feat: add Dockerfiles and build config with vendoring (GoogleCloudPlatform#3)

Author: enocom

.build/alpine.yaml

@@ -0,0 +1,29 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+steps:
+- name: 'gcr.io/cloud-builders/docker'
+  args:
+    - 'build'
+    - '--tag=gcr.io/$PROJECT_ID/alloydb-auth-proxy:${_VERSION}-alpine'
+    - '--tag=us.gcr.io/$PROJECT_ID/alloydb-auth-proxy:${_VERSION}-alpine'
+    - '--tag=eu.gcr.io/$PROJECT_ID/alloydb-auth-proxy:${_VERSION}-alpine'
+    - '--tag=asia.gcr.io/$PROJECT_ID/alloydb-auth-proxy:${_VERSION}-alpine'
+    - '-f=Dockerfile.alpine'
+    - '.'
+images:
+  - 'gcr.io/$PROJECT_ID/alloydb-auth-proxy:${_VERSION}-alpine'
+  - 'us.gcr.io/$PROJECT_ID/alloydb-auth-proxy:${_VERSION}-alpine'
+  - 'eu.gcr.io/$PROJECT_ID/alloydb-auth-proxy:${_VERSION}-alpine'
+  - 'asia.gcr.io/$PROJECT_ID/alloydb-auth-proxy:${_VERSION}-alpine'

.build/buster.yaml

@@ -0,0 +1,29 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+steps:
+- name: 'gcr.io/cloud-builders/docker'
+  args:
+    - 'build'
+    - '--tag=gcr.io/$PROJECT_ID/alloydb-auth-proxy:${_VERSION}-buster'
+    - '--tag=us.gcr.io/$PROJECT_ID/alloydb-auth-proxy:${_VERSION}-buster'
+    - '--tag=eu.gcr.io/$PROJECT_ID/alloydb-auth-proxy:${_VERSION}-buster'
+    - '--tag=asia.gcr.io/$PROJECT_ID/alloydb-auth-proxy:${_VERSION}-buster'
+    - '-f=Dockerfile.buster'
+    - '.'
+images:
+  - 'gcr.io/$PROJECT_ID/alloydb-auth-proxy:${_VERSION}-buster'
+  - 'us.gcr.io/$PROJECT_ID/alloydb-auth-proxy:${_VERSION}-buster'
+  - 'eu.gcr.io/$PROJECT_ID/alloydb-auth-proxy:${_VERSION}-buster'
+  - 'asia.gcr.io/$PROJECT_ID/alloydb-auth-proxy:${_VERSION}-buster'

.build/default.yaml

@@ -0,0 +1,28 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+steps:
+- name: 'gcr.io/cloud-builders/docker'
+  args:
+    - 'build'
+    - '--tag=gcr.io/$PROJECT_ID/alloydb-auth-proxy:${_VERSION}'
+    - '--tag=us.gcr.io/$PROJECT_ID/alloydb-auth-proxy:${_VERSION}'
+    - '--tag=eu.gcr.io/$PROJECT_ID/alloydb-auth-proxy:${_VERSION}'
+    - '--tag=asia.gcr.io/$PROJECT_ID/alloydb-auth-proxy:${_VERSION}'
+    - '.'
+images:
+  - 'gcr.io/$PROJECT_ID/alloydb-auth-proxy:${_VERSION}'
+  - 'us.gcr.io/$PROJECT_ID/alloydb-auth-proxy:${_VERSION}'
+  - 'eu.gcr.io/$PROJECT_ID/alloydb-auth-proxy:${_VERSION}'
+  - 'asia.gcr.io/$PROJECT_ID/alloydb-auth-proxy:${_VERSION}'

.build/gcs_upload.yaml

@@ -0,0 +1,97 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+timeout: 900s
+options:
+  env:
+    - "CGO_ENABLED=0"
+
+steps:
+  - id: linux.amd64
+    name: "golang:1.18"
+    env:
+      - "GOOS=linux"
+      - "GOARCH=amd64"
+    entrypoint: "bash"
+    args:
+      - "-c"
+      - 'go build -ldflags "-X github.com/GoogleCloudPlatform/alloydb-auth-proxy/cmd.metadataString=$$GOOS.$$GOARCH" -o alloydb-auth-proxy.$$GOOS.$$GOARCH'
+  - id: linux.386
+    name: "golang:1.18"
+    env:
+      - "GOOS=linux"
+      - "GOARCH=386"
+    entrypoint: "bash"
+    args:
+      - "-c"
+      - 'go build -ldflags "-X github.com/GoogleCloudPlatform/alloydb-auth-proxy/cmd.metadataString=$$GOOS.$$GOARCH" -o alloydb-auth-proxy.$$GOOS.$$GOARCH'
+  - id: linux.arm64
+    name: "golang:1.18"
+    env:
+      - "GOOS=linux"
+      - "GOARCH=arm64"
+    entrypoint: "bash"
+    args:
+      - "-c"
+      - 'go build -ldflags "-X github.com/GoogleCloudPlatform/alloydb-auth-proxy/cmd.metadataString=$$GOOS.$$GOARCH" -o alloydb-auth-proxy.$$GOOS.$$GOARCH'
+  - id: linux.arm
+    name: "golang:1.18"
+    env:
+      - "GOOS=linux"
+      - "GOARCH=arm"
+    entrypoint: "bash"
+    args:
+      - "-c"
+      - 'go build -ldflags "-X github.com/GoogleCloudPlatform/alloydb-auth-proxy/cmd.metadataString=$$GOOS.$$GOARCH" -o alloydb-auth-proxy.$$GOOS.$$GOARCH'
+  - id: darwin.amd64
+    name: "golang:1.18"
+    env:
+      - "GOOS=darwin"
+      - "GOARCH=amd64"
+    entrypoint: "bash"
+    args:
+      - "-c"
+      - 'go build -ldflags "-X github.com/GoogleCloudPlatform/alloydb-auth-proxy/cmd.metadataString=$$GOOS.$$GOARCH" -o alloydb-auth-proxy.$$GOOS.$$GOARCH'
+  - id: darwin.arm64
+    name: "golang:1.18"
+    env:
+      - "GOOS=darwin"
+      - "GOARCH=arm64"
+    entrypoint: "bash"
+    args:
+      - "-c"
+      - 'go build -ldflags "-X github.com/GoogleCloudPlatform/alloydb-auth-proxy/cmd.metadataString=$$GOOS.$$GOARCH" -o alloydb-auth-proxy.$$GOOS.$$GOARCH'
+  - id: windows.amd64
+    name: "golang:1.18"
+    env:
+      - "GOOS=windows"
+      - "GOARCH=amd64"
+    entrypoint: "bash"
+    args:
+      - "-c"
+      - 'go build -ldflags "-X github.com/GoogleCloudPlatform/alloydb-auth-proxy/cmd.metadataString=$$GOOS.$$GOARCH" -o alloydb-auth-proxy-x64.exe'
+  - id: windows.386
+    name: "golang:1.18"
+    env:
+      - "GOOS=windows"
+      - "GOARCH=386"
+    entrypoint: "bash"
+    args:
+      - "-c"
+      - 'go build -ldflags "-X github.com/GoogleCloudPlatform/alloydb-auth-proxy/cmd.metadataString=$$GOOS.$$GOARCH" -o alloydb-auth-proxy-x86.exe'
+artifacts:
+  objects:
+    location: "gs://alloydb-auth-proxy/v${_VERSION}/"
+    paths:
+      - "alloydb-auth-proxy*"

.build/release_artifacts.sh

@@ -0,0 +1,57 @@
+#! /bin/bash
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This script distributes the artifacts for the AlloyDB auth proxy to their
+# different channels.
+
+set -e # exit immediatly if any step fails
+
+PROJ_ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )"/.. >/dev/null 2>&1 && pwd )"
+cd $PROJ_ROOT
+
+# get the current version
+export VERSION=$(cat cmd/version.txt)
+if [ -z "$VERSION" ]; then
+  echo "error: No version.txt found in $PROJ_ROOT"
+  exit 1
+fi
+
+
+read -p "This will release new AlloyDB auth proxy artifacts for \"$VERSION\", even if they already exist. Are you sure (y/Y)? " -n 1 -r
+echo
+if [[ ! $REPLY =~ ^[Yy]$ ]]
+then
+    exit 1
+fi
+
+# Build and push the container images
+gcloud builds submit --async --config .build/default.yaml --substitutions _VERSION=$VERSION
+gcloud builds submit --async --config .build/buster.yaml --substitutions _VERSION=$VERSION
+gcloud builds submit --async --config .build/alpine.yaml --substitutions _VERSION=$VERSION
+
+# Build the binarys and upload to GCS
+gcloud builds submit --config .build/gcs_upload.yaml --substitutions _VERSION=$VERSION
+# cleam up any artifacts.json left by previous builds
+gsutil rm -f gs://alloydb-auth-proxy/v$VERSION/*.json 2> /dev/null || true
+
+# Generate sha256 hashes for authentication
+echo -e "Add the following table to the release notes on GitHub: \n\n"
+echo "| filename | sha256 hash |"
+echo "|----------|-------------|"
+for f in $(gsutil ls "gs://alloydb-auth-proxy/v$VERSION/alloydb-auth-proxy*"); do
+    file=$(basename $f)
+    sha=$(gsutil cat $f | sha256sum --binary | head -c 64)
+    echo "| [$file](https://storage.googleapis.com/alloydb-auth-proxy/v$VERSION/$file) | $sha |"
+done

Dockerfile

@@ -0,0 +1,28 @@
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Use the latest stable golang 1.x to compile to a binary
+FROM golang:1 as build
+
+WORKDIR /go/src/alloydb-auth-proxy
+COPY . .
+
+RUN go get ./...
+RUN CGO_ENABLED=0 go build -ldflags "-X main.metadataString=container"
+
+# Final Stage
+FROM gcr.io/distroless/static:nonroot
+COPY --from=build --chown=nonroot /go/src/alloydb-auth-proxy/alloydb-auth-proxy /alloydb-auth-proxy
+# set the uid as an integer for compatibility with runAsNonRoot in Kubernetes
+USER 65532

Dockerfile.alpine

@@ -0,0 +1,36 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Use the latest stable golang 1.x to compile to a binary
+FROM golang:1 as build
+
+WORKDIR /go/src/alloydb-auth-proxy
+COPY . .
+
+RUN go get ./...
+RUN go build -ldflags "-X main.metadataString=container.alpine"
+
+# Final stage
+FROM alpine:3
+RUN apk add --no-cache \
+    ca-certificates \
+    libc6-compat
+# Install fuse and allow enable non-root users to mount
+RUN apk add --no-cache fuse && sed -i 's/^#user_allow_other$/user_allow_other/g' /etc/fuse.conf
+# Add a non-root user matching the nonroot user from the main container
+RUN addgroup -g 65532 -S nonroot && adduser -u 65532 -S nonroot -G nonroot
+# Set the uid as an integer for compatibility with runAsNonRoot in Kubernetes
+USER 65532
+
+COPY --from=build --chown=nonroot /go/src/alloydb-auth-proxy/alloydb-auth-proxy /alloydb-auth-proxy

Dockerfile.buster

@@ -0,0 +1,34 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Use the latest stable golang 1.x to compile to a binary
+FROM golang:1 as build
+
+WORKDIR /go/src/alloydb-auth-proxy
+COPY . .
+
+RUN go get ./...
+RUN go build -ldflags "-X main.metadataString=container.buster"
+
+# Final stage
+FROM debian:buster
+RUN apt-get update && apt-get install -y ca-certificates
+# Install fuse and allow enable non-root users to mount
+RUN apt-get update && apt-get install -y fuse && sed -i 's/^#user_allow_other$/user_allow_other/g' /etc/fuse.conf
+# Add a non-root user matching the nonroot user from the main container
+RUN groupadd -g 65532 -r nonroot && useradd -u 65532 -g 65532 -r nonroot
+# Set the uid as an integer for compatibility with runAsNonRoot in Kubernetes
+USER 65532
+
+COPY --from=build --chown=nonroot /go/src/alloydb-auth-proxy/alloydb-auth-proxy /alloydb-auth-proxy

cmd/version.txt

@@ -1 +1 @@
-2.0.0-dev
+0.1.0-dev