-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Allow passing payloads to rollout route (#8)
minor
- Loading branch information
Showing
3 changed files
with
281 additions
and
21 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -3,7 +3,7 @@ | |
Deploy your application from a CI/CD pipeline via `cURL` + JWT auth. | ||
|
||
``` | ||
$ curl -s -H "Authorization: bearer abc..." https://example.com/your/rollout/path | ||
$ curl -s -d '{"git-branch": "main"}' -H "Authorization: bearer abc..." https://example.com/your/rollout/path | ||
Rollout complete | ||
``` | ||
|
||
|
@@ -13,7 +13,7 @@ Instead of managing SSH keys in your CI/CD for accounts that have privileged acc | |
|
||
Requires creating a JWT from your CI provider, and sending that token to this service running in your deployment environment to trigger a deployment script. | ||
|
||
Also requires a `rollout.sh` script that can handle all the command needing ran to rollout your software. | ||
Also requires a `rollout.sh` script that can handle all the commands needing ran to rollout your software. | ||
|
||
## Install | ||
|
||
|
@@ -27,9 +27,11 @@ $ docker run \ | |
rollout:latest | ||
``` | ||
|
||
You should then proxy that port with some service that can handle TLS for you. | ||
|
||
## OIDC Provider examples | ||
|
||
This service requires two envionrment variables. | ||
This service requires two environment variables. | ||
|
||
- `JWKS_URI` - the URL of the OIDC Provider's [JSON Web Key (JWK) set document](https://www.rfc-editor.org/info/rfc7517). This is used to ensure the JWT was signed by the provider. | ||
- `JWT_AUD` - the audience set in the JWT token. | ||
|
@@ -40,6 +42,35 @@ This service requires two envionrment variables. | |
- `ROLLOUT_CMD` (default: `/bin/bash`) - the command to execute a rollout | ||
- `ROLLOUT_ARGS` (default: `/rollout.sh` ) - the args to pass to `ROLLOUT_CMD` | ||
|
||
## Dynamic environment variables for ROLLOUT_CMD | ||
|
||
There are a few environment variables you can make available to your rollout command. | ||
|
||
These environment variables can be passed to the cURL command when rolling out your changes. | ||
|
||
For example, if you want your rollout script to have the git repo and branch that is being deployed you can pass that in the rollout cURL call as seen below. Doing so will make an environment variable `$GIT_REPO` and `$GIT_BRANCH` available in your rollout script. | ||
|
||
``` | ||
$ curl -s \ | ||
-H "Authorization: bearer abc..." \ | ||
-d '{"git-repo": "[email protected]:lehigh-university-libraries/rollout.git", "git-branch": "main"}' \ | ||
https://example.com/your/rollout/path | ||
``` | ||
|
||
These are the environment variables currently supported, keyed by their respective JSON key name: | ||
|
||
| JSON Key | Env Var Name | Example JSON to send | | ||
|----------------|---------------| ------------------------------------- | ||
| `docker-image` | `DOCKER_IMAGE`| `{"docker-image": "foo/bar:latest"}` | | ||
| `docker-tag` | `DOCKER_TAG` | `{"docker-tag": "latest"}` | | ||
| `git-repo` | `GIT_REPO` | `{"git-repo": "foo/bar:latest"}` | | ||
| `git-branch` | `GIT_BRANCH` | `{"git-branch": "main"}` | | ||
| `rollout-arg1` | `ROLLOUT_ARG1`| `{"rollout-arg1": "FOO"}` | | ||
| `rollout-arg2` | `ROLLOUT_ARG2`| `{"rollout-arg2": "BAR"}` | | ||
| `rollout-arg3` | `ROLLOUT_ARG3`| `{"rollout-arg3": "BAZ"}` | | ||
|
||
If there is key/env var name that is generic enough that it warrants its own placeholder, it can be added by submitting an issue or a PR. Otherwise, use the general ARG variables. | ||
|
||
### GitHub | ||
|
||
``` | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.