Merge pull request #413 from xmidt-org/local_sat2

fix .release config and add local build dockerfile
xmidt-org · May 3, 2023 · 4cfd0c6 · 4cfd0c6
2 parents 1bcc2b9 + d99e8cf
commit 4cfd0c6
Show file tree

Hide file tree

Showing 4 changed files with 76 additions and 8 deletions.
diff --git a/.release/docker/tr1d1um_spruce.yaml b/.release/docker/tr1d1um_spruce.yaml
@@ -221,15 +221,18 @@ jwtValidator:
       # Template is a URI template used to fetch keys.  This template may
       # use a single parameter named keyID, e.g. http://keys.com/{keyID}.
       # This field is required and has no default.
-      Template: "http://localhost/{keyID}"
+
+      Template: "http://themis:6500/keys/{keyID}"
+
     Refresh:
       Sources:
         # URI is the location where keys are served.  By default, clortho supports
         # file://, http://, and https:// URIs, as well as standard file system paths
         # such as /etc/foo/bar.jwk.
         #
         # This field is required and has no default.
-        - URI: "http://localhost/available"
+        - URI: "http://themis:6500/keys/available"
+
 
 authx:
   inbound:

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## [v0.9.5]
+- Update tr1d1um config for docker so themis can be used for jwt auth. 
+
 ## [v0.9.4]
 - Disable arm64 builds (temporary)
 
@@ -233,7 +236,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Added
 - Initial creation.
 
-[Unreleased]: https://github.com/xmidt-org/tr1d1um/compare/v0.9.4...HEAD
+[Unreleased]: https://github.com/xmidt-org/tr1d1um/compare/v0.9.5...HEAD
+[v0.9.5]: https://github.com/xmidt-org/tr1d1um/compare/v0.9.4...v0.9.5
 [v0.9.4]: https://github.com/xmidt-org/tr1d1um/compare/v0.9.3...v0.9.4
 [v0.9.3]: https://github.com/xmidt-org/tr1d1um/compare/v0.9.2...v0.9.3
 [v0.9.2]: https://github.com/xmidt-org/tr1d1um/compare/v0.9.1...v0.9.2

diff --git a/Dockerfile.local b/Dockerfile.local
@@ -0,0 +1,59 @@
+FROM docker.io/library/golang:1.19-alpine as builder
+
+ARG arm64
+
+COPY . /src
+
+WORKDIR /src
+
+RUN apk add --no-cache --no-progress \
+    ca-certificates \
+    make \
+    curl
+
+# Download spruce here to eliminate the need for curl in the final image
+ENV spruce_url_amd64=https://github.com/geofffranks/spruce/releases/download/v1.29.0/spruce-linux-amd64 
+ENV spruce_url_arm64=https://github.com/geofffranks/spruce/releases/download/v1.30.2/spruce-linux-arm64
+RUN [ ${arm64}=true ] && (curl -L -o /go/bin/spruce ${spruce_url_arm64}) || (curl -L -o /go/bin/spruce ${spruce_url_amd64})
+
+RUN mkdir -p /go/bin && \
+    chmod +x /go/bin/spruce
+
+
+RUN make build
+
+##########################
+# Build the final image.
+##########################
+
+FROM alpine:latest
+
+# Copy over the standard things you'd expect.
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt  /etc/ssl/certs/
+COPY --from=builder /src/tr1d1um /
+COPY .release/docker/entrypoint.sh  /
+
+# Copy over spruce and the spruce template file used to make the actual configuration file.
+COPY .release/docker/tr1d1um_spruce.yaml  /tmp/tr1d1um_spruce.yaml
+COPY --from=builder /go/bin/spruce        /bin/
+
+# Include compliance details about the container and what it contains.
+COPY Dockerfile /
+COPY NOTICE     /
+COPY LICENSE    /
+
+# Make the location for the configuration file that will be used.
+RUN     mkdir /etc/tr1d1um/ \
+    &&  touch /etc/tr1d1um/tr1d1um.yaml \
+    &&  chmod 666 /etc/tr1d1um/tr1d1um.yaml
+
+USER nobody
+
+ENTRYPOINT ["/entrypoint.sh"]
+
+EXPOSE 6100
+EXPOSE 6101
+EXPOSE 6102
+EXPOSE 6103
+
+CMD ["/tr1d1um"]
diff --git a/README.md b/README.md
@@ -61,8 +61,6 @@ The Makefile has the following options you may find helpful:
 * `make build`: builds the Tr1d1um binary in the tr1d1um/src/tr1d1um folder
 * `make docker`: fetches all dependencies from source and builds a Tr1d1um
    docker image
-* `make local-docker`: vendors dependencies and builds a Tr1d1um docker image
-   (recommended for local testing)
 * `make test`: runs unit tests with coverage for Tr1d1um
 * `make clean`: deletes previously-built binaries and object files
 
@@ -86,8 +84,12 @@ If you'd like to build it without make, follow these instructions based on your
 
 - Local testing
 ```bash
-go mod vendor
-docker build -t tr1d1um:local -f deploy/Dockerfile .
+docker build -t tr1d1um:local -f Dockerfile.local .  
+```
+```
+# OR build for am arm64 architecture
+bash
+docker build -t tr1d1um:local --build-arg arm64=true -f Dockerfile.local .  
 ```
 This allows you to test local changes to a dependency. For example, you can build 
 a tr1d1um image with the changes to an upcoming changes to [webpa-common](https://github.com/xmidt-org/webpa-common) by using the [replace](https://golang.org/ref/mod#go) directive in your go.mod file like so:
@@ -99,7 +101,7 @@ replace github.com/xmidt-org/webpa-common v1.10.2 => ../webpa-common
 - Building a specific version
 ```bash
 git checkout v0.5.1
-docker build -t tr1d1um:v0.5.1 -f deploy/Dockerfile .
+docker build -t tr1d1um:v0.5.1 -f Dockerfile.local .
 ```
 
 **Additional Info:** If you'd like to stand up a XMiDT docker-compose cluster, read [this](https://github.com/xmidt-org/xmidt/blob/master/deploy/docker-compose/README.md).