Initial commit

[ZITADOPER-1]

build/flake.lock

@@ -0,0 +1,75 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1701680307,
+        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1704842529,
+        "narHash": "sha256-OTeQA+F8d/Evad33JMfuXC89VMetQbsU4qcaePchGr4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "eabe8d3eface69f5bb16c18f8662a702f50c20d5",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs-unstable": {
+      "locked": {
+        "lastModified": 1704722960,
+        "narHash": "sha256-mKGJ3sPsT6//s+Knglai5YflJUF2DGj7Ai6Ynopz0kI=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "317484b1ead87b9c1b8ac5261a8d2dd748a0492d",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-unstable",
+        "type": "indirect"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": "nixpkgs",
+        "nixpkgs-unstable": "nixpkgs-unstable"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

build/flake.nix

@@ -0,0 +1,45 @@
+{
+  description = "Zitadel K8s Operator";
+
+  inputs = {
+    flake-utils.url = "github:numtide/flake-utils";
+    nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
+  };
+
+  outputs = { self, nixpkgs, nixpkgs-unstable, flake-utils }:
+    flake-utils.lib.eachDefaultSystem (system:
+      let
+        unstable = nixpkgs-unstable.legacyPackages.${system};
+        pkgs = nixpkgs.legacyPackages.${system};
+        package = unstable.buildGoModule {
+          pname = "zitadel-k8s-operator";
+          version = "0.0.0";
+          src = ../src;
+          vendorHash = "sha256-8zGXnliSEnac9ry3eITjsXFuKYwJvKAYXeZUB65/PPo=";
+          postInstallPhase = ''
+            cp cmd $out
+          '';
+        };
+        dockerPackage = pkgs.dockerTools.buildImage {
+          name = "zitadel-k8s-operator";
+          fromImageName = "gcr.io/distroless/static";
+          fromImageTag = "nonroot";
+          copyToRoot = pkgs.buildEnv {
+            name = "operator";
+            paths = [ package ];
+            pathsToLink = [ "/bin" ];
+          };
+          config = {
+            Cmd = [ "/bin/cmd" ];
+            WorkingDir = "/";
+            User = "65532:65532";
+          };
+        };
+      in with pkgs; {
+        packages.default = package;
+        packages.dockerImage = dockerPackage;
+        devShells.default = mkShell {
+          buildInputs = [ nixfmt unstable.gopls operator-sdk unstable.go ];
+        };
+      });
+}

build/push-image.sh

@@ -0,0 +1,63 @@
+#!/bin/bash
+set -xeuo pipefail
+
+# Setup client certificate for docker registry login
+mkdir -p /.docker
+mkdir -p /etc/docker/certs.d/$DOCKERREGISTRY_URL
+echo $DOCKERREGISTRY_CACERT
+(umask  077 ; echo $DOCKERREGISTRY_CACERT | base64 -d > /.docker/ca.pem)
+(umask  077 ; echo $DOCKERREGISTRY_CACERT | base64 -d > /etc/docker/certs.d/$DOCKERREGISTRY_URL/ca.crt) #Don't ask why this is needed twice.
+(umask  077 ; echo $DOCKERREGISTRY_CLIENTCERT | base64 -d > /etc/docker/certs.d/$DOCKERREGISTRY_URL/client.cert)
+(umask  077 ; echo $DOCKERREGISTRY_CLIENTKEY | base64 -d > /etc/docker/certs.d/$DOCKERREGISTRY_URL/client.key)
+
+docker --tls login -u $DOCKERREGISTRY_USER  -p $DOCKERREGISTRY_PASSWORD $DOCKERREGISTRY_URL
+
+export DOCKER_HOST=$DOCKERDAEMON_ADDRESS #Setup docker to use a specific daemon
+
+BUILD_IMAGE_NAME=$(ls images | tee /dev/stderr | head -n 1)
+
+IMAGE_ID=$(
+ docker load --input "images/$BUILD_IMAGE_NAME" |
+ sed -nr 's/^Loaded image: (.*)$/\1/p' |
+ xargs -I{} docker image ls "{}" --format="{{.ID}}" |
+ tee /dev/stderr
+)
+
+DOCKER_IMAGE_NAME=$DOCKERREGISTRY_URL/$BITBUCKET_REPO_SLUG
+VERSION=$BITBUCKET_BUILD_NUMBER
+
+if [[ "${BITBUCKET_BRANCH:-""}" == "master" ]]; then
+ LATEST="latest"
+else
+ unset LATEST
+fi
+
+escapeTag(){ echo "${1//[^a-zA-Z0-9._\-]/-}"; }
+
+tagPush(){
+ if [ -n "$1" ]; then
+   local tag=$(escapeTag "$1")
+   docker tag "$IMAGE_ID" "$DOCKER_IMAGE_NAME:$tag" && docker push "$DOCKER_IMAGE_NAME:$tag"
+ fi
+}
+
+tagRemove(){
+ if [ -n "$1" ]; then
+   local tag=$(escapeTag "$1")
+   docker rmi "$DOCKER_IMAGE_NAME:$tag"
+ fi
+}
+
+set +u
+
+tagPush "$VERSION"
+tagPush "$BITBUCKET_BRANCH"
+tagPush "$BITBUCKET_TAG"
+tagPush "$BITBUCKET_COMMIT"
+tagPush "$LATEST"
+
+tagRemove "$VERSION"
+tagRemove "$BITBUCKET_BRANCH"
+tagRemove "$BITBUCKET_TAG"
+tagRemove "$BITBUCKET_COMMIT"
+tagRemove "$LATEST"