fixups for bridge readme, CI, etc

Mostly this just is last touches prior to merging back to main. - Fleshing out some of the readme to be more aligned with the rest of the repo. - CI workflow updates for how they need to be IRL. - adds a LICENSE
svix · May 30, 2023 · e567257 · e567257
1 parent 826bfa6
commit e567257
Show file tree

Hide file tree

Showing 10 changed files with 251 additions and 29 deletions.
diff --git a/.github/workflows/bridge-release.yml b/.github/workflows/bridge-release.yml
@@ -1,11 +1,61 @@
-name: Webhook Bridge Release
+name: Bridge Release
 
 on:
-  push:
-    branches:
-      - onelson/bridge
+  release:
+    types: [published]
 
 jobs:
+  release:
+    name: release ${{ matrix.target }}
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - target: x86_64-pc-windows-gnu
+            os: windows-latest
+            extension: ".exe"
+
+          - target: x86_64-unknown-linux-gnu
+            os: ubuntu-latest
+            extension: ""
+
+          - target: x86_64-apple-darwin
+            os: macos-latest
+            extension: ""
+
+          - target: aarch64-apple-darwin
+            os: macos-latest
+            extension: ""
+    steps:
+      - uses: actions/checkout@master
+
+      - name: Install Rust toolchain
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+          override: true
+          profile: minimal
+          target: ${{ matrix.target }}
+
+      - name: Install musl for x86_64-unknown-linux-musl
+        if: ${{ matrix.target == 'x86_64-unknown-linux-musl' }}
+        run: sudo apt-get install -y musl-dev musl-tools
+
+      - name: Compile bridge
+        uses: actions-rs/cargo@v1
+        with:
+          command: build
+          args: --target ${{ matrix.target }} --release --manifest-path bridge/svix-bridge/Cargo.toml
+
+      - name: Release
+        uses: actions/upload-artifact@v3
+        with:
+          name: svix-bridge-${{ matrix.target }}
+          path: bridge/target/${{ matrix.target }}/release/svix-bridge${{ matrix.extension }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
   docker:
     name: release docker
     runs-on: ubuntu-latest
@@ -25,16 +75,15 @@ jobs:
         uses: docker/setup-buildx-action@v2
 
       - name: Derive Version Numbers
-        # FIXME: don't have a release name when running on a branch push - hardcode to 0.0.0 for now
         run: |
-          export REPO="${{ secrets.DOCKERHUB_USERNAME }}/svix-webhook-bridge"
-          echo DOCKER_TAGS="$(echo "v0.0.0" | sed -E "s#v([0-9]+)\.([0-9]+)\.([0-9]+)#${REPO}:latest,${REPO}:v\1.\2.\3,${REPO}:v\1.\2,${REPO}:v\1#")" >> "$GITHUB_ENV"
+          export REPO="${{ secrets.DOCKERHUB_USERNAME }}/svix-bridge"
+          echo DOCKER_TAGS="$(echo "${{ github.event.release.tag_name }}" | sed -E "s#v([0-9]+)\.([0-9]+)\.([0-9]+)#${REPO}:latest,${REPO}:v\1.\2.\3,${REPO}:v\1.\2,${REPO}:v\1#")" >> "$GITHUB_ENV"
 
       - name: Build and push Docker image
         uses: docker/build-push-action@v2
         with:
-          context: ./webhook-bridge
-          file: ./webhook-bridge/Dockerfile
+          context: ./bridge
+          file: ./bridge/Dockerfile
           push: true
           tags: ${{ env.DOCKER_TAGS }}
           platforms: linux/amd64
diff --git a/.github/workflows/bridge-security.yml b/.github/workflows/bridge-security.yml
@@ -0,0 +1,24 @@
+name: Bridge Security
+
+on:
+  push:
+    branches:
+    - main
+    paths:
+      - 'bridge/**/Cargo.toml'
+      - 'bridge/**/Cargo.lock'
+      - '.github/workflows/bridge-security.yml'
+  pull_request:
+    paths:
+      - 'bridge/**/Cargo.toml'
+      - 'bridge/**/Cargo.lock'
+      - '.github/workflows/bridge-security.yml'
+
+jobs:
+  security_audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: EmbarkStudios/cargo-deny-action@v1
+        with:
+            arguments: --manifest-path=bridge/Cargo.toml
diff --git a/bridge/Dockerfile b/bridge/Dockerfile
@@ -66,6 +66,7 @@ RUN apt-get update ;\
 USER appuser
 
 COPY --from=build /app/target/release/svix-bridge /usr/local/bin/svix-bridge
+EXPOSE 5000
 
 # Will fail if there's no `svix-bridge.yaml` in the CWD or `SVIX_BRIDGE_CFG` is not set to a valid
 # path to a config.

diff --git a/bridge/LICENSE b/bridge/LICENSE
@@ -0,0 +1,20 @@
+Copyright (c) 2021-2023 Svix Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/bridge/README.md b/bridge/README.md
@@ -1,13 +1,32 @@
-# Svix Bridge
+<h1 align="center">
+  <a href="https://www.svix.com">
+    <img width="120" src="https://avatars.githubusercontent.com/u/80175132?s=200&v=4" />
+    <p align="center">Svix - Webhooks as a service</p>
+  </a>
+</h1>
 
-`svix-bridge` is organized in terms of **senders** and **receivers**.
+![GitHub tag](https://img.shields.io/github/tag/svix/svix-webhooks.svg)
+[![Build Status](https://github.com/svix/svix-webhooks/workflows/Bridge%20CI/badge.svg)](https://github.com/svix/svix-webhooks/actions)
+[![Bridge Security](https://github.com/svix/svix-webhooks/actions/workflows/bridge-security.yml/badge.svg)](https://github.com/svix/svix-webhooks/actions/workflows/bridge-security.yml)
+[![License](https://img.shields.io/badge/license-MIT-brightgreen.svg)](LICENSE)
+[![Join our slack](https://img.shields.io/badge/Slack-join%20the%20community-blue?logo=slack&style=social)](https://www.svix.com/slack/)
+
+# Svix Bridge (beta)
+
+Bridge is an agent to help integrate webhooks into your existing messaging infrastructure.
+
+Bridge is organized in terms of **senders** and **receivers**.
 
 **Senders** are useful when you have a data source (an "input") such as a
 message queue and want to generate Svix webhooks from those messages.
 
 **Receivers** act as HTTP endpoints which wait for Svix webhooks to arrive, then
 publish the payload on to a specified "output."
 
+**Receivers** also (optionally) perform validation of the webhooks using Svix's signature verification.
+
+Both **senders** and **receivers** are defined in terms of their input, and optional JavaScript transformation, and their output.
+
 Currently the supported Sender inputs and Receiver outputs are the following
 messaging systems:
 
@@ -16,13 +35,28 @@ messaging systems:
 - Redis
 - SQS
 
-## Usage
+> Important to note that queues, exchanges, topics, etc should be created and configured independently,
+> prior to using launching Bridge. Bridge will not automatically attempt to create these resources, it will only try
+> (and fail) to read from or publish to the stream/queue in this case.
+
+
+## Installation
+
+Docker images are available on [docker hub](https://registry.hub.docker.com/r/svix/svix-bridge)
 
 ```
-svix-bridge -c path/to/svix-bridge.yaml
+$ docker pull svix/svix-bridge
 ```
 
-## Configuration
+If you don't want to use docker, see [Building from Source](../README.md#building-from-source).
+
+
+
+# Usage and Configuration
+
+```
+$ svix-bridge -c path/to/svix-bridge.yaml
+```
 
 The CLI itself exposes only a single flag (`-c`, `--cfg`) used to set the path for the config file.
 The location of the config file can also be set with the `SVIX_BRIDGE_CFG` env var.
@@ -34,7 +68,6 @@ Each sender and receiver can optionally specify a `transformation`.
 Transformations should define a function called `handler` that accepts an object and returns an object.
 
 Senders should produce JSON following an expected shape:
-
 ```
 {
     // This indicates which Svix application to send the message to
@@ -52,21 +85,36 @@ Senders should produce JSON following an expected shape:
 > The comments in the above JSON are for illustrative purposes only ;)
 > That's not valid JSON! Sorry!
 
-
 For detail on the `message` field, see: <https://api.svix.com/docs#tag/Message/operation/v1.message.create>
 
-Important to note that queues, exchanges, topics, or what have you, should be created and configured independently,
-prior to using the plugin. There's nothing in place to automatically create these resources.
-The plugin will only try (and fail) to read from the stream in such a case.
+See the example configs for how to configure each input and output in more detail:
+- [senders](./svix-bridge.example.senders.yaml)
+- [receivers](./svix-bridge.example.receivers.yaml)
 
-- GCP Pub/Sub
-- RabbitMQ
-- Redis
-- SQS
+# Building from source
 
-The HTTP server also (optionally) performs validation of the webhooks using Svix's signature verification method.
+You would need a working Rust compiler in order to build Svix Bridge.
+The easiest way is to use [rustup](https://rustup.rs/).
 
-The `verification` section for each route can be set one of two ways:
-* `none` which accepts and forwards any JSON POST HTTP request.
-* `svix` that takes a Svix endpoint secret (starting with `whsec_`) and
-  validating it using an official Svix library
+```
+# Clone the repository
+git clone https://github.com/svix/svix-webhooks
+# Change to the source directory
+cd svix-webhooks/bridge/
+# Build
+cargo install --path svix-bridge
+```
+
+Some system dependencies are required for Bridge to build successfully.
+Consult the [Dockerfile](./Dockerfile) for a good reference of what's required at build time.
+
+# Building with Docker
+
+```
+# Clone the repository
+git clone https://github.com/svix/svix-webhooks
+# Change to the source directory
+cd svix-webhooks/bridge/
+# Build
+docker build --tag svix-bridge:local .
+```
diff --git a/bridge/generic-queue/LICENSE b/bridge/generic-queue/LICENSE
@@ -0,0 +1,20 @@
+Copyright (c) 2021-2023 Svix Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/bridge/svix-bridge-plugin-queue/LICENSE b/bridge/svix-bridge-plugin-queue/LICENSE
@@ -0,0 +1,20 @@
+Copyright (c) 2021-2023 Svix Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/bridge/svix-bridge-types/LICENSE b/bridge/svix-bridge-types/LICENSE
@@ -0,0 +1,20 @@
+Copyright (c) 2021-2023 Svix Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/bridge/svix-bridge.example.receivers.yaml b/bridge/svix-bridge.example.receivers.yaml
@@ -107,4 +107,4 @@ receivers:
       # - `AWS_ACCESS_KEY_ID`
       # - `AWS_SECRET_ACCESS_KEY`
       type: "sqs"
-      queue_dsn: "https://example.aws.com/my-queue"
+      queue_dsn: "https://aws.example.com/my-queue"
diff --git a/bridge/svix-bridge/LICENSE b/bridge/svix-bridge/LICENSE
@@ -0,0 +1,20 @@
+Copyright (c) 2021-2023 Svix Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.