Skip to content

Commit

Permalink
improve CI and local reproducibility
Browse files Browse the repository at this point in the history
  • Loading branch information
@Ousret
Ousret committed Jul 13, 2024
1 parent 0ab877e commit cff741c
Show file tree
Hide file tree
Showing 9 changed files with 240 additions and 166 deletions.
140 changes: 5 additions & 135 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,145 +98,15 @@ jobs:

- name: "Traefik: Prerequisites - CA, Host, Tools (Linux)"
if: ${{ matrix.traefik-server && contains(matrix.os, 'ubuntu') }}
run: |
mkdir ./certs
pip install trustme
python -m trustme -i httpbin.local alt.httpbin.local -d ./certs
mv ./certs/server.pem ./certs/httpbin.local.pem
mv ./certs/server.key ./certs/httpbin.local.key
mv ./certs/client.pem ./rootCA.pem
echo "127.0.0.1 httpbin.local alt.httpbin.local" | sudo tee -a /etc/hosts
run: ./traefik/linux.sh

# - name: "Traefik: Prerequisites - CA, Host, Tools (Windows)"
# if: ${{ matrix.traefik-server && contains(matrix.os, 'windows') }}
# run: |
# mkdir ./certs
# pip install trustme
# python -m trustme -i httpbin.local alt.httpbin.local -d ./certs
# mv ./certs/server.pem ./certs/httpbin.local.pem
# mv ./certs/server.key ./certs/httpbin.local.key
# mv ./certs/client.pem ./rootCA.pem
# echo 127.0.0.1 httpbin.local alt.httpbin.local >> %WinDir%\system32\drivers\etc\hosts
# choco install -y curl
- name: "Traefik: Prerequisites - CA, Host, Tools (Windows)"
if: ${{ matrix.traefik-server && contains(matrix.os, 'windows') }}
run: ./traefik/windows.sh

- name: "Traefik: Prerequisites - CA, Host, Tools (MacOS)"
if: ${{ matrix.traefik-server && contains(matrix.os, 'mac') }}
run: |
sudo security authorizationdb write com.apple.trust-settings.admin allow
mkdir ./certs
pip install trustme
python -m trustme -i httpbin.local alt.httpbin.local -d ./certs
mv ./certs/server.pem ./certs/httpbin.local.pem
mv ./certs/server.key ./certs/httpbin.local.key
mv ./certs/client.pem ./rootCA.pem
brew install curl
brew install docker
brew install docker-compose
colima start --network-address
colima list
echo "192.168.106.2 httpbin.local alt.httpbin.local" | sudo tee -a /etc/hosts
- name: "Traefik: Produce Compose & Config"
if: ${{ matrix.traefik-server && !contains(matrix.os, 'windows') }}
env:
TRAEFIK_CERTIFICATE_TOML: |
[[tls.certificates]]
certFile = "/certs/httpbin.local.pem"
keyFile = "/certs/httpbin.local.key"
TRAEFIK_COMPOSE_SCHEMA: |
services:
proxy:
image: traefik:v2.10.4
restart: unless-stopped
healthcheck:
test: [ "CMD", "traefik" ,"healthcheck", "--ping" ]
interval: 3s
timeout: 3s
retries: 10
ports:
- target: 8888
published: 8888
protocol: tcp
mode: host
- target: 4443
published: 4443
protocol: tcp
mode: host
- target: 4443
published: 4443
protocol: udp
mode: host
- target: 9999
published: 9999
protocol: tcp
mode: host
- target: 8754
published: 8754
protocol: tcp
mode: host
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./certs:/certs
command:
# Enable Docker in Traefik, so that it reads labels from Docker services
- --providers.docker
# TLS providers
- --providers.file.directory=/certs/
# Auto discovery
- --providers.file.watch=true
# Do not expose all Docker services, only the ones explicitly exposed
- --providers.docker.exposedbydefault=false
# Create an entrypoint "http" listening on port 8080
- --entrypoints.http.address=:8888
# Create an entrypoint "https" listening on port 4443
- --entrypoints.https.address=:4443
# Create alt-no-quic entrypoints
- --entrypoints.alt-http.address=:9999
- --entrypoints.alt-https.address=:8754
# QUIC Related Configuration
- --experimental.http3=true
- --entrypoints.https.http3=true
- --entrypoints.alt-https.http3=false
# Enable the access log, with HTTP requests
- --accesslog
# Enable the Traefik log, for configurations and errors
- --log
# Disable the Dashboard and API
- --api.dashboard=false
# Enable healthcheck
- --ping
- --log.level=INFO
httpbin:
image: mccutchen/go-httpbin:v2.11.1
restart: unless-stopped
depends_on:
proxy:
condition: service_healthy
labels:
- traefik.enable=true
- traefik.http.routers.httpbin-http.rule=Host(`httpbin.local`) || Host(`alt.httpbin.local`)
- traefik.http.routers.httpbin-http.entrypoints=http,alt-http
- traefik.http.routers.httpbin-https.rule=Host(`httpbin.local`) || Host(`alt.httpbin.local`)
- traefik.http.routers.httpbin-https.entrypoints=https,alt-https
- traefik.http.routers.httpbin-https.tls=true
- traefik.http.services.httpbin.loadbalancer.server.port=8080
run: |
echo "$TRAEFIK_COMPOSE_SCHEMA" > ./docker-compose.yaml
echo "$TRAEFIK_CERTIFICATE_TOML" > ./certs/certificate.toml
- name: "Traefik: Start stack"
if: ${{ matrix.traefik-server && !contains(matrix.os, 'windows') }}
run: docker compose up -d || docker-compose up -d

- name: "Traefik: Wait for service"
uses: nick-fields/retry@v3
if: ${{ matrix.traefik-server && !contains(matrix.os, 'windows') }}
with:
timeout_minutes: 3
max_attempts: 30
command: curl --fail http://httpbin.local:8888/get
run: ./traefik/macos.sh

- name: "Setup Python ${{ matrix.python-version }}"
uses: "actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1"
Expand Down
6 changes: 6 additions & 0 deletions docker-compose.win.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
services:
httpbin:
image: jawah/go-httpbin:windows
build:
context: ./go-httpbin
dockerfile: Dockerfile
77 changes: 77 additions & 0 deletions docker-compose.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
services:
proxy:
image: traefik:v2.10.4
restart: unless-stopped
healthcheck:
test: [ "CMD", "traefik" ,"healthcheck", "--ping" ]
interval: 3s
timeout: 3s
retries: 10
ports:
- target: 8888
published: 8888
protocol: tcp
mode: host
- target: 4443
published: 4443
protocol: tcp
mode: host
- target: 4443
published: 4443
protocol: udp
mode: host
- target: 9999
published: 9999
protocol: tcp
mode: host
- target: 8754
published: 8754
protocol: tcp
mode: host
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik:/certs
command:
# Enable Docker in Traefik, so that it reads labels from Docker services
- --providers.docker
# TLS providers
- --providers.file.directory=/certs/
# Auto discovery
- --providers.file.watch=true
# Do not expose all Docker services, only the ones explicitly exposed
- --providers.docker.exposedbydefault=false
# Create an entrypoint "http" listening on port 8080
- --entrypoints.http.address=:8888
# Create an entrypoint "https" listening on port 4443
- --entrypoints.https.address=:4443
# Create alt-no-quic entrypoints
- --entrypoints.alt-http.address=:9999
- --entrypoints.alt-https.address=:8754
# QUIC Related Configuration
- --experimental.http3=true
- --entrypoints.https.http3=true
- --entrypoints.alt-https.http3=false
# Enable the access log, with HTTP requests
- --accesslog
# Enable the Traefik log, for configurations and errors
- --log
# Disable the Dashboard and API
- --api.dashboard=false
# Enable healthcheck
- --ping
- --log.level=INFO

httpbin:
image: mccutchen/go-httpbin:v2.14.0
restart: unless-stopped
depends_on:
proxy:
condition: service_healthy
labels:
- traefik.enable=true
- traefik.http.routers.httpbin-http.rule=Host(`httpbin.local`) || Host(`alt.httpbin.local`)
- traefik.http.routers.httpbin-http.entrypoints=http,alt-http
- traefik.http.routers.httpbin-https.rule=Host(`httpbin.local`) || Host(`alt.httpbin.local`)
- traefik.http.routers.httpbin-https.entrypoints=https,alt-https
- traefik.http.routers.httpbin-https.tls=true
- traefik.http.services.httpbin.loadbalancer.server.port=8080
Loading

0 comments on commit cff741c

Please sign in to comment.