-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathEarthfile
239 lines (214 loc) · 9.39 KB
/
Earthfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
VERSION 0.7
FROM purtontech/rust-on-nails-devcontainer:1.1.8
ARG --global APP_EXE_NAME=cloak
ARG --global CLI_EXE_NAME=cli
ARG --global CLI_LINUX_EXE_NAME=cloak-linux
ARG --global CLI_MACOS_EXE_NAME=cloak-macos
ARG --global DBMATE_VERSION=2.2.0
# Folders
ARG --global AXUM_FOLDER=crates/axum-server
ARG --global DB_FOLDER=crates/db
ARG --global GRPC_API_FOLDER=crates/grpc-api
ARG --global PIPELINE_FOLDER=crates/asset-pipeline
# Base images
ARG --global ENVOY_PROXY=envoyproxy/envoy:v1.17-latest
ARG --global NGINX=nginx:1.21.5
ARG --global KUBECTL=bitnami/kubectl:latest
# This file builds the following containers
ARG --global APP_IMAGE_NAME=purton-tech/cloak-server:latest
ARG --global MIGRATIONS_IMAGE_NAME=purton-tech/cloak-db-migrations:latest
ARG --global ENVOY_IMAGE_NAME=purton-tech/cloak-envoy:latest
ARG --global WWW_IMAGE_NAME=purton-tech/cloak-website:latest
ARG --global KUBERNETES_NAME=purton-tech/cloak-kubernetes:latest
ARG --global EXTERNAL_SECRETS_IMAGE_NAME=purton-tech/cloak-external-secrets:latest
WORKDIR /build
USER vscode
dev:
BUILD +pull-request
# On github this check is performed directly by the action
BUILD +check-selenium-failure
pull-request:
BUILD +migration-container
BUILD +app-container
BUILD +envoy-container
BUILD +integration-test
BUILD +external-secrets-container
all:
BUILD +migration-container
BUILD +app-container
BUILD +envoy-container
BUILD +external-secrets-container
BUILD +build-cli-osx
BUILD +kubernetes-container
BUILD +save-artifacts
npm-deps:
COPY $PIPELINE_FOLDER/package.json $PIPELINE_FOLDER/package.json
COPY $PIPELINE_FOLDER/package-lock.json $PIPELINE_FOLDER/package-lock.json
RUN cd $PIPELINE_FOLDER && npm install
SAVE ARTIFACT $PIPELINE_FOLDER/node_modules
npm-build:
FROM +npm-deps
COPY $PIPELINE_FOLDER $PIPELINE_FOLDER
COPY --if-exists $GRPC_API_FOLDER $GRPC_API_FOLDER
COPY +npm-deps/node_modules $PIPELINE_FOLDER/node_modules
RUN cd $PIPELINE_FOLDER && npm run release
SAVE ARTIFACT $PIPELINE_FOLDER/dist
prepare-cache:
# Copy in all our crates
COPY --dir crates crates
COPY Cargo.lock Cargo.toml .
RUN cargo chef prepare --recipe-path recipe.json --bin $AXUM_FOLDER
SAVE ARTIFACT recipe.json
build-cache:
COPY +prepare-cache/recipe.json ./
RUN cargo chef cook --release --target x86_64-unknown-linux-musl
SAVE ARTIFACT target
SAVE ARTIFACT $CARGO_HOME cargo_home
SAVE IMAGE --cache-hint
build:
# Copy in all our crates
COPY --dir crates crates
COPY --dir Cargo.lock Cargo.toml .
COPY +build-cache/cargo_home $CARGO_HOME
COPY +build-cache/target target
COPY --dir +npm-build/dist $PIPELINE_FOLDER/
# We need to run inside docker as we need postgres running for cornucopia
ARG DATABASE_URL=postgresql://postgres:testpassword@localhost:5432/postgres?sslmode=disable
USER root
WITH DOCKER \
--pull postgres:alpine
RUN docker run -d --rm --network=host -e POSTGRES_PASSWORD=testpassword postgres:alpine \
&& while ! pg_isready --host=localhost --port=5432 --username=postgres; do sleep 1; done ;\
dbmate --migrations-dir $DB_FOLDER/migrations up \
&& cargo build --release --target x86_64-unknown-linux-musl
END
SAVE ARTIFACT target/x86_64-unknown-linux-musl/release/$APP_EXE_NAME
SAVE ARTIFACT target/x86_64-unknown-linux-musl/release/$CLI_EXE_NAME
SAVE ARTIFACT target/x86_64-unknown-linux-musl/release/external-secrets
save-artifacts:
FROM +build
SAVE ARTIFACT target/x86_64-unknown-linux-musl/release/$APP_EXE_NAME AS LOCAL ./tmp/app
SAVE ARTIFACT target/x86_64-unknown-linux-musl/release/$CLI_EXE_NAME AS LOCAL ./tmp/$CLI_LINUX_EXE_NAME
migration-container:
FROM alpine
RUN apk add --no-cache \
curl \
postgresql-client \
tzdata
RUN curl -OL https://github.com/amacneil/dbmate/releases/download/v$DBMATE_VERSION/dbmate-linux-amd64 \
&& mv ./dbmate-linux-amd64 /usr/bin/dbmate \
&& chmod +x /usr/bin/dbmate
COPY --dir $DB_FOLDER .
CMD dbmate up
SAVE IMAGE --push $MIGRATIONS_IMAGE_NAME
# To test this locally run
# docker run -it --rm -e APP_DATABASE_URL=$APP_DATABASE_URL -p 7403:7403 purtontech/trace-server:latest
app-container:
FROM scratch
COPY +build/$APP_EXE_NAME axum-server
# Place assets in a build folder as that's where statics is expecting them.
COPY --dir +npm-build/dist /build/$PIPELINE_FOLDER/
COPY --dir $PIPELINE_FOLDER/images /build/$PIPELINE_FOLDER/images
ENTRYPOINT ["./axum-server"]
SAVE IMAGE --push $APP_IMAGE_NAME
# Acts a proxy between cloak and https://external-secrets.io/
external-secrets-container:
FROM scratch
COPY +build/external-secrets axum-server
COPY --dir $PIPELINE_FOLDER/images /build/$PIPELINE_FOLDER/images
ENTRYPOINT ["./axum-server"]
SAVE IMAGE --push $EXTERNAL_SECRETS_IMAGE_NAME
envoy-container:
FROM $ENVOY_PROXY
COPY .devcontainer/envoy.yaml /etc/envoy/envoy.yaml
# Update the first entry in our config to point at the marketing pages
RUN sed -i '0,/development/{s/development/www/}' /etc/envoy/envoy.yaml
RUN sed -i '0,/7104/{s/7104/80/}' /etc/envoy/envoy.yaml
# The second development entry in our cluster list is the app
RUN sed -i '0,/development/{s/development/app/}' /etc/envoy/envoy.yaml
SAVE IMAGE $ENVOY_IMAGE_NAME
integration-test:
FROM +build
COPY .devcontainer/docker-compose.yml ./
COPY .devcontainer/docker-compose.earthly.yml ./
ARG DATABASE_URL=postgresql://postgres:testpassword@localhost:5432/cloak?sslmode=disable
ARG APP_DATABASE_URL=postgresql://cloak_application:testpassword@db:5432/cloak
# We expose selenium to localhost
ARG WEB_DRIVER_URL='http://localhost:4444'
# The selenium container will connect to the envoy container
ARG WEB_DRIVER_DESTINATION_HOST='http://envoy:7100'
# How do we connect to mailhog
ARG MAILHOG_URL=http://localhost:8025/api/v2/messages?limit=1
USER root
RUN rm /var/run/docker.pid
WITH DOCKER \
--compose docker-compose.yml \
--compose docker-compose.earthly.yml \
--service db \
--service auth \
--service smtp \
# Record our selenium session
--service selenium \
--pull selenium/video:ffmpeg-4.3.1-20220208 \
# Bring up the containers we have built
--load $APP_IMAGE_NAME=+app-container \
--load $ENVOY_IMAGE_NAME=+envoy-container
# Force to command to always be succesful so the artifact is saved.
# https://github.com/earthly/earthly/issues/988
RUN dbmate --migrations-dir $DB_FOLDER/migrations up \
&& docker run -d -p 7103:7103 --rm --network=build_default \
-e APP_DATABASE_URL=$APP_DATABASE_URL \
-e INVITE_DOMAIN=http://envoy:7100 \
-e [email protected] \
-e SMTP_HOST=smtp \
-e SMTP_PORT=1025 \
-e SMTP_USERNAME=thisisnotused \
-e SMTP_PASSWORD=thisisnotused \
-e SMTP_TLS_OFF='true' \
--name app $APP_IMAGE_NAME \
&& docker run -d -p 7100:7100 -p 7101:7101 --rm --network=build_default --name envoy $ENVOY_IMAGE_NAME \
&& cargo test --no-run --release --target x86_64-unknown-linux-musl \
&& docker run -d --name video --network=build_default -e DISPLAY_CONTAINER_NAME=build_selenium_1 -e FILE_NAME=chrome-video.mp4 -v /build/tmp:/videos selenium/video:ffmpeg-4.3.1-20220208 \
&& (cargo test --release --target x86_64-unknown-linux-musl -- --nocapture || echo fail > ./tmp/fail) \
&& docker stop app envoy video
END
# You need the tmp/* if you use just tmp earthly will overwrite the folder
SAVE ARTIFACT tmp/* AS LOCAL ./tmp/earthly/
check-selenium-failure:
FROM +integration-test
# https://github.com/earthly/earthly/issues/988
# If we failed in selenium a fail file will have been created
# to get build to pass and see video, run +pull-request
IF [ -f ./tmp/earthly/fail ]
RUN echo "cargo test has failed." && exit 1
END
build-cli-osx:
FROM joseluisq/rust-linux-darwin-builder:1.62.1
COPY --dir Cargo.lock Cargo.toml crates .
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
protobuf-compiler \
#
#
# Clean up
&& apt-get autoremove -y \
&& apt-get clean -y \
&& rm -r /var/cache/* /var/lib/apt/lists/*
RUN cd crates/cli \
&& CC=o64-clang \
CXX=o64-clang++ \
cargo build --release --target x86_64-apple-darwin
SAVE ARTIFACT target/x86_64-apple-darwin/release/$CLI_EXE_NAME AS LOCAL ./tmp/$CLI_MACOS_EXE_NAME
kubernetes-container:
FROM debian:11-slim
COPY +build/$CLI_EXE_NAME /usr/local/bin/cloak
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
ca-certificates \
curl \
wget
RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
RUN chmod +x ./kubectl
RUN mv ./kubectl /usr/local/bin
CMD cloak --ecdh-private-key-file /cloak/cloak.pem env > tmp.env && kubectl create secret generic \$NAME --dry-run=client -o yaml --from-env-file tmp.env | kubectl apply -f -
SAVE IMAGE $KUBERNETES_NAME