diff --git a/.circleci/config.yml b/.circleci/config.yml new file mode 100644 index 00000000..610842af --- /dev/null +++ b/.circleci/config.yml @@ -0,0 +1,76 @@ +version: 2.1 + +job-defaults: &job-defaults + working_directory: &working_directory + ~/app + environment: + - AWS_DEFAULT_REGION: us-west-2 + - AWS_REGION: us-west-2 + - AWS_ACCOUNT_ID: "883127560329" + - AWS_PROFILE: dev/vault + +attach-workspace: &attach-workspace + attach_workspace: + at: *working_directory + +jobs: + build: + <<: *job-defaults + environment: + - USE_STATSD=false + - LOG_LEVEL=debug + - REDIS_SOCKET_TYPE=tcp + - REDIS_URL=localhost:6379 + docker: + - image: circleci/golang:1.14 + - image: redis:alpine + steps: + - checkout + - setup_remote_docker + - run: + name: Compile + command: | + make compile + + release-image-quay: + machine: + docker_layer_caching: true + <<: *job-defaults + steps: + - checkout + - run: + name: push to Quay + command: | + unset AWS_ACCESS_KEY_ID; unset AWS_SECRET_ACCESS_KEY; + ./ops/docker-login-quay.sh + + export VERSION=${CIRCLE_TAG} + + docker-compose build + docker-compose push + + if [[ $VERSION =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + docker tag quay.io/verygoodsecurity/ratelimit:${VERSION} quay.io/verygoodsecurity/ratelimit:latest + VERSION=latest docker-compose push + fi + +workflows: + version: 2 + test_and_build: + jobs: + - build: + context: circleci + filters: + tags: + only: /^\d+\.\d+\.\d+(?:-\w+){0,1}$/ + branches: + only: /.*/ + - release-image-quay: + context: circleci + requires: + - build + filters: + tags: + only: /^\d+\.\d+\.\d+(?:-\w+){0,1}$/ + branches: + ignore: /.*/ diff --git a/.github/stale.yml b/.github/stale.yml deleted file mode 100644 index e33e9247..00000000 --- a/.github/stale.yml +++ /dev/null @@ -1,46 +0,0 @@ -# Configuration for probot-stale - https://github.com/probot/stale - -# General configuration -# Label to use when marking as stale -staleLabel: stale - -# Pull request specific configuration -pulls: - # Number of days of inactivity before an Issue or Pull Request becomes stale - daysUntilStale: 7 - # Number of days of inactivity before a stale Issue or Pull Request is closed. - # Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale. - daysUntilClose: 7 - # Comment to post when marking as stale. Set to `false` to disable - markComment: > - This pull request has been automatically marked as stale because it has not had - activity in the last 7 days. It will be closed in 7 days if no further activity occurs. Please - feel free to give a status update now, ping for review, or re-open when it's ready. - Thank you for your contributions! - # Comment to post when closing a stale Issue or Pull Request. - closeComment: > - This pull request has been automatically closed because it has not had - activity in the last 14 days. Please feel free to give a status update now, ping for review, or re-open when it's ready. - Thank you for your contributions! - # Limit the number of actions per hour, from 1-30. Default is 30 - limitPerRun: 1 - exemptLabels: - - no stalebot - -# Issue specific configuration -issues: - # TODO: Consider increasing the limitPerRun once we are satisfied with the bot's performance - limitPerRun: 1 - daysUntilStale: 30 - daysUntilClose: 7 - markComment: > - This issue has been automatically marked as stale because it has not had activity in the - last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or other activity - occurs. Thank you for your contributions. - closeComment: > - This issue has been automatically closed because it has not had activity in the - last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted". - Thank you for your contributions. - exemptLabels: - - help wanted - - no stalebot diff --git a/.github/workflows/master.yaml b/.github/workflows/master.yaml deleted file mode 100644 index c05970a6..00000000 --- a/.github/workflows/master.yaml +++ /dev/null @@ -1,27 +0,0 @@ -name: Build and push :master image - -on: - push: - branches: - - master - -jobs: - check: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: check format - run: make check_format - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - name: build and push docker image - run: | - echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin - VERSION=master make docker_push # Push image tagged with "master" - make docker_push # Push image tagged with git sha - env: - DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} - DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} \ No newline at end of file diff --git a/.github/workflows/pullrequest.yaml b/.github/workflows/pullrequest.yaml deleted file mode 100644 index da03fd13..00000000 --- a/.github/workflows/pullrequest.yaml +++ /dev/null @@ -1,21 +0,0 @@ -name: CI Build and Test for PR - -on: - pull_request: - -jobs: - check: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: check format - run: make check_format - build: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - name: build and test - run: | - make docker_tests diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml deleted file mode 100644 index e2349f99..00000000 --- a/.github/workflows/release.yaml +++ /dev/null @@ -1,26 +0,0 @@ -name: Build and push :release image - -on: - push: - tags: - - 'v*' - -jobs: - check: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: check format - run: make check_format - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - name: build and push docker image - run: | - echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin - make docker_push - env: - DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} - DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index b0bdb0bd..7fc8bc55 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,6 +10,13 @@ COPY script script RUN CGO_ENABLED=0 GOOS=linux go build -o /go/bin/ratelimit -ldflags="-w -s" -v github.com/envoyproxy/ratelimit/src/service_cmd -FROM alpine:3.11 AS final +FROM alpine:3.11 RUN apk --no-cache add ca-certificates + +FROM ubuntu:latest +RUN apt-get update && apt-get install -y supervisor COPY --from=build /go/bin/ratelimit /bin/ratelimit +COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf +RUN mkdir -p /var/log/supervisor + +ENTRYPOINT ["/usr/bin/supervisord"] \ No newline at end of file diff --git a/Dockerfile.integration b/Dockerfile.integration index 55eb04b4..f1ef81ff 100644 --- a/Dockerfile.integration +++ b/Dockerfile.integration @@ -1,5 +1,5 @@ # Running this docker image runs the integration tests. -FROM golang:1.14 +FROM golang:1.18 RUN apt-get update -y && apt-get install sudo stunnel4 redis memcached -y && rm -rf /var/lib/apt/lists/* diff --git a/README.md b/README.md index fbfeb063..19ffc0ef 100644 --- a/README.md +++ b/README.md @@ -38,6 +38,8 @@ # Overview +[![CircleCI](https://circleci.com/gh/verygoodsecurity/ratelimit.svg?style=svg)](https://circleci.com/gh/verygoodsecurity/ratelimit) + The rate limit service is a Go/gRPC service designed to enable generic rate limit scenarios from different types of applications. Applications request a rate limit decision based on a domain and a set of descriptors. The service reads the configuration from disk via [runtime](https://github.com/lyft/goruntime), composes a cache key, and talks to the Redis cache. A diff --git a/docker-compose.yml b/docker-compose.yml index 88d3a86e..e625bb2d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -37,9 +37,10 @@ services: - binary:/usr/local/bin/ ratelimit: - image: alpine:3.6 - command: > - sh -c "until test -f /usr/local/bin/ratelimit; do sleep 5; done; /usr/local/bin/ratelimit" + image: quay.io/verygoodsecurity/ratelimit:${VERSION:-latest} + build: + context: . + dockerfile: Dockerfile ports: - 8080:8080 - 8081:8081 diff --git a/ops/docker-login-quay.sh b/ops/docker-login-quay.sh new file mode 100755 index 00000000..4e6543ff --- /dev/null +++ b/ops/docker-login-quay.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +docker login quay.io --username "$QUAY_DOCKER_LOGIN" --password "$QUAY_DOCKER_LOGIN_PASSWORD" diff --git a/src/config/config_impl.go b/src/config/config_impl.go index e19b5ce0..306226ad 100644 --- a/src/config/config_impl.go +++ b/src/config/config_impl.go @@ -267,7 +267,9 @@ func (this *rateLimitConfigImpl) GetLimit( } if descriptor.GetLimit() != nil { - rateLimitKey := domain + "." + this.descriptorToKey(descriptor) + //rateLimitKey := domain + "." + this.descriptorToKey(descriptor) + // when ip is unique for each request it generates too many stats counters and never cleans them up + rateLimitKey := domain + ".override" rateLimitOverrideUnit := pb.RateLimitResponse_RateLimit_Unit(descriptor.GetLimit().GetUnit()) rateLimit = NewRateLimit( descriptor.GetLimit().GetRequestsPerUnit(), diff --git a/supervisord.conf b/supervisord.conf new file mode 100644 index 00000000..aeba0f60 --- /dev/null +++ b/supervisord.conf @@ -0,0 +1,16 @@ +[supervisord] +logfile=/var/log/supervisor/supervisord.log +pidfile=/var/run/supervisord.pid +nodaemon=true + +[unix_http_server] +file = /var/tmp/supervisor.sock + +[supervisorctl] +serverurl=unix:///var/tmp/supervisor.sock + +[program:app] +command=/bin/ratelimit +redirect_stderr=true +stdout_logfile=/dev/stdout ; Just dump to stdout, Docker should find it +stdout_logfile_maxbytes = 0 \ No newline at end of file