diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml new file mode 100644 index 0000000..1109645 --- /dev/null +++ b/.buildkite/pipeline.yml @@ -0,0 +1,27 @@ +steps: + - label: Install dependencies + env: + SEGMENT_BUILDKITE_IMAGE: "buildkite-agent-golang1.19:latest" + SEGMENT_CONTEXTS: 'snyk' + agents: + queue: v1 + commands: | + which -a go + env | grep PATH + export PATH=$PATH:/go/bin:/var/lib/buildkite-agent/go/bin:/go/src/github.com/segmentio/kubeapply/deps:$HOME/local/bin + mkdir -p deps + cd deps && ../scripts/pull-deps.sh && cd - + env | grep PATH + ls -al "${HOME}/local/bin" + which -a helm + SNYK_LEVEL=FLHI curl -sL https://raw.githubusercontent.com/segmentio/snyk_helpers/master/initialization/snyk.sh | sh + + - label: 'Publish' + env: + SEGMENT_CONTEXTS: "aws-credentials,ecr" + SEGMENT_BUILDKITE_IMAGE: 'buildkite-agent-golang1.19:latest' + agents: + queue: v1 + commands: | + export PATH=$PATH:/go/bin:/var/lib/buildkite-agent/go/bin:/go/src/github.com/segmentio/kubeapply/deps:$HOME/local/bin + make publish diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index ff33fe8..0000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,83 +0,0 @@ -version: 2 -jobs: - test: - working_directory: ~/go/src/github.com/segmentio/kubeapply - docker: - - image: cimg/go:1.18 - environment: - GO111MODULE: "on" - - steps: - - checkout - - restore_cache: - keys: - - go-modules-{{ checksum "go.sum" }} - - setup_remote_docker: - reusable: true - docker_layer_caching: true - - run: - name: Install deps - command: | - mkdir -p deps - cd deps - ../scripts/pull-deps.sh -# - run: -# name: Run tests -# command: | -# export PATH="$PATH:/go/src/github.com/segmentio/kubeapply/deps" -# make test-ci - - run: - name: Run Snyk - environment: - SNYK_LEVEL: 'FLHI' - command: curl -sL https://raw.githubusercontent.com/segmentio/snyk_helpers/master/initialization/snyk.sh | sh - - save_cache: - key: go-modules-{{ checksum "go.sum" }} - paths: - - "/go/pkg/mod" - - publish: - working_directory: ~/go/src/github.com/segmentio/kubeapply - docker: - - image: cimg/go:1.18 - - steps: - - checkout - - setup_remote_docker: - reusable: true - docker_layer_caching: true - - run: - name: ECR Login - command: | - sudo apt-get update && sudo apt-get install --yes python3 python3-pip - pip3 install awscli==1.25.93 - $(aws ecr get-login --no-include-email --region ${AWS_REGION} --registry-ids ${AWS_ACCOUNT_ID}) - - run: - name: Build and push main image - command: | - export SHORT_GIT_SHA=$(echo ${CIRCLE_SHA1} | cut -c -7) - docker build \ - -t ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/kubeapply:${SHORT_GIT_SHA} \ - --build-arg VERSION_REF=${SHORT_GIT_SHA} \ - . - docker push ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/kubeapply:${SHORT_GIT_SHA} - - run: - name: Build and push lambda image - command: | - export SHORT_GIT_SHA=$(echo ${CIRCLE_SHA1} | cut -c -7) - docker build \ - -f Dockerfile.lambda \ - -t ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/kubeapply-lambda:${SHORT_GIT_SHA} \ - --build-arg VERSION_REF=${SHORT_GIT_SHA} \ - . - docker push ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/kubeapply-lambda:${SHORT_GIT_SHA} - -workflows: - version: 2 - run: - jobs: - - test: - context: snyk - - publish: - context: segmentio-org-global - requires: [test] diff --git a/Dockerfile b/Dockerfile index d2b7f6f..71a3bb4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Fetch or build all required binaries -FROM golang:1.18 as builder +FROM golang:1.19 as builder ARG VERSION_REF RUN test -n "${VERSION_REF}" @@ -8,6 +8,7 @@ ENV SRC github.com/segmentio/kubeapply RUN apt-get update && apt-get install --yes \ curl \ + unzip \ wget COPY . /go/src/${SRC} diff --git a/Dockerfile.lambda b/Dockerfile.lambda index 79037e7..e20644f 100644 --- a/Dockerfile.lambda +++ b/Dockerfile.lambda @@ -1,5 +1,5 @@ # Fetch or build all required binaries -FROM golang:1.18 as builder +FROM golang:1.19 as builder ARG VERSION_REF RUN test -n "${VERSION_REF}" @@ -8,6 +8,7 @@ ENV SRC github.com/segmentio/kubeapply RUN apt-get update && apt-get install --yes \ curl \ + unzip \ wget COPY . /go/src/${SRC} @@ -26,7 +27,8 @@ RUN make kubeapply-lambda VERSION_REF=${VERSION_REF} && \ # Copy into final image FROM public.ecr.aws/lambda/go:1 -RUN yum install -y git +RUN yum install -y git && \ + python3 --version RUN curl -O https://bootstrap.pypa.io/pip/3.6/get-pip.py && python3 get-pip.py RUN pip3 install awscli diff --git a/Makefile b/Makefile index 1cac6e2..40cc2ce 100644 --- a/Makefile +++ b/Makefile @@ -78,3 +78,6 @@ endif .PHONY: clean clean: rm -Rf *.zip .kube build vendor + +publish: + ./scripts/publish.sh diff --git a/scripts/publish.sh b/scripts/publish.sh new file mode 100755 index 0000000..a4b6898 --- /dev/null +++ b/scripts/publish.sh @@ -0,0 +1,26 @@ +#!/usr/bin/env bash + +set -euo pipefail + +AWS_ACCOUNT_ID='528451384384' +AWS_REGION='us-west-2' + +main() { + local -r SHORT_GIT_SHA=$(git rev-parse --short HEAD) + local -r image="${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/kubeapply:${SHORT_GIT_SHA}" + local -r lambda_image="${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/kubeapply-lambda:${SHORT_GIT_SHA}" + docker build \ + -t "${image}" \ + --build-arg VERSION_REF="${SHORT_GIT_SHA}" \ + . + docker push "${image}" + + docker build \ + -f Dockerfile.lambda \ + -t "${lambda_image}" \ + --build-arg VERSION_REF="${SHORT_GIT_SHA}" \ + . + docker push "${lambda_image}" +} + +main "$@" diff --git a/scripts/pull-deps.sh b/scripts/pull-deps.sh index 91e2b09..8b78e6a 100755 --- a/scripts/pull-deps.sh +++ b/scripts/pull-deps.sh @@ -1,6 +1,8 @@ #!/bin/bash -set -e +set -euo pipefail + +# Note this is used by both the publish script and the test script. # Required versions @@ -23,11 +25,15 @@ KIND_SHA_256_SUM="781c3db479b805d161b7c2c7a31896d1a504b583ebfcce8fcd49538c684d96 GOOS=linux GOARCH=amd64 +mkdir -p "${HOME}/local/bin" + echo "Downloading helm at version ${HELM_VERSION}" wget -q https://get.helm.sh/helm-v${HELM_VERSION}-${GOOS}-${GOARCH}.tar.gz echo "${HELM_SHA256_SUM} helm-v${HELM_VERSION}-${GOOS}-${GOARCH}.tar.gz" | sha256sum -c tar -xzf helm-v${HELM_VERSION}-${GOOS}-${GOARCH}.tar.gz -cp ${GOOS}-${GOARCH}/helm . +${GOOS}-${GOARCH}/helm version +# try /usr/local/bin (for Dockerfile) and fall back +cp ${GOOS}-${GOARCH}/helm "/usr/local/bin" || cp ${GOOS}-${GOARCH}/helm "${HOME}/local/bin" echo "Downloading aws-iam-authenticator at version ${IAM_AUTHENTICATOR_VERSION}" wget -q -O aws-iam-authenticator https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/download/v${IAM_AUTHENTICATOR_VERSION}/aws-iam-authenticator_${IAM_AUTHENTICATOR_VERSION}_${GOOS}_${GOARCH} @@ -44,3 +50,9 @@ echo "Downloading kind at version ${KIND_VERSION}" wget -q -O kind https://kind.sigs.k8s.io/dl/${KIND_VERSION}/kind-${GOOS}-${GOARCH} echo "${KIND_SHA_256_SUM} kind" | sha256sum -c chmod +x kind + +# https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html +curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" +unzip -q awscliv2.zip +mkdir -p "${HOME}/local/aws" +./aws/install --install-dir "${HOME}/local/aws" --bin-dir "${HOME}/local/bin"