Init commit

build/flake.lock

@@ -0,0 +1,73 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 0,
+        "narHash": "sha256-7Fu7oazPoYCbDzb9k8D/DdbKrC3aU1zlnc39Y8jy/s8=",
+        "path": "/nix/store/m4wcdchjxw2fdyzjp8i6irpc613pchkr-source",
+        "type": "path"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs-unstable": {
+      "locked": {
+        "lastModified": 1743448293,
+        "narHash": "sha256-bmEPmSjJakAp/JojZRrUvNcDX2R5/nuX6bm+seVaGhs=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "77b584d61ff80b4cef9245829a6f1dfad5afdfa3",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-unstable",
+        "type": "indirect"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": "nixpkgs",
+        "nixpkgs-unstable": "nixpkgs-unstable"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

build/flake.nix

@@ -0,0 +1,52 @@
+{
+  description = "Zitadel Resources Operator";
+
+  inputs = {
+    flake-utils.url = "github:numtide/flake-utils";
+    nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
+  };
+
+  outputs = { self, nixpkgs, nixpkgs-unstable, flake-utils }:
+    flake-utils.lib.eachDefaultSystem (system:
+      let
+        unstable = nixpkgs-unstable.legacyPackages.${system};
+        pkgs = nixpkgs.legacyPackages.${system};
+        package = unstable.buildGoModule {
+          pname = "zitadel-resources-operator";
+          version = "0.0.0";
+          src = ../src;
+          doCheck = false;
+          vendorHash = "sha256-HEXIHASdDC7chG9uF56f6pvZPVbxYs/fWFytDz6CAf4=";
+          installPhase = ''
+            runHook preInstall
+
+            mkdir -p $out/bin
+            dir="$GOPATH/bin"
+            [ -e "$dir" ] && cp -r $dir/cmd $out/manager
+
+            runHook postInstall
+          '';
+        };
+        dockerPackage = pkgs.dockerTools.buildImage {
+          name = "zitadel-resources-operator";
+          fromImageName = "gcr.io/distroless/static";
+          fromImageTag = "nonroot";
+          copyToRoot = pkgs.buildEnv {
+            name = "operator";
+            paths = [ package ];
+            pathsToLink = [ "/" ];
+          };
+          config = {
+            Cmd = [ "/manager" ];
+            WorkingDir = "/";
+            User = "65532:65532";
+          };
+        };
+      in with pkgs; {
+        packages.default = package;
+        packages.dockerImage = dockerPackage;
+        devShells.default = mkShell {
+          buildInputs = [ nixfmt unstable.gopls operator-sdk unstable.go ];
+        };
+      });
+}

build/push-image.sh

@@ -0,0 +1,63 @@
+#!/bin/bash
+set -xeuo pipefail
+
+# Setup client certificate for docker registry login
+mkdir -p /.docker
+mkdir -p /etc/docker/certs.d/$DOCKERREGISTRY_URL
+echo $DOCKERREGISTRY_CACERT
+(umask  077 ; echo $DOCKERREGISTRY_CACERT | base64 -d > /.docker/ca.pem)
+(umask  077 ; echo $DOCKERREGISTRY_CACERT | base64 -d > /etc/docker/certs.d/$DOCKERREGISTRY_URL/ca.crt) #Don't ask why this is needed twice.
+(umask  077 ; echo $DOCKERREGISTRY_CLIENTCERT | base64 -d > /etc/docker/certs.d/$DOCKERREGISTRY_URL/client.cert)
+(umask  077 ; echo $DOCKERREGISTRY_CLIENTKEY | base64 -d > /etc/docker/certs.d/$DOCKERREGISTRY_URL/client.key)
+
+docker --tls login -u $DOCKERREGISTRY_USER  -p $DOCKERREGISTRY_PASSWORD $DOCKERREGISTRY_URL
+
+export DOCKER_HOST=$DOCKERDAEMON_ADDRESS #Setup docker to use a specific daemon
+
+BUILD_IMAGE_NAME=$(ls images | tee /dev/stderr | head -n 1)
+
+IMAGE_ID=$(
+ docker load --input "images/$BUILD_IMAGE_NAME" |
+ sed -nr 's/^Loaded image: (.*)$/\1/p' |
+ xargs -I{} docker image ls "{}" --format="{{.ID}}" |
+ tee /dev/stderr
+)
+
+DOCKER_IMAGE_NAME=$DOCKERREGISTRY_URL/$BITBUCKET_REPO_SLUG
+VERSION=$BITBUCKET_BUILD_NUMBER
+
+if [[ "${BITBUCKET_BRANCH:-""}" == "master" ]]; then
+ LATEST="latest"
+else
+ unset LATEST
+fi
+
+escapeTag(){ echo "${1//[^a-zA-Z0-9._\-]/-}"; }
+
+tagPush(){
+ if [ -n "$1" ]; then
+   local tag=$(escapeTag "$1")
+   docker tag "$IMAGE_ID" "$DOCKER_IMAGE_NAME:$tag" && docker push "$DOCKER_IMAGE_NAME:$tag"
+ fi
+}
+
+tagRemove(){
+ if [ -n "$1" ]; then
+   local tag=$(escapeTag "$1")
+   docker rmi "$DOCKER_IMAGE_NAME:$tag"
+ fi
+}
+
+set +u
+
+tagPush "$VERSION"
+tagPush "$BITBUCKET_BRANCH"
+tagPush "$BITBUCKET_TAG"
+tagPush "$BITBUCKET_COMMIT"
+tagPush "$LATEST"
+
+tagRemove "$VERSION"
+tagRemove "$BITBUCKET_BRANCH"
+tagRemove "$BITBUCKET_TAG"
+tagRemove "$BITBUCKET_COMMIT"
+tagRemove "$LATEST"