docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

releaser: simplify access to env or secrets 

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
This commit is contained in:
CrazyMax 2022-08-09 20:44:12 +02:00
parent 98c7c95350
commit 278cae8ad0
No known key found for this signature in database
GPG Key ID: 3248E46B6BB8C7F7
4 changed files with 40 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
_releaser/Dockerfile
View File

@ -24,7 +24,6 @@ FROM base AS netlify-remove
ARG NETLIFY_SITE_NAME
RUN --mount=type=bind,from=releaser,source=/out/releaser,target=/usr/bin/releaser \
--mount=type=secret,id=NETLIFY_AUTH_TOKEN \
NETLIFY_AUTH_TOKEN=$(cat /run/secrets/NETLIFY_AUTH_TOKEN) \
releaser netlify remove
FROM base AS netlify-deploy
@ -33,10 +32,7 @@ RUN --mount=type=bind,from=sitedir,target=/site \
--mount=type=bind,from=releaser,source=/out/releaser,target=/usr/bin/releaser \
--mount=type=secret,id=NETLIFY_AUTH_TOKEN \
--mount=type=secret,id=NETLIFY_ACCOUNT_SLUG \
NETLIFY_AUTH_TOKEN=$(cat /run/secrets/NETLIFY_AUTH_TOKEN) \
NETLIFY_ACCOUNT_SLUG=$(cat /run/secrets/NETLIFY_ACCOUNT_SLUG) \
NETLIFY_DIR=/site \
releaser netlify deploy
NETLIFY_DIR=/site releaser netlify deploy
FROM base AS aws-s3-update-config
ARG AWS_REGION
@ -46,8 +42,6 @@ RUN --mount=type=bind,target=. \
--mount=type=bind,from=releaser,source=/out/releaser,target=/usr/bin/releaser \
--mount=type=secret,id=AWS_ACCESS_KEY_ID \
--mount=type=secret,id=AWS_SECRET_ACCESS_KEY \
AWS_ACCESS_KEY_ID=$(cat /run/secrets/AWS_ACCESS_KEY_ID) \
AWS_SECRET_ACCESS_KEY=$(cat /run/secrets/AWS_SECRET_ACCESS_KEY) \
releaser aws s3-update-config
FROM base AS aws-lambda-invoke
@ -56,6 +50,4 @@ ARG AWS_LAMBDA_FUNCTION
RUN --mount=type=bind,from=releaser,source=/out/releaser,target=/usr/bin/releaser \
--mount=type=secret,id=AWS_ACCESS_KEY_ID \
--mount=type=secret,id=AWS_SECRET_ACCESS_KEY \
AWS_ACCESS_KEY_ID=$(cat /run/secrets/AWS_ACCESS_KEY_ID) \
AWS_SECRET_ACCESS_KEY=$(cat /run/secrets/AWS_SECRET_ACCESS_KEY) \
releaser aws lambda-invoke

23
_releaser/aws.go
View File

@ -7,6 +7,7 @@ import (
"log"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/lambda"
"github.com/aws/aws-sdk-go/service/s3"
@ -36,8 +37,9 @@ func (s *AwsS3UpdateConfigCmd) Run() error {
}
sess, err := session.NewSession(&aws.Config{
Region: aws.String(s.Region)},
)
Credentials: awsCredentials(),
Region: aws.String(s.Region),
})
svc := s3.New(sess)
@ -67,7 +69,8 @@ func (s *AwsLambdaInvokeCmd) Run() error {
svc := lambda.New(session.Must(session.NewSessionWithOptions(session.Options{
SharedConfigState: session.SharedConfigEnable,
})), &aws.Config{
Region: aws.String(s.Region),
Credentials: awsCredentials(),
Region: aws.String(s.Region),
})
_, err := svc.Invoke(&lambda.InvokeInput{
@ -80,3 +83,17 @@ func (s *AwsLambdaInvokeCmd) Run() error {
log.Printf("INFO: lambda function %q invoked successfully\n", s.LambdaFunction)
return nil
}
func awsCredentials() *credentials.Credentials {
return credentials.NewChainCredentials(
[]credentials.Provider{
&credentials.StaticProvider{
Value: credentials.Value{
AccessKeyID: getEnvOrSecret("AWS_ACCESS_KEY_ID"),
SecretAccessKey: getEnvOrSecret("AWS_SECRET_ACCESS_KEY"),
SessionToken: getEnvOrSecret("AWS_SESSION_TOKEN"),
},
},
},
)
}

14
_releaser/main.go
View File

@ -2,6 +2,8 @@ package main
import (
"log"
"os"
"path/filepath"
"github.com/alecthomas/kong"
)
@ -29,3 +31,15 @@ func main() {
}))
ctx.FatalIfErrorf(ctx.Run())
}
// getEnvOrSecret retrieves secret's value from secret file or env
func getEnvOrSecret(name string) string {
if v, ok := os.LookupEnv(name); ok {
return v
}
b, err := os.ReadFile(filepath.Join("/run/secrets", name))
if err != nil {
return ""
}
return string(b)
}

12
_releaser/netlify.go
View File

@ -23,8 +23,7 @@ type NetlifyCmd struct {
}
type netlifyGlobalFlags struct {
SiteName string `kong:"name='site-name',env='NETLIFY_SITE_NAME'"`
AuthToken string `kong:"name='auth-token',env='NETLIFY_AUTH_TOKEN'"`
SiteName string `kong:"name='site-name',env='NETLIFY_SITE_NAME'"`
}
type NetlifyRemoveCmd struct {
@ -33,7 +32,7 @@ type NetlifyRemoveCmd struct {
func (s *NetlifyRemoveCmd) Run() error {
siteName := cleanSiteName(s.SiteName)
c := newNetlifyClient(s.AuthToken)
c := newNetlifyClient(getEnvOrSecret("NETLIFY_AUTH_TOKEN"))
site, err := c.getSite(siteName)
if err != nil {
return fmt.Errorf("failed to get site %q: %w", siteName, err)
@ -47,8 +46,7 @@ func (s *NetlifyRemoveCmd) Run() error {
type NetlifyDeployCmd struct {
netlifyGlobalFlags
AccountSlug string `kong:"name='account-slug',env='NETLIFY_ACCOUNT_SLUG'"`
PublishDir string `kong:"name='publish-dir',env='NETLIFY_PUBLISH_DIR'"`
PublishDir string `kong:"name='publish-dir',env='NETLIFY_PUBLISH_DIR'"`
}
func (s *NetlifyDeployCmd) Run() error {
@ -59,11 +57,11 @@ func (s *NetlifyDeployCmd) Run() error {
}
siteName := cleanSiteName(s.SiteName)
c := newNetlifyClient(s.AuthToken)
c := newNetlifyClient(getEnvOrSecret("NETLIFY_AUTH_TOKEN"))
site, err := c.CreateSite(c.ctx, &netlify.SiteSetup{
Site: netlify.Site{
AccountSlug: s.AccountSlug,
AccountSlug: getEnvOrSecret("NETLIFY_ACCOUNT_SLUG"),
Name: siteName,
},
}, false)