feat: enabel CI and publish docker img and bin
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed

This commit is contained in:
Aravinth Manivannan 2023-10-05 01:29:10 +05:30
parent 639527744b
commit b98f99eab5
Signed by: realaravinth
GPG key ID: F8F50389936984FF
6 changed files with 216 additions and 0 deletions

15
.dockerignore Normal file
View file

@ -0,0 +1,15 @@
/target
tarpaulin-report.html
.env
cobertura.xml
prod/
node_modules/
/static-assets/bundle
./templates/**/*.js
/static/cache/bundle/*
src/cache_buster_data.json
browser/target
browser/cobertura.xml
browser/docs
.env

1
.gitignore vendored
View file

@ -1,2 +1,3 @@
/target /target
.env .env
sec/

47
.woodpecker.yml Normal file
View file

@ -0,0 +1,47 @@
pipeline:
backend:
image: rust
environment:
- DATABASE_URL=postgres://postgres:password@database:5432/postgres
commands:
- make migrate
- make
# - make test // requires Docker-in-Docker
# - make release
build_docker_img:
image: plugins/docker
when:
event: [pull_request]
settings:
dry_run: true
repo: forgeflux/ftest
tags: latest
build_and_publish_docker_img:
image: plugins/docker
when:
event: [push, tag, deployment]
settings:
username: forgeflux
password:
from_secret: DOCKER_TOKEN
repo: forgeflux/ftest
tags: latest
publish_bins:
image: rust
when:
event: [push, tag, deployment]
commands:
- apt update
- apt-get -y --no-install-recommends install gpg tar curl wget
- echo -n "$RELEASE_BOT_GPG_SIGNING_KEY" | gpg --batch --import --pinentry-mode loopback
- scripts/bin-publish.sh publish master latest $DUMBSERVE_PASSWORD
secrets: [RELEASE_BOT_GPG_SIGNING_KEY, DUMBSERVE_PASSWORD, GPG_PASSWORD]
services:
database:
image: postgres
environment:
- POSTGRES_PASSWORD=password

17
Dockerfile Normal file
View file

@ -0,0 +1,17 @@
# SPDX-FileCopyrightText: 2023 Aravinth Manivannan <realaravinth@batsense.net>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
FROM rust:latest as rust
WORKDIR /src
COPY . .
RUN cargo build --release
FROM debian:bookworm as ftest
LABEL org.opencontainers.image.source https://git.batsense.net/forgeflux/ftest
RUN useradd -ms /bin/bash -u 1001 ftest
WORKDIR /home/ftest
COPY --from=rust /src/target/release/ftest /usr/local/bin/
COPY --from=rust /src/config/default.toml /etc/ftest/config.toml
USER ftest
CMD [ "/usr/local/bin/ftest" ]

122
scripts/bin-publish.sh Executable file
View file

@ -0,0 +1,122 @@
#!/bin/bash
# Copyright (C) 2022 Aravinth Manivannan <realaravinth@batsense.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
# publish.sh: grab bin from docker container, pack, sign and upload
# $2: binary version
# $3: Docker img tag
# $4: dumbserve password
set -xEeuo pipefail
DUMBSERVE_USERNAME=forgeflux
DUMBSERVE_PASSWORD=$4
DUMBSERVE_HOST="https://$DUMBSERVE_USERNAME:$DUMBSERVE_PASSWORD@dl.forgeflux.org"
NAME=ftest
KEY=67880CA5F4BC99BF247330E2DA576B07BC323961
TMP_DIR=$(mktemp -d)
FILENAME="$NAME-$2-linux-amd64"
TARBALL=$FILENAME.tar.gz
TARGET_DIR="$TMP_DIR/$FILENAME/"
mkdir -p $TARGET_DIR
DOCKER_IMG="forgeflux/ftest:$3"
get_bin(){
echo "[*] Grabbing binary"
#container_id=$(docker create $DOCKER_IMG)
#docker cp $container_id:/usr/local/bin/pages $TARGET_DIR/
#docker rm -v $container_id
cp target/release/ftest $TARGET_DIR
}
copy() {
echo "[*] Copying dist assets"
cp README.md $TARGET_DIR
cp LICENSE.md $TARGET_DIR
cp -r config/ $TARGET_DIR
cp -r contrib/ $TARGET_DIR
mv $TARGET_DIR/config/default.toml $TARGET_DIR/config/config.toml
# mkdir $TARGET_DIR/docs
# cp docs/CONFIGURATION.md $TARGET_DIR/docs
# cp -r docs/installation/ $TARGET_DIR/docs
get_bin
}
pack() {
echo "[*] Creating dist tarball"
pushd $TMP_DIR
tar -cvzf $TARBALL $FILENAME
popd
}
checksum() {
echo "[*] Generating dist tarball checksum"
pushd $TMP_DIR
sha256sum $TARBALL > $TARBALL.sha256
popd
}
sign() {
echo "[*] Signing dist tarball checksum"
pushd $TMP_DIR
export GPG_TTY=$(tty)
gpg --verbose \
--pinentry-mode loopback \
--batch --yes \
--passphrase $GPG_PASSWORD \
--local-user $KEY \
--output $TARBALL.asc \
--sign --detach \
--armor $TARBALL
popd
}
delete_dir() {
curl --location --request DELETE "$DUMBSERVE_HOST/api/v1/files/delete" \
--header 'Content-Type: application/json' \
--data-raw "{
\"path\": \"$1\"
}"
}
upload_dist() {
upload_dist="ftest/$1"
delete_dir $upload_dist
pushd $TMP_DIR
for file in $TARBALL $TARBALL.asc $TARBALL.sha256
do
curl -v \
-F upload=@$file \
"$DUMBSERVE_HOST/api/v1/files/upload?path=$upload_dist/"
done
popd
}
publish() {
copy
pack
checksum
sign
upload_dist $2
}
$1 $@

View file

@ -0,0 +1,14 @@
FROM forgeflux/ftest:latest as base
RUN echo foo
FROM debian:bookworm
RUN apt update
RUN apt-get -y --no-install-recommends install gpg tar curl wget
WORKDIR /src
COPY --from=base /usr/local/bin/ftest .
COPY . .
ARG RELEASE_BOT_GPG_SIGNING_KEY
RUN echo -n "$RELEASE_BOT_GPG_SIGNING_KEY"
RUN echo -n "$RELEASE_BOT_GPG_SIGNING_KEY" | gpg --batch --import --pinentry-mode loopback
env GPG_PASSWORD=$GPG_PASSWORD
RUN /src/scripts/bin-publish.sh publish master latest $DUMBSERVE_PASSWORD