Skip to content

Commit

Permalink
Travis-CI
Browse files Browse the repository at this point in the history
Preparing CI and scripts to install Vault, and bootstrap service to have
AppRole authentication. Role-ID and Secret-ID are saved on `.env` and
employed during CI steps.
  • Loading branch information
Otávio Fernandes committed Mar 30, 2019
1 parent 4bf50c3 commit 5facb00
Show file tree
Hide file tree
Showing 7 changed files with 106 additions and 13 deletions.
28 changes: 22 additions & 6 deletions .ci/bootstrap-vault.sh
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,27 @@ function die () {
exit 1
}

function enable_secrets_kv() {
function wait_for_vault () {
max_attemtps=10
attempts=0

echo "Waiting for Vault at '${VAULT_ADDR}'..."
until curl --fail ${VAULT_ADDR} > /dev/null 2>&1 || [ $attempts -eq $max_attemtps ] ; do
echo "# Failed to reach Vault at '${VAULT_ADDR}' (${attempts}/${max_attemtps})"
sleep $(( attempts++ ))
done

if [ $attempts -eq $max_attemtps ]; then
die "Can't reach Vault at '${VAULT_ADDR}', timeout!"
fi
}

function enable_secrets_kv () {
vault secrets enable -version=2 kv || \
die "Can't enable secrets kv!"
}

function enable_approle() {
function enable_approle () {
if ! vault auth list |grep -q approle ; then
vault auth enable approle || \
die "Can't enable approle!"
Expand All @@ -25,7 +40,7 @@ function write_policy() {
die "Can't apply test policy!"
}

function create_approle_app() {
function create_approle_app () {
vault write auth/approle/role/test-app \
policies=test-app \
secret_id_num_uses=0 \
Expand All @@ -36,20 +51,20 @@ function create_approle_app() {
die "Can't create test-app approle!"
}

function get_role_id() {
function get_role_id () {
vault read auth/approle/role/test-app/role-id \
|grep role_id \
|awk '{print $2}'
}

function get_secret_id() {
function get_secret_id () {
vault write -f auth/approle/role/test-app/secret-id \
|grep secret_id \
|grep -v accessor \
|awk '{print $2}'
}

function register_app() {
function register_app () {
local role_id=$1
local secret_id=$2

Expand All @@ -63,6 +78,7 @@ function register_app() {
# Main
#

wait_for_vault
enable_secrets_kv
enable_approle
write_policy
Expand Down
30 changes: 30 additions & 0 deletions .ci/install-vault.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
#!/bin/bash

VAULT_VERSION="${VAULT_VERSOIN:-1.1.0}"
VAULT_TARGET_DIR="${VAULT_TARGET_DIR:-/home/travis/bin}"

VAULT_ZIP_FILE="vault_${VAULT_VERSION}_linux_amd64.zip"
VAULT_BIN="vault"

function die () {
echo "[ERROR] ${*}" 1>&2
exit 1
}

[ ! -d ${VAULT_TARGET_DIR} ] && die "Can't find target directory at '${VAULT_TARGET_DIR}'!"

if ! wget "https://releases.hashicorp.com/vault/${VAULT_VERSION}/${VAULT_ZIP_FILE}" ; then
die "Can't download Vault!"
fi

if ! unzip ${VAULT_ZIP_FILE} ; then
die "Can't unzip '${VAULT_ZIP_FILE}'"
fi

[ ! -f ${VAULT_BIN} ] && die "Can't find vault binary at './${VAULT_BIN}'"

if ! mv -v "${VAULT_BIN}" "${VAULT_TARGET_DIR}" ; then
die "Can't move '${VAULT_BIN}' to '${VAULT_TARGET_DIR}'!"
fi

rm -vf "${VAULT_ZIP_FILE}" > /dev/null 2>&1
2 changes: 2 additions & 0 deletions .dockerignore
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@
.git*
.goreleaser*
.vscode
.ci
.cover*
README.md
build
test
Expand Down
2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
build/
coverage*
vendor*
.ci/codecov*
.data
.env
.vscode
21 changes: 21 additions & 0 deletions .travis.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
---
language: go
go:
- 1.11.x
install: true
services:
- docker
before_script:
- docker-compose up -d
- .ci/install-vault.sh
- .ci/bootstrap-vault.sh
- make dep
script:
- export VAULT_HANDLER_VAULT_ROLE_ID=$(grep ROLE_ID .env |awk -F '"' '{print $2}')
- export VAULT_HANDLER_VAULT_SECRET_ID=$(grep SECRET_ID .env |awk -F '"' '{print $2}')
- make bootstrap
- make
- make test
# - make integration
after_success:
- make codecov
25 changes: 18 additions & 7 deletions Makefile
Original file line number Diff line number Diff line change
@@ -1,12 +1,21 @@
# application name
APP = vault-handler
# build directory
BUILD_DIR ?= build
# docker image tag
DOCKER_IMAGE ?= "otaviof/$(APP)"
# directory containing end-to-end tests
E2E_TEST_DIR ?= test/e2e
# project version, used as docker tag
VERSION ?= $(shell cat ./version)

.PHONY: default bootstrap build clean test

default: build

dep:
go get -u github.com/golang/dep/cmd/dep

bootstrap:
dep ensure -v -vendor-only

Expand All @@ -23,18 +32,20 @@ clean-vendor:
rm -rf ./vendor > /dev/null

test:
go test -cover -v pkg/$(APP)/*
go test -race -coverprofile=coverage.txt -covermode=atomic -cover -v pkg/$(APP)/*

snapshot:
goreleaser --rm-dist --snapshot

release: release-go release-docker
@echo "# Uploaded vault-handler v'$(VERSION)'!"

release-go:
release:
git tag $(VERSION)
git push origin $(VERSION)
goreleaser --rm-dist

release-docker: build-docker
docker push $(DOCKER_IMAGE):$(VERSION)
integration:
go test -v $(E2E_TEST_DIR)/*

codecov:
mkdir .ci || true
curl -s -o .ci/codecov.sh https://codecov.io/bash
bash .ci/codecov.sh -t $(CODECOV_TOKEN)
11 changes: 11 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,17 @@
<p align="center">
<img src ="./assets/logo/vault-handler.png"/>
</p>
<p align="center">
<a alt="GoReport" href="https://goreportcard.com/report/github.com/otaviof/vault-handler">
<img src="https://goreportcard.com/badge/github.com/otaviof/vault-handler">
</a>
<a alt="Code Coverage" href="https://codecov.io/gh/otaviof/vault-handler">
<img src="https://codecov.io/gh/otaviof/vault-handler/branch/master/graph/badge.svg">
</a>
<a alt="Build Status" href="https://travis-ci.com/otaviof/vault-handler">
<img src="https://travis-ci.com/otaviof/vault-handler.svg?branch=master">
</a>
</p>

# `vault-handler` (WIP)

Expand Down

0 comments on commit 5facb00

Please sign in to comment.