Container Archive - woveon/wovtools GitHub Wiki

include ref=HeaderPageArchive

Containers are built for a microservice from a recipe, located in wovtools/containers, for a specific microservice. These recipes are used by wov-build-containers to build and push a container to a Docker Repository for later deployment.

A recipe prepares and builds a Docker container for a microservice. These files are located in wovtools/containers, one per each container and have multiple purposes:

• copy: rsync only the necessary code to run, from SRCDIR (i.e. project dir), to DESTDIR (wovtools/cache/containers/MICROSERVICE).
• build.docker: writes commands to build your microservice in: ${DESTDIR}/SECRET/build.docker
  • this will already have access to private code repos (via ssh keys)
  • assumes you followed: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-ssh-unixes.html
• run.docker: write rules to run your microservice in : ${DESTDIR}/SECRET/run.docker

NOTICE: SRCDIR and DESTDIR are shortcut env variables passed in to help your script.

#!/usr/bin/env bash

if [ $DOECHO -ge 2 ]; then echo "  ... add src"; fi
# --------------------------------------------------------------------- 
rsync -ai \
    --exclude etc --exclude doc --exclude Makefile --exclude README.md \
    --exclude ".*.swp" --exclude ".*.mk" --exclude ".DS_Store" \
    --delete --delete-excluded \
    ${SRCDIR}/MYMICROSERVICE/src/* ${DESTDIR}/src/


if [ $DOECHO -ge 2 ]; then echo "  ... add node_modules"; fi
# --------------------------------------------------------------------- 
rsync -ai \
    --exclude etc --exclude doc --exclude Makefile --exclude README.md \
    --exclude ".*.swp" --exclude ".*.mk" --exclude ".DS_Store" \
    --delete --delete-excluded \
    ${SRCDIR}/MYMICROSERVICE/node_modules/*  ${DESTDIR}/node_modules

if [ $DOECHO -ge 2 ]; then echo "  ... add individual files"; fi
# --------------------------------------------------------------------- 
echo "  ... add index.js, package.json, package-lock.json"
cp ${SRCDIR}/MYMICROSERVICE/index.js ${DESTDIR}/.
cp ${SRCDIR}/MYMICROSERVICE/package.json ${DESTDIR}/.

if [ $DOECHO -ge 2 ]; then echo "      ... Docker commands for pre-build"; fi
# --------------------------------------------------------------------- 
cat <<EOF > ${DESTDIR}/SECRET/prebuild.docker
# Commands such as transpilation
EOF

if [ $DOECHO -ge 2 ]; then echo "  ... Docker commands for build"; fi
# --------------------------------------------------------------------- 
cat <<EOF > ${DESTDIR}/SECRET/build.docker
RUN npm install
EOF

if [ $DOECHO -ge 2 ]; then echo "  ... Docker commands for run"; fi
# --------------------------------------------------------------------- 
cat <<EOF > ${DESTDIR}/SECRET/run.docker
# Create app directory
WORKDIR /usr/src/app
# Run make command to import env settings and run
CMD  [ "npm", "run", "start" ]
EOF

You are going to have private code repositories and when you build your containers, they won't be your computer, nor do you want your personal keys to stay in the container. Wovtools handles this for you.

TL;DR: Create a key per repo and use it on your machine via .ssh/config settings. wov-build-container will get those settings from 'WOV_SECRETFILE' and push to the container in the build phase. There should be no action on your part afterwards.

• Create a key for your repo. (and set AWS permissions)
  • AWS CodeCommit: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-ssh-unixes.html
  • Github : https://developer.github.com/v3/guides/managing-deploy-keys/#deploy-keys
• Use ssh to access your repos (i've found https unreliable for things like NPM).
• setup your config file to use the key. AWS requires you to use it for CodeCommit, while GitHub will allow you to use regular auth.

Host git-codecommit.us-east-1.amazonaws.com
  User AAAAAAAAAAAAAAAAAAAA
  IdentityFile ~/.ssh/wovtools/aws_rsa

• Add this information to secrets (json formatted file in wovtools/secrets location) under 'repositories', 'repo' with 'user' and 'privkeyloc'. Here is an example:

"repositories": {
    "git-codecommit.us-east-1.amazonaws.com": {
      "user": "AAAAAAAAAAAAAAAAAAAA",
      "privkeyloc": "~/.ssh/wovtools/aws_rsa"
    },

• for each recipe in 'wovtools/containers'
  • pack the container with the recipe and generate Docker commands in 'wovtools/cache'
  • wov-pushcontainer-check to see if we need to build (diff to last build) and/or push
  • build if needed or forced
    • and archive this build
  • tag and push to remote repo if needed
    • update any AWS expired tokens if needed