From b98f99eab5a16b8f9d13f41254e8322e589d0e64 Mon Sep 17 00:00:00 2001
From: Aravinth Manivannan <realaravinth@batsense.net>
Date: Thu, 5 Oct 2023 01:29:10 +0530
Subject: [PATCH] feat: enabel CI and publish docker img and bin

---
 .dockerignore               |  15 +++++
 .gitignore                  |   1 +
 .woodpecker.yml             |  47 ++++++++++++++
 Dockerfile                  |  17 +++++
 scripts/bin-publish.sh      | 122 ++++++++++++++++++++++++++++++++++++
 scripts/publish-bins-docker |  14 +++++
 6 files changed, 216 insertions(+)
 create mode 100644 .dockerignore
 create mode 100644 .woodpecker.yml
 create mode 100644 Dockerfile
 create mode 100755 scripts/bin-publish.sh
 create mode 100644 scripts/publish-bins-docker

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..6574919
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,15 @@
+/target
+tarpaulin-report.html
+.env
+cobertura.xml
+prod/
+node_modules/
+/static-assets/bundle
+./templates/**/*.js
+/static/cache/bundle/*
+src/cache_buster_data.json
+
+browser/target
+browser/cobertura.xml
+browser/docs
+.env
diff --git a/.gitignore b/.gitignore
index fedaa2b..e072a2d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 /target
 .env
+sec/
diff --git a/.woodpecker.yml b/.woodpecker.yml
new file mode 100644
index 0000000..a69731a
--- /dev/null
+++ b/.woodpecker.yml
@@ -0,0 +1,47 @@
+pipeline:
+  backend:
+    image: rust
+    environment:
+      - DATABASE_URL=postgres://postgres:password@database:5432/postgres
+    commands:
+      - make migrate
+      - make
+        #      - make test // requires Docker-in-Docker
+        #      - make release
+
+  build_docker_img:
+    image: plugins/docker
+    when:
+      event: [pull_request]
+    settings:
+      dry_run: true
+      repo: forgeflux/ftest
+      tags: latest
+
+  build_and_publish_docker_img:
+    image: plugins/docker
+    when:
+      event: [push, tag, deployment]
+    settings:
+      username: forgeflux
+      password:
+        from_secret: DOCKER_TOKEN
+      repo: forgeflux/ftest
+      tags: latest
+
+  publish_bins:
+    image: rust
+    when:
+      event: [push, tag, deployment]
+    commands:
+      - apt update
+      - apt-get -y --no-install-recommends install gpg tar curl wget
+      - echo -n "$RELEASE_BOT_GPG_SIGNING_KEY" | gpg --batch --import --pinentry-mode loopback
+      - scripts/bin-publish.sh publish master latest $DUMBSERVE_PASSWORD
+    secrets: [RELEASE_BOT_GPG_SIGNING_KEY, DUMBSERVE_PASSWORD, GPG_PASSWORD]
+
+services:
+  database:
+    image: postgres
+    environment:
+      - POSTGRES_PASSWORD=password
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..ea1da33
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,17 @@
+# SPDX-FileCopyrightText: 2023 Aravinth Manivannan <realaravinth@batsense.net>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+FROM rust:latest as rust
+WORKDIR /src
+COPY . .
+RUN cargo build --release
+
+FROM debian:bookworm as ftest
+LABEL org.opencontainers.image.source https://git.batsense.net/forgeflux/ftest
+RUN useradd -ms /bin/bash -u 1001 ftest
+WORKDIR /home/ftest
+COPY --from=rust /src/target/release/ftest /usr/local/bin/
+COPY --from=rust /src/config/default.toml /etc/ftest/config.toml
+USER ftest
+CMD [ "/usr/local/bin/ftest" ]
diff --git a/scripts/bin-publish.sh b/scripts/bin-publish.sh
new file mode 100755
index 0000000..385687f
--- /dev/null
+++ b/scripts/bin-publish.sh
@@ -0,0 +1,122 @@
+#!/bin/bash
+# Copyright (C) 2022  Aravinth Manivannan <realaravinth@batsense.net>
+# 
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+# 
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+# publish.sh: grab bin from docker container, pack, sign and upload
+# $2: binary version
+# $3: Docker img tag
+# $4: dumbserve password
+
+set -xEeuo  pipefail
+
+DUMBSERVE_USERNAME=forgeflux
+DUMBSERVE_PASSWORD=$4
+DUMBSERVE_HOST="https://$DUMBSERVE_USERNAME:$DUMBSERVE_PASSWORD@dl.forgeflux.org"
+
+NAME=ftest
+KEY=67880CA5F4BC99BF247330E2DA576B07BC323961
+
+TMP_DIR=$(mktemp -d)
+FILENAME="$NAME-$2-linux-amd64"
+TARBALL=$FILENAME.tar.gz
+TARGET_DIR="$TMP_DIR/$FILENAME/"
+mkdir -p $TARGET_DIR
+DOCKER_IMG="forgeflux/ftest:$3"
+
+
+get_bin(){
+	echo "[*] Grabbing binary"
+	#container_id=$(docker create $DOCKER_IMG)
+	#docker cp $container_id:/usr/local/bin/pages $TARGET_DIR/
+	#docker rm -v $container_id
+	cp target/release/ftest $TARGET_DIR
+}
+
+copy() {
+	echo "[*] Copying dist assets"
+	cp README.md  $TARGET_DIR
+	cp LICENSE.md $TARGET_DIR
+    cp -r config/ $TARGET_DIR
+    cp -r contrib/ $TARGET_DIR
+    mv $TARGET_DIR/config/default.toml $TARGET_DIR/config/config.toml
+
+#	mkdir $TARGET_DIR/docs
+#	cp docs/CONFIGURATION.md $TARGET_DIR/docs
+#	cp -r docs/installation/ $TARGET_DIR/docs
+
+	get_bin
+}
+
+pack() {
+	echo "[*] Creating dist tarball"
+	pushd $TMP_DIR
+	tar -cvzf $TARBALL $FILENAME
+	popd
+}
+
+checksum() {
+	echo "[*] Generating dist tarball checksum"
+	pushd $TMP_DIR
+	sha256sum $TARBALL > $TARBALL.sha256
+	popd
+}
+
+sign() {
+	echo "[*] Signing dist tarball checksum"
+	pushd $TMP_DIR
+	export GPG_TTY=$(tty)
+	gpg --verbose \
+		--pinentry-mode loopback \
+		--batch --yes \
+		--passphrase $GPG_PASSWORD \
+		--local-user $KEY \
+		--output $TARBALL.asc \
+		--sign --detach \
+		--armor $TARBALL
+	popd
+}
+
+delete_dir() {
+	curl --location --request DELETE "$DUMBSERVE_HOST/api/v1/files/delete" \
+		--header 'Content-Type: application/json' \
+		--data-raw "{
+			\"path\": \"$1\"
+		}"
+}
+
+upload_dist() {
+	upload_dist="ftest/$1"
+	delete_dir $upload_dist
+
+	pushd $TMP_DIR
+	for file in $TARBALL $TARBALL.asc $TARBALL.sha256
+	do
+		curl -v \
+			-F upload=@$file  \
+			"$DUMBSERVE_HOST/api/v1/files/upload?path=$upload_dist/"
+	done
+	popd
+}
+
+
+publish() {
+	copy
+	pack
+	checksum
+	sign
+	upload_dist $2
+}
+
+$1 $@
diff --git a/scripts/publish-bins-docker b/scripts/publish-bins-docker
new file mode 100644
index 0000000..dd15a58
--- /dev/null
+++ b/scripts/publish-bins-docker
@@ -0,0 +1,14 @@
+FROM forgeflux/ftest:latest as base
+RUN echo foo
+
+FROM debian:bookworm
+RUN  apt update
+RUN  apt-get -y --no-install-recommends install gpg tar curl wget
+WORKDIR /src
+COPY --from=base /usr/local/bin/ftest .
+COPY . .
+ARG RELEASE_BOT_GPG_SIGNING_KEY
+RUN echo -n "$RELEASE_BOT_GPG_SIGNING_KEY"
+RUN echo -n "$RELEASE_BOT_GPG_SIGNING_KEY" | gpg --batch --import --pinentry-mode loopback
+env GPG_PASSWORD=$GPG_PASSWORD
+RUN /src/scripts/bin-publish.sh publish master latest $DUMBSERVE_PASSWORD