- go
- make
- docker
- docker-compose
Build executable and docker image (otc-app)
make buildRun local binary
SECRET=<SECRETKEY> make runmake build-docker-compose
make run-docker-compose
make stop-docker-composeDefault value of SECRET is set to DefaultSecret inside docker-compose.
To set SECRET value, append make command with SECRETKEY
make run-docker-compose SECRETKEY=TOP5ecREtApp is exposed onto port 8080 Local APIs
http://127.0.0.1:8080/metrics
http://127.0.0.1:8080/health
http://127.0.0.1:8080/tokenMultistage docker build to keep the docker image size minimum.
Google Distroless image used to install app. Keeps the security attack surface minimum.
Github Actions are used for CI (https://github.com/divyangjp/golang-docker-ci/actions)
master-build-push:
Condition - On push to master branch AND when app files modified (go.* or *.go)
Outcome - Docker container image built and tagged with Git SHA. Pushed to hub.docker.com at https://hub.docker.com/r/divyangjp/otc-app/tags
DockerHub login credentials are stored into Github repository secrets
- DOCKER_HUB_USERNAME
- DOCKER_HUB_PAT
Pull Request CI:
Condition - Pull Request is raised on branches master or releases/**
Outcome - Runs make clean test build to test for any issues with PR. Additional goodies like Jira number check, linting, code scanning etc can be added to this workflow
CODEOWNERS: To automatically notify code owners when PR is raised to modify certain files/directories
-
POST /token
Return a token based on a shared secret. The shared secret is passed in the environment as the variable
SECRET. -
GET /health
Used to check the service is 'up'. It should return an HTTP code >= 200
-
GET /metrics
Return some basic metrics about the running service.
- Only read/load secrets into container at runtime
- Use services like AWS Secrets Manager, GCP Secret Manager or Hashicorp Vault to safely handle secrets
- Use IAM, Service Accounts, WorkloadIdentity etc to access secrets from secret stores