: [push] -permissions: - contents: read - -jobs: - lint-test: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v4 - - name: golangci-lint - uses: golangci/golangci-lint-action@v3 - with: - version: v1.54 - - name: Install dependencies - run: go get . - - name: Build - run: go build -v ./... - - name: Put fixture in place - run: cp scyllaridae.example.yml scyllaridae.yml - - name: Test with the Go CLI - run: go test -v ./... diff --git a/docker-images/curl/Dockerfile b/docker-images/curl/Dockerfile new file mode 100644 index 0000000..bd95201 --- /dev/null +++ b/docker-images/curl/Dockerfile @@ -0,0 +1,15 @@ +FROM golang:1.21-alpine + +WORKDIR /app + +RUN apk update && \ + apk add openssl curl && \ + openssl s_client -connect helloworld.letsencrypt.org:443 -showcerts /dev/null | sed -e '/-----BEGIN/,/-----END/!d' | tee "/usr/local/share/ca-certificates/ca.crt" >/dev/null && \ + update-ca-certificates + +COPY . ./ +RUN go mod download && \ + go build -o /app/scyllaridae && \ + go clean -cache -modcache + +ENTRYPOINT ["/app/scyllaridae"] diff --git a/docker-images/curl/scyllaridae.yml b/docker-images/curl/scyllaridae.yml new file mode 100644 index 0000000..4d8446d --- /dev/null +++ b/docker-images/curl/scyllaridae.yml @@ -0,0 +1,8 @@ +destinationHttpMethod: GET +forwardAuth: false +allowedMimeTypes: [ + "text/html" +] +cmdByMimeType: + default: + cmd: "curl"