Beeper pipeline

hifi · hifi · commit 7c400ae0fc6d · 2023-10-20T08:10:27.000+03:00
diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
@@ -0,0 +1,48 @@
+name: Build and Deploy
+
+on:
+  push:
+
+env:
+  CI_REGISTRY_IMAGE: "${{ secrets.CI_REGISTRY }}/litestream"
+
+jobs:
+  build-docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to registry
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ secrets.CI_REGISTRY }}
+          username: ${{ secrets.CI_REGISTRY_USER }}
+          password: ${{ secrets.CI_REGISTRY_PASSWORD }}
+
+      - name: Docker Build
+        uses: docker/build-push-action@v2
+        with:
+          cache-from: ${{ env.CI_REGISTRY_IMAGE }}:latest
+          pull: true
+          file: Dockerfile
+          build-args: LITESTREAM_VERSION=${{ github.sha }}
+          tags: ${{ env.CI_REGISTRY_IMAGE }}:${{ github.sha }}
+          push: true
+
+  deploy-docker:
+    runs-on: ubuntu-latest
+    needs:
+      - build-docker
+    if: github.ref == 'refs/heads/beeper'
+    steps:
+      - name: Login to registry
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ secrets.CI_REGISTRY }}
+          username: ${{ secrets.CI_REGISTRY_USER }}
+          password: ${{ secrets.CI_REGISTRY_PASSWORD }}
+
+      - uses: beeper/docker-retag-push-latest@main
+        with:
+          image: ${{ env.CI_REGISTRY_IMAGE }}
diff --git a/.github/workflows/release.docker.yml b/.github/workflows/release.docker.yml
diff --git a/.github/workflows/release.linux.yml b/.github/workflows/release.linux.yml
diff --git a/Dockerfile b/Dockerfile
@@ -9,8 +9,23 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
 	--mount=type=cache,target=/go/pkg \
 	go build -ldflags "-s -w -X 'main.Version=${LITESTREAM_VERSION}' -extldflags '-static'" -tags osusergo,netgo,sqlite_omit_load_extension -o /usr/local/bin/litestream ./cmd/litestream
 
+# to make copy a single layer later
+COPY etc/sqlite3 etc/aws-k8s-sa-provider /usr/local/bin/
 
 FROM alpine:3.17.2
-COPY --from=builder /usr/local/bin/litestream /usr/local/bin/litestream
+ENV AWS_SDK_LOAD_CONFIG=1 \
+    AWS_CONFIG_FILE=/etc/aws-config
+
+# for debugging and cleanup
+RUN apk add --no-cache sqlite curl aws-cli && \
+    mkdir /root/.aws
+
+COPY etc/aws-config /etc/
+COPY --from=builder \
+     /usr/local/bin/litestream \
+     /usr/local/bin/sqlite3 \
+     /usr/local/bin/aws-k8s-sa-provider \
+     /usr/local/bin/
+
 ENTRYPOINT ["/usr/local/bin/litestream"]
 CMD []
diff --git a/etc/aws-config b/etc/aws-config
@@ -0,0 +1,2 @@
+[default]
+credential_process = /usr/local/bin/aws-k8s-sa-provider
diff --git a/etc/aws-k8s-sa-provider b/etc/aws-k8s-sa-provider
@@ -0,0 +1,13 @@
+#!/bin/sh
+DATEFMT=%Y-%m-%dT%H:%M:%SZ
+[ -z "$SERVICE_ACCOUNT_TOKEN" ] && exit 1
+[ -f "$SERVICE_ACCOUNT_TOKEN" ] || exit 1
+cat << EOF
+{
+    "Version": 1,
+    "AccessKeyId": "aws-k8s-sa-provider@$(date +$DATEFMT)",
+    "SecretAccessKey": "n/a",
+    "SessionToken": "$(cat $SERVICE_ACCOUNT_TOKEN)",
+    "Expiration": "$(date -ud @$(($(date -u +%s) + 300)) +$DATEFMT)"
+}
+EOF
diff --git a/etc/sqlite3 b/etc/sqlite3
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /usr/bin/sqlite3 -cmd "PRAGMA foreign_keys=ON; PRAGMA journal_mode=WAL; PRAGMA wal_autocheckpoint=0; PRAGMA busy_timeout=5000;" "$@"

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+[default]`
	`2`	`+credential_process = /usr/local/bin/aws-k8s-sa-provider`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+#!/bin/sh`
	`2`	`+exec /usr/bin/sqlite3 -cmd "PRAGMA foreign_keys=ON; PRAGMA journal_mode=WAL; PRAGMA wal_autocheckpoint=0; PRAGMA busy_timeout=5000;" "$@"`