-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Refactor CI Workflow for Efficiency and Clarity (#41)
Signed-off-by: Max Lambrecht <maxlambrecht@gmail.com>
- Loading branch information
1 parent
051a45e
commit 25a44c7
Showing
6 changed files
with
118 additions
and
109 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
name: 'Setup Environment' | ||
description: 'Install Protoc and Rust toolchain, and set up Rust dependencies cache' | ||
runs: | ||
using: 'composite' | ||
steps: | ||
- name: Install Protoc | ||
uses: arduino/setup-protoc@v2 | ||
|
||
- name: Cache Rust dependencies | ||
uses: actions/cache@v2 | ||
with: | ||
path: | | ||
~/.cargo/registry | ||
~/.cargo/git | ||
target | ||
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | ||
restore-keys: | | ||
${{ runner.os }}-cargo- | ||
- name: Setup Rust toolchain | ||
uses: actions-rs/toolchain@v1 | ||
with: | ||
toolchain: nightly | ||
components: rustfmt, clippy |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
#!/usr/bin/env bash | ||
|
||
killall -9 spire-agent || true | ||
killall -9 spire-server || true | ||
rm -f /tmp/spire-server/private/api.sock | ||
rm -f /tmp/spire-agent/public/api.sock |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
#!/usr/bin/env bash | ||
|
||
# Constants | ||
spire_version="1.7.1" | ||
spire_folder="spire-${spire_version}" | ||
spire_server_log_file="/tmp/spire-server/server.log" | ||
spire_agent_log_file="/tmp/spire-agent/agent.log" | ||
agent_id="spiffe://example.org/myagent" | ||
|
||
# Helper function to wait for a service to be available | ||
function wait_for_service() { | ||
local command="$1" | ||
local description="$2" | ||
local log_file="$3" | ||
|
||
for i in {1..10}; do | ||
if ${command} >/dev/null 2>&1; then | ||
return 0 | ||
fi | ||
sleep 1 | ||
done | ||
|
||
[ -n "${log_file}" ] && cat ${log_file} >&2 | ||
echo "${description} failed to start" >&2 | ||
exit 1 | ||
} | ||
|
||
# Main script starts here | ||
set -euf -o pipefail | ||
|
||
# Install and run a SPIRE server | ||
curl -s -N -L https://github.com/spiffe/spire/releases/download/v${spire_version}/spire-${spire_version}-linux-amd64-glibc.tar.gz | tar xz | ||
pushd "${spire_folder}" | ||
mkdir -p /tmp/spire-server | ||
bin/spire-server run -config conf/server/server.conf > "${spire_server_log_file}" 2>&1 & | ||
wait_for_service "bin/spire-server healthcheck" "SPIRE Server" "${spire_server_log_file}" | ||
|
||
# Run the SPIRE agent with the joint token | ||
bin/spire-server token generate -spiffeID ${agent_id} > token | ||
cut -d ' ' -f 2 token > token_stripped | ||
mkdir -p /tmp/spire-agent | ||
bin/spire-agent run -config conf/agent/agent.conf -joinToken "$(< token_stripped)" > "${spire_agent_log_file}" 2>&1 & | ||
wait_for_service "bin/spire-agent healthcheck" "SPIRE Agent" "${spire_agent_log_file}" | ||
|
||
# Register workloads | ||
for service in "myservice" "myservice2"; do | ||
bin/spire-server entry create -parentID ${agent_id} -spiffeID spiffe://example.org/${service} -selector unix:uid:$(id -u) -ttl 5 | ||
sleep 10 # Derived from the default Agent sync interval | ||
done | ||
|
||
popd |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters