[infra] vault + chsettle + aurora for dev
This commit is contained in:
Stephan D
94
ci/scripts/aurora/build-image.sh
Normal file
94
ci/scripts/aurora/build-image.sh
Normal file
@@ -0,0 +1,94 @@
|
||||
#!/bin/sh
|
||||
set -eu
|
||||
|
||||
if ! set -o pipefail 2>/dev/null; then
|
||||
:
|
||||
fi
|
||||
|
||||
REPO_ROOT="$(cd "$(dirname "$0")/../../.." && pwd)"
|
||||
cd "${REPO_ROOT}"
|
||||
|
||||
sh ci/scripts/common/ensure_env_version.sh
|
||||
. ci/scripts/common/runtime_env.sh
|
||||
|
||||
normalize_env_file() {
|
||||
file="$1"
|
||||
tmp="${file}.tmp.$$"
|
||||
tr -d '\r' <"$file" >"$tmp"
|
||||
mv "$tmp" "$file"
|
||||
}
|
||||
|
||||
load_env_file() {
|
||||
file="$1"
|
||||
while IFS= read -r line || [ -n "$line" ]; do
|
||||
case "$line" in
|
||||
''|\#*) continue ;;
|
||||
esac
|
||||
key="${line%%=*}"
|
||||
value="${line#*=}"
|
||||
key="$(printf '%s' "$key" | tr -d '[:space:]')"
|
||||
value="${value#"${value%%[![:space:]]*}"}"
|
||||
value="${value%"${value##*[![:space:]]}"}"
|
||||
export "$key=$value"
|
||||
done <"$file"
|
||||
}
|
||||
|
||||
AURORA_GATEWAY_ENV_NAME="${AURORA_GATEWAY_ENV:-$(resolve_runtime_env_name)}"
|
||||
load_runtime_env_bundle "${AURORA_GATEWAY_ENV_NAME}"
|
||||
|
||||
IMAGE_TAG="$(compute_image_tag)"
|
||||
|
||||
REGISTRY_URL="${REGISTRY_URL:?missing REGISTRY_URL}"
|
||||
APP_V="${APP_V:?missing APP_V}"
|
||||
AURORA_GATEWAY_DOCKERFILE="${AURORA_GATEWAY_DOCKERFILE:?missing AURORA_GATEWAY_DOCKERFILE}"
|
||||
AURORA_GATEWAY_IMAGE_PATH="${AURORA_GATEWAY_IMAGE_PATH:?missing AURORA_GATEWAY_IMAGE_PATH}"
|
||||
|
||||
REGISTRY_HOST="${REGISTRY_URL#http://}"
|
||||
REGISTRY_HOST="${REGISTRY_HOST#https://}"
|
||||
REGISTRY_USER="$(cat secrets/REGISTRY_USER)"
|
||||
REGISTRY_PASSWORD="$(cat secrets/REGISTRY_PASSWORD)"
|
||||
: "${REGISTRY_USER:?missing registry user}"
|
||||
: "${REGISTRY_PASSWORD:?missing registry password}"
|
||||
|
||||
mkdir -p /kaniko/.docker
|
||||
AUTH_B64="$(printf '%s:%s' "$REGISTRY_USER" "$REGISTRY_PASSWORD" | base64 | tr -d '\n')"
|
||||
cat <<EOF >/kaniko/.docker/config.json
|
||||
{
|
||||
"auths": {
|
||||
"https://${REGISTRY_HOST}": { "auth": "${AUTH_B64}" }
|
||||
}
|
||||
}
|
||||
EOF
|
||||
|
||||
BUILD_CONTEXT="${AURORA_GATEWAY_BUILD_CONTEXT:-${WOODPECKER_WORKSPACE:-${CI_WORKSPACE:-${PWD:-/workspace}}}}"
|
||||
if [ ! -d "${BUILD_CONTEXT}" ]; then
|
||||
BUILD_CONTEXT="/workspace"
|
||||
fi
|
||||
|
||||
# Gateway modules use a local replace (../common); ensure build context contains shared code.
|
||||
if [ ! -d "${BUILD_CONTEXT}/api/gateway/common" ] || [ ! -f "${BUILD_CONTEXT}/${AURORA_GATEWAY_DOCKERFILE}" ]; then
|
||||
if [ -d "${REPO_ROOT}/api/gateway/common" ] && [ -f "${REPO_ROOT}/${AURORA_GATEWAY_DOCKERFILE}" ]; then
|
||||
echo "[aurora-gateway-build] build context ${BUILD_CONTEXT} is incomplete; falling back to ${REPO_ROOT}" >&2
|
||||
BUILD_CONTEXT="${REPO_ROOT}"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ ! -d "${BUILD_CONTEXT}/api/gateway/common" ]; then
|
||||
echo "[aurora-gateway-build] build context ${BUILD_CONTEXT} missing api/gateway/common" >&2
|
||||
exit 67
|
||||
fi
|
||||
if [ ! -f "${BUILD_CONTEXT}/${AURORA_GATEWAY_DOCKERFILE}" ]; then
|
||||
echo "[aurora-gateway-build] dockerfile not found in build context: ${AURORA_GATEWAY_DOCKERFILE}" >&2
|
||||
exit 68
|
||||
fi
|
||||
|
||||
/kaniko/executor \
|
||||
--context "${BUILD_CONTEXT}" \
|
||||
--dockerfile "${AURORA_GATEWAY_DOCKERFILE}" \
|
||||
--destination "${REGISTRY_URL}/${AURORA_GATEWAY_IMAGE_PATH}:${IMAGE_TAG}" \
|
||||
--build-arg APP_VERSION="${APP_V}" \
|
||||
--build-arg GIT_REV="${GIT_REV}" \
|
||||
--build-arg BUILD_BRANCH="${BUILD_BRANCH}" \
|
||||
--build-arg BUILD_DATE="${BUILD_DATE}" \
|
||||
--build-arg BUILD_USER="${BUILD_USER}" \
|
||||
--single-snapshot
|
||||
50
ci/scripts/aurora/deploy.sh
Normal file
50
ci/scripts/aurora/deploy.sh
Normal file
@@ -0,0 +1,50 @@
|
||||
#!/bin/sh
|
||||
set -eu
|
||||
|
||||
if ! set -o pipefail 2>/dev/null; then
|
||||
:
|
||||
fi
|
||||
|
||||
REPO_ROOT="$(cd "$(dirname "$0")/../../.." && pwd)"
|
||||
cd "${REPO_ROOT}"
|
||||
|
||||
sh ci/scripts/common/ensure_env_version.sh
|
||||
. ci/scripts/common/runtime_env.sh
|
||||
. ci/scripts/common/nats_env.sh
|
||||
|
||||
normalize_env_file() {
|
||||
file="$1"
|
||||
tmp="${file}.tmp.$$"
|
||||
tr -d '\r' <"$file" >"$tmp"
|
||||
mv "$tmp" "$file"
|
||||
}
|
||||
|
||||
load_env_file() {
|
||||
file="$1"
|
||||
while IFS= read -r line || [ -n "$line" ]; do
|
||||
case "$line" in
|
||||
''|\#*) continue ;;
|
||||
esac
|
||||
key="${line%%=*}"
|
||||
value="${line#*=}"
|
||||
key="$(printf '%s' "$key" | tr -d '[:space:]')"
|
||||
value="${value#"${value%%[![:space:]]*}"}"
|
||||
value="${value%"${value##*[![:space:]]}"}"
|
||||
export "$key=$value"
|
||||
done <"$file"
|
||||
}
|
||||
|
||||
AURORA_GATEWAY_ENV_NAME="${AURORA_GATEWAY_ENV:-$(resolve_runtime_env_name)}"
|
||||
load_runtime_env_bundle "${AURORA_GATEWAY_ENV_NAME}"
|
||||
|
||||
AURORA_GATEWAY_MONGO_SECRET_PATH="${AURORA_GATEWAY_MONGO_SECRET_PATH:?missing AURORA_GATEWAY_MONGO_SECRET_PATH}"
|
||||
AURORA_GATEWAY_NATS_SECRET_PATH="${AURORA_GATEWAY_NATS_SECRET_PATH:-sendico/nats}"
|
||||
|
||||
export AURORA_GATEWAY_MONGO_USER="$(./ci/vlt kv_get kv "${AURORA_GATEWAY_MONGO_SECRET_PATH}" user)"
|
||||
export AURORA_GATEWAY_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${AURORA_GATEWAY_MONGO_SECRET_PATH}" password)"
|
||||
|
||||
NATS_SECRET_PATH="${AURORA_GATEWAY_NATS_SECRET_PATH}" load_nats_env
|
||||
|
||||
bash ci/prod/scripts/bootstrap/network.sh
|
||||
sh ci/scripts/common/ensure_remote_registry_login.sh
|
||||
bash ci/prod/scripts/deploy/aurora_gateway.sh
|
||||
Reference in New Issue
Block a user