diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml new file mode 100644 index 0000000..0cffcd2 --- /dev/null +++ b/.github/workflows/docker-build.yml @@ -0,0 +1,70 @@ +# .github/workflows/docker-build.yml + +name: Docker Build Workflow + +# Define the triggers for this workflow +on: + push: + branches: + - main + paths: + - psql-cli/**/* + +jobs: + validate: + name: Validate Environment + runs-on: ubuntu-latest + + services: + docker: + image: docker:20.10.16 + options: --privileged + + env: + DOCKER_TLS_CERTDIR: "/certs" + CI_REGISTRY_PATH: index.docker.io/ahoylabs + CI_REGISTRY_USER: ${{ secrets.CI_REGISTRY_USER }} + CI_REGISTRY_PASSWORD: ${{ secrets.CI_REGISTRY_PASSWORD }} + + steps: + - name: Set up Docker + run: | + docker info + docker login -u "${{ secrets.CI_REGISTRY_USER }}" -p "${{ secrets.CI_REGISTRY_PASSWORD }}" ${{ env.CI_REGISTRY_PATH }} + + - name: Print Environment Variables + run: | + echo "GitHub Actions env" + printenv + echo "CI_REGISTRY_USER ${{ secrets.CI_REGISTRY_USER }}" + echo "CI_REGISTRY_PASSWORD ${{ secrets.CI_REGISTRY_PASSWORD }}" + echo "CI_REGISTRY_PATH ${{ env.CI_REGISTRY_PATH }}" + + build_psql_cli: + name: Build psql-cli Image + runs-on: ubuntu-latest + needs: validate + + services: + docker: + image: docker:20.10.16 + options: --privileged + + env: + IMAGE: psql-cli + CI_REGISTRY_PATH: index.docker.io/ahoylabs + CI_REGISTRY_USER: ${{ secrets.CI_REGISTRY_USER }} + CI_REGISTRY_PASSWORD: ${{ secrets.CI_REGISTRY_PASSWORD }} + + steps: + - name: Check out repository + uses: actions/checkout@v3 + + - name: Log in to Docker Hub + run: docker login -u "${{ secrets.CI_REGISTRY_USER }}" -p "${{ secrets.CI_REGISTRY_PASSWORD }}" + + - name: Build psql-cli Docker image + run: | + cd $IMAGE + docker build --pull -t "${{ env.CI_REGISTRY_PATH }}/${{ env.IMAGE }}" . + docker push "${{ env.CI_REGISTRY_PATH }}/${{ env.IMAGE }}" diff --git a/psql-cli/Dockerfile b/psql-cli/Dockerfile new file mode 100644 index 0000000..eb29058 --- /dev/null +++ b/psql-cli/Dockerfile @@ -0,0 +1,33 @@ +FROM debian:buster-slim +ENV DEBIAN_FRONTEND=noninteractive + +RUN /bin/echo -e '#!/bin/bash\nDEBIAN_FRONTEND=noninteractive\napt-get update && apt-get install -y $@ && apt-get clean autoclean && apt-get autoremove --yes && rm -rf /var/lib/apt/lists/*' \ + > /usr/local/sbin/apt_install_clean.sh && \ + chmod a+x /usr/local/sbin/apt_install_clean.sh +RUN /bin/echo -e '#!/bin/bash\nDEBIAN_FRONTEND=noninteractive\napt-get update && apt-get remove -y $@ && apt-get clean autoclean && apt-get autoremove --yes && rm -rf /var/lib/apt/lists/*' \ + > /usr/local/sbin/apt_remove_clean.sh && \ + chmod a+x /usr/local/sbin/apt_remove_clean.sh + +# install +#RUN /usr/local/sbin/apt_install_clean.sh postgresql-client iputils-ping net-tools curl wget +RUN /usr/local/sbin/apt_install_clean.sh iputils-ping net-tools curl wget gnupg2 nano + +# psql 14 +RUN sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt buster-pgdg main" > /etc/apt/sources.list.d/pgdg.list' +RUN wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - +#RUN apt search postgresql +RUN /usr/local/sbin/apt_install_clean.sh postgresql-client-14 + +# build validation +RUN which psql +RUN which ping +RUN which netstat +RUN which curl +RUN which wget +RUN which nano + +RUN /usr/local/sbin/apt_install_clean.sh openssh-server +#CMD ["/bin/sh", "-c", "sleep infinity"] +# also start up ssh for cases where it's helpful +COPY setup_ssh.sh / +ENTRYPOINT ["/setup_ssh.sh"] diff --git a/psql-cli/psql-cli.yaml b/psql-cli/psql-cli.yaml new file mode 100644 index 0000000..7108837 --- /dev/null +++ b/psql-cli/psql-cli.yaml @@ -0,0 +1,33 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: psql-cli-deployment + namespace: demo +spec: + selector: + matchLabels: + app: psql-cli + replicas: 1 + template: + metadata: + labels: + app: psql-cli + spec: + containers: + - name: psql-cli + image: dynafire/psql-cli + env: + - name: PGPORT + value: "5432" + - name: PGHOST + value: $(ACID_CLUSTER_PORT_5432_TCP_ADDR) + - name: PGUSER + value: pguser + - name: PGDATABASE + value: testdb + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: pguser.acid-cluster.credentials.postgresql.acid.zalan.do + key: password + optional: true diff --git a/psql-cli/setup_ssh.sh b/psql-cli/setup_ssh.sh new file mode 100755 index 0000000..1d42d1a --- /dev/null +++ b/psql-cli/setup_ssh.sh @@ -0,0 +1,53 @@ +#!/bin/sh + +## this is reused from RunPod +# from https://github.com/runpod/containers/blob/main/container-template/start.sh + +setup_ssh() { + if [ ! -z "$PUBLIC_KEY" ]; then + echo "Setting up SSH..." + mkdir -p ~/.ssh + echo "$PUBLIC_KEY" >> ~/.ssh/authorized_keys + chmod 700 -R ~/.ssh + + if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then + ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -q -N '' + echo "RSA key fingerprint:" + ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub + fi + + if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then + ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -q -N '' + echo "DSA key fingerprint:" + ssh-keygen -lf /etc/ssh/ssh_host_dsa_key.pub + fi + + if [ ! -f /etc/ssh/ssh_host_ecdsa_key ]; then + ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -q -N '' + echo "ECDSA key fingerprint:" + ssh-keygen -lf /etc/ssh/ssh_host_ecdsa_key.pub + fi + + if [ ! -f /etc/ssh/ssh_host_ed25519_key ]; then + ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -q -N '' + echo "ED25519 key fingerprint:" + ssh-keygen -lf /etc/ssh/ssh_host_ed25519_key.pub + fi + + # root login is pubkey only + sed -i "s/#PasswordAuthentication yes/PasswordAuthentication no/" /etc/ssh/sshd_config + + service ssh start + + echo "SSH host keys:" + for key in /etc/ssh/*.pub; do + echo "Key: $key" + ssh-keygen -lf $key + done + else + echo "SSH not started, PUBLIC_KEY env variable not detected." + fi +} + +setup_ssh +sleep infinity