diff --git a/Dockerfile b/Dockerfile index 80ec7fa..59dedce 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,32 +1,40 @@ -FROM golang:1.17.8-alpine3.15 +FROM golang:1.19.3-alpine3.16 -RUN apk add git -RUN apk add postgresql-client +ENV \ + CGO_ENABLED=0 \ + GOOS=linux -RUN go get -u github.com/lib/pq -RUN go get -u github.com/joho/godotenv +RUN apk add postgresql-client RUN addgroup -g 1000 -S appgroup && \ adduser -u 1000 -S appuser -G appgroup WORKDIR /app -COPY . . +COPY go.mod /app +COPY go.sum /app +COPY main.go /app +COPY sql /app +COPY static /app +COPY templates /app +COPY .env_db /app +COPY .env_app /app + +RUN chown -R appuser:appgroup /app +RUN chown -R appuser:appgroup /go/bin +USER 1000 + +RUN go mod download RUN echo ${PGPASSFILE} > /home/appuser/.pgpass && \ chown appuser:appgroup /home/appuser/.pgpass && \ chmod 0600 /home/appuser/.pgpass - -RUN chown -R appuser:appgroup /app -RUN chown -R appuser:appgroup /go - -USER 1000 # Build the Go app -RUN go build -o main . +RUN go build -ldflags "-s -w" -o /go/bin/cycling_blog -buildvcs=false # Expose port 8080 to the outside world EXPOSE 8080 # Command to run the executable -CMD ["./main"] +CMD ["cycling_blog"] diff --git a/helm/cycling-blog/templates/cycling-app.yaml b/helm/cycling-blog/templates/cycling-app.yaml index eea62f7..f491c60 100644 --- a/helm/cycling-blog/templates/cycling-app.yaml +++ b/helm/cycling-blog/templates/cycling-app.yaml @@ -6,7 +6,7 @@ metadata: labels: app: {{ .Values.app_deployment.app }} spec: - replicas: 1 + replicas: {{ .Values.app_deployment.replicas }} selector: matchLabels: app: {{ .Values.app_deployment.app }} @@ -29,24 +29,10 @@ spec: ports: - containerPort: {{ .Values.app_service.ports.port }} env: - - name: PGPASSFILE + {{- range .Values.db_env }} + - name: {{ .name }} valueFrom: secretKeyRef: - name: pgpass - key: connect - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: pgpass - key: username - - name: PGPASSWORD - valueFrom: - secretKeyRef: - name: pgpass - key: password - - name: POSTGRES_DB - valueFrom: - secretKeyRef: - name: pgpass - key: db_name - \ No newline at end of file + name: {{ .secretName }} + key: {{ .key }} + {{- end }} \ No newline at end of file diff --git a/helm/cycling-blog/templates/cycling-db-job.yaml b/helm/cycling-blog/templates/cycling-db-job.yaml new file mode 100644 index 0000000..9f6dc03 --- /dev/null +++ b/helm/cycling-blog/templates/cycling-db-job.yaml @@ -0,0 +1,63 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Values.cycling_blog_db_create.name }} + namespace: {{ .Values.namespace }} + labels: + app: {{ .Values.cycling_blog_db_create.app }} + annotations: + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. + "helm.sh/hook": post-install + "helm.sh/hook-weight": "5" + "helm.sh/hook-delete-policy": {{ .Values.annotations.hookDeletePolicy }} +spec: + template: + spec: + containers: + - name: {{ .Values.cycling_blog_db_create.app }} + image: {{ .Values.app_deployment.template.containers.image }} + imagePullPolicy: {{ .Values.cycling_blog_db_create.template.containers.imagePullPolicy }} + command: ["psql"] + args: ["-h", "$(CYCLING_BLOG_DB_SERVICE_SERVICE_HOST)", "-U", "$(POSTGRES_USER)", "-d", "$(POSTGRES_DB)", "-w", "-a", "-f", "sql/create_table.sql"] + env: + {{- range .Values.db_env }} + - name: {{ .name }} + valueFrom: + secretKeyRef: + name: {{ .secretName }} + key: {{ .key }} + {{- end }} + restartPolicy: {{ .Values.cycling_blog_db_create.template.restartPolicy }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Values.cycling_blog_db_insert.name }} + namespace: {{ .Values.namespace }} + labels: + app: {{ .Values.cycling_blog_db_insert.app }} + annotations: + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. + "helm.sh/hook": post-install + "helm.sh/hook-weight": "10" + "helm.sh/hook-delete-policy": {{ .Values.annotations.hookDeletePolicy }} +spec: + template: + spec: + containers: + - name: {{ .Values.cycling_blog_db_insert.app }} + image: {{ .Values.app_deployment.template.containers.image }} + imagePullPolicy: {{ .Values.cycling_blog_db_insert.template.containers.imagePullPolicy }} + command: ["psql"] + args: ["-h", "$(CYCLING_BLOG_DB_SERVICE_SERVICE_HOST)", "-U", "$(POSTGRES_USER)", "-d", "$(POSTGRES_DB)", "-w", "-a", "-f", "sql/table_insert.sql"] + env: + {{- range .Values.db_env }} + - name: {{ .name }} + valueFrom: + secretKeyRef: + name: {{ .secretName }} + key: {{ .key }} + {{- end }} + restartPolicy: {{ .Values.cycling_blog_db_insert.template.restartPolicy }} \ No newline at end of file diff --git a/helm/cycling-blog/templates/cycling-db.yaml b/helm/cycling-blog/templates/cycling-db.yaml index 3120e34..41d187b 100644 --- a/helm/cycling-blog/templates/cycling-db.yaml +++ b/helm/cycling-blog/templates/cycling-db.yaml @@ -28,24 +28,10 @@ spec: ports: - containerPort: {{ .Values.db_service.ports.port }} env: - - name: POSTGRES_USER - valueFrom: + {{- range .Values.db_env }} + - name: {{ .name }} + valueFrom: secretKeyRef: - name: pgpass - key: username - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: pgpass - key: password - - name: POSTGRES_DB - valueFrom: - secretKeyRef: - name: pgpass - key: db_name - - name: HOSTNAME - valueFrom: - secretKeyRef: - name: pgpass - key: hostname - + name: {{ .secretName }} + key: {{ .key }} + {{- end }} diff --git a/helm/cycling-blog/templates/db-create-job.yaml b/helm/cycling-blog/templates/db-create-job.yaml deleted file mode 100644 index 1b0ec28..0000000 --- a/helm/cycling-blog/templates/db-create-job.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: cycling-blog-app-create - namespace: {{ .Values.namespace }} - labels: - app: cycling-blog-app - annotations: - # This is what defines this resource as a hook. Without this line, the - # job is considered part of the release. - "helm.sh/hook": post-install - "helm.sh/hook-weight": "5" - "helm.sh/hook-delete-policy": hook-succeeded -spec: - template: - spec: - containers: - - name: cycling-blog-app - image: jackstock8904/cycling-blog:latest - imagePullPolicy: Always - command: ["psql"] - args: ["-h", "$(CYCLING_BLOG_DB_SERVICE_SERVICE_HOST)", "-U", "$(POSTGRES_USER)", "-d", "$(POSTGRES_DB)", "-w", "-a", "-f", "sql/create_table.sql"] - env: - - name: PGPASSFILE - valueFrom: - secretKeyRef: - name: pgpass - key: connect - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: pgpass - key: username - - name: PGPASSWORD - valueFrom: - secretKeyRef: - name: pgpass - key: password - - name: POSTGRES_DB - valueFrom: - secretKeyRef: - name: pgpass - key: db_name - restartPolicy: Never \ No newline at end of file diff --git a/helm/cycling-blog/templates/db-insert-job.yaml b/helm/cycling-blog/templates/db-insert-job.yaml deleted file mode 100644 index 454cd12..0000000 --- a/helm/cycling-blog/templates/db-insert-job.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: cycling-blog-app-insert - namespace: {{ .Values.namespace }} - labels: - app: cycling-blog-app - annotations: - # This is what defines this resource as a hook. Without this line, the - # job is considered part of the release. - "helm.sh/hook": post-install - "helm.sh/hook-weight": "10" - "helm.sh/hook-delete-policy": hook-succeeded -spec: - template: - spec: - containers: - - name: cycling-blog-app - image: jackstock8904/cycling-blog:latest - imagePullPolicy: Always - command: ["psql"] - args: ["-h", "$(CYCLING_BLOG_DB_SERVICE_SERVICE_HOST)", "-U", "$(POSTGRES_USER)", "-d", "$(POSTGRES_DB)", "-w", "-a", "-f", "sql/table_insert.sql"] - env: - - name: PGPASSFILE - valueFrom: - secretKeyRef: - name: pgpass - key: connect - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: pgpass - key: username - - name: PGPASSWORD - valueFrom: - secretKeyRef: - name: pgpass - key: password - - name: POSTGRES_DB - valueFrom: - secretKeyRef: - name: pgpass - key: db_name - restartPolicy: Never \ No newline at end of file diff --git a/helm/cycling-blog/values-dev.yaml b/helm/cycling-blog/values-dev.yaml index 8f66d24..50c0ee5 100644 Binary files a/helm/cycling-blog/values-dev.yaml and b/helm/cycling-blog/values-dev.yaml differ diff --git a/helm/cycling-blog/values-local.yaml b/helm/cycling-blog/values-local.yaml index b5babbf..e590626 100644 Binary files a/helm/cycling-blog/values-local.yaml and b/helm/cycling-blog/values-local.yaml differ diff --git a/helm/cycling-blog/values-stg.yaml b/helm/cycling-blog/values-stg.yaml index 9aac3eb..8cfdbc6 100644 Binary files a/helm/cycling-blog/values-stg.yaml and b/helm/cycling-blog/values-stg.yaml differ diff --git a/helm/cycling-blog/values-test.yaml b/helm/cycling-blog/values-test.yaml index 2cdb8ef..c650ada 100644 Binary files a/helm/cycling-blog/values-test.yaml and b/helm/cycling-blog/values-test.yaml differ diff --git a/po-lint/po-linter.go b/po-lint/po-linter.go deleted file mode 100644 index ee0399c..0000000 --- a/po-lint/po-linter.go +++ /dev/null @@ -1,138 +0,0 @@ -package main - -import ( - "bytes" - "context" - "encoding/json" - "errors" - "flag" - "fmt" - "io/ioutil" - "log" - "os" - "strconv" - "strings" - - "github.com/ghodss/yaml" - "github.com/ministryofjustice/cloud-platform-environments/pkg/authenticate" - "github.com/prometheus-operator/prometheus-operator/pkg/admission" - v1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" - "github.com/prometheus/prometheus/model/rulefmt" - githubaction "github.com/sethvargo/go-githubactions" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -func prDir(token, githubrepo, githubref string) ([]string, error) { - if token == "" { - return nil, errors.New("you must have a valid GitHub token") - } - - client, err := authenticate.GitHubClient(token) - if err != nil { - return nil, err - } - - //repo user and repo name - githubrepoS := strings.Split(githubrepo, "/") - owner := githubrepoS[0] - repo := githubrepoS[1] - - // get pr owner - githubrefS := strings.Split(githubref, "/") - branch := githubrefS[2] - bid, _ := strconv.Atoi(branch) - - repos, _, _ := client.PullRequests.ListFiles(context.Background(), owner, repo, bid, nil) - - var fileDir []string - for _, repo := range repos { - if strings.Contains(*repo.Filename, "kubectl_deploy") { - fileDir = append(fileDir, *repo.Filename) - } - } - return fileDir, nil - -} - -func polint(dir []string) { - files := dir - - for _, filename := range files { - log.SetPrefix(fmt.Sprintf("%s: ", filename)) - content, err := ioutil.ReadFile(filename) - if err != nil { - log.Fatal(err) - } - - var meta metav1.TypeMeta - - err = yaml.Unmarshal(content, &meta) - if err != nil { - log.Fatal(err) - } - - switch meta.Kind { - case v1.PrometheusRuleKind: - j, err := yaml.YAMLToJSON(content) - if err != nil { - log.Fatalf("unable to convert YAML to JSON: %v", err) - } - - decoder := json.NewDecoder(bytes.NewBuffer(j)) - decoder.DisallowUnknownFields() - - var rule v1.PrometheusRule - err = decoder.Decode(&rule) - if err != nil { - log.Fatalf("prometheus rule is invalid: %v", err) - } - err = validateRules(content) - if err != nil { - o := fmt.Sprintf("prometheus rule validation failed: %v", err) - githubaction.SetOutput("po-linter", o) - log.Fatalf("prometheus rule validation failed: %v", err) - } - default: - log.Print("MetaType is unknown to linter. Not in PrometheusRule") - } - } -} - -func validateRules(content []byte) error { - rule := &admission.PrometheusRules{} - err := yaml.Unmarshal(content, rule) - if err != nil { - return fmt.Errorf("unable load prometheus rule: %w", err) - } - rules, errorsArray := rulefmt.Parse(rule.Spec.Raw) - if len(errorsArray) != 0 { - for _, err := range errorsArray { - log.Println(err) - } - return errors.New("rules are not valid") - } - if len(rules.Groups) == 0 { - return errors.New("no group found") - } - for _, group := range rules.Groups { - if len(group.Rules) == 0 { - return fmt.Errorf("no rules found in group: %s: %w", group.Name, err) - } - } - return nil -} - -var ( - token = flag.String("token", os.Getenv("GITHUB_OAUTH_TOKEN"), "GihHub Personel token string") - githubrepo = flag.String("githubrepo", os.Getenv("GITHUB_REPOSITORY"), "Github Repository string") - githubref = flag.String("githubref", os.Getenv("GITHUB_REF"), "Github Respository PR ref string") -) - -func main() { - d, err := prDir(*token, *githubrepo, *githubref) - if err != nil { - log.Fatal(err) - } - polint(d) - -}