migrate ricoberger -> bakito

use gin
optimisations

Author: bakito

.github/dependabot.yml

@@ -0,0 +1,9 @@
+version: 2
+updates:
+  - package-ecosystem: "gomod" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"
+    ignore:
+      - dependency-name: k8s.io/client-go
+      - dependency-name: k8s.io/apimachinery

.github/workflows/docker.yaml

@@ -1,5 +1,10 @@
 name: Go
-on: [pull_request, release]
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
 jobs:
   build-release:
     name: Build
@@ -19,6 +24,3 @@ jobs:
 
     - name: Test
       run: go test ./...
-
-    - name: Build
-      run: make build

.github/workflows/go.yaml

@@ -0,0 +1,58 @@
+name: docker-image
+
+on:
+  push:
+    branches:
+      - main
+  release:
+    types:
+      - published
+
+jobs:
+  main:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get current date
+        id: date
+        run: echo "::set-output name=date::$(date --utc +%Y-%m-%dT%H:%M:%SZ)"
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      - name: Login to ghcr.io
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Login to Quay
+        uses: docker/login-action@v1
+        with:
+          registry: quay.io
+          username: ${{ secrets.QUAY_USERNAME }}
+          password: ${{ secrets.QUAY_PASSWORD }}
+      - name: Build and push ${{github.event.release.tag_name }}
+        id: docker_build_release
+        uses: docker/build-push-action@v2
+        if: ${{ github.event.release.tag_name != '' }}
+        with:
+          push: true
+          tags: ghcr.io/bakito/sealed-secrets-web:latest,ghcr.io/bakito/sealed-secrets-web:${{ github.event.release.tag_name }},quay.io/bakito/sealed-secrets-web:latest,quay.io/bakito/sealed-secrets-web:${{ github.event.release.tag_name }}
+          platforms: linux/amd64,linux/arm64
+          build-args: |
+            VERSION=${{ github.event.release.tag_name }}
+            BUILD=${{ steps.date.outputs.date }}
+
+      - name: Build and push main
+        id: docker_build_main
+        uses: docker/build-push-action@v2
+        if: ${{ github.event.release.tag_name == '' }}
+        with:
+          push: true
+          tags: ghcr.io/bakito/sealed-secrets-web:main,quay.io/bakito/sealed-secrets-web:main
+          platforms: linux/amd64,linux/arm64
+          build-args: |
+            VERSION=main
+            BUILD=${{ steps.date.outputs.date }}
+      - name: Image digest
+        run: echo ${{ steps.docker_build.outputs.digest }}

.github/workflows/helm.yaml

@@ -119,3 +119,4 @@ bin
 
 # idea
 /.idea
+/dist

.github/workflows/publish.yml

@@ -0,0 +1,16 @@
+before:
+  hooks:
+    - helm package ./charts/sealed-secrets-web/ --version {{ .Version }} --app-version {{ .Version }} -d {{ .Env.CR_PACKAGE_PATH }}
+builds:
+  - skip: true
+    main: ./main.go
+checksum:
+  name_template: 'checksums.txt'
+snapshot:
+  name_template: "{{ .Tag }}-next"
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - '^docs:'
+      - '^test:'

.gitignore

@@ -0,0 +1,45 @@
+FROM bitnami/golang:1.16 as builder
+
+WORKDIR /go/src/app
+
+RUN apt-get update && apt-get install -y upx
+
+ARG VERSION=main
+ARG BUILD="N/A"
+
+ENV GOPROXY=https://goproxy.io \
+  GO111MODULE=on \
+  CGO_ENABLED=0 \
+  GOOS=linux
+
+ADD ./go.mod /tmp/go.mod
+RUN export KUBESEAL_VERSION=$(cat /tmp/go.mod  | grep github.com/bitnami-labs/sealed-secrets | awk '{print $2}') && \
+    export KUBESEAL_ARCH=$(dpkg --print-architecture) && \
+    if [ "${KUBESEAL_ARCH}" = "arm64" ]; then  \
+      export KUBESEAL_FILE="kubeseal-${KUBESEAL_ARCH}"; \
+    else \
+      export KUBESEAL_FILE="kubeseal-linux-${KUBESEAL_ARCH}"; \
+    fi && \
+    export KUBESEAL_URL="https://github.com/bitnami-labs/sealed-secrets/releases/download/${KUBESEAL_VERSION}/${KUBESEAL_FILE}"; \
+    echo "Download kubeseal ${KUBESEAL_VERSION}/${KUBESEAL_ARCH} from ${KUBESEAL_URL}" && \
+    curl -L ${KUBESEAL_URL} -o /tmp/kubeseal && \
+    chmod +x /tmp/kubeseal && \
+    upx -q /tmp/kubeseal
+
+ADD . /go/src/app/
+
+RUN go build -a -installsuffix cgo -ldflags="-w -s -X github.com/bakito/sealed-secrets-web/pkg/version.Version=${VERSION} -X github.com/bakito/sealed-secrets-web/pkg/version.Build=${BUILD}" -o sealed-secrets-web . && \
+    upx -q sealed-secrets-web
+
+
+# application image
+FROM alpine:latest
+WORKDIR /opt/go
+
+LABEL maintainer="bakito <[email protected]>"
+EXPOSE 8080
+RUN apk add --no-cache dumb-init
+ENTRYPOINT ["/usr/bin/dumb-init", "--","/opt/go/sealed-secrets-web"]
+COPY --from=builder /go/src/app/sealed-secrets-web /opt/go/sealed-secrets-web
+COPY --from=builder /tmp/kubeseal /usr/local/bin/kubeseal
+USER 1001

.goreleaser.yml

@@ -1,90 +1,14 @@
-WHAT := sealedsecretsweb
-
-BRANCH       ?= $(shell git rev-parse --abbrev-ref HEAD)
-BUILDTIME    ?= $(shell date '+%Y%m%d-%H:%M:%S')
-BUILDUSER    ?= $(shell id -un)
-PWD          ?= $(shell pwd)
-REPO         ?= github.com/ricoberger/sealed-secrets-web
-REVISION     ?= $(shell git rev-parse HEAD)
-VERSION      ?= $(shell git describe --tags)
-
-.PHONY: build build-darwin-amd64 build-linux-amd64 build-windows-amd64 clean docker-build docker-publish release release-major release-minor release-patch
-
-build:
-	for target in $(WHAT); do \
-		go build -ldflags "-X ${REPO}/pkg/version.Version=${VERSION} \
-			-X ${REPO}/pkg/version.Revision=${REVISION} \
-			-X ${REPO}/pkg/version.Branch=${BRANCH} \
-			-X ${REPO}/pkg/version.BuildUser=${BUILDUSER} \
-			-X ${REPO}/pkg/version.BuildDate=${BUILDTIME}" \
-			-o ./bin/$$target ./cmd/$$target; \
-	done
-
-build-darwin-amd64:
-	for target in $(WHAT); do \
-		CGO_ENABLED=0 GOARCH=amd64 GOOS=darwin go build -a -installsuffix cgo -ldflags "-X ${REPO}/pkg/version.Version=${VERSION} \
-			-X ${REPO}/pkg/version.Revision=${REVISION} \
-			-X ${REPO}/pkg/version.Branch=${BRANCH} \
-			-X ${REPO}/pkg/version.BuildUser=${BUILDUSER} \
-			-X ${REPO}/pkg/version.BuildDate=${BUILDTIME}" \
-			-o ./bin/$$target-darwin-amd64 ./cmd/$$target; \
-	done
-
-build-linux-amd64:
-	for target in $(WHAT); do \
-		CGO_ENABLED=0 GOARCH=amd64 GOOS=linux go build -a -installsuffix cgo -ldflags "-X ${REPO}/pkg/version.Version=${VERSION} \
-			-X ${REPO}/pkg/version.Revision=${REVISION} \
-			-X ${REPO}/pkg/version.Branch=${BRANCH} \
-			-X ${REPO}/pkg/version.BuildUser=${BUILDUSER} \
-			-X ${REPO}/pkg/version.BuildDate=${BUILDTIME}" \
-			-o ./bin/$$target-linux-amd64 ./cmd/$$target; \
-	done
-
-build-windows-amd64:
-	for target in $(WHAT); do \
-		CGO_ENABLED=0 GOARCH=amd64 GOOS=windows go build -a -installsuffix cgo -ldflags "-X ${REPO}/pkg/version.Version=${VERSION} \
-			-X ${REPO}/pkg/version.Revision=${REVISION} \
-			-X ${REPO}/pkg/version.Branch=${BRANCH} \
-			-X ${REPO}/pkg/version.BuildUser=${BUILDUSER} \
-			-X ${REPO}/pkg/version.BuildDate=${BUILDTIME}" \
-			-o ./bin/$$target-windows-amd64.exe ./cmd/$$target; \
-	done
-
-clean:
-	rm -rf ./bin
-
-docker-build: build-linux-amd64
-	for target in $(WHAT); do \
-		docker build -f cmd/$$target/Dockerfile -t "$$target:${VERSION}" --build-arg REVISION=${REVISION} --build-arg VERSION=${VERSION} .; \
-	done
-
-docker-publish:
-	for target in $(WHAT); do \
-		docker tag $$target:${VERSION} ricoberger/sealed-secrets-web:${VERSION}; \
-		docker tag $$target:${VERSION} docker.pkg.github.com/ricoberger/sealed-secrets-web/sealed-secrets-web:${VERSION}; \
-		docker push ricoberger/sealed-secrets-web:${VERSION}; \
-		docker push docker.pkg.github.com/ricoberger/sealed-secrets-web/sealed-secrets-web:${VERSION}; \
-	done
-
-release: clean docker-build docker-publish
-
-release-major:
-	$(eval MAJORVERSION=$(shell git describe --tags --abbrev=0 | sed s/v// | awk -F. '{print $$1+1".0.0"}'))
-	git checkout master
-	git pull
-	git tag -a $(MAJORVERSION) -m 'release $(MAJORVERSION)'
-	git push origin --tags
-
-release-minor:
-	$(eval MINORVERSION=$(shell git describe --tags --abbrev=0 | sed s/v// | awk -F. '{print $$1"."$$2+1".0"}'))
-	git checkout master
-	git pull
-	git tag -a $(MINORVERSION) -m 'release $(MINORVERSION)'
-	git push origin --tags
-
-release-patch:
-	$(eval PATCHVERSION=$(shell git describe --tags --abbrev=0 | sed s/v// | awk -F. '{print $$1"."$$2"."$$3+1}'))
-	git checkout master
-	git pull
-	git tag -a $(PATCHVERSION) -m 'release $(PATCHVERSION)'
-	git push origin --tags
+release: semver
+	@version=$$(semver); \
+	git tag -s $$version -m"Release $$version"
+	goreleaser --rm-dist
+	cr upload --skip-existing
+	cr index
+
+test-release:
+	goreleaser --skip-publish --snapshot --rm-dist
+
+semver:
+ifeq (, $(shell which semver))
+ $(shell go get -u github.com/bakito/semver)
+endif

Dockerfile

@@ -20,16 +20,16 @@
 **sealed-secrets-web** can be installed via our Helm chart:
 
 ```sh
-helm repo add ricoberger https://ricoberger.github.io/helm-charts
+helm repo add bakito https://bakito.github.io/helm-charts
 helm up
 
-helm upgrade --install sealed-secrets-web ricoberger/sealed-secrets-web
+helm upgrade --install sealed-secrets-web bakito/sealed-secrets-web
 ```
 
 To modify the settings for Sealed Secrets you can modify the arguments for the Docker image with the `--set` flag. For example you can set a different `controller-name` during the installation with the following command:
 
 ```sh
-helm upgrade --install sealed-secrets-web ricoberger/sealed-secrets-web --set image.args={"--kubeseal-arguments=--controller-name=sealed-secrets"}
+helm upgrade --install sealed-secrets-web bakito/sealed-secrets-web --set image.args={"--kubeseal-arguments=--controller-name=sealed-secrets"}
 ```
 
 ## Development
@@ -62,7 +62,7 @@ Finally we can install **Sealed Secrets Web** using the provided Helm chart:
 ```sh
 kubectl create namespace sealed-secrets-web
 
-helm upgrade --install sealed-secrets-web ricoberger/sealed-secrets-web --namespace sealed-secrets-web --set image.args={"--kubeseal-arguments=--controller-name=sealed-secrets"} --set image.repository=localhost:5000/sealed-secrets-web --set image.tag=dev --set image.pullPolicy=Always
+helm upgrade --install sealed-secrets-web bakito/sealed-secrets-web --namespace sealed-secrets-web --set image.args={"--kubeseal-arguments=--controller-name=sealed-secrets"} --set image.repository=localhost:5000/sealed-secrets-web --set image.tag=dev --set image.pullPolicy=Always
 
 # Access the Web UI:
 kubectl port-forward svc/sealed-secrets-web 8080:80

Makefile

@@ -1,10 +1,10 @@
-apiVersion: v1
-appVersion: 2.4.0
+apiVersion: v2
+appVersion: v2.5.0
 description: A web interface for Sealed Secrets by Bitnami.
-home: https://github.com/ricoberger/sealed-secrets-web
-icon: https://raw.githubusercontent.com/ricoberger/sealed-secrets-web/master/assets/logo.png
+home: https://github.com/bakito/sealed-secrets-web
+icon: https://raw.githubusercontent.com/bakito/sealed-secrets-web/master/assets/logo.png
 maintainers:
-  - name: Rico Berger
-    url: https://ricoberger.de
+  - name: bakito
+    url: https://github.com/bakito
 name: sealed-secrets-web
-version: 2.4.0
+version: 2.5.0

README.md

@@ -23,7 +23,7 @@ spec:
       serviceAccountName: {{ template "sealed-secrets-web.serviceAccountName" . }}
       containers:
         - name: {{ .Chart.Name }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           args:
             {{- toYaml .Values.image.args | nindent 12 }}

charts/sealed-secrets-web/Chart.yaml

@@ -1,8 +1,9 @@
 replicaCount: 1
 
 image:
-  repository: ricoberger/sealed-secrets-web
-  tag: 2.4.0
+  repository: ghcr.io/bakito/sealed-secrets-web
+  # default version .Chart.AppVersion
+  tag:
   pullPolicy: IfNotPresent
   args: []