Initial commit

.github/workflows/build.yml

@@ -0,0 +1,32 @@
+name: Build docker image
+on:
+  push:
+    branches:
+      - main
+permissions:
+  contents: read
+  packages: write
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: ./app
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: |
+            ghcr.io/spacelift-io/spacelift-operator-demo:latest
+            ghcr.io/spacelift-io/spacelift-operator-demo:${{ github.sha }}

README.md

@@ -0,0 +1,84 @@
+# Setup
+
+## (optional) Configure org
+
+You can skip this step (recommended) if you want to simply run the demo against the preconfigured preprod env.
+
+- Create a space to run this demo
+- Make sure the VCS integration is configured so this repo could be reached
+- Create a push policy to ignore all VCS events with label `autoattach:argo`
+
+```rego
+package spacelift
+
+ignore {
+    true
+}
+```
+
+- Create an api key in your org, and allow access to the space
+
+```rego
+package spacelift
+
+key := "api::CHANGEME"
+space_id = "spacelift-operator-CHANGEME"
+
+space_admin[space_id] {
+	  input.session.login == key
+}
+allow {input.session.login == key}
+write {input.session.login == key}
+sample { true }
+```
+
+## Install the operator
+
+You can jump directly to this step and ask for a valid token.
+
+Create a secret in your cluster to allow the controller to perform changes on spacelift backend.
+It's simpler to configure a token the dedicated space on spacelift preprod because everything is configured.
+The secret should be created in the same namespace as Stack and Run resources that we are going to create afterward.
+
+```shell
+kubectl create secret generic spacelift-credentials\
+  --from-literal=SPACELIFT_API_KEY_ENDPOINT='https://spacelift-io.app.spacelift.dev'\
+  --from-literal=SPACELIFT_API_KEY_ID='CHANGEME'\
+  --from-literal=SPACELIFT_API_KEY_SECRET='CHANGEME'
+```
+
+Install the operator with the following command
+
+```shell
+kubectl apply -f controller
+```
+
+# Deployment
+
+## Helm
+
+```shell
+# Create a stack
+kubectl apply -f infra/spacelift/stack.yaml &&\
+kubectl wait --for=jsonpath='{.status.ready}'=true stack/demo-stack --timeout 1h
+
+# Trigger a run
+kubectl delete --ignore-not-found=true -f infra/spacelift/run.yaml &&\
+kubectl apply -f infra/spacelift/run.yaml &&\
+kubectl wait --for=jsonpath='{.status.ready}'=true run/spacelift-operator-demo --timeout 1h
+
+# Deploy the app
+helm upgrade --install operator-demo ./infra/helm/ --set 'image.tag=ed35e9a152f61eb79d369cd9b2dd7e4f65629026'
+```
+
+Now you can connect to the app and see that the bucket URL has been injected as env var
+
+```shell
+kubectl port-forward service/operator-demo 8888
+```
+
+And then open http://localhost:8888
+
+## Argo
+
+TODO

app/Dockerfile

@@ -0,0 +1,12 @@
+FROM golang:1.21.7 as builder
+WORKDIR /build
+COPY . .
+RUN GOOS=linux GOARCH=amd64 go build -ldflags="-w -s" -o demo .
+
+FROM scratch
+USER 1000
+COPY --from=builder /build/demo /bin/demo
+ENTRYPOINT ["/bin/demo"]
+
+
+

app/go.mod

@@ -0,0 +1,3 @@
+module github.com/spacelift-io/spacelift-operator-demo
+
+go 1.21.7

app/main.go

@@ -0,0 +1,32 @@
+package main
+
+import (
+	"errors"
+	"fmt"
+	"log"
+	"net/http"
+	"os"
+)
+
+func main() {
+	listenAddr := ":8888"
+	http.HandleFunc("/", func(writer http.ResponseWriter, request *http.Request) {
+		log.Println(request.Method, request.URL.String())
+		if request.URL.Path != "/" {
+			writer.WriteHeader(http.StatusNotFound)
+			return
+		}
+		secrets := os.Environ()
+		body := ""
+		for i := 0; i < len(secrets); i++ {
+			body += fmt.Sprintf("%s\n", secrets[i])
+		}
+		_, _ = writer.Write([]byte(body))
+	})
+	log.Printf("Listening on %s\n", listenAddr)
+	if err := http.ListenAndServe(listenAddr, nil); err != nil {
+		if !errors.Is(err, http.ErrServerClosed) {
+			log.Fatal(err)
+		}
+	}
+}