initial import

e987eb7a · Lars Seipel · e987eb7a · e987eb7a · e987eb7a · e987eb7a
Commit e987eb7a authored 2 years ago by Lars Seipel
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
+# Build container image
+buildimage:
+  image:
+    name: gcr.io/kaniko-project/executor:v1.9.1-debug
+    entrypoint: [""]
+  script:
+    - ./tools/kaniko-build "$CI_PROJECT_DIR"/Dockerfile "$CI_PROJECT_DIR" "$CI_REGISTRY_IMAGE":"$CI_COMMIT_SHORT_SHA"
+
+# Tag latest container image
+taglatest:
+  needs: ['buildimage']
+  image:
+    name: gcr.io/go-containerregistry/crane:debug
+    entrypoint: [""]
+  script:
+    - crane auth login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
+    - crane tag "$CI_REGISTRY_IMAGE":"$CI_COMMIT_SHORT_SHA" latest
+  only:
+    - main
--- a/Dockerfile
+++ b/Dockerfile
+FROM registry.fedoraproject.org/fedora-minimal:rawhide
+
+ARG geoipupdate_version=4.10.0
+ARG mc_version=20230228001259.0.0
+
+
+RUN rpm -Uvh "https://github.com/maxmind/geoipupdate/releases/download/v${geoipupdate_version}/geoipupdate_${geoipupdate_version}_linux_amd64.rpm"
+RUN rpm -Uvh "https://dl.min.io/client/mc/release/linux-amd64/mcli-${mc_version}.x86_64.rpm"
+
+COPY ./entrypoint /entrypoint
+ENTRYPOINT ["/entrypoint"]
--- a/Makefile
+++ b/Makefile
+DOCKER ?= podman
+IMAGE  ?= registry.code.fbi.h-da.de/hdacloud/geoip-fetcher
+
+.PHONY: build
+build:
+	$(DOCKER) build -t $(IMAGE) .
--- a/README.md
+++ b/README.md
+# geoip-fetcher
+
+Fetch GeoIP database from MaxMind and upload it to S3 bucket.
+
+## Environment variables
+
+- `GEO_BUCKET_NAME`: S3 bucket to store fetched databases
+- `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` contain S3 credentials
+- `GEOIP_ACCOUNT_ID` and `GEOIP_LICENSE_KEY` as provided by MaxMind
+
+## Bugs
+
+The "editions" to fetch are currently hardcoded to GeoLite2-Country,
+GeoLite2-City and GeoLite2-ASN. Also, overriding the S3 endpoint URL is not
+possible (but ought to be).
--- a/entrypoint
+++ b/entrypoint
+#!/bin/bash
+set -e
+
+config=/data/GeoIP.conf
+dbdir=/data/dbs
+
+mkdir $dbdir
+
+cat >"$config" <<EOF
+AccountID $GEOIP_ACCOUNT_ID
+LicenseKey $GEOIP_LICENSE_KEY
+EditionIDs GeoLite2-Country GeoLite2-City GeoLite2-ASN
+PreserveFileTimes 1
+EOF
+
+test -n "$GEO_BUCKET_NAME" || {
+	echo 'no bucket specified' >&2
+	exit 2
+}
+
+mcli alias set s2 https://s2.h-da.cloud "$AWS_ACCESS_KEY_ID" "$AWS_SECRET_ACCESS_KEY"
+
+geoipupdate -f "$config" -d "$dbdir"
+
+exec mcli cp "$dbdir"/*.mmdb s2/"$GEO_BUCKET_NAME"/
--- a/tools/kaniko-build
+++ b/tools/kaniko-build
+#!/busybox/sh
+
+test "$#" -ge 3 || {
+	echo "usage: $0 dockerfile context destination" >&2
+	exit 2
+}
+
+dockerfile=$1
+context=$2
+destination=$3
+shift 3
+
+cat >/kaniko/.docker/config.json <<EOF
+{
+  "auths": {
+    "$CI_REGISTRY": {
+      "username": "$CI_REGISTRY_USER",
+      "password": "$CI_REGISTRY_PASSWORD"
+    }
+  }
+}
+EOF
+
+exec /kaniko/executor \
+	--context "$context" \
+	--dockerfile "$dockerfile" \
+	--destination "$destination" \
+	"$@"