From ec26272c8af34844a062e585732c394668c4a69a Mon Sep 17 00:00:00 2001 From: Nugraha Date: Tue, 6 Dec 2022 18:15:25 +0700 Subject: [PATCH] ci: initial files --- .github/workflows/ci.yml | 49 ++++++++++++++++++++++++++++++++++++++++ .goreleaser.yml | 7 ++++++ Dockerfile | 24 ++++++++------------ Dockerfile.dev | 20 ++++++++++++++++ Makefile | 8 ++----- README.md | 5 ++-- 6 files changed, 90 insertions(+), 23 deletions(-) create mode 100644 .github/workflows/ci.yml create mode 100644 .goreleaser.yml create mode 100644 Dockerfile.dev diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..77665cf --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,49 @@ +name: CI +env: + GO_VERSION: 1.19.x +on: + push: + workflow_dispatch: + +jobs: + release: + runs-on: ubuntu-latest + # if: startsWith(github.ref, 'ref/tags/v') + steps: + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + - uses: actions/setup-go@v2 + with: + go-version: ${{ env.GO_VERSION }} + - name: Get go version + id: go-version + run: echo "::set-output name=version::$(go env GOVERSION)" + - name: Docker Login + env: + DOCKER_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} + DOCKER_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }} + run: | + echo "${DOCKER_PASSWORD}" | docker login --username "${DOCKER_USERNAME}" --password-stdin + - uses: actions/cache@v2 + with: + # In order: + # * Module download cache + # * Build cache (Linux) + # * Build cache (Mac) + # * Build cache (Windows) + path: | + ~/go/pkg/mod + ~/.cache/go-build + ~/Library/Caches/go-build + %LocalAppData%\go-build + key: ${{ env.CACHE_VERSION }}-${{ runner.os }}-${{ steps.go-version.outputs.version }}-${{ hashFiles('**/go.sum') }} + restore-keys: | + ${{ env.CACHE_VERSION }}-${{ runner.os }}-go + - name: Run GoReleaser + uses: goreleaser/goreleaser-action@v2 + with: + version: latest + args: release --rm-dist + env: + GITHUB_TOKEN: ${{ secrets.GORELEASER_GITHUB_TOKEN }} \ No newline at end of file diff --git a/.goreleaser.yml b/.goreleaser.yml new file mode 100644 index 0000000..fbb95bc --- /dev/null +++ b/.goreleaser.yml @@ -0,0 +1,7 @@ +dockers: + - goos: linux + goarch: amd64 + image_templates: + - "ii64/obs-access-signer:latest" + - "ii64/obs-access-signer:v{{ .Version }}" + skip_push: auto \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 18a1029..e280a1d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,18 +1,14 @@ -FROM ii64/golang-zig:go1.18-alpine3.15-zig AS builder +FROM golang:alpine as build +RUN apk --no-cache add ca-certificates -WORKDIR /build -COPY . /build +RUN mkdir /newtmp && chown 1777 /newtmp -RUN apk add --no-cache \ - make +FROM scratch +COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ +COPY --from=build /newtmp /tmp -RUN --mount=type=cache,mode=0755,target=/go/pkg/mod make dep -RUN make build +COPY . / +RUN ls -lah / +COPY obs-access-signer / - -FROM gcr.io/distroless/static-debian11 - -WORKDIR /app -COPY --from=builder /build/obs-access-signer /app/obs-access-signer - -ENTRYPOINT [ "/app/obs-access-signer" ] \ No newline at end of file +ENTRYPOINT ["/obs-access-signer"] diff --git a/Dockerfile.dev b/Dockerfile.dev new file mode 100644 index 0000000..e50f51b --- /dev/null +++ b/Dockerfile.dev @@ -0,0 +1,20 @@ +FROM ii64/golang-zig:go1.18-alpine3.15-zig AS builder + +WORKDIR /build +COPY . /build + +RUN apk add --no-cache \ + make + +RUN --mount=type=cache,mode=0755,target=/go/pkg/mod make dep +RUN make build + + +FROM scratch + +WORKDIR /app + +COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ +COPY --from=builder /build/obs-access-signer /app/obs-access-signer + +ENTRYPOINT [ "/app/obs-access-signer" ] \ No newline at end of file diff --git a/Makefile b/Makefile index d27b0d5..3c37d9b 100644 --- a/Makefile +++ b/Makefile @@ -2,8 +2,6 @@ all: build export DOCKER_BUILDKIT=1 -IMAGE := obs-access-signer:dev - # use zig cc/c++ to statically link deps TARGET_TRIPLE := x86_64-linux @@ -14,11 +12,9 @@ CXXFLAGS += -target $(TARGET_TRIPLE) GOFLAGS ?= GOFLAGS += -x -trimpath +.PHONY: dep dep: go mod download build: - CGO_ENABLED=0 CC="zig cc $(CFLAGS)" CXX="zig c++ $(CXXFLAGS)" go build $(GOFLAGS) . - -build.docker: - "docker" build --progress=plain -t $(IMAGE) . \ No newline at end of file + CGO_ENABLED=0 CC="zig cc $(CFLAGS)" CXX="zig c++ $(CXXFLAGS)" go build $(GOFLAGS) . \ No newline at end of file diff --git a/README.md b/README.md index c8571f3..aa28994 100644 --- a/README.md +++ b/README.md @@ -4,12 +4,11 @@ S3 Object Storage access signer. Run `obs-access-signer` behind a gateway/cache proxy is preferred as the response is static. -There's an example of using it with Varnish Cache, you can see [here](docker/docker-compose.yaml). +There's an example of using it with Varnish Cache, which you can see [here](docker/docker-compose.yaml). ## Why? -Some S3-compatible gateway might not support ACL endpoints but they are support presigned access. Currently, the behavior of `obs-access-signer` is similar to `public-read` ACL where clients can access objects anonymously and redirect them (permanently) to presigned url with `Expires` set to the max signed value of `int64` which has roughly 250yrs lifetime since unix time started. - +Some S3-compatible gateways might not support ACL endpoints but they support presigned access. Currently, the behavior of `obs-access-signer` is similar to `public-read` ACL where clients can access objects anonymously and redirect them (permanently) to presigned URL with `Expires` set to the max signed value of `int64` which has roughly 250yrs lifetime since UNIX time started. ## License