test

2025-04-30 22:14:21 -05:00
15 changed files with 138 additions and 141 deletions
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@ -6,7 +6,7 @@
        "vscode": {
            "extensions": [
                "Shopify.ruby-lsp",
-                "docker.docker"
+                "ms-azuretools.vscode-docker"
            ]
        }
    },
--- a/.dockerignore
+++ b/.dockerignore
@ -1,7 +0,0 @@
 **/.git
 **/.gitignore
 /.devcontainer
 /.gitea
 /.github
 /.vscode
 /charts
--- a/.gitea/workflows/release.yaml
+++ b/.gitea/workflows/release.yaml
@ -1,16 +1,65 @@
 ---
-name: Release
+name: Gitea Actions Demo
 run-name: ${{ gitea.actor }} is testing out Gitea Actions 🚀
 on:
  schedule: 
-    - cron: "0 0 * * *"
+    - cron: "0 10 * * *"
  push:
    branches:
-      - main
+      - "**"
    tags:
      - "v*.*.*"
  pull_request:
 jobs:
-  docker:
+  lint:
    runs-on: ubuntu-latest
    permissions:
      checks: write
      contents: write
    steps:
      - name: Login to Docker
        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        with:
          username: ${{ vars.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Ruby Setup
        uses: ruby/setup-ruby@dffc446db9ba5a0c4446edb5bca1c5c473a806c5 # v1.235.0
        with:
          ruby-version: '3.4'
          bundler-cache: true
      - run: bundle install
      - name: Standard Ruby
        run: bundle exec standardrb
  test:
    needs: lint
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Test
        uses: ruby/setup-ruby@dffc446db9ba5a0c4446edb5bca1c5c473a806c5 # v1.235.0
        with:
          ruby-version: '3.4'
          bundler-cache: true
      - run: bundle exec rake
  docker:
    needs: test
    runs-on: ubuntu-latest
    container:
      image: catthehacker/ubuntu:act-latest
    env:
      DOCKER_ORG: ryanc
      DOCKER_LATEST: latest
@ -59,8 +108,7 @@ jobs:
            latest=auto
          bake-target: docker-metadata-action
          tags: |
-            type=schedule,pattern=nightly
+            type=schedule
            type=edge
            type=ref,event=branch
            type=ref,event=pr
            type=semver,pattern={{version}}
@ -79,8 +127,7 @@ jobs:
            latest=auto
            suffix=-alpine,onlatest=true
          tags: |
-            type=schedule,pattern=nightly
+            type=schedule
            type=edge
            type=ref,event=branch
            type=ref,event=pr
            type=semver,pattern={{version}}
@ -97,6 +144,10 @@ jobs:
            cwd://${{ steps.meta.outputs.bake-file }}
            cwd://${{ steps.meta-alpine.outputs.bake-file }}
      - name: Test
        run: |
          docker run --rm kubernaut:latest
      - name: Setup Helm
        uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0
--- a/.gitea/workflows/lint.yaml
+++ b/.gitea/workflows/lint.yaml
@ -1,23 +0,0 @@
 ---
 name: Ruby Lint
 on:
  push:
    branches:
      - "**"
  pull_request:
 jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Ruby Setup
        uses: ruby/setup-ruby@dffc446db9ba5a0c4446edb5bca1c5c473a806c5 # v1.235.0
        with:
          ruby-version: '3.4'
          bundler-cache: true
      - name: Standard Ruby
        run: bundle exec standardrb
--- a/.gitea/workflows/test.yaml
+++ b/.gitea/workflows/test.yaml
@ -1,22 +0,0 @@
 ---
 name: Ruby Test
 on:
  push:
    branches:
      - "**"
  pull_request:
 jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Test
        uses: ruby/setup-ruby@dffc446db9ba5a0c4446edb5bca1c5c473a806c5 # v1.235.0
        with:
          ruby-version: '3.4'
          bundler-cache: true
      - run: bundle exec rake
--- a/1
+++ b/1
@ -3,6 +3,7 @@ source "https://rubygems.org"
 gem "sinatra"
 gem "sinatra-contrib"
 gem "puma"
 gem "rackup"
 gem "anyflake"
 gem "ksuid"
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -45,6 +45,8 @@ GEM
      rack (>= 3.0.0)
    rack-test (2.2.0)
      rack (>= 1.3)
    rackup (2.2.1)
      rack (>= 3)
    rainbow (3.1.1)
    rake (13.2.1)
    rbs (3.9.2)
@ -136,6 +138,7 @@ DEPENDENCIES
  nanoid
  puma
  rack-test
  rackup
  rake
  rspec
  ruby-lsp
--- a/app.rb
+++ b/app.rb
@ -21,9 +21,11 @@ $LOAD_PATH.unshift File.dirname(__FILE__) + "/lib"
 require "config"
-VERSION = "0.2.2"
+VERSION = "0.2.0"
 CHUNK_SIZE = 1024**2
 SESSION_SECRET_HEX_LENGTH = 64
 JWT_SECRET_HEX_LENGTH = 64
 DEFAULT_FLAKEY = 50
 NAME = "kubernaut".freeze
@ -378,21 +380,19 @@ get "/pid", provides: "json" do
  jsonify({ppid: ppid, pid: Process.pid}, pretty:)
 end
-get "/token", provides: "json" do
+get "/token" do
  pretty = params.key? :pretty
  exp = Time.now.to_i + SECONDS_PER_MINUTE * 2
  payload = {name: "anonymous", exp: exp, jti: Random.uuid}
  expires_at = Time.at(exp).to_datetime
-  token = JWT.encode payload, config.jwt_secret.unwrap, "HS256"
+  token = JWT.encode payload, JWT_SECRET, "HS256"
  x = {token: token, expires_at: expires_at}
-  jsonify x, pretty:
+  jsonify x
 end
 get "/token/validate" do
  token = req_headers["authorization"].split[1]
-  payload = JWT.decode token, config.jwt_secret.unwrap, true, algorithm: "HS256"
+  payload = JWT.decode token, JWT_SECRET, true, algorithm: "HS256"
  jsonify payload
 end
--- a/charts/kubernaut/Chart.yaml
+++ b/charts/kubernaut/Chart.yaml
@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.2
+version: 0.2.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.2.2"
+appVersion: "0.2.0"
--- a/dockerfiles/alpine.Dockerfile
+++ b/dockerfiles/alpine.Dockerfile
@ -1,38 +1,34 @@
 ARG RUBY_VERSION="3.4.3"
-ARG BASE_REGISTRY="docker.io"
+FROM docker.io/library/ruby:${RUBY_VERSION}-alpine AS base
-FROM ${BASE_REGISTRY}/ruby:${RUBY_VERSION}-alpine AS base
+
 WORKDIR /kubernaut
 RUN <<EOT
  apk update -q
  apk add bash jemalloc
  rm -rf /var/cache/apk
  gem update --system --no-document
  gem install -N bundler
 EOT
 ENV RACK_ENV="production" \
  BUNDLE_DEPLOYMENT=true \
  BUNDLE_PATH="/usr/local/bundle" \
-  BUNDLE_WITHOUT="development test" \
+  BUNDLE_WITHOUT="development test"
  RUBY_YJIT_ENABLE=true
 WORKDIR /kubernaut
 RUN \
  --mount=type=cache,id=var-cache-apk,target=/var/cache/apk,sharing=locked \
  apk update -q; \
  apk add bash jemalloc
 RUN \
  --mount=type=cache,id=usr-local-bundle-cache,target=${BUNDLE_PATH},sharing=locked \
  gem update --system --no-document; \
  gem install -N bundler
 FROM base AS build
-RUN \
+RUN <<EOT
-  --mount=type=cache,id=var-cache-apk,target=/var/cache/apk,sharing=locked \
+  apk add musl-dev gcc make
-  apk update -q; \
+  rm -rf /var/cache/apk
-  apk add musl-dev gcc make; \
+EOT
  apk add bash jemalloc
 COPY Gemfile Gemfile.lock ./
-RUN \
+RUN <<EOT
  --mount=type=cache,id=usr-local-bundle-ruby-cache,target=${BUNDLE_PATH}/ruby/3.4.0/cache,sharing=locked \
  bundle install
  rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git
 EOT
 COPY . .
@ -40,9 +36,10 @@ FROM base
 ENV PORT=4567
-RUN \
+RUN <<EOT
-  addgroup --system --gid 666 kubernaut; \
+  addgroup --system --gid 666 kubernaut
  adduser --system --uid 666 --ingroup kubernaut --shell /bin/bash --disabled-password kubernaut
 EOT
 COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"
 COPY --from=build /kubernaut /kubernaut
--- a/dockerfiles/bookworm.Dockerfile
+++ b/dockerfiles/bookworm.Dockerfile
@ -1,46 +1,35 @@
 ARG RUBY_VERSION="3.4.3"
-ARG BASE_REGISTRY="docker.io"
+FROM docker.io/library/ruby:${RUBY_VERSION}-slim-bookworm AS base
-ARG DEBIAN_VERSION="bookworm"
+
-FROM ${BASE_REGISTRY}/ruby:${RUBY_VERSION}-slim-${DEBIAN_VERSION} AS base
+WORKDIR /kubernaut
 RUN <<EOT
  apt-get update -qq
  apt-get install --yes --no-install-recommends libjemalloc2
  rm -rf /var/lib/apt/lists /var/cache/apt/archives
  gem update --system --no-document
  gem install -N bundler
 EOT
 ENV RACK_ENV="production" \
  BUNDLE_DEPLOYMENT=true \
  BUNDLE_PATH="/usr/local/bundle" \
-  BUNDLE_WITHOUT="development test" \
+  BUNDLE_WITHOUT="development test"
  RUBY_YJIT_ENABLE=true
 WORKDIR /kubernaut
 RUN rm -f /etc/apt/apt.conf.d/docker-clean
 RUN \
  --mount=type=cache,id=var-cache-apt,target=/var/cache/apt,sharing=locked \
  --mount=type=cache,id=var-lib-apt,target=/var/lib/apt,sharing=locked \
  apt-get update -qq; \
  apt-get install --yes --no-install-recommends \
  libjemalloc2
 RUN \
  --mount=type=cache,id=usr-local-bundle-cache,target=${BUNDLE_PATH},sharing=locked \
  gem update --system --no-document; \
  gem install -N bundler
 ENV DEBIAN_FRONTEND="noninteractive"
 FROM base AS build
-RUN \
+RUN <<EOT
-  --mount=type=cache,id=var-cache-apt,target=/var/cache/apt,sharing=locked \
+  apt-get update -qq
-  --mount=type=cache,id=var-lib-apt,target=/var/lib/apt,sharing=locked \
+  apt-get install --yes --no-install-recommends gcc make libc-dev
-  apt-get update -qq; \
+  rm -rf /var/lib/apt/lists /var/cache/apt/archives
-  apt-get install --yes --no-install-recommends \
+EOT
  build-essential
 COPY Gemfile Gemfile.lock ./
-RUN \
+RUN <<EOT
  --mount=type=cache,id=usr-local-bundle-ruby-cache,target=${BUNDLE_PATH}/ruby/3.4.0/cache,sharing=locked \
  bundle install
  rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git
 EOT
 COPY . .
@ -48,9 +37,10 @@ FROM base
 ENV PORT=4567
-RUN \
+RUN <<EOT
-  groupadd --system --gid 666 kubernaut; \
+  groupadd --system --gid 666 kubernaut
  useradd --system --uid 666 --gid kubernaut --create-home --shell /bin/bash kubernaut
 EOT
 COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"
 COPY --from=build /kubernaut /kubernaut
--- a/kustomize/app/deployment.yaml
+++ b/kustomize/app/deployment.yaml
@ -16,24 +16,18 @@ spec:
    spec:
      containers:
        - name: kubernaut
-          image: git.kill0.net/ryanc/kubernaut:0.2.2
+          image: git.kill0.net/ryanc/kubernaut:0.2.0
          imagePullPolicy: Always
          ports:
            - name: sinatra-web
              containerPort: 4567
          env:
-            - name: KUBERNAUT_SESSION_SECRET
+            - name: SESSION_SECRET
              valueFrom:
                secretKeyRef:
-                  name: kubernaut
+                  name: kubernaut-session-secret
                  key: session_secret
                  optional: true
            - name: KUBERNAUT_JWT_SECRET
              valueFrom:
                secretKeyRef:
                  name: kubernaut
                  key: jwt_secret
                  optional: true
          envFrom:
            - configMapRef:
                name: kubernaut-configmap
--- a/kustomize/app/kustomization.yaml
+++ b/kustomize/app/kustomization.yaml
@ -3,6 +3,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: kubernaut
 resources:
  - secret.yaml
  - configmap.yaml
  - deployment.yaml
  - hpa.yaml
--- a/kustomize/app/secret.yaml
+++ b/kustomize/app/secret.yaml
@ -0,0 +1,15 @@
 ---
 apiVersion: bitnami.com/v1alpha1
 kind: SealedSecret
 metadata:
  creationTimestamp: null
  name: kubernaut-session-secret
  namespace: kubernaut
 spec:
  encryptedData:
    session_secret: AgCY08t0AU418znEZt5d252J+lH+fwYki2g6jdJpfdRfVQjnA+b52P0KWrs/x5pB0PKab6Z3JY/Tz0SQCaoIsCR4IzUO3a095aulRqb6Qr1Lz8udBVta4JJMZLmo26tuUfVHlpD1d6J8rkBSm8vzckFLkOA1Wfl/9rS3K4qwiDogA5pI0ULghFkeEx1yKdRwPq0k8PuvOvLUJ6oNq3e5n+B/BrVWdQ+7XQxUq/AMANJrDbe+RD33f99LArHYA7bFMbY8YRazXSTAkeunpTlxTjuGZKYvJKupo29LHz2OVbZVX/hI0nZkdVpcgqvbxF6Vw9CuCeAmtKYl7A3qsAWqDLUdP3hRLsk2P9RDNhEzYWh4ml8APzziWzihdJbGEjwLy7HsHgKslM0XbBnRQDlxp/JtvcWdjQp33A+QOON32zOKHi+qJjDYyGebS1+xkPbnyb1MPSJVAtFpj7dlLbFekLFDZEbXuJYUl1wKdFOIjJHmNK/MTEV2kOhtiVj/aeKgSXwor9hR7Uxzs5ZSawp9uWw+hpr58EX6I+RtfO4yjFC6FjnagiU6SlI1Q2F7/nv82g1UWTYMpNN5bduS1YFWmsnXvK+W7YQHpSForr5ndtCSHmclbXb5Fc33sywC5u6Bi2Gu5/MW6d73BOog5BC3QtOuEQ044Q+cuU3RIlKADBqKLzZmHlmukyyGuZfXJnGjlWGKp3J1KecucTo6XC9QHpUkjXEKdlE63mOI1VuOGyBIHl60v4bnWiBg+aDZVHipz4JLKsVB0HOgBBK7+tOX6tr1GDG/F7Nz/i9ebzUV6i8Ec1jHf+2ZcTtBkNXBIkHc84+4Qd33/gOuP+lizLfIhfQ3DFWbwyfYumpVbeapyYhB0CE=
  template:
    metadata:
      creationTimestamp: null
      name: kubernaut-session-secret
      namespace: kubernaut
--- a/lib/config.rb
+++ b/lib/config.rb
@ -1,8 +1,5 @@
 require "sensitive"
 SESSION_SECRET_HEX_LENGTH = 64
 JWT_SECRET_HEX_LENGTH = 64
 class Config
  attr_accessor :cat
@ -12,7 +9,7 @@ class Config
    @prefix = prefix
    @cat = cat
-    session_secret ||= fetch_env "SESSION_SECRET" do
+    session_secret ||= ENV.fetch "SESSION_SECRET" do
      SecureRandom.hex SESSION_SECRET_HEX_LENGTH
    end