From b98f99eab5a16b8f9d13f41254e8322e589d0e64 Mon Sep 17 00:00:00 2001 From: Aravinth Manivannan Date: Thu, 5 Oct 2023 01:29:10 +0530 Subject: [PATCH] feat: enabel CI and publish docker img and bin --- .dockerignore | 15 +++++ .gitignore | 1 + .woodpecker.yml | 47 ++++++++++++++ Dockerfile | 17 +++++ scripts/bin-publish.sh | 122 ++++++++++++++++++++++++++++++++++++ scripts/publish-bins-docker | 14 +++++ 6 files changed, 216 insertions(+) create mode 100644 .dockerignore create mode 100644 .woodpecker.yml create mode 100644 Dockerfile create mode 100755 scripts/bin-publish.sh create mode 100644 scripts/publish-bins-docker diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..6574919 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,15 @@ +/target +tarpaulin-report.html +.env +cobertura.xml +prod/ +node_modules/ +/static-assets/bundle +./templates/**/*.js +/static/cache/bundle/* +src/cache_buster_data.json + +browser/target +browser/cobertura.xml +browser/docs +.env diff --git a/.gitignore b/.gitignore index fedaa2b..e072a2d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ /target .env +sec/ diff --git a/.woodpecker.yml b/.woodpecker.yml new file mode 100644 index 0000000..a69731a --- /dev/null +++ b/.woodpecker.yml @@ -0,0 +1,47 @@ +pipeline: + backend: + image: rust + environment: + - DATABASE_URL=postgres://postgres:password@database:5432/postgres + commands: + - make migrate + - make + # - make test // requires Docker-in-Docker + # - make release + + build_docker_img: + image: plugins/docker + when: + event: [pull_request] + settings: + dry_run: true + repo: forgeflux/ftest + tags: latest + + build_and_publish_docker_img: + image: plugins/docker + when: + event: [push, tag, deployment] + settings: + username: forgeflux + password: + from_secret: DOCKER_TOKEN + repo: forgeflux/ftest + tags: latest + + publish_bins: + image: rust + when: + event: [push, tag, deployment] + commands: + - apt update + - apt-get -y --no-install-recommends install gpg tar curl wget + - echo -n "$RELEASE_BOT_GPG_SIGNING_KEY" | gpg --batch --import --pinentry-mode loopback + - scripts/bin-publish.sh publish master latest $DUMBSERVE_PASSWORD + secrets: [RELEASE_BOT_GPG_SIGNING_KEY, DUMBSERVE_PASSWORD, GPG_PASSWORD] + +services: + database: + image: postgres + environment: + - POSTGRES_PASSWORD=password diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..ea1da33 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,17 @@ +# SPDX-FileCopyrightText: 2023 Aravinth Manivannan +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +FROM rust:latest as rust +WORKDIR /src +COPY . . +RUN cargo build --release + +FROM debian:bookworm as ftest +LABEL org.opencontainers.image.source https://git.batsense.net/forgeflux/ftest +RUN useradd -ms /bin/bash -u 1001 ftest +WORKDIR /home/ftest +COPY --from=rust /src/target/release/ftest /usr/local/bin/ +COPY --from=rust /src/config/default.toml /etc/ftest/config.toml +USER ftest +CMD [ "/usr/local/bin/ftest" ] diff --git a/scripts/bin-publish.sh b/scripts/bin-publish.sh new file mode 100755 index 0000000..385687f --- /dev/null +++ b/scripts/bin-publish.sh @@ -0,0 +1,122 @@ +#!/bin/bash +# Copyright (C) 2022 Aravinth Manivannan +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + +# publish.sh: grab bin from docker container, pack, sign and upload +# $2: binary version +# $3: Docker img tag +# $4: dumbserve password + +set -xEeuo pipefail + +DUMBSERVE_USERNAME=forgeflux +DUMBSERVE_PASSWORD=$4 +DUMBSERVE_HOST="https://$DUMBSERVE_USERNAME:$DUMBSERVE_PASSWORD@dl.forgeflux.org" + +NAME=ftest +KEY=67880CA5F4BC99BF247330E2DA576B07BC323961 + +TMP_DIR=$(mktemp -d) +FILENAME="$NAME-$2-linux-amd64" +TARBALL=$FILENAME.tar.gz +TARGET_DIR="$TMP_DIR/$FILENAME/" +mkdir -p $TARGET_DIR +DOCKER_IMG="forgeflux/ftest:$3" + + +get_bin(){ + echo "[*] Grabbing binary" + #container_id=$(docker create $DOCKER_IMG) + #docker cp $container_id:/usr/local/bin/pages $TARGET_DIR/ + #docker rm -v $container_id + cp target/release/ftest $TARGET_DIR +} + +copy() { + echo "[*] Copying dist assets" + cp README.md $TARGET_DIR + cp LICENSE.md $TARGET_DIR + cp -r config/ $TARGET_DIR + cp -r contrib/ $TARGET_DIR + mv $TARGET_DIR/config/default.toml $TARGET_DIR/config/config.toml + +# mkdir $TARGET_DIR/docs +# cp docs/CONFIGURATION.md $TARGET_DIR/docs +# cp -r docs/installation/ $TARGET_DIR/docs + + get_bin +} + +pack() { + echo "[*] Creating dist tarball" + pushd $TMP_DIR + tar -cvzf $TARBALL $FILENAME + popd +} + +checksum() { + echo "[*] Generating dist tarball checksum" + pushd $TMP_DIR + sha256sum $TARBALL > $TARBALL.sha256 + popd +} + +sign() { + echo "[*] Signing dist tarball checksum" + pushd $TMP_DIR + export GPG_TTY=$(tty) + gpg --verbose \ + --pinentry-mode loopback \ + --batch --yes \ + --passphrase $GPG_PASSWORD \ + --local-user $KEY \ + --output $TARBALL.asc \ + --sign --detach \ + --armor $TARBALL + popd +} + +delete_dir() { + curl --location --request DELETE "$DUMBSERVE_HOST/api/v1/files/delete" \ + --header 'Content-Type: application/json' \ + --data-raw "{ + \"path\": \"$1\" + }" +} + +upload_dist() { + upload_dist="ftest/$1" + delete_dir $upload_dist + + pushd $TMP_DIR + for file in $TARBALL $TARBALL.asc $TARBALL.sha256 + do + curl -v \ + -F upload=@$file \ + "$DUMBSERVE_HOST/api/v1/files/upload?path=$upload_dist/" + done + popd +} + + +publish() { + copy + pack + checksum + sign + upload_dist $2 +} + +$1 $@ diff --git a/scripts/publish-bins-docker b/scripts/publish-bins-docker new file mode 100644 index 0000000..dd15a58 --- /dev/null +++ b/scripts/publish-bins-docker @@ -0,0 +1,14 @@ +FROM forgeflux/ftest:latest as base +RUN echo foo + +FROM debian:bookworm +RUN apt update +RUN apt-get -y --no-install-recommends install gpg tar curl wget +WORKDIR /src +COPY --from=base /usr/local/bin/ftest . +COPY . . +ARG RELEASE_BOT_GPG_SIGNING_KEY +RUN echo -n "$RELEASE_BOT_GPG_SIGNING_KEY" +RUN echo -n "$RELEASE_BOT_GPG_SIGNING_KEY" | gpg --batch --import --pinentry-mode loopback +env GPG_PASSWORD=$GPG_PASSWORD +RUN /src/scripts/bin-publish.sh publish master latest $DUMBSERVE_PASSWORD