Добавил запуск в докер. Сборку и запуск через гитлаб. INF-1541
This commit is contained in:
parent
aae70a77ab
commit
13c4bda841
68
.gitlab-ci.yml
Normal file
68
.gitlab-ci.yml
Normal file
|
@ -0,0 +1,68 @@
|
||||||
|
stages:
|
||||||
|
- build
|
||||||
|
- release
|
||||||
|
- deploy
|
||||||
|
|
||||||
|
variables:
|
||||||
|
DOCKER_DRIVER: overlay2
|
||||||
|
IMAGE_PATH: $CI_REGISTRY/$CI_PROJECT_PATH
|
||||||
|
# IMAGE_VERSION: $CI_COMMIT_SHORT_SHA
|
||||||
|
RELEASE_VERSION: $CI_COMMIT_SHORT_SHA
|
||||||
|
|
||||||
|
before_script:
|
||||||
|
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
|
||||||
|
- mkdir -p .ci_status
|
||||||
|
|
||||||
|
.dedicated-builder: &dedicated-builder
|
||||||
|
tags:
|
||||||
|
- build1-shell
|
||||||
|
|
||||||
|
|
||||||
|
.dedicated-runner: &dedicated-runner
|
||||||
|
tags:
|
||||||
|
- runner1-prod-shell
|
||||||
|
|
||||||
|
vault_wrap_build:
|
||||||
|
<<: *dedicated-builder
|
||||||
|
stage: build
|
||||||
|
script:
|
||||||
|
- DOCKER_BUILDKIT=1 COMPOSE_DOCKER_CLI_BUILD=1 docker-compose -f vault-wrap/docker-compose.yml build vault-wrap
|
||||||
|
- docker tag $IMAGE_PATH/vault-wrap:$RELEASE_VERSION $IMAGE_PATH/vault-wrap:dev
|
||||||
|
- docker push $IMAGE_PATH/vault-wrap:dev
|
||||||
|
- touch .ci_status/vault_wrap_build
|
||||||
|
only:
|
||||||
|
refs:
|
||||||
|
- master
|
||||||
|
changes:
|
||||||
|
- vault-wrap.go
|
||||||
|
- Dockerfile
|
||||||
|
- entrypoint.sh
|
||||||
|
- docker-compose.yml
|
||||||
|
- .gitlab-ci.yml
|
||||||
|
artifacts:
|
||||||
|
paths:
|
||||||
|
- .ci_status/
|
||||||
|
|
||||||
|
# --------------- RELEASE STAGE -------------#
|
||||||
|
vault_wrap_release:
|
||||||
|
<<: *dedicated-builder
|
||||||
|
stage: release
|
||||||
|
script:
|
||||||
|
- if [ -e .ci_status/vault_wrap_build ]; then docker pull $IMAGE_PATH/vault-wrap:dev; docker tag $IMAGE_PATH/vault-wrap:dev $IMAGE_PATH/vault-wrap:$RELEASE_VERSION; docker push $IMAGE_PATH/vault-wrap:$RELEASE_VERSION; touch .ci_status/vault_wrap_release; fi
|
||||||
|
artifacts:
|
||||||
|
paths:
|
||||||
|
- .ci_status/
|
||||||
|
only:
|
||||||
|
refs:
|
||||||
|
- master
|
||||||
|
|
||||||
|
|
||||||
|
#-------------- DEPLOY STAGE ------------------#
|
||||||
|
vault_wrap_deploy:
|
||||||
|
<<: *dedicated-runner
|
||||||
|
stage: deploy
|
||||||
|
script:
|
||||||
|
- if [ -e .ci_status/vault_wrap_release ]; then docker-compose -f docker-compose.yml up -d vault-wrap; fi
|
||||||
|
only:
|
||||||
|
refs:
|
||||||
|
- master
|
|
@ -9,11 +9,18 @@ RUN GOOS=linux go build -ldflags="-s -w" -o ./bin/vault-wrap ./vault.go
|
||||||
FROM alpine:3.20
|
FROM alpine:3.20
|
||||||
RUN apk add tzdata
|
RUN apk add tzdata
|
||||||
#RUN apk --no-cache add ca-certificates
|
#RUN apk --no-cache add ca-certificates
|
||||||
|
RUN mkdir -p /usr/local/share/vault-wrap && mkdir -p
|
||||||
WORKDIR /usr/bin
|
WORKDIR /usr/bin
|
||||||
COPY --from=build /go/src/app/bin /go/bin
|
COPY --from=build /go/src/app/bin /go/bin
|
||||||
|
|
||||||
# COPY cronjobs /etc/crontabs/root
|
# COPY cronjobs /etc/crontabs/root
|
||||||
|
|
||||||
./bin/vault-wrap -action-address "${ADDRESS}" -vault-url "${VAULT_ADDRESS}" -tls-cert "${TLS_CERT}" -tls-key "${TLS_KEY}"
|
COPY entrypoint.sh .
|
||||||
|
|
||||||
|
# COPY cronjobs /etc/crontabs/root
|
||||||
|
|
||||||
# start crond with log level 8 in foreground, output to stderr
|
# start crond with log level 8 in foreground, output to stderr
|
||||||
# CMD ["crond", "-f", "-d", "8"]
|
# CMD ["crond", "-f", "-d", "8"]
|
||||||
|
|
||||||
|
ENTRYPOINT ["/bin/sh", "./entrypoint.sh"]
|
||||||
|
|
||||||
|
|
24
docker-compose.yml
Normal file
24
docker-compose.yml
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
version: '3'
|
||||||
|
|
||||||
|
services:
|
||||||
|
vault-wrap:
|
||||||
|
# $IMAGE_PATH и $RELEASE_VERSION определены в .gitlab-ci.yml
|
||||||
|
image: $IMAGE_PATH/vault-wrap:$RELEASE_VERSION
|
||||||
|
environment:
|
||||||
|
- ACTION_ADDRESS=${ACTION_ADDRESS}
|
||||||
|
- VAULT_ADDRESS=${VAULT_ADDRESS}
|
||||||
|
- TLS_KEY_FILE=${TLS_KEY_FILE}
|
||||||
|
- TLS_CERT_FILE=${TLS_CERT_FILE}
|
||||||
|
- HTML_TEMPLATE_DIR=${HTML_TEMPLATE_DIR}
|
||||||
|
- TZ=Europe/Moscow
|
||||||
|
restart: always
|
||||||
|
build:
|
||||||
|
context: .
|
||||||
|
volumes:
|
||||||
|
- vault-wrap-log:/var/log/vault-wrap
|
||||||
|
- vault-wrap-conf:/usr/local/share/vault-wrap
|
||||||
|
logging:
|
||||||
|
# driver: "syslog"
|
||||||
|
options:
|
||||||
|
max-size: "10m"
|
||||||
|
max-file: "5"
|
8
entrypoint.sh
Normal file
8
entrypoint.sh
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
#!/bin/sh
|
||||||
|
set -u
|
||||||
|
|
||||||
|
while true ;do
|
||||||
|
/go/bin/vault-wrap -action-address "${ACTION_ADDRESS}" -vault-url "${VAULT_ADDRESS}" -tls-cert "/usr/local/share/vault-wrap/${TLS_CERT_FILE}" -tls-key "/usr/local/share/vault-wrap/${TLS_KEY_FILE}" -template-dir /usr/local/share/vault-wrap -log-file /var/log/vault-wrap/vault-wrap.log
|
||||||
|
|
||||||
|
sleep 120
|
||||||
|
done
|
5
vault.go
5
vault.go
|
@ -18,11 +18,6 @@ import (
|
||||||
|
|
||||||
"github.com/gorilla/mux"
|
"github.com/gorilla/mux"
|
||||||
"github.com/sethvargo/go-password/password"
|
"github.com/sethvargo/go-password/password"
|
||||||
// "io"
|
|
||||||
// "io/ioutil"
|
|
||||||
|
|
||||||
// "github.com/hashicorp/vault-client-go"
|
|
||||||
// "github.com/hashicorp/vault-client-go/schema"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// {
|
// {
|
||||||
|
|
Loading…
Reference in New Issue
Block a user