Split Taskfile to sections (#129)

ondat · Jul 4, 2022 · 74a2fd7 · 74a2fd7
1 parent b6df83d
commit 74a2fd7
Show file tree

Hide file tree

Showing 5 changed files with 473 additions and 457 deletions.
diff --git a/.task/cluster.yml b/.task/cluster.yml
@@ -0,0 +1,12 @@
+version: 3
+tasks:
+  create:
+    desc: create kind cluster
+    deps:
+      - delete
+    cmds:
+      - ./bin/kind create cluster --retain --name "{{.KIND_CLUSTER_NAME}}" --wait 2m --config ./tests/e2e/kuttl/kube-v{{.KIND_CLUSTER_VERSION}}/kind.yaml
+  delete:
+    desc: destroy kind cluster
+    cmds:
+      - ./bin/kind delete cluster --name "{{.KIND_CLUSTER_NAME}}"
diff --git a/.task/docker.yml b/.task/docker.yml
@@ -0,0 +1,110 @@
+version: 3
+vars:
+  NOW:
+    sh: date +'%s'
+  BASE_IMAGE:
+    sh: '([ -z "$BASE_IMAGE" ] && head -1  Dockerfile | cut -d= -f2) || echo $BASE_IMAGE'
+tasks:
+  build:
+    desc: build docker images
+    cmds:
+      - task: build:proxy
+      - task: build:debug
+      - task: build:vault
+      - task: build:awskms
+      - task: build:trousseau
+  build:proxy:
+    cmds:
+      - docker build --label buildtime={{.NOW}} --build-arg BASE_IMAGE={{.BASE_IMAGE}} --build-arg PROJECT=proxy -t $DOCKER_REGISTRY/$IMAGE_NAME:proxy-$IMAGE_VERSION .
+    status:
+       - test "{{.NOW}}" == "$(docker inspect $DOCKER_REGISTRY/$IMAGE_NAME:proxy-$IMAGE_VERSION --format='{{"{{"}}.Config.Labels.buildtime{{"}}"}}' 2>/dev/null)"
+  build:debug:
+    cmds:
+      - docker build --label buildtime={{.NOW}} --build-arg BASE_IMAGE={{.BASE_IMAGE}} --build-arg PROJECT=providers/debug -t $DOCKER_REGISTRY/$IMAGE_NAME:debug-$IMAGE_VERSION .
+    status:
+      - test "{{.NOW}}" == "$(docker inspect $DOCKER_REGISTRY/$IMAGE_NAME:debug-$IMAGE_VERSION --format='{{"{{"}}.Config.Labels.buildtime{{"}}"}}' 2>/dev/null)"
+  build:vault:
+    cmds:
+      - docker build --label buildtime={{.NOW}} --build-arg BASE_IMAGE={{.BASE_IMAGE}} --build-arg PROJECT=providers/vault -t $DOCKER_REGISTRY/$IMAGE_NAME:vault-$IMAGE_VERSION .
+    status:
+      - test "{{.NOW}}" == "$(docker inspect $DOCKER_REGISTRY/$IMAGE_NAME:vault-$IMAGE_VERSION --format='{{"{{"}}.Config.Labels.buildtime{{"}}"}}' 2>/dev/null)"
+  build:awskms:
+    cmds:
+      - docker build --label buildtime={{.NOW}} --build-arg BASE_IMAGE={{.BASE_IMAGE}} --build-arg PROJECT=providers/awskms -t $DOCKER_REGISTRY/$IMAGE_NAME:awskms-$IMAGE_VERSION .
+    status:
+      - test "{{.NOW}}" == "$(docker inspect $DOCKER_REGISTRY/$IMAGE_NAME:awskms-$IMAGE_VERSION --format='{{"{{"}}.Config.Labels.buildtime{{"}}"}}' 2>/dev/null)"
+  build:trousseau:
+    cmds:
+      - docker build --label buildtime={{.NOW}} --build-arg BASE_IMAGE={{.BASE_IMAGE}} --build-arg PROJECT=trousseau -t $DOCKER_REGISTRY/$IMAGE_NAME:trousseau-$IMAGE_VERSION .
+    status:
+      - test "{{.NOW}}" == "$(docker inspect $DOCKER_REGISTRY/$IMAGE_NAME:trousseau-$IMAGE_VERSION --format='{{"{{"}}.Config.Labels.buildtime{{"}}"}}' 2>/dev/null)"
+  push:
+    desc: push docker image
+    cmds:
+      - task: push:proxy
+      - task: push:debug
+      - task: push:vault
+      - task: push:awskms
+      - task: push:trousseau
+  push:proxy:
+    cmds:
+      - docker push $DOCKER_REGISTRY/$IMAGE_NAME:proxy-$IMAGE_VERSION
+  push:debug:
+    cmds:
+      - docker push $DOCKER_REGISTRY/$IMAGE_NAME:debug-$IMAGE_VERSION
+  push:vault:
+    cmds:
+      - docker push $DOCKER_REGISTRY/$IMAGE_NAME:vault-$IMAGE_VERSION
+  push:awskms:
+    cmds:
+      - docker push $DOCKER_REGISTRY/$IMAGE_NAME:awskms-$IMAGE_VERSION
+  push:trousseau:
+    cmds:
+      - docker push $DOCKER_REGISTRY/$IMAGE_NAME:trousseau-$IMAGE_VERSION
+  run:
+    desc: run docker image
+    cmds:
+      - task: run:proxy
+      - task: run:debug
+      - task: run:vault
+      - task: run:awskms
+      - task: run:trousseau
+  run:proxy:
+    deps:
+      - :bin-dir:init
+    cmds:
+      - docker rm -f trousseau-proxy || true
+      - docker run -d --name trousseau-proxy --rm -v $PWD/bin/run:/opt/vault-kms $DOCKER_REGISTRY/$IMAGE_NAME:proxy-$IMAGE_VERSION
+  run:debug:
+    deps:
+      - :bin-dir:init
+    cmds:
+      - docker rm -f trousseau-debug || true
+      - docker run -d --name trousseau-debug --rm -v $PWD/bin/run:/opt/vault-kms $DOCKER_REGISTRY/$IMAGE_NAME:debug-$IMAGE_VERSION
+  run:vault:
+    deps:
+      - :bin-dir:init
+    cmds:
+      - docker rm -f trousseau-local-vault || true
+      - docker run -d --name=trousseau-local-vault --cap-add=IPC_LOCK -e 'VAULT_DEV_ROOT_TOKEN_ID=vault-kms-demo' vault
+      - sleep 5
+      - docker exec -e VAULT_ADDR=http://127.0.0.1:8200 trousseau-local-vault vault login vault-kms-demo
+      - docker exec -e VAULT_ADDR=http://127.0.0.1:8200 trousseau-local-vault vault secrets enable transit
+      - docker rm -f trousseau-vault || true
+      - docker run -d --name trousseau-vault --rm --network=container:trousseau-local-vault -v $PWD/tests/e2e/kuttl/kube-v{{.KIND_CLUSTER_VERSION}}/vault.yaml:/etc/config.yaml -v $PWD/bin/run:/opt/vault-kms $DOCKER_REGISTRY/$IMAGE_NAME:vault-$IMAGE_VERSION --config-file-path=/etc/config.yaml -v=3
+  run:awskms:
+    deps:
+      - :bin-dir:init
+    cmds:
+      - docker rm -f trousseau-local-aws || true
+      - docker run --name trousseau-local-aws --rm --hostname localhost.localstack.cloud -d -e SERVICES=kms -e HOSTNAME=localhost.localstack.cloud -e HOSTNAME_EXTERNAL=localhost.localstack.cloud -e DEFAULT_REGION=eu-west-1 -e KMS_PROVIDER=kms-local -p 4566:4566 -p 4510-4559:4510-4559 localstack/localstack:0.14.4
+      - sleep 5
+      - 'printf %"s\n" "endpoint: https://localhost.localstack.cloud:4566" "profile: trousseau-local-aws" "keyArn: $(docker exec trousseau-local-aws awslocal kms create-key | grep Arn | cut -d''"'' -f4)" > tests/e2e/kuttl/kube-v{{.KIND_CLUSTER_VERSION}}/awskms.yaml'
+      - docker rm -f trousseau-awskms || true
+      - docker run -d --name trousseau-awskms --rm --network=container:trousseau-local-aws -v $PWD/tests/e2e/kuttl/kube-v{{.KIND_CLUSTER_VERSION}}/aws-credentials.ini:/.aws/credentials -v $PWD/tests/e2e/kuttl/kube-v{{.KIND_CLUSTER_VERSION}}/awskms.yaml:/etc/config.yaml -v $PWD/bin/run:/opt/vault-kms $DOCKER_REGISTRY/$IMAGE_NAME:awskms-$IMAGE_VERSION --config-file-path=/etc/config.yaml -v=3
+  run:trousseau:
+    deps:
+      - :bin-dir:init
+    cmds:
+      - docker rm -f trousseau-core || true
+      - docker run -d --name trousseau-core --rm -v $PWD/bin/run:/opt/vault-kms $DOCKER_REGISTRY/$IMAGE_NAME:trousseau-$IMAGE_VERSION {{.ENABLED_PROVIDERS}} -v=3
diff --git a/.task/fetch.yml b/.task/fetch.yml
@@ -0,0 +1,98 @@
+version: 3
+vars:
+  KIND_VERSION: 0.14.0
+  GOSEC_VERSION: 2.11.0
+  GOLANGCI_VERSION: 1.46.2
+  HELM_VERSION: 3.6.3
+  VAULT_VERSION: 1.8.1
+  KUBECTL_VERSION: 1.21.1
+  KUTTL_VERSION: 0.12.1
+  HUSKY_VERSION: 0.2.8
+tasks:
+  all:
+    desc: fetch all tools
+    cmds:
+      - task: kubectl
+      - task: kind
+      - task: kuttl
+  golangci:
+    deps:
+      - :bin-dir:init
+    desc: install golanci
+    cmds:
+      - curl -L https://github.com/golangci/golangci-lint/releases/download/v{{.GOLANGCI_VERSION}}/golangci-lint-{{.GOLANGCI_VERSION}}-{{OS}}-{{ARCH}}.tar.gz | tar xvz --one-top-level=golangcitmp
+      - mv golangcitmp/golangci-lint-{{.GOLANGCI_VERSION}}-{{OS}}-{{ARCH}}/golangci-lint ./bin/golangci-lint
+      - chmod 755 bin/golangci-lint
+      - rm -rf golangcitmp
+    status:
+      - test -f ./bin/golangci-lint
+  gosec:
+    deps:
+      - :bin-dir:init
+    desc: install gosec
+    cmds:
+      - curl -L https://github.com/securego/gosec/releases/download/v{{.GOSEC_VERSION}}/gosec_{{.GOSEC_VERSION}}_{{OS}}_{{ARCH}}.tar.gz | tar xvz --one-top-level=gosectmp
+      - mv gosectmp/gosec ./bin/gosec
+      - chmod 755 bin/gosec
+      - rm -rf gosectmp
+    status:
+      - test -f ./bin/gosec
+  kind:
+    deps:
+      - :bin-dir:init
+    desc: install kind
+    cmds:
+      - curl -L https://github.com/kubernetes-sigs/kind/releases/download/v{{.KIND_VERSION}}/kind-{{OS}}-{{ARCH}} --output ./bin/kind && chmod +x ./bin/kind
+    status:
+      - test -f ./bin/kind
+  helm:
+    deps:
+      - :bin-dir:init
+    desc: install helm
+    cmds:
+      - curl -L https://get.helm.sh/helm-v{{.HELM_VERSION}}-{{OS}}-{{ARCH}}.tar.gz | tar xvz -C ./
+      - mv {{OS}}-{{ARCH}}/helm ./bin/helm
+      - chmod 755 bin/helm
+      - rm -rf {{OS}}-{{ARCH}}
+    status:
+      - test -f ./bin/helm
+  vault:
+    desc: install vault
+    cmds:
+      - curl "https://releases.hashicorp.com/vault/{{.VAULT_VERSION}}/vault_{{.VAULT_VERSION}}_{{OS}}_{{ARCH}}.zip" -o "vault.zip"
+      - unzip vault.zip
+      - mv vault bin/vault
+      - chmod 755 bin/vault
+      - rm vault.zip
+    status:
+      - test -f bin/vault
+  kubectl:
+    deps:
+      - :bin-dir:init
+    desc: install kubectl
+    cmds:
+      - curl -Lo ./bin/kubectl  https://storage.googleapis.com/kubernetes-release/release/v{{.KUBECTL_VERSION}}/bin/{{OS}}/{{ARCH}}/kubectl
+      - chmod +x ./bin/kubectl
+    status:
+      - test -f ./bin/kubectl
+  kuttl:
+    deps:
+      - :bin-dir:init
+    desc: install kuttl
+    cmds:
+      - cd bin ; curl -L https://github.com/kudobuilder/kuttl/releases/download/v{{.KUTTL_VERSION}}/kuttl_{{.KUTTL_VERSION}}_{{OS}}_x86_64.tar.gz | tar -xz kubectl-kuttl
+    status:
+      - test -f ./bin/kuttl
+  husky:
+    deps:
+      - :bin-dir:init
+    desc: install husky
+    cmds:
+      - cd bin ; curl -L https://github.com/automation-co/husky/releases/download/v{{.HUSKY_VERSION}}/husky_{{.HUSKY_VERSION}}_{{.CAP_ARCH}}_x86_64.tar.gz | tar -xz husky
+      - chmod +x ./bin/husky
+      - ./bin/husky install
+    vars:
+      CAP_ARCH:
+        sh: uname
+    status:
+      - test -f ./bin/husky