ii64/obs-access-signer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

merge into: ii64:master
Branches Tags
ii64:master
ii64:feat/ci
ii64:fix/ci
ii64:v0.0.5
ii64:v0.0.4
ii64:v0.0.3
ii64:v0.0.2
ii64:v0.0.1
...
pull from: ii64:fix/ci
Branches Tags
ii64:master
ii64:feat/ci
ii64:fix/ci
ii64:v0.0.5
ii64:v0.0.4
ii64:v0.0.3
ii64:v0.0.2
ii64:v0.0.1

1 commit
master ... fix/ci

Author SHA1 Message Date
Nugraha
9b66abc101
ci: initial files
All checks were successful
continuous-integration/drone/tag Build is passing
Details
continuous-integration/drone/push Build is passing
Details
2022-12-06 19:26:10 +07:00
6 changed files with 88 additions and 23 deletions
Show stats Expand all files Collapse all files

49
.github/workflows/ci.yml vendored Normal file
View file

@ -0,0 +1,49 @@
name: CI
env:
GO_VERSION: 1.19.x
on:
push:
workflow_dispatch:
jobs:
release:
runs-on: ubuntu-latest
# if: startsWith(github.ref, 'ref/tags/v')
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- uses: actions/setup-go@v2
with:
go-version: ${{ env.GO_VERSION }}
- name: Get go version
id: go-version
run: echo "::set-output name=version::$(go env GOVERSION)"
- name: Docker Login
env:
DOCKER_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
run: |
echo "${DOCKER_PASSWORD}" | docker login --username "${DOCKER_USERNAME}" --password-stdin
- uses: actions/cache@v2
with:
# In order:
# * Module download cache
# * Build cache (Linux)
# * Build cache (Mac)
# * Build cache (Windows)
path: |
~/go/pkg/mod
~/.cache/go-build
~/Library/Caches/go-build
%LocalAppData%\go-build
key: ${{ env.CACHE_VERSION }}-${{ runner.os }}-${{ steps.go-version.outputs.version }}-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ env.CACHE_VERSION }}-${{ runner.os }}-go
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v2
with:
version: latest
args: release --rm-dist
env:
GITHUB_TOKEN: ${{ secrets.GORELEASER_GITHUB_TOKEN }}

7
.goreleaser.yml Normal file
View file

@ -0,0 +1,7 @@
dockers:
- goos: linux
goarch: amd64
image_templates:
- "ii64/obs-access-signer:latest"
- "ii64/obs-access-signer:v{{ .Version }}"
skip_push: auto

22
Dockerfile
View file

@ -1,18 +1,12 @@
FROM ii64/golang-zig:go1.18-alpine3.15-zig AS builder FROM golang:alpine as build
RUN apk --no-cache add ca-certificates
WORKDIR /build RUN mkdir /newtmp && chown 1777 /newtmp
COPY . /build
RUN apk add --no-cache \ FROM scratch
make COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=build /newtmp /tmp
RUN --mount=type=cache,mode=0755,target=/go/pkg/mod make dep COPY obs-access-signer /
RUN make build
ENTRYPOINT ["/obs-access-signer"]
FROM gcr.io/distroless/static-debian11
WORKDIR /app
COPY --from=builder /build/obs-access-signer /app/obs-access-signer
ENTRYPOINT [ "/app/obs-access-signer" ]

20
Dockerfile.dev Normal file
View file

@ -0,0 +1,20 @@
FROM ii64/golang-zig:go1.18-alpine3.15-zig AS builder
WORKDIR /build
COPY . /build
RUN apk add --no-cache \
make
RUN --mount=type=cache,mode=0755,target=/go/pkg/mod make dep
RUN make build
FROM scratch
WORKDIR /app
COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=builder /build/obs-access-signer /app/obs-access-signer
ENTRYPOINT [ "/app/obs-access-signer" ]

8
Makefile
View file

@ -2,8 +2,6 @@ all: build
export DOCKER_BUILDKIT=1 export DOCKER_BUILDKIT=1
IMAGE := obs-access-signer:dev
# use zig cc/c++ to statically link deps # use zig cc/c++ to statically link deps
TARGET_TRIPLE := x86_64-linux TARGET_TRIPLE := x86_64-linux
@ -14,11 +12,9 @@ CXXFLAGS += -target $(TARGET_TRIPLE)
GOFLAGS ?= GOFLAGS ?=
GOFLAGS += -x -trimpath GOFLAGS += -x -trimpath
.PHONY: dep
dep: dep:
go mod download go mod download
build: build:
CGO_ENABLED=0 CC="zig cc $(CFLAGS)" CXX="zig c++ $(CXXFLAGS)" go build $(GOFLAGS) . CGO_ENABLED=0 CC="zig cc $(CFLAGS)" CXX="zig c++ $(CXXFLAGS)" go build $(GOFLAGS) .
build.docker:
"docker" build --progress=plain -t $(IMAGE) .

5
README.md
View file

@ -4,12 +4,11 @@ S3 Object Storage access signer.
Run `obs-access-signer` behind a gateway/cache proxy is preferred as the response is static. Run `obs-access-signer` behind a gateway/cache proxy is preferred as the response is static.
There's an example of using it with Varnish Cache, you can see [here](docker/docker-compose.yaml). There's an example of using it with Varnish Cache, which you can see [here](docker/docker-compose.yaml).
## Why? ## Why?
Some S3-compatible gateway might not support ACL endpoints but they are support presigned access. Currently, the behavior of `obs-access-signer` is similar to `public-read` ACL where clients can access objects anonymously and redirect them (permanently) to presigned url with `Expires` set to the max signed value of `int64` which has roughly 250yrs lifetime since unix time started. Some S3-compatible gateways might not support ACL endpoints but they support presigned access. Currently, the behavior of `obs-access-signer` is similar to `public-read` ACL where clients can access objects anonymously and redirect them (permanently) to presigned URL with `Expires` set to the max signed value of `int64` which has roughly 250yrs lifetime since UNIX time started.
## License ## License