Merge d8b1d8b into 297e55d

.devcontainer/Dockerfile

@@ -0,0 +1,64 @@
+FROM mcr.microsoft.com/devcontainers/go:1-1.22-bookworm
+
+USER root
+
+# must be amd64 or arm64
+ARG TARGETARCH
+
+# BASE
+RUN apt update && apt install -y git jq make unzip
+
+# YQ
+RUN cd /tmp && \
+  version=4.35.2 && \
+  curl -L --output /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/v${version}/yq_linux_${TARGETARCH} && \
+  chmod +x /usr/local/bin/yq
+
+# DOCKER-CLI
+RUN cd /tmp && \
+  version=24.0.6 && \
+  arch=${TARGETARCH} && \
+  [ "$arch" = "arm64" ] && arch="aarch64"; \
+  [ "$arch" = "amd64" ] && arch="x86_64"; \
+  curl -L https://download.docker.com/linux/static/stable/${arch}/docker-${version}.tgz | tar xz && \
+  mv docker/docker /usr/local/bin/
+
+# KUBECTL
+RUN cd /tmp && \
+  curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/${TARGETARCH}/kubectl" && \
+  chmod +x kubectl && mv kubectl /usr/local/bin/
+
+## KUBELOGIN
+RUN cd /tmp && \
+    version=0.0.33 && \
+    curl -L https://github.com/Azure/kubelogin/releases/download/v${version}/kubelogin-linux-${TARGETARCH}.zip > ./kubelogin-linux-${TARGETARCH}.zip && \
+    unzip /tmp/kubelogin-linux-${TARGETARCH}.zip && \
+    mv /tmp/bin/linux_${TARGETARCH}/kubelogin /usr/local/bin
+
+# HELM
+RUN cd /tmp && \
+  version=3.14.0 && \
+  curl -L https://get.helm.sh/helm-v${version}-linux-${TARGETARCH}.tar.gz | tar xz && \
+  mv linux-${TARGETARCH}/helm /usr/local/bin/helm
+
+# KIND
+RUN cd /tmp && \
+  version=0.20.0 && \
+  curl -Lo ./kind https://kind.sigs.k8s.io/dl/v${version}/kind-linux-${TARGETARCH} && \
+  chmod +x ./kind && mv ./kind /usr/local/bin/
+
+# KREW
+RUN cd /tmp && \
+  version=0.4.4 && \
+  curl -L https://github.com/kubernetes-sigs/krew/releases/download/v${version}/krew-linux_${TARGETARCH}.tar.gz | tar xz && \
+  mv krew-linux_${TARGETARCH} /usr/local/bin/kubectl-krew && \
+  echo 'export PATH="${KREW_ROOT:-$HOME/.krew}/bin:$PATH"' >> $HOME/.bashrc
+
+# KREW PLUGINS
+RUN kubectl krew install ctx ns
+
+# K9S
+RUN cd /tmp && \
+  version=0.27.4 && \
+  curl -L https://github.com/derailed/k9s/releases/download/v${version}/k9s_Linux_${TARGETARCH}.tar.gz | tar xz && \
+  mv k9s /usr/local/bin/

.devcontainer/devcontainer.json

@@ -0,0 +1,22 @@
+{
+	"name": "infra.k8s.external-secrets",
+	"image": "ghcr.io/dodopizza/infra.k8s.external-secrets-devcontainer:latest",
+	"runArgs": [
+		"--pull=always"
+	],
+	"mounts": [
+		"source=/var/run/docker.sock,target=/var/run/docker.sock,type=bind",
+		"source=${env:HOME}${env:USERPROFILE}/.kube,target=/usr/local/share/kube-localhost,type=bind,readonly"
+	],
+	"customizations": {
+		"vscode": {
+			"extensions": [
+				"ms-azuretools.vscode-docker",
+				"ms-kubernetes-tools.vscode-kubernetes-tools"
+			],
+			"settings": {}
+		}
+	},
+	"remoteUser": "root",
+	"postAttachCommand": ".devcontainer/post-command.sh"
+}

.devcontainer/post-command.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+set -eu
+
+CYAN='\033[0;36m'
+NC='\033[0m'
+function log() { echo -e "${CYAN}${1}${NC}"; }
+
+function prepare_kube_config_from_host() {
+  # https://github.com/microsoft/vscode-dev-containers/blob/main/containers/kubernetes-helm/.devcontainer/copy-kube-config.sh
+  log '[~] Prepare .kube/config'
+  if [ -d "/usr/local/share/kube-localhost" ]; then
+    mkdir -p $HOME/.kube
+    cp -r /usr/local/share/kube-localhost/* $HOME/.kube
+    chown -R $(id -u) $HOME/.kube
+    # for internal kind cluster
+    sed -i -e "s/localhost/host.docker.internal/g" $HOME/.kube/config
+    sed -i -e "s/127.0.0.1/host.docker.internal/g" $HOME/.kube/config
+    # set insecure for remote clusters
+    yq e '.clusters[].cluster."insecure-skip-tls-verify" = true' -i $HOME/.kube/config
+    yq e 'del(.clusters[].cluster."certificate-authority-data")' -i $HOME/.kube/config
+  fi
+}
+
+if [ -d "$HOME/.kube" ]; then
+  log "[-] Kube config presents. Skip."
+else
+  read -p "Copy kube config from host? [y/n]" -n 1 -r
+  echo
+  [[ $REPLY =~ ^[Yy]$ ]] && prepare_kube_config_from_host
+fi
+
+log '[.] Done\n'

.github/workflows/ci.yml

@@ -138,6 +138,7 @@ jobs:
     if: needs.detect-noop.outputs.noop != 'true'
     uses: ./.github/workflows/publish.yml
     permissions:
+      packages: write
       id-token: write
       contents: read
     strategy:
@@ -167,6 +168,8 @@ jobs:
       build-arch: ${{ matrix.build-arch }}
       ref: ${{ github.ref }}
     secrets:
-      GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }}
-      GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }}
+      # GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }}
+      # GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }}
+      GHCR_USERNAME: ${{ github.actor }}
+      GHCR_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 

.github/workflows/dodo-build-devcontainer.yaml

@@ -0,0 +1,44 @@
+name: Build DevContainer image
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - dodo
+    paths:
+      - ".devcontainer/**"
+
+jobs:
+  push:
+    name: Build DevContainer image
+    runs-on: ubuntu-latest
+    env:
+      DEVCONTAINER_IMAGE_TAG: v0.1
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push (for main branch)
+        uses: docker/build-push-action@v4
+        with:
+          file: ".devcontainer/Dockerfile"
+          push: true
+          tags: >
+            ghcr.io/${{ github.repository }}-devcontainer:latest,
+            ghcr.io/${{ github.repository }}-devcontainer:${{ env.DEVCONTAINER_IMAGE_TAG }}
+          platforms: |
+            linux/arm64
+            linux/amd64
+      - name: Output image tags
+        run: |
+          echo "## Built images with the following tags" >> $GITHUB_STEP_SUMMARY
+          echo "### ghcr.io/${{ github.repository }}-devcontainer:latest" >> $GITHUB_STEP_SUMMARY
+          echo "### ghcr.io/${{ github.repository }}-devcontainer:${{ env.DEVCONTAINER_IMAGE_TAG }}" >> $GITHUB_STEP_SUMMARY

.github/workflows/dodo-build-image.yml

@@ -0,0 +1,40 @@
+name: Build and push image (Dodo)
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - dodo
+
+jobs:
+  push:
+    name: Build and push image
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Get short SHA
+        run: echo "sha7=$(echo $GITHUB_SHA | cut -c1-7)" >> $GITHUB_ENV
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          push: true
+          file: "Dockerfile.standalone"
+          tags: >
+            ghcr.io/${{ github.repository }}:latest,
+            ghcr.io/${{ github.repository }}:${{ env.sha7 }}
+          platforms: |
+            linux/amd64
+      - name: Output image tags
+        run: |
+          echo "**Public docker image:** ghcr.io/${{ github.repository }}:${{ env.sha7 }}" >> $GITHUB_STEP_SUMMARY
+          echo "**Commit message:** ${{ github.event.head_commit.message }}" >> $GITHUB_STEP_SUMMARY