From 13c4bda841f43db1b535a7ee799e36f33c3b3bc8 Mon Sep 17 00:00:00 2001
From: svkalinin <svkalinin@samsonpost.ru>
Date: Tue, 9 Jul 2024 16:28:45 +0300
Subject: [PATCH] =?UTF-8?q?=D0=94=D0=BE=D0=B1=D0=B0=D0=B2=D0=B8=D0=BB=20?=
 =?UTF-8?q?=D0=B7=D0=B0=D0=BF=D1=83=D1=81=D0=BA=20=D0=B2=20=D0=B4=D0=BE?=
 =?UTF-8?q?=D0=BA=D0=B5=D1=80.=20=D0=A1=D0=B1=D0=BE=D1=80=D0=BA=D1=83=20?=
 =?UTF-8?q?=D0=B8=20=D0=B7=D0=B0=D0=BF=D1=83=D1=81=D0=BA=20=D1=87=D0=B5?=
 =?UTF-8?q?=D1=80=D0=B5=D0=B7=20=D0=B3=D0=B8=D1=82=D0=BB=D0=B0=D0=B1.=20IN?=
 =?UTF-8?q?F-1541?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .gitlab-ci.yml     | 68 ++++++++++++++++++++++++++++++++++++++++++++++
 Dockerfile         |  9 +++++-
 docker-compose.yml | 24 ++++++++++++++++
 entrypoint.sh      |  8 ++++++
 vault.go           |  5 ----
 5 files changed, 108 insertions(+), 6 deletions(-)
 create mode 100644 .gitlab-ci.yml
 create mode 100644 docker-compose.yml
 create mode 100644 entrypoint.sh

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000..90239f2
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,68 @@
+stages:
+  - build
+  - release
+  - deploy
+  
+variables:
+  DOCKER_DRIVER: overlay2
+  IMAGE_PATH: $CI_REGISTRY/$CI_PROJECT_PATH
+  # IMAGE_VERSION: $CI_COMMIT_SHORT_SHA
+  RELEASE_VERSION: $CI_COMMIT_SHORT_SHA
+  
+before_script:
+  - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+  - mkdir -p .ci_status
+
+.dedicated-builder: &dedicated-builder
+  tags:
+    - build1-shell
+
+
+.dedicated-runner: &dedicated-runner
+  tags:
+    - runner1-prod-shell
+
+vault_wrap_build:
+  <<: *dedicated-builder
+  stage: build
+  script:
+    - DOCKER_BUILDKIT=1 COMPOSE_DOCKER_CLI_BUILD=1 docker-compose -f vault-wrap/docker-compose.yml build vault-wrap
+    - docker tag $IMAGE_PATH/vault-wrap:$RELEASE_VERSION $IMAGE_PATH/vault-wrap:dev
+    - docker push $IMAGE_PATH/vault-wrap:dev
+    - touch .ci_status/vault_wrap_build
+  only:
+    refs:
+      - master
+    changes:
+      - vault-wrap.go
+      - Dockerfile
+      - entrypoint.sh
+      - docker-compose.yml
+      - .gitlab-ci.yml
+  artifacts:
+    paths:
+      - .ci_status/
+
+# --------------- RELEASE STAGE -------------#
+vault_wrap_release:
+  <<: *dedicated-builder
+  stage: release
+  script:
+    - if [ -e .ci_status/vault_wrap_build ]; then docker pull $IMAGE_PATH/vault-wrap:dev; docker tag $IMAGE_PATH/vault-wrap:dev $IMAGE_PATH/vault-wrap:$RELEASE_VERSION; docker push $IMAGE_PATH/vault-wrap:$RELEASE_VERSION; touch .ci_status/vault_wrap_release; fi
+  artifacts:
+    paths:
+      - .ci_status/
+  only:
+    refs:
+      - master
+
+
+#-------------- DEPLOY STAGE ------------------#
+vault_wrap_deploy:
+  <<: *dedicated-runner
+  stage: deploy
+  script:
+    - if [ -e .ci_status/vault_wrap_release ]; then docker-compose -f docker-compose.yml up -d vault-wrap; fi
+  only:
+    refs:
+      - master
diff --git a/Dockerfile b/Dockerfile
index e517f92..5d30cce 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,11 +9,18 @@ RUN GOOS=linux go build -ldflags="-s -w" -o ./bin/vault-wrap ./vault.go
 FROM alpine:3.20
 RUN apk add tzdata
 #RUN apk --no-cache add ca-certificates
+RUN mkdir -p /usr/local/share/vault-wrap && mkdir -p 
 WORKDIR /usr/bin
 COPY --from=build /go/src/app/bin /go/bin
 
 # COPY cronjobs /etc/crontabs/root
 
-./bin/vault-wrap -action-address "${ADDRESS}" -vault-url "${VAULT_ADDRESS}" -tls-cert "${TLS_CERT}" -tls-key "${TLS_KEY}"
+COPY entrypoint.sh .
+
+# COPY cronjobs /etc/crontabs/root
+
 # start crond with log level 8 in foreground, output to stderr
 # CMD ["crond", "-f", "-d", "8"]
+
+ENTRYPOINT ["/bin/sh", "./entrypoint.sh"]
+
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..23e3f1e
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,24 @@
+version: '3'
+
+services:
+  vault-wrap:
+    # $IMAGE_PATH и $RELEASE_VERSION определены в .gitlab-ci.yml
+    image: $IMAGE_PATH/vault-wrap:$RELEASE_VERSION
+    environment:
+      - ACTION_ADDRESS=${ACTION_ADDRESS}
+      - VAULT_ADDRESS=${VAULT_ADDRESS}
+      - TLS_KEY_FILE=${TLS_KEY_FILE}
+      - TLS_CERT_FILE=${TLS_CERT_FILE}
+      - HTML_TEMPLATE_DIR=${HTML_TEMPLATE_DIR}
+      - TZ=Europe/Moscow
+    restart: always
+    build:
+        context: .
+    volumes:
+      - vault-wrap-log:/var/log/vault-wrap
+      - vault-wrap-conf:/usr/local/share/vault-wrap
+    logging:
+      # driver: "syslog"
+      options:
+        max-size: "10m"
+        max-file: "5"
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100644
index 0000000..2f0ae4f
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+set -u
+
+while true ;do
+    /go/bin/vault-wrap -action-address "${ACTION_ADDRESS}" -vault-url "${VAULT_ADDRESS}" -tls-cert "/usr/local/share/vault-wrap/${TLS_CERT_FILE}" -tls-key "/usr/local/share/vault-wrap/${TLS_KEY_FILE}" -template-dir /usr/local/share/vault-wrap -log-file /var/log/vault-wrap/vault-wrap.log
+
+    sleep 120
+done
diff --git a/vault.go b/vault.go
index 747906d..cd69a71 100644
--- a/vault.go
+++ b/vault.go
@@ -18,11 +18,6 @@ import (
  
     "github.com/gorilla/mux"
 	"github.com/sethvargo/go-password/password"
-    	// "io"
-    // "io/ioutil"
-    
-	// "github.com/hashicorp/vault-client-go"
-	// "github.com/hashicorp/vault-client-go/schema"
 )
 
 // {