Добавил запуск в докер. Сборку и запуск через гитлаб. INF-1541

This commit is contained in:
svkalinin 2024-07-09 16:28:45 +03:00
parent aae70a77ab
commit 13c4bda841
5 changed files with 108 additions and 6 deletions

68
.gitlab-ci.yml Normal file
View File

@ -0,0 +1,68 @@
stages:
- build
- release
- deploy
variables:
DOCKER_DRIVER: overlay2
IMAGE_PATH: $CI_REGISTRY/$CI_PROJECT_PATH
# IMAGE_VERSION: $CI_COMMIT_SHORT_SHA
RELEASE_VERSION: $CI_COMMIT_SHORT_SHA
before_script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- mkdir -p .ci_status
.dedicated-builder: &dedicated-builder
tags:
- build1-shell
.dedicated-runner: &dedicated-runner
tags:
- runner1-prod-shell
vault_wrap_build:
<<: *dedicated-builder
stage: build
script:
- DOCKER_BUILDKIT=1 COMPOSE_DOCKER_CLI_BUILD=1 docker-compose -f vault-wrap/docker-compose.yml build vault-wrap
- docker tag $IMAGE_PATH/vault-wrap:$RELEASE_VERSION $IMAGE_PATH/vault-wrap:dev
- docker push $IMAGE_PATH/vault-wrap:dev
- touch .ci_status/vault_wrap_build
only:
refs:
- master
changes:
- vault-wrap.go
- Dockerfile
- entrypoint.sh
- docker-compose.yml
- .gitlab-ci.yml
artifacts:
paths:
- .ci_status/
# --------------- RELEASE STAGE -------------#
vault_wrap_release:
<<: *dedicated-builder
stage: release
script:
- if [ -e .ci_status/vault_wrap_build ]; then docker pull $IMAGE_PATH/vault-wrap:dev; docker tag $IMAGE_PATH/vault-wrap:dev $IMAGE_PATH/vault-wrap:$RELEASE_VERSION; docker push $IMAGE_PATH/vault-wrap:$RELEASE_VERSION; touch .ci_status/vault_wrap_release; fi
artifacts:
paths:
- .ci_status/
only:
refs:
- master
#-------------- DEPLOY STAGE ------------------#
vault_wrap_deploy:
<<: *dedicated-runner
stage: deploy
script:
- if [ -e .ci_status/vault_wrap_release ]; then docker-compose -f docker-compose.yml up -d vault-wrap; fi
only:
refs:
- master

View File

@ -9,11 +9,18 @@ RUN GOOS=linux go build -ldflags="-s -w" -o ./bin/vault-wrap ./vault.go
FROM alpine:3.20
RUN apk add tzdata
#RUN apk --no-cache add ca-certificates
RUN mkdir -p /usr/local/share/vault-wrap && mkdir -p
WORKDIR /usr/bin
COPY --from=build /go/src/app/bin /go/bin
# COPY cronjobs /etc/crontabs/root
./bin/vault-wrap -action-address "${ADDRESS}" -vault-url "${VAULT_ADDRESS}" -tls-cert "${TLS_CERT}" -tls-key "${TLS_KEY}"
COPY entrypoint.sh .
# COPY cronjobs /etc/crontabs/root
# start crond with log level 8 in foreground, output to stderr
# CMD ["crond", "-f", "-d", "8"]
ENTRYPOINT ["/bin/sh", "./entrypoint.sh"]

24
docker-compose.yml Normal file
View File

@ -0,0 +1,24 @@
version: '3'
services:
vault-wrap:
# $IMAGE_PATH и $RELEASE_VERSION определены в .gitlab-ci.yml
image: $IMAGE_PATH/vault-wrap:$RELEASE_VERSION
environment:
- ACTION_ADDRESS=${ACTION_ADDRESS}
- VAULT_ADDRESS=${VAULT_ADDRESS}
- TLS_KEY_FILE=${TLS_KEY_FILE}
- TLS_CERT_FILE=${TLS_CERT_FILE}
- HTML_TEMPLATE_DIR=${HTML_TEMPLATE_DIR}
- TZ=Europe/Moscow
restart: always
build:
context: .
volumes:
- vault-wrap-log:/var/log/vault-wrap
- vault-wrap-conf:/usr/local/share/vault-wrap
logging:
# driver: "syslog"
options:
max-size: "10m"
max-file: "5"

8
entrypoint.sh Normal file
View File

@ -0,0 +1,8 @@
#!/bin/sh
set -u
while true ;do
/go/bin/vault-wrap -action-address "${ACTION_ADDRESS}" -vault-url "${VAULT_ADDRESS}" -tls-cert "/usr/local/share/vault-wrap/${TLS_CERT_FILE}" -tls-key "/usr/local/share/vault-wrap/${TLS_KEY_FILE}" -template-dir /usr/local/share/vault-wrap -log-file /var/log/vault-wrap/vault-wrap.log
sleep 120
done

View File

@ -18,11 +18,6 @@ import (
"github.com/gorilla/mux"
"github.com/sethvargo/go-password/password"
// "io"
// "io/ioutil"
// "github.com/hashicorp/vault-client-go"
// "github.com/hashicorp/vault-client-go/schema"
)
// {