added Tilt environment for easier testing

external-secrets · Jun 14, 2024 · e98c6f4 · e98c6f4
1 parent 3162512
commit e98c6f4
Show file tree

Hide file tree

Showing 7 changed files with 79 additions and 5 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -14,4 +14,4 @@ COPY --from=build --chown=65532:65532 /workspace/state/ ./state/
 EXPOSE 9998
 ENV CGO_ENABLED=1
 ENV BW_SECRETS_MANAGER_STATE_PATH='/state'
-ENTRYPOINT [ "/bitwarden-sdk-server" ]
+ENTRYPOINT [ "/bitwarden-sdk-server", "serve" ]
diff --git a/README.md b/README.md
@@ -5,3 +5,7 @@ This repository contains a simple REST wrapper for the Bitwarden Rust SDK
 # TODO
 
 Provide installation instructions in case it's installed separately from ESO.
+
+# Testing
+
+To run Tilt install https://github.com/FiloSottile/homebrew-musl-cross. This uses musl-cc to build and link.
diff --git a/Tiltfile b/Tiltfile
@@ -0,0 +1,54 @@
+# -*- mode: Python -*-
+
+kubectl_cmd = "kubectl"
+
+# verify kubectl command exists
+if str(local("command -v " + kubectl_cmd + " || true", quiet = True)) == "":
+    fail("Required command '" + kubectl_cmd + "' not found in PATH")
+
+load('ext://namespace', 'namespace_yaml')
+k8s_yaml(namespace_yaml('external-secrets'), allow_duplicates=True)
+install = helm('deploy', namespace = 'external-secrets', set = 'image.tls.enabled=False')
+
+# Apply the updated yaml to the cluster.
+k8s_yaml(install, allow_duplicates = True)
+
+load('ext://restart_process', 'docker_build_with_restart')
+
+# enable hot reloading by doing the following:
+# - locally build the whole project
+# - create a docker imagine using tilt's hot-swap wrapper
+# - push that container to the local tilt registry
+local_resource(
+    'external-secret-binary',
+    "CC=x86_64-linux-musl-gcc GOOS=linux GOARCH=amd64 CGO_LDFLAGS='-lm' CGO_ENABLED=1 go build -ldflags '-linkmode external -extldflags -static' -o bin/bitwarden-sdk-server main.go",
+    deps = [
+        "main.go",
+        "go.mod",
+        "go.sum",
+        "cmd",
+        "pkg",
+    ],
+)
+
+
+# Build the docker image for our controller. We use a specific Dockerfile
+# since tilt can't run on a scratch container.
+# `only` here is important, otherwise, the container will get updated
+# on _any_ file change. We only want to monitor the binary.
+# If debugging is enabled, we switch to a different docker file using
+# the delve port.
+entrypoint = ['/bitwarden-sdk-server', 'serve']
+dockerfile = 'tilt.dockerfile'
+docker_build_with_restart(
+    'ghcr.io/external-secrets/bitwarden-sdk-server',
+    '.',
+    dockerfile = dockerfile,
+    entrypoint = entrypoint,
+    only=[
+      './bin',
+    ],
+    live_update = [
+        sync('./bin/bitwarden-sdk-server', '/bitwarden-sdk-server'),
+    ],
+)
diff --git a/cmd/root.go b/cmd/root.go
@@ -55,8 +55,7 @@ func runServeCmd(_ *cobra.Command, _ []string) error {
 	svr := server.NewServer(rootArgs.server)
 	go func() {
 		if err := svr.Run(context.Background()); err != nil {
-			slog.Error("failed to start server", "error", err)
-			os.Exit(1)
+			slog.Error("server stopped", "error", err)
 		}
 	}()
 

diff --git a/deploy/templates/deployment.yaml b/deploy/templates/deployment.yaml
@@ -27,6 +27,10 @@ spec:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       containers:
         - name: {{ .Chart.Name }}
+          {{- if not .Values.image.tls.enabled }}
+          args:
+            - --insecure
+          {{- end }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
@@ -41,11 +45,11 @@ spec:
               protocol: TCP
           livenessProbe:
             httpGet:
-              path: /
+              path: /live
               port: http
           readinessProbe:
             httpGet:
-              path: /
+              path: /ready
               port: http
           resources:
             {{- toYaml .Values.resources | nindent 12 }}

diff --git a/pkg/server/server.go b/pkg/server/server.go
@@ -52,6 +52,12 @@ func NewServer(cfg Config) *Server {
 func (s *Server) Run(_ context.Context) error {
 	r := chi.NewRouter()
 	r.Use(middleware.Logger)
+	r.Get("/ready", func(w http.ResponseWriter, r *http.Request) {
+		_, _ = w.Write([]byte("ready"))
+	})
+	r.Get("/live", func(w http.ResponseWriter, r *http.Request) {
+		_, _ = w.Write([]byte("live"))
+	})
 	r.Get(api+"/secret", func(w http.ResponseWriter, r *http.Request) {
 		bitwarden.GetSecret()
 		_, _ = w.Write([]byte("welcome"))

diff --git a/tilt.dockerfile b/tilt.dockerfile
@@ -0,0 +1,7 @@
+FROM alpine@sha256:77726ef6b57ddf65bb551896826ec38bc3e53f75cdde31354fbffb4f25238ebd
+WORKDIR /
+COPY ./bin/bitwarden-sdk-server /bitwarden-sdk-server
+
+ENV CGO_ENABLED=1
+ENV BW_SECRETS_MANAGER_STATE_PATH='/state'
+ENTRYPOINT ["/bitwarden-sdk-server", "serve", "--insecure"]