Build in kubekite

.buildkite/build-binary.sh

@@ -0,0 +1,38 @@
+#!/bin/bash
+set -eo pipefail
+
+# Determine the image and cache tags
+IMAGE_TAG=${BUILDKITE_BRANCH}
+CACHE_TAG=${IMAGE_TAG}
+
+# Set IMAGE_NAME to something intermediate
+IMAGE_NAME="oauth2_proxy-intermediate"
+
+# Determine the Dockerfile location
+if [ -z "$DOCKERFILE" ]; then
+  DOCKERFILE="Dockerfile-buildbinary"
+fi
+
+if [ ! -d build/public ]; then
+  mkdir -p build/public
+fi
+
+git log -1 > build/public/REVISION.txt
+
+# Build the new image
+docker build \
+  --network host \
+  --cache-from $IMAGE_NAME:$CACHE_TAG \
+  --tag $IMAGE_NAME:$IMAGE_TAG \
+  $EXTRA_TAGS \
+  -f $DOCKERFILE \
+  .
+
+# Execute the image so that we can get the binary out of it
+docker run $IMAGE_NAME:$IMAGE_TAG
+
+# Copy the binary from the container
+docker container cp $(docker ps -ql):/go/src/github.com/webflow/oauth2_proxy/oauth2_proxy . 
+
+# Upload the binary as a Buildkite build artifact
+buildkite-agent artifact upload oauth2_proxy

.buildkite/build-image.sh

@@ -0,0 +1,61 @@
+#!/bin/bash
+set -eo pipefail
+
+# Determine the image and cache tags
+IMAGE_TAG=${BUILDKITE_BRANCH}
+CACHE_TAG=${IMAGE_TAG}
+
+# Determine the Dockerfile location
+if [ -z "$DOCKERFILE" ]; then
+  DOCKERFILE="Dockerfile-buildimage"
+fi
+
+eval $(aws ecr get-login --no-include-email --region us-east-1) 
+
+# Pull the latest branch tag for caching, if it exists
+IMAGE_EXISTS=1
+docker pull $IMAGE_NAME:$IMAGE_TAG || IMAGE_EXISTS=0
+
+# If the branch image didn't already exist, pull the latest
+if [ $IMAGE_EXISTS -eq 0 ]; then
+  docker pull $IMAGE_NAME:latest || true
+  CACHE_TAG=latest
+fi
+
+EXTRA_TAGS="--tag $IMAGE_NAME:$BUILDKITE_COMMIT"
+
+# If the branch is master, also tag with latest
+if [[ "$IMAGE_TAG" == "master" ]]; then
+  EXTRA_TAGS="$EXTRA_TAGS --tag $IMAGE_NAME:latest"
+fi
+
+if [ ! -d build/public ]; then
+  mkdir -p build/public
+fi
+
+git log -1 > build/public/REVISION.txt
+
+# Retrieve our artifact
+buildkite-agent artifact download oauth2_proxy .
+
+# Build the new image
+docker build \
+  --network host \
+  --cache-from $IMAGE_NAME:$CACHE_TAG \
+  --tag $IMAGE_NAME:$IMAGE_TAG \
+  $EXTRA_TAGS \
+  -f $DOCKERFILE \
+  .
+
+# Push to the repository
+docker push $IMAGE_NAME:$IMAGE_TAG
+echo "Pushing docker image to ECR: $IMAGE_NAME:$IMAGE_TAG"
+
+docker push $IMAGE_NAME:$BUILDKITE_COMMIT
+echo "Pushing docker image to ECR: $IMAGE_NAME:$BUILDKITE_COMMIT"
+
+# If the branch is master, also push the latest tag
+if [[ "$IMAGE_TAG" == "master" ]]; then
+  docker push $IMAGE_NAME:latest
+  echo "Pushing docker image to ECR: $IMAGE_NAME:latest"
+fi

.buildkite/pipeline.yml

@@ -0,0 +1,15 @@
+steps:
+  - label : ":oauth2_proxy: Build Binary"
+    command: "./.buildkite/build-binary.sh"
+    agents:
+      queue: 'autoscaling-build-cluster'
+
+  - wait
+
+  - label: ":oauth2_proxy: Build Image"
+    command: "./.buildkite/build-image.sh"
+    env:
+      IMAGE_NAME: 024376647576.dkr.ecr.us-east-1.amazonaws.com/oauth2_proxy
+      AWS_ECR_LOGIN: true
+    agents:
+      queue: 'autoscaling-build-cluster'

Dockerfile

@@ -0,0 +1,32 @@
+FROM golang:latest as builder
+
+# Install dep
+RUN go get -u github.com/golang/dep/cmd/dep
+
+# Install upx, a Linux binary compression util
+RUN apt-get update && apt-get install -y upx
+
+WORKDIR /go/src
+COPY . github.com/webflow/oauth2_proxy
+WORKDIR /go/src/github.com/webflow/oauth2_proxy
+
+# Load pinned dependencies into vendor/
+RUN dep ensure -v
+
+# Build and strip our binary
+RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w -X main.Version=`git log --pretty=format:'%h' -n 1`" -a -installsuffix cgo -o oauth2_proxy .
+
+# Compress the binary with upx
+RUN upx oauth2_proxy
+
+FROM ubuntu
+
+RUN apt-get update && \
+    apt-get -y upgrade && \
+    apt-get -y dist-upgrade
+
+# Copy the binary over from the builder image
+COPY --from=builder /go/src/github.com/webflow/oauth2_proxy/oauth2_proxy /
+
+# Run our entrypoint script when the container is executed
+CMD ["/oauth2_proxy"]

Dockerfile-buildbinary

@@ -0,0 +1,14 @@
+FROM golang:latest
+
+# Install dep
+RUN go get -u github.com/golang/dep/cmd/dep
+
+WORKDIR /go/src
+COPY . github.com/webflow/oauth2_proxy
+WORKDIR /go/src/github.com/webflow/oauth2_proxy
+
+# Load pinned dependencies into vendor/
+RUN dep ensure -v
+
+# Build and strip our binary
+RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w -X main.Version=`git log --pretty=format:'%h' -n 1`" -a -installsuffix cgo -o oauth2_proxy .

Dockerfile-buildimage

@@ -0,0 +1,28 @@
+FROM ubuntu
+
+ENV GOSU_VERSION 1.10
+
+RUN apt-get update && \
+    apt-get -y upgrade && \
+    apt-get -y dist-upgrade && \
+    apt-get install -y curl gnupg && \
+    dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" && \
+    curl -L -o /gosu "https://github.com/tianon/gosu/releases/download/1.10/gosu-${dpkgArch}" && \
+    curl -L -o /gosu.asc "https://github.com/tianon/gosu/releases/download/1.10/gosu-${dpkgArch}.asc" && \
+    export GNUPGHOME="$(mktemp -d)" && \
+    gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && \
+    gpg --batch --verify /gosu.asc /gosu && \
+    rm -r /gosu.asc && \
+    chmod +x /gosu && \
+    /gosu nobody true
+
+# Copy the binary over from the builder image
+COPY oauth2_proxy /
+RUN chmod +x /oauth2_proxy
+
+COPY entrypoint.sh /
+RUN chmod +x /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]
+
+CMD ["/oauth2_proxy"]