[infra] vault + chsettle + aurora for dev
This commit is contained in:
Stephan D
94
ci/scripts/aurora/build-image.sh
Normal file
94
ci/scripts/aurora/build-image.sh
Normal file
@@ -0,0 +1,94 @@
|
||||
#!/bin/sh
|
||||
set -eu
|
||||
|
||||
if ! set -o pipefail 2>/dev/null; then
|
||||
:
|
||||
fi
|
||||
|
||||
REPO_ROOT="$(cd "$(dirname "$0")/../../.." && pwd)"
|
||||
cd "${REPO_ROOT}"
|
||||
|
||||
sh ci/scripts/common/ensure_env_version.sh
|
||||
. ci/scripts/common/runtime_env.sh
|
||||
|
||||
normalize_env_file() {
|
||||
file="$1"
|
||||
tmp="${file}.tmp.$$"
|
||||
tr -d '\r' <"$file" >"$tmp"
|
||||
mv "$tmp" "$file"
|
||||
}
|
||||
|
||||
load_env_file() {
|
||||
file="$1"
|
||||
while IFS= read -r line || [ -n "$line" ]; do
|
||||
case "$line" in
|
||||
''|\#*) continue ;;
|
||||
esac
|
||||
key="${line%%=*}"
|
||||
value="${line#*=}"
|
||||
key="$(printf '%s' "$key" | tr -d '[:space:]')"
|
||||
value="${value#"${value%%[![:space:]]*}"}"
|
||||
value="${value%"${value##*[![:space:]]}"}"
|
||||
export "$key=$value"
|
||||
done <"$file"
|
||||
}
|
||||
|
||||
AURORA_GATEWAY_ENV_NAME="${AURORA_GATEWAY_ENV:-$(resolve_runtime_env_name)}"
|
||||
load_runtime_env_bundle "${AURORA_GATEWAY_ENV_NAME}"
|
||||
|
||||
IMAGE_TAG="$(compute_image_tag)"
|
||||
|
||||
REGISTRY_URL="${REGISTRY_URL:?missing REGISTRY_URL}"
|
||||
APP_V="${APP_V:?missing APP_V}"
|
||||
AURORA_GATEWAY_DOCKERFILE="${AURORA_GATEWAY_DOCKERFILE:?missing AURORA_GATEWAY_DOCKERFILE}"
|
||||
AURORA_GATEWAY_IMAGE_PATH="${AURORA_GATEWAY_IMAGE_PATH:?missing AURORA_GATEWAY_IMAGE_PATH}"
|
||||
|
||||
REGISTRY_HOST="${REGISTRY_URL#http://}"
|
||||
REGISTRY_HOST="${REGISTRY_HOST#https://}"
|
||||
REGISTRY_USER="$(cat secrets/REGISTRY_USER)"
|
||||
REGISTRY_PASSWORD="$(cat secrets/REGISTRY_PASSWORD)"
|
||||
: "${REGISTRY_USER:?missing registry user}"
|
||||
: "${REGISTRY_PASSWORD:?missing registry password}"
|
||||
|
||||
mkdir -p /kaniko/.docker
|
||||
AUTH_B64="$(printf '%s:%s' "$REGISTRY_USER" "$REGISTRY_PASSWORD" | base64 | tr -d '\n')"
|
||||
cat <<EOF >/kaniko/.docker/config.json
|
||||
{
|
||||
"auths": {
|
||||
"https://${REGISTRY_HOST}": { "auth": "${AUTH_B64}" }
|
||||
}
|
||||
}
|
||||
EOF
|
||||
|
||||
BUILD_CONTEXT="${AURORA_GATEWAY_BUILD_CONTEXT:-${WOODPECKER_WORKSPACE:-${CI_WORKSPACE:-${PWD:-/workspace}}}}"
|
||||
if [ ! -d "${BUILD_CONTEXT}" ]; then
|
||||
BUILD_CONTEXT="/workspace"
|
||||
fi
|
||||
|
||||
# Gateway modules use a local replace (../common); ensure build context contains shared code.
|
||||
if [ ! -d "${BUILD_CONTEXT}/api/gateway/common" ] || [ ! -f "${BUILD_CONTEXT}/${AURORA_GATEWAY_DOCKERFILE}" ]; then
|
||||
if [ -d "${REPO_ROOT}/api/gateway/common" ] && [ -f "${REPO_ROOT}/${AURORA_GATEWAY_DOCKERFILE}" ]; then
|
||||
echo "[aurora-gateway-build] build context ${BUILD_CONTEXT} is incomplete; falling back to ${REPO_ROOT}" >&2
|
||||
BUILD_CONTEXT="${REPO_ROOT}"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ ! -d "${BUILD_CONTEXT}/api/gateway/common" ]; then
|
||||
echo "[aurora-gateway-build] build context ${BUILD_CONTEXT} missing api/gateway/common" >&2
|
||||
exit 67
|
||||
fi
|
||||
if [ ! -f "${BUILD_CONTEXT}/${AURORA_GATEWAY_DOCKERFILE}" ]; then
|
||||
echo "[aurora-gateway-build] dockerfile not found in build context: ${AURORA_GATEWAY_DOCKERFILE}" >&2
|
||||
exit 68
|
||||
fi
|
||||
|
||||
/kaniko/executor \
|
||||
--context "${BUILD_CONTEXT}" \
|
||||
--dockerfile "${AURORA_GATEWAY_DOCKERFILE}" \
|
||||
--destination "${REGISTRY_URL}/${AURORA_GATEWAY_IMAGE_PATH}:${IMAGE_TAG}" \
|
||||
--build-arg APP_VERSION="${APP_V}" \
|
||||
--build-arg GIT_REV="${GIT_REV}" \
|
||||
--build-arg BUILD_BRANCH="${BUILD_BRANCH}" \
|
||||
--build-arg BUILD_DATE="${BUILD_DATE}" \
|
||||
--build-arg BUILD_USER="${BUILD_USER}" \
|
||||
--single-snapshot
|
||||
50
ci/scripts/aurora/deploy.sh
Normal file
50
ci/scripts/aurora/deploy.sh
Normal file
@@ -0,0 +1,50 @@
|
||||
#!/bin/sh
|
||||
set -eu
|
||||
|
||||
if ! set -o pipefail 2>/dev/null; then
|
||||
:
|
||||
fi
|
||||
|
||||
REPO_ROOT="$(cd "$(dirname "$0")/../../.." && pwd)"
|
||||
cd "${REPO_ROOT}"
|
||||
|
||||
sh ci/scripts/common/ensure_env_version.sh
|
||||
. ci/scripts/common/runtime_env.sh
|
||||
. ci/scripts/common/nats_env.sh
|
||||
|
||||
normalize_env_file() {
|
||||
file="$1"
|
||||
tmp="${file}.tmp.$$"
|
||||
tr -d '\r' <"$file" >"$tmp"
|
||||
mv "$tmp" "$file"
|
||||
}
|
||||
|
||||
load_env_file() {
|
||||
file="$1"
|
||||
while IFS= read -r line || [ -n "$line" ]; do
|
||||
case "$line" in
|
||||
''|\#*) continue ;;
|
||||
esac
|
||||
key="${line%%=*}"
|
||||
value="${line#*=}"
|
||||
key="$(printf '%s' "$key" | tr -d '[:space:]')"
|
||||
value="${value#"${value%%[![:space:]]*}"}"
|
||||
value="${value%"${value##*[![:space:]]}"}"
|
||||
export "$key=$value"
|
||||
done <"$file"
|
||||
}
|
||||
|
||||
AURORA_GATEWAY_ENV_NAME="${AURORA_GATEWAY_ENV:-$(resolve_runtime_env_name)}"
|
||||
load_runtime_env_bundle "${AURORA_GATEWAY_ENV_NAME}"
|
||||
|
||||
AURORA_GATEWAY_MONGO_SECRET_PATH="${AURORA_GATEWAY_MONGO_SECRET_PATH:?missing AURORA_GATEWAY_MONGO_SECRET_PATH}"
|
||||
AURORA_GATEWAY_NATS_SECRET_PATH="${AURORA_GATEWAY_NATS_SECRET_PATH:-sendico/nats}"
|
||||
|
||||
export AURORA_GATEWAY_MONGO_USER="$(./ci/vlt kv_get kv "${AURORA_GATEWAY_MONGO_SECRET_PATH}" user)"
|
||||
export AURORA_GATEWAY_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${AURORA_GATEWAY_MONGO_SECRET_PATH}" password)"
|
||||
|
||||
NATS_SECRET_PATH="${AURORA_GATEWAY_NATS_SECRET_PATH}" load_nats_env
|
||||
|
||||
bash ci/prod/scripts/bootstrap/network.sh
|
||||
sh ci/scripts/common/ensure_remote_registry_login.sh
|
||||
bash ci/prod/scripts/deploy/aurora_gateway.sh
|
||||
@@ -37,6 +37,10 @@ BFF_ENV_NAME="${BFF_ENV:-$(resolve_runtime_env_name)}"
|
||||
load_runtime_env_bundle "${BFF_ENV_NAME}"
|
||||
|
||||
IMAGE_TAG="$(compute_image_tag)"
|
||||
BFF_CONFIG_PATH="api/edge/bff/config.yml"
|
||||
if [ "${CI_RUNTIME_ENV_NAME:-prod}" = "devserver" ] && [ -f "${REPO_ROOT}/api/edge/bff/config.dev.yml" ]; then
|
||||
BFF_CONFIG_PATH="api/edge/bff/config.dev.yml"
|
||||
fi
|
||||
|
||||
REGISTRY_URL="${REGISTRY_URL:?missing REGISTRY_URL}"
|
||||
APP_V="${APP_V:?missing APP_V}"
|
||||
@@ -69,6 +73,7 @@ fi
|
||||
--context "${BUILD_CONTEXT}" \
|
||||
--dockerfile "${BFF_DOCKERFILE}" \
|
||||
--destination "${REGISTRY_URL}/${BFF_IMAGE_PATH}:${IMAGE_TAG}" \
|
||||
--build-arg APP_CONFIG_PATH="${BFF_CONFIG_PATH}" \
|
||||
--build-arg APP_VERSION="${APP_V}" \
|
||||
--build-arg GIT_REV="${GIT_REV}" \
|
||||
--build-arg BUILD_BRANCH="${BUILD_BRANCH}" \
|
||||
|
||||
@@ -46,11 +46,13 @@ export MONGO_USER="$(./ci/vlt kv_get kv "${BFF_MONGO_SECRET_PATH}" user)"
|
||||
export MONGO_PASSWORD="$(./ci/vlt kv_get kv "${BFF_MONGO_SECRET_PATH}" password)"
|
||||
|
||||
export API_ENDPOINT_SECRET="$(./ci/vlt kv_get kv "${BFF_API_SECRET_PATH}" secret)"
|
||||
export BFF_VAULT_ROLE_ID="$(./ci/vlt kv_get kv "${BFF_VAULT_SECRET_PATH}" role_id)"
|
||||
export BFF_VAULT_SECRET_ID="$(./ci/vlt kv_get kv "${BFF_VAULT_SECRET_PATH}" secret_id)"
|
||||
if [ -z "${BFF_VAULT_ROLE_ID}" ] || [ -z "${BFF_VAULT_SECRET_ID}" ]; then
|
||||
echo "[bff-deploy] vault approle creds are empty for path ${BFF_VAULT_SECRET_PATH}" >&2
|
||||
exit 1
|
||||
if [ "${CI_RUNTIME_ENV_NAME:-prod}" != "devserver" ]; then
|
||||
export BFF_VAULT_ROLE_ID="$(./ci/vlt kv_get kv "${BFF_VAULT_SECRET_PATH}" role_id)"
|
||||
export BFF_VAULT_SECRET_ID="$(./ci/vlt kv_get kv "${BFF_VAULT_SECRET_PATH}" secret_id)"
|
||||
if [ -z "${BFF_VAULT_ROLE_ID}" ] || [ -z "${BFF_VAULT_SECRET_ID}" ]; then
|
||||
echo "[bff-deploy] vault approle creds are empty for path ${BFF_VAULT_SECRET_PATH}" >&2
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
load_nats_env
|
||||
|
||||
@@ -37,6 +37,10 @@ CALLBACKS_ENV_NAME="${CALLBACKS_ENV:-$(resolve_runtime_env_name)}"
|
||||
load_runtime_env_bundle "${CALLBACKS_ENV_NAME}"
|
||||
|
||||
IMAGE_TAG="$(compute_image_tag)"
|
||||
CALLBACKS_CONFIG_PATH="api/edge/callbacks/config.yml"
|
||||
if [ "${CI_RUNTIME_ENV_NAME:-prod}" = "devserver" ] && [ -f "${REPO_ROOT}/api/edge/callbacks/config.dev.yml" ]; then
|
||||
CALLBACKS_CONFIG_PATH="api/edge/callbacks/config.dev.yml"
|
||||
fi
|
||||
|
||||
REGISTRY_URL="${REGISTRY_URL:?missing REGISTRY_URL}"
|
||||
APP_V="${APP_V:?missing APP_V}"
|
||||
@@ -69,6 +73,7 @@ fi
|
||||
--context "${BUILD_CONTEXT}" \
|
||||
--dockerfile "${CALLBACKS_DOCKERFILE}" \
|
||||
--destination "${REGISTRY_URL}/${CALLBACKS_IMAGE_PATH}:${IMAGE_TAG}" \
|
||||
--build-arg APP_CONFIG_PATH="${CALLBACKS_CONFIG_PATH}" \
|
||||
--build-arg APP_VERSION="${APP_V}" \
|
||||
--build-arg GIT_REV="${GIT_REV}" \
|
||||
--build-arg BUILD_BRANCH="${BUILD_BRANCH}" \
|
||||
|
||||
@@ -43,11 +43,13 @@ CALLBACKS_VAULT_SECRET_PATH="${CALLBACKS_VAULT_SECRET_PATH:?missing CALLBACKS_VA
|
||||
|
||||
export CALLBACKS_MONGO_USER="$(./ci/vlt kv_get kv "${CALLBACKS_MONGO_SECRET_PATH}" user)"
|
||||
export CALLBACKS_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${CALLBACKS_MONGO_SECRET_PATH}" password)"
|
||||
export CALLBACKS_VAULT_ROLE_ID="$(./ci/vlt kv_get kv "${CALLBACKS_VAULT_SECRET_PATH}" role_id)"
|
||||
export CALLBACKS_VAULT_SECRET_ID="$(./ci/vlt kv_get kv "${CALLBACKS_VAULT_SECRET_PATH}" secret_id)"
|
||||
if [ -z "${CALLBACKS_VAULT_ROLE_ID}" ] || [ -z "${CALLBACKS_VAULT_SECRET_ID}" ]; then
|
||||
echo "[callbacks-deploy] vault approle creds are empty for path ${CALLBACKS_VAULT_SECRET_PATH}" >&2
|
||||
exit 1
|
||||
if [ "${CI_RUNTIME_ENV_NAME:-prod}" != "devserver" ]; then
|
||||
export CALLBACKS_VAULT_ROLE_ID="$(./ci/vlt kv_get kv "${CALLBACKS_VAULT_SECRET_PATH}" role_id)"
|
||||
export CALLBACKS_VAULT_SECRET_ID="$(./ci/vlt kv_get kv "${CALLBACKS_VAULT_SECRET_PATH}" secret_id)"
|
||||
if [ -z "${CALLBACKS_VAULT_ROLE_ID}" ] || [ -z "${CALLBACKS_VAULT_SECRET_ID}" ]; then
|
||||
echo "[callbacks-deploy] vault approle creds are empty for path ${CALLBACKS_VAULT_SECRET_PATH}" >&2
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
load_nats_env
|
||||
|
||||
@@ -37,6 +37,10 @@ CHAIN_GATEWAY_ENV_NAME="${CHAIN_GATEWAY_ENV:-$(resolve_runtime_env_name)}"
|
||||
load_runtime_env_bundle "${CHAIN_GATEWAY_ENV_NAME}"
|
||||
|
||||
IMAGE_TAG="$(compute_image_tag)"
|
||||
CHAIN_GATEWAY_CONFIG_PATH="api/gateway/chain/config.yml"
|
||||
if [ "${CI_RUNTIME_ENV_NAME:-prod}" = "devserver" ] && [ -f "${REPO_ROOT}/api/gateway/chain/config.dev.yml" ]; then
|
||||
CHAIN_GATEWAY_CONFIG_PATH="api/gateway/chain/config.dev.yml"
|
||||
fi
|
||||
|
||||
REGISTRY_URL="${REGISTRY_URL:?missing REGISTRY_URL}"
|
||||
APP_V="${APP_V:?missing APP_V}"
|
||||
@@ -86,6 +90,7 @@ fi
|
||||
--context "${BUILD_CONTEXT}" \
|
||||
--dockerfile "${CHAIN_GATEWAY_DOCKERFILE}" \
|
||||
--destination "${REGISTRY_URL}/${CHAIN_GATEWAY_IMAGE_PATH}:${IMAGE_TAG}" \
|
||||
--build-arg APP_CONFIG_PATH="${CHAIN_GATEWAY_CONFIG_PATH}" \
|
||||
--build-arg APP_VERSION="${APP_V}" \
|
||||
--build-arg GIT_REV="${GIT_REV}" \
|
||||
--build-arg BUILD_BRANCH="${BUILD_BRANCH}" \
|
||||
|
||||
@@ -51,11 +51,13 @@ export CHAIN_GATEWAY_RPC_URL="$(./ci/vlt kv_get kv "${CHAIN_GATEWAY_RPC_SECRET_P
|
||||
export CHAIN_GATEWAY_SERVICE_WALLET_KEY="$(./ci/vlt kv_get kv "${CHAIN_GATEWAY_WALLET_SECRET_PATH}" private_key)"
|
||||
export CHAIN_GATEWAY_SERVICE_WALLET_ADDRESS="$(./ci/vlt kv_get kv "${CHAIN_GATEWAY_WALLET_SECRET_PATH}" address || true)"
|
||||
|
||||
export CHAIN_GATEWAY_VAULT_ROLE_ID="$(./ci/vlt kv_get kv "${CHAIN_GATEWAY_VAULT_SECRET_PATH}" role_id)"
|
||||
export CHAIN_GATEWAY_VAULT_SECRET_ID="$(./ci/vlt kv_get kv "${CHAIN_GATEWAY_VAULT_SECRET_PATH}" secret_id)"
|
||||
if [ -z "${CHAIN_GATEWAY_VAULT_ROLE_ID}" ] || [ -z "${CHAIN_GATEWAY_VAULT_SECRET_ID}" ]; then
|
||||
echo "[chain-gateway-deploy] vault approle creds are empty for path ${CHAIN_GATEWAY_VAULT_SECRET_PATH}" >&2
|
||||
exit 1
|
||||
if [ "${CI_RUNTIME_ENV_NAME:-prod}" != "devserver" ]; then
|
||||
export CHAIN_GATEWAY_VAULT_ROLE_ID="$(./ci/vlt kv_get kv "${CHAIN_GATEWAY_VAULT_SECRET_PATH}" role_id)"
|
||||
export CHAIN_GATEWAY_VAULT_SECRET_ID="$(./ci/vlt kv_get kv "${CHAIN_GATEWAY_VAULT_SECRET_PATH}" secret_id)"
|
||||
if [ -z "${CHAIN_GATEWAY_VAULT_ROLE_ID}" ] || [ -z "${CHAIN_GATEWAY_VAULT_SECRET_ID}" ]; then
|
||||
echo "[chain-gateway-deploy] vault approle creds are empty for path ${CHAIN_GATEWAY_VAULT_SECRET_PATH}" >&2
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
load_nats_env
|
||||
|
||||
94
ci/scripts/chsettle/build-image.sh
Normal file
94
ci/scripts/chsettle/build-image.sh
Normal file
@@ -0,0 +1,94 @@
|
||||
#!/bin/sh
|
||||
set -eu
|
||||
|
||||
if ! set -o pipefail 2>/dev/null; then
|
||||
:
|
||||
fi
|
||||
|
||||
REPO_ROOT="$(cd "$(dirname "$0")/../../.." && pwd)"
|
||||
cd "${REPO_ROOT}"
|
||||
|
||||
sh ci/scripts/common/ensure_env_version.sh
|
||||
. ci/scripts/common/runtime_env.sh
|
||||
|
||||
normalize_env_file() {
|
||||
file="$1"
|
||||
tmp="${file}.tmp.$$"
|
||||
tr -d '\r' <"$file" >"$tmp"
|
||||
mv "$tmp" "$file"
|
||||
}
|
||||
|
||||
load_env_file() {
|
||||
file="$1"
|
||||
while IFS= read -r line || [ -n "$line" ]; do
|
||||
case "$line" in
|
||||
''|\#*) continue ;;
|
||||
esac
|
||||
key="${line%%=*}"
|
||||
value="${line#*=}"
|
||||
key="$(printf '%s' "$key" | tr -d '[:space:]')"
|
||||
value="${value#"${value%%[![:space:]]*}"}"
|
||||
value="${value%"${value##*[![:space:]]}"}"
|
||||
export "$key=$value"
|
||||
done <"$file"
|
||||
}
|
||||
|
||||
CHSETTLE_GATEWAY_ENV_NAME="${CHSETTLE_GATEWAY_ENV:-$(resolve_runtime_env_name)}"
|
||||
load_runtime_env_bundle "${CHSETTLE_GATEWAY_ENV_NAME}"
|
||||
|
||||
IMAGE_TAG="$(compute_image_tag)"
|
||||
|
||||
REGISTRY_URL="${REGISTRY_URL:?missing REGISTRY_URL}"
|
||||
APP_V="${APP_V:?missing APP_V}"
|
||||
CHSETTLE_GATEWAY_DOCKERFILE="${CHSETTLE_GATEWAY_DOCKERFILE:?missing CHSETTLE_GATEWAY_DOCKERFILE}"
|
||||
CHSETTLE_GATEWAY_IMAGE_PATH="${CHSETTLE_GATEWAY_IMAGE_PATH:?missing CHSETTLE_GATEWAY_IMAGE_PATH}"
|
||||
|
||||
REGISTRY_HOST="${REGISTRY_URL#http://}"
|
||||
REGISTRY_HOST="${REGISTRY_HOST#https://}"
|
||||
REGISTRY_USER="$(cat secrets/REGISTRY_USER)"
|
||||
REGISTRY_PASSWORD="$(cat secrets/REGISTRY_PASSWORD)"
|
||||
: "${REGISTRY_USER:?missing registry user}"
|
||||
: "${REGISTRY_PASSWORD:?missing registry password}"
|
||||
|
||||
mkdir -p /kaniko/.docker
|
||||
AUTH_B64="$(printf '%s:%s' "$REGISTRY_USER" "$REGISTRY_PASSWORD" | base64 | tr -d '\n')"
|
||||
cat <<EOF >/kaniko/.docker/config.json
|
||||
{
|
||||
"auths": {
|
||||
"https://${REGISTRY_HOST}": { "auth": "${AUTH_B64}" }
|
||||
}
|
||||
}
|
||||
EOF
|
||||
|
||||
BUILD_CONTEXT="${CHSETTLE_GATEWAY_BUILD_CONTEXT:-${WOODPECKER_WORKSPACE:-${CI_WORKSPACE:-${PWD:-/workspace}}}}"
|
||||
if [ ! -d "${BUILD_CONTEXT}" ]; then
|
||||
BUILD_CONTEXT="/workspace"
|
||||
fi
|
||||
|
||||
# Gateway modules use a local replace (../common); ensure build context contains shared code.
|
||||
if [ ! -d "${BUILD_CONTEXT}/api/gateway/common" ] || [ ! -f "${BUILD_CONTEXT}/${CHSETTLE_GATEWAY_DOCKERFILE}" ]; then
|
||||
if [ -d "${REPO_ROOT}/api/gateway/common" ] && [ -f "${REPO_ROOT}/${CHSETTLE_GATEWAY_DOCKERFILE}" ]; then
|
||||
echo "[chsettle-gateway-build] build context ${BUILD_CONTEXT} is incomplete; falling back to ${REPO_ROOT}" >&2
|
||||
BUILD_CONTEXT="${REPO_ROOT}"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ ! -d "${BUILD_CONTEXT}/api/gateway/common" ]; then
|
||||
echo "[chsettle-gateway-build] build context ${BUILD_CONTEXT} missing api/gateway/common" >&2
|
||||
exit 67
|
||||
fi
|
||||
if [ ! -f "${BUILD_CONTEXT}/${CHSETTLE_GATEWAY_DOCKERFILE}" ]; then
|
||||
echo "[chsettle-gateway-build] dockerfile not found in build context: ${CHSETTLE_GATEWAY_DOCKERFILE}" >&2
|
||||
exit 68
|
||||
fi
|
||||
|
||||
/kaniko/executor \
|
||||
--context "${BUILD_CONTEXT}" \
|
||||
--dockerfile "${CHSETTLE_GATEWAY_DOCKERFILE}" \
|
||||
--destination "${REGISTRY_URL}/${CHSETTLE_GATEWAY_IMAGE_PATH}:${IMAGE_TAG}" \
|
||||
--build-arg APP_VERSION="${APP_V}" \
|
||||
--build-arg GIT_REV="${GIT_REV}" \
|
||||
--build-arg BUILD_BRANCH="${BUILD_BRANCH}" \
|
||||
--build-arg BUILD_DATE="${BUILD_DATE}" \
|
||||
--build-arg BUILD_USER="${BUILD_USER}" \
|
||||
--single-snapshot
|
||||
50
ci/scripts/chsettle/deploy.sh
Normal file
50
ci/scripts/chsettle/deploy.sh
Normal file
@@ -0,0 +1,50 @@
|
||||
#!/bin/sh
|
||||
set -eu
|
||||
|
||||
if ! set -o pipefail 2>/dev/null; then
|
||||
:
|
||||
fi
|
||||
|
||||
REPO_ROOT="$(cd "$(dirname "$0")/../../.." && pwd)"
|
||||
cd "${REPO_ROOT}"
|
||||
|
||||
sh ci/scripts/common/ensure_env_version.sh
|
||||
. ci/scripts/common/runtime_env.sh
|
||||
. ci/scripts/common/nats_env.sh
|
||||
|
||||
normalize_env_file() {
|
||||
file="$1"
|
||||
tmp="${file}.tmp.$$"
|
||||
tr -d '\r' <"$file" >"$tmp"
|
||||
mv "$tmp" "$file"
|
||||
}
|
||||
|
||||
load_env_file() {
|
||||
file="$1"
|
||||
while IFS= read -r line || [ -n "$line" ]; do
|
||||
case "$line" in
|
||||
''|\#*) continue ;;
|
||||
esac
|
||||
key="${line%%=*}"
|
||||
value="${line#*=}"
|
||||
key="$(printf '%s' "$key" | tr -d '[:space:]')"
|
||||
value="${value#"${value%%[![:space:]]*}"}"
|
||||
value="${value%"${value##*[![:space:]]}"}"
|
||||
export "$key=$value"
|
||||
done <"$file"
|
||||
}
|
||||
|
||||
CHSETTLE_GATEWAY_ENV_NAME="${CHSETTLE_GATEWAY_ENV:-$(resolve_runtime_env_name)}"
|
||||
load_runtime_env_bundle "${CHSETTLE_GATEWAY_ENV_NAME}"
|
||||
|
||||
CHSETTLE_GATEWAY_MONGO_SECRET_PATH="${CHSETTLE_GATEWAY_MONGO_SECRET_PATH:?missing CHSETTLE_GATEWAY_MONGO_SECRET_PATH}"
|
||||
CHSETTLE_GATEWAY_NATS_SECRET_PATH="${CHSETTLE_GATEWAY_NATS_SECRET_PATH:-sendico/nats}"
|
||||
|
||||
export CHSETTLE_GATEWAY_MONGO_USER="$(./ci/vlt kv_get kv "${CHSETTLE_GATEWAY_MONGO_SECRET_PATH}" user)"
|
||||
export CHSETTLE_GATEWAY_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${CHSETTLE_GATEWAY_MONGO_SECRET_PATH}" password)"
|
||||
|
||||
NATS_SECRET_PATH="${CHSETTLE_GATEWAY_NATS_SECRET_PATH}" load_nats_env
|
||||
|
||||
bash ci/prod/scripts/bootstrap/network.sh
|
||||
sh ci/scripts/common/ensure_remote_registry_login.sh
|
||||
bash ci/prod/scripts/deploy/chsettle_gateway.sh
|
||||
@@ -57,6 +57,18 @@ EOF
|
||||
cat <<'EOF'
|
||||
api/pkg
|
||||
api/gateway/mntx
|
||||
EOF
|
||||
;;
|
||||
gateway_aurora)
|
||||
cat <<'EOF'
|
||||
api/pkg
|
||||
api/gateway/aurora
|
||||
EOF
|
||||
;;
|
||||
gateway_chsettle)
|
||||
cat <<'EOF'
|
||||
api/pkg
|
||||
api/gateway/chsettle
|
||||
EOF
|
||||
;;
|
||||
gateway_tgsettle)
|
||||
|
||||
@@ -86,6 +86,16 @@ load_runtime_env_bundle() {
|
||||
env_name="$1"
|
||||
runtime_file="$(resolve_runtime_env_file "${env_name}")"
|
||||
|
||||
if [ -n "${VAULT_ADDR:-}" ] && [ -z "${CI_VAULT_ADDR:-}" ]; then
|
||||
export CI_VAULT_ADDR="${VAULT_ADDR}"
|
||||
fi
|
||||
if [ -n "${VAULT_ROLE_ID:-}" ] && [ -z "${CI_VAULT_ROLE_ID:-}" ]; then
|
||||
export CI_VAULT_ROLE_ID="${VAULT_ROLE_ID}"
|
||||
fi
|
||||
if [ -n "${VAULT_SECRET_ID:-}" ] && [ -z "${CI_VAULT_SECRET_ID:-}" ]; then
|
||||
export CI_VAULT_SECRET_ID="${VAULT_SECRET_ID}"
|
||||
fi
|
||||
|
||||
normalize_env_file "${runtime_file}"
|
||||
normalize_env_file ./.env.version
|
||||
|
||||
|
||||
@@ -37,6 +37,10 @@ TRON_GATEWAY_ENV_NAME="${TRON_GATEWAY_ENV:-$(resolve_runtime_env_name)}"
|
||||
load_runtime_env_bundle "${TRON_GATEWAY_ENV_NAME}"
|
||||
|
||||
IMAGE_TAG="$(compute_image_tag)"
|
||||
TRON_GATEWAY_CONFIG_PATH="api/gateway/tron/config.yml"
|
||||
if [ "${CI_RUNTIME_ENV_NAME:-prod}" = "devserver" ] && [ -f "${REPO_ROOT}/api/gateway/tron/config.dev.yml" ]; then
|
||||
TRON_GATEWAY_CONFIG_PATH="api/gateway/tron/config.dev.yml"
|
||||
fi
|
||||
|
||||
REGISTRY_URL="${REGISTRY_URL:?missing REGISTRY_URL}"
|
||||
APP_V="${APP_V:?missing APP_V}"
|
||||
@@ -86,6 +90,7 @@ fi
|
||||
--context "${BUILD_CONTEXT}" \
|
||||
--dockerfile "${TRON_GATEWAY_DOCKERFILE}" \
|
||||
--destination "${REGISTRY_URL}/${TRON_GATEWAY_IMAGE_PATH}:${IMAGE_TAG}" \
|
||||
--build-arg APP_CONFIG_PATH="${TRON_GATEWAY_CONFIG_PATH}" \
|
||||
--build-arg APP_VERSION="${APP_V}" \
|
||||
--build-arg GIT_REV="${GIT_REV}" \
|
||||
--build-arg BUILD_BRANCH="${BUILD_BRANCH}" \
|
||||
|
||||
@@ -53,11 +53,13 @@ export TRON_GATEWAY_GRPC_TOKEN="$(./ci/vlt kv_get kv "${TRON_GATEWAY_RPC_SECRET_
|
||||
export TRON_GATEWAY_SERVICE_WALLET_KEY="$(./ci/vlt kv_get kv "${TRON_GATEWAY_WALLET_SECRET_PATH}" private_key)"
|
||||
export TRON_GATEWAY_SERVICE_WALLET_ADDRESS="$(./ci/vlt kv_get kv "${TRON_GATEWAY_WALLET_SECRET_PATH}" address || true)"
|
||||
|
||||
export TRON_GATEWAY_VAULT_ROLE_ID="$(./ci/vlt kv_get kv "${TRON_GATEWAY_VAULT_SECRET_PATH}" role_id)"
|
||||
export TRON_GATEWAY_VAULT_SECRET_ID="$(./ci/vlt kv_get kv "${TRON_GATEWAY_VAULT_SECRET_PATH}" secret_id)"
|
||||
if [ -z "${TRON_GATEWAY_VAULT_ROLE_ID}" ] || [ -z "${TRON_GATEWAY_VAULT_SECRET_ID}" ]; then
|
||||
echo "[tron-gateway-deploy] vault approle creds are empty for path ${TRON_GATEWAY_VAULT_SECRET_PATH}" >&2
|
||||
exit 1
|
||||
if [ "${CI_RUNTIME_ENV_NAME:-prod}" != "devserver" ]; then
|
||||
export TRON_GATEWAY_VAULT_ROLE_ID="$(./ci/vlt kv_get kv "${TRON_GATEWAY_VAULT_SECRET_PATH}" role_id)"
|
||||
export TRON_GATEWAY_VAULT_SECRET_ID="$(./ci/vlt kv_get kv "${TRON_GATEWAY_VAULT_SECRET_PATH}" secret_id)"
|
||||
if [ -z "${TRON_GATEWAY_VAULT_ROLE_ID}" ] || [ -z "${TRON_GATEWAY_VAULT_SECRET_ID}" ]; then
|
||||
echo "[tron-gateway-deploy] vault approle creds are empty for path ${TRON_GATEWAY_VAULT_SECRET_PATH}" >&2
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
load_nats_env
|
||||
|
||||
38
ci/scripts/vault/deploy.sh
Normal file
38
ci/scripts/vault/deploy.sh
Normal file
@@ -0,0 +1,38 @@
|
||||
#!/bin/sh
|
||||
set -eu
|
||||
|
||||
if ! set -o pipefail 2>/dev/null; then
|
||||
:
|
||||
fi
|
||||
|
||||
REPO_ROOT="$(cd "$(dirname "$0")/../../.." && pwd)"
|
||||
cd "${REPO_ROOT}"
|
||||
|
||||
. ci/scripts/common/runtime_env.sh
|
||||
|
||||
normalize_env_file() {
|
||||
file="$1"
|
||||
tmp="${file}.tmp.$$"
|
||||
tr -d '\r' <"$file" >"$tmp"
|
||||
mv "$tmp" "$file"
|
||||
}
|
||||
|
||||
load_env_file() {
|
||||
file="$1"
|
||||
while IFS= read -r line || [ -n "$line" ]; do
|
||||
case "$line" in
|
||||
''|\#*) continue ;;
|
||||
esac
|
||||
key="${line%%=*}"
|
||||
value="${line#*=}"
|
||||
key="$(printf '%s' "$key" | tr -d '[:space:]')"
|
||||
value="${value#"${value%%[![:space:]]*}"}"
|
||||
value="${value%"${value##*[![:space:]]}"}"
|
||||
export "$key=$value"
|
||||
done <"$file"
|
||||
}
|
||||
|
||||
VAULT_ENV_NAME="${VAULT_ENV:-$(resolve_runtime_env_name)}"
|
||||
load_runtime_env_bundle "${VAULT_ENV_NAME}"
|
||||
|
||||
bash ci/prod/scripts/deploy/vault.sh
|
||||
Reference in New Issue
Block a user