Add on-tag RPM build (nfpm) and upload to artifactapi
Publish the plugin as an installable RPM so hosts can drop it into the Vault/ OpenBao plugin directory. On a tag, build the binary, package it with nfpm (mirroring the rpmbuilder approach), and upload the RPM to artifactapi's local rpm-internal repository. - Add packaging/nfpm.yaml installing the binary to /opt/vault-plugins/ plus a preinstall script that creates the directory - Add scripts/build-rpm.sh and make rpm / rpm-package targets - Add .woodpecker/release.yml (event: tag): build -> nfpm package -> PUT to artifactapi remotes/rpm-internal/files/
This commit is contained in:
@@ -0,0 +1,28 @@
|
||||
when:
|
||||
- event: tag
|
||||
|
||||
steps:
|
||||
- name: build
|
||||
image: git.unkin.net/unkin/almalinux9-gobuilder:20260606
|
||||
commands:
|
||||
- make build VERSION=${CI_COMMIT_TAG}
|
||||
|
||||
- name: package
|
||||
image: git.unkin.net/unkin/almalinux9-rpmbuilder:latest
|
||||
commands:
|
||||
- ./scripts/build-rpm.sh ${CI_COMMIT_TAG}
|
||||
depends_on: [build]
|
||||
|
||||
- name: upload
|
||||
image: git.unkin.net/unkin/almalinux9-base:20260606
|
||||
commands:
|
||||
- |
|
||||
for rpm in dist/*.rpm; do
|
||||
FILE=$$(basename "$$rpm")
|
||||
echo "Uploading $${FILE} to artifactapi rpm-internal"
|
||||
curl -f -X PUT \
|
||||
"https://artifactapi3.k8s.syd1.au.unkin.net/api/v2/remotes/rpm-internal/files/$${FILE}" \
|
||||
-H "Content-Type: application/x-rpm" \
|
||||
--data-binary @"$$rpm"
|
||||
done
|
||||
depends_on: [package]
|
||||
@@ -1,4 +1,4 @@
|
||||
.PHONY: build install test lint fmt clean tidy e2e e2e-vault e2e-openbao e2e-up e2e-down patch minor major check-go
|
||||
.PHONY: build install test lint fmt clean tidy e2e e2e-vault e2e-openbao e2e-up e2e-down rpm rpm-package patch minor major check-go
|
||||
|
||||
BINARY := vault-plugin-secrets-litellm
|
||||
PKG := ./cmd/vault-plugin-secrets-litellm
|
||||
@@ -36,6 +36,13 @@ tidy:
|
||||
clean:
|
||||
rm -rf $(PLUGIN_DIR)
|
||||
|
||||
# Build the plugin binary then package it into an RPM with nfpm.
|
||||
rpm: build rpm-package
|
||||
|
||||
# Package an already-built binary into an RPM (used by CI after the build step).
|
||||
rpm-package:
|
||||
./scripts/build-rpm.sh $(VERSION)
|
||||
|
||||
# End-to-end tests spin up LiteLLM + Postgres and both Vault and OpenBao in
|
||||
# Docker, then exercise the full lifecycle (configure, create role, generate,
|
||||
# use, revoke) against each engine using the same plugin binary.
|
||||
|
||||
@@ -0,0 +1,36 @@
|
||||
---
|
||||
# nfpm config for building the vault-plugin-secrets-litellm RPM.
|
||||
# Rendered through envsubst (see scripts/build-rpm.sh) then fed to `nfpm pkg`.
|
||||
|
||||
name: ${PACKAGE_NAME}
|
||||
version: ${PACKAGE_VERSION}
|
||||
release: ${PACKAGE_RELEASE}
|
||||
arch: ${PACKAGE_ARCH}
|
||||
platform: ${PACKAGE_PLATFORM}
|
||||
section: default
|
||||
priority: extra
|
||||
description: "${PACKAGE_DESCRIPTION}"
|
||||
|
||||
maintainer: ${PACKAGE_MAINTAINER}
|
||||
homepage: ${PACKAGE_HOMEPAGE}
|
||||
license: ${PACKAGE_LICENSE}
|
||||
|
||||
disable_globbing: false
|
||||
|
||||
replaces:
|
||||
- vault-plugin-secrets-litellm
|
||||
provides:
|
||||
- vault-plugin-secrets-litellm
|
||||
|
||||
# Install the plugin binary into the Vault/OpenBao plugin directory. Point the
|
||||
# server's plugin_directory at /opt/vault-plugins to pick it up.
|
||||
contents:
|
||||
- src: dist/vault-plugin-secrets-litellm
|
||||
dst: /opt/vault-plugins/vault-plugin-secrets-litellm
|
||||
file_info:
|
||||
mode: 0755
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
scripts:
|
||||
preinstall: packaging/scripts/preinstall.sh
|
||||
Executable
+3
@@ -0,0 +1,3 @@
|
||||
#!/usr/bin/env bash
|
||||
# Ensure the plugin directory exists before the binary is laid down.
|
||||
mkdir -p /opt/vault-plugins
|
||||
Executable
+35
@@ -0,0 +1,35 @@
|
||||
#!/usr/bin/env bash
|
||||
#
|
||||
# Package the (already built) plugin binary into an RPM with nfpm.
|
||||
# Usage: scripts/build-rpm.sh [version] (version defaults to $CI_COMMIT_TAG)
|
||||
#
|
||||
set -euo pipefail
|
||||
|
||||
ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
|
||||
cd "${ROOT_DIR}"
|
||||
|
||||
VERSION="${1:-${CI_COMMIT_TAG:-0.0.0-dev}}"
|
||||
VERSION="${VERSION#v}" # strip a leading v
|
||||
BINARY="vault-plugin-secrets-litellm"
|
||||
DIST="dist"
|
||||
|
||||
if [ ! -f "${DIST}/${BINARY}" ]; then
|
||||
echo "ERROR: ${DIST}/${BINARY} not found; run 'make build' first" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
export PACKAGE_NAME="${BINARY}"
|
||||
export PACKAGE_VERSION="${VERSION}"
|
||||
export PACKAGE_RELEASE="1"
|
||||
export PACKAGE_ARCH="amd64"
|
||||
export PACKAGE_PLATFORM="linux"
|
||||
export PACKAGE_DESCRIPTION="Vault/OpenBao dynamic secrets engine for LiteLLM virtual keys"
|
||||
export PACKAGE_MAINTAINER="Ben Vincent <ben@unkin.net>"
|
||||
export PACKAGE_HOMEPAGE="https://git.unkin.net/unkin/vault-plugin-secrets-litellm"
|
||||
export PACKAGE_LICENSE="MIT"
|
||||
|
||||
envsubst < packaging/nfpm.yaml > "${DIST}/nfpm.yaml"
|
||||
nfpm pkg --config "${DIST}/nfpm.yaml" --target "${DIST}" --packager rpm
|
||||
|
||||
echo "Built:"
|
||||
ls -1 "${DIST}"/*.rpm
|
||||
Reference in New Issue
Block a user