Add deployment files for the key service

.github/workflows/build-push.yml

@@ -78,6 +78,39 @@ jobs:
         echo "::set-output name=version::$VERSION"
     outputs:
       sseVersion: ${{ steps.image.outputs.version }}
+  build_keys:
+    if: ${{ github.event_name == 'workflow_dispatch' || github.event.pull_request.merged == true }}
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - name: Build app image
+      run: docker build . -f deploy/etos-keys/Dockerfile --tag image
+
+    - name: Login to GitHub Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Push app image
+      id: image
+      run: |
+        IMAGE_ID=ghcr.io/eiffel-community/etos-keys
+        # Strip git ref prefix from version
+        VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
+        # Strip "v" prefix from tag name
+        [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
+        # Use Docker `latest` tag convention
+        [ "$VERSION" == "main" ] && VERSION=$(echo ${{ github.sha }} | cut -c1-8)
+        echo IMAGE_ID=$IMAGE_ID
+        echo VERSION=$VERSION
+        docker tag image $IMAGE_ID:$VERSION
+        docker push $IMAGE_ID:$VERSION
+        echo $IMAGE_ID:$VERSION
+        echo "::set-output name=version::$VERSION"
+    outputs:
+      keysVersion: ${{ steps.image.outputs.version }}
   build_logarea:
     if: ${{ github.event_name == 'workflow_dispatch' || github.event.pull_request.merged == true }}
     runs-on: ubuntu-latest
@@ -180,7 +213,7 @@ jobs:
   update_manifests:
     if: ${{ github.event_name == 'workflow_dispatch' || github.event.pull_request.merged == true }}
     runs-on: ubuntu-latest
-    needs: [build_api, build_sse, build_logarea, build_iut, build_executionspace]
+    needs: [build_api, build_sse, build_keys, build_logarea, build_iut, build_executionspace]
     steps:
     - uses: actions/checkout@v3
     - name: Update manifests
@@ -191,6 +224,9 @@ jobs:
             "manifests/base/sse/deployment.yaml": {
               "spec.template.spec.containers[0].image": "ghcr.io/eiffel-community/etos-sse:${{ needs.build_sse.outputs.sseVersion }}"
             },
+            "manifests/base/keys/deployment.yaml": {
+              "spec.template.spec.containers[0].image": "ghcr.io/eiffel-community/etos-keys:${{ needs.build_keys.outputs.keysVersion }}"
+            },
             "manifests/base/api/deployment.yaml": {
               "spec.template.spec.containers[0].image": "ghcr.io/eiffel-community/etos-api:${{ needs.build_api.outputs.apiVersion }}"
             },
@@ -209,6 +245,7 @@ jobs:
         message: |
           Updating ETOS images:
             - SSE: ${{ needs.build_sse.outputs.sseVersion }}
+            - KeyService: ${{ needs.build_keys.outputs.keysVersion }}
             - LogArea: ${{ needs.build_logarea.outputs.logAreaVersion }}
             - IUT: ${{ needs.build_iut.outputs.iutVersion }}
             - Execution Space: ${{ needs.build_executionspace.outputs.executionSpaceVersion }}

.github/workflows/main.yml

@@ -59,6 +59,10 @@ jobs:
         uses: hadolint/hadolint-action@master
         with:
           dockerfile: deploy/etos-sse/Dockerfile
+      - name: Run hadolint for KeyService
+        uses: hadolint/hadolint-action@master
+        with:
+          dockerfile: deploy/etos-keys/Dockerfile
       - name: Run hadolint for LogArea
         uses: hadolint/hadolint-action@master
         with:
@@ -83,6 +87,11 @@ jobs:
         with:
           context: .
           file: ./deploy/etos-sse/Dockerfile
+      - name: Build KeyService image
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./deploy/etos-keys/Dockerfile
       - name: Build LogArea image
         uses: docker/build-push-action@v2
         with:

Makefile

@@ -8,7 +8,7 @@ export DOCKER_REGISTRY ?= ghcr.io
 export DOCKER_NAMESPACE ?= eiffel-community
 export DEPLOY ?= etos-sse
 
-PROGRAMS = sse logarea iut executionspace
+PROGRAMS = sse logarea iut executionspace keys
 COMPILEDAEMON = $(GOBIN)/CompileDaemon
 GIT = git
 GOLANGCI_LINT = $(GOBIN)/golangci-lint

deploy/etos-keys/Dockerfile

@@ -0,0 +1,17 @@
+FROM golang:1.22-alpine AS build
+WORKDIR /tmp/keys
+COPY . .
+RUN apk add --no-cache make=4.4.1-r2 git=2.47.2-r0 && make keys
+
+FROM alpine:3.17.3
+ARG TZ
+ENV TZ=$TZ
+
+LABEL org.opencontainers.image.source=https://github.com/eiffel-community/etos-api
+LABEL org.opencontainers.image.authors=etos-maintainers@googlegroups.com
+LABEL org.opencontainers.image.licenses=Apache-2.0
+
+RUN apk add --no-cache tzdata=2024a-r0
+ENTRYPOINT ["/app/keys"]
+
+COPY --from=build /tmp/keys/bin/keys /app/keys

deploy/etos-keys/Dockerfile.dev

@@ -0,0 +1,8 @@
+FROM golang:1.22
+WORKDIR /app
+
+COPY ./go.mod ./go.sum ./
+RUN go mod tidy
+COPY . .
+RUN git config --global --add safe.directory /app
+EXPOSE 8080

deploy/etos-keys/docker-compose.yml

@@ -0,0 +1,16 @@
+version: "3.7"
+services:
+  etos-keys:
+    build:
+      context: .
+      dockerfile: ./deploy/etos-keys/Dockerfile.dev
+      args:
+        http_proxy: "${http_proxy}"
+        https_proxy: "${https_proxy}"
+    volumes:
+      - ./:/app
+    ports:
+      - 8080:8080
+    env_file:
+      - ./configs/development.env
+    entrypoint: ["/bin/bash", "./scripts/entrypoint.sh"]

manifests/base/ingress.yaml

@@ -24,6 +24,13 @@ spec:
                 name: etos-sse
                 port:
                   number: 80
+          - path: /keys
+            pathType: Prefix
+            backend:
+              service:
+                name: etos-keys
+                port:
+                  number: 80
           - path: /logarea
             pathType: Prefix
             backend:

manifests/base/keys/deployment.yaml

@@ -0,0 +1,39 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/name: etos-api
+    app.kubernetes.io/part-of: etos
+    app.kubernetes.io/component: keys
+  name: etos-keys
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: etos-api
+      app.kubernetes.io/component: keys
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: etos-api
+        app.kubernetes.io/component: keys
+    spec:
+      serviceAccountName: etos-keys
+      containers:
+        - name: etos-keys
+          image: ghcr.io/eiffel-community/etos-keys:nnnnnnnn
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: SERVICE_HOST
+              value: 0.0.0.0
+          ports:
+            - name: http
+              containerPort: 8080
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /keys/v1alpha/selftest/ping
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /keys/v1alpha/selftest/ping
+              port: http

manifests/base/keys/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - service-account.yaml
+  - service.yaml
+  - deployment.yaml

manifests/base/keys/service-account.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: etos-api
+    app.kubernetes.io/part-of: etos
+    app.kubernetes.io/component: keys
+  name: etos-keys

manifests/base/keys/service.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/name: etos-api
+    app.kubernetes.io/part-of: etos
+    app.kubernetes.io/component: keys
+  name: etos-keys
+spec:
+  ports:
+  - name: http
+    port: 80
+    protocol: TCP
+    targetPort: http
+  selector:
+    app.kubernetes.io/name: etos-api
+    app.kubernetes.io/component: keys
+  type: ClusterIP

manifests/base/kustomization.yaml

@@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ./api
+  - ./keys
   - ./sse
   - ./logarea
   - ./iut

pkg/keys/v1alpha/keys.go

@@ -68,8 +68,8 @@ func New(ctx context.Context, cfg config.KeyConfig, log *logrus.Entry, authorize
 // LoadRoutes loads all the v2alpha routes.
 func (a Application) LoadRoutes(router *httprouter.Router) {
 	handler := &Handler{a.logger, a.cfg, a.ctx, a.authorizer}
-	router.GET("/v1alpha/selftest/ping", handler.Selftest)
-	router.POST("/v1alpha/generate", handler.CreateNew)
+	router.GET("/keys/v1alpha/selftest/ping", handler.Selftest)
+	router.POST("/keys/v1alpha/generate", handler.CreateNew)
 }
 
 // Selftest is a handler to just return 204.