feat(docs): add docs

statista-oss · Dec 18, 2024 · 71c40c4 · 71c40c4
1 parent f7a2f58
commit 71c40c4
Showing 5 changed files with 137 additions and 24 deletions.
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -13,19 +13,26 @@ jobs:
       packages: write
     env:
       REGISTRY: ghcr.io
-      IMAGE_NAME: ${{ github.repository }}
+
     steps:
       - name: Checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
 
+      - name: lowercase github.repository
+        run: |
+          echo "IMAGE_NAME=`echo ${{github.repository}} | tr '[:upper:]' '[:lower:]'`" >> ${GITHUB_ENV}
+
       - name: Login to GitHub Container Registry
         uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ github.token }}
 
-      - uses: docker/build-push-action@v2
+      - uses: docker/build-push-action@v6
         with:
-          tags: "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}"
+          tags: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
           push: true
+          platforms: linux/amd64
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -6,26 +6,58 @@ on:
       - main
 
 jobs:
-  build:
+  test:
     runs-on: ubuntu-latest
     permissions:
       contents: read
       packages: write
+      actions: read
+      security-events: write
     env:
       REGISTRY: ghcr.io
-      IMAGE_NAME: ${{ github.repository }}
     steps:
       - name: Checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
 
-      - uses: docker/build-push-action@v2
+      - name: lowercase github.repository
+        run: |
+          echo "IMAGE_NAME=`echo ${{ env.REGISTRY }}/${{ github.repository }}:${{ github.sha }} | tr '[:upper:]' '[:lower:]'`" >> ${GITHUB_ENV}
+
+      - uses: docker/build-push-action@v6
         with:
-          tags: "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}"
-          push: true
+          tags: "${{ env.IMAGE_NAME }}"
+          platforms: linux/amd64
+
+      -
+        name: Scan for vulnerabilities
+        uses: crazy-max/ghaction-container-scan@v3
+        id: scan
+        env:
+          TRIVY_DISABLE_VEX_NOTICE: true
+        with:
+          image: ${{ env.IMAGE_NAME }}
+          annotations: true
+          severity_threshold: HIGH
+          dockerfile: ./Dockerfile
+      -
+        name: Upload SARIF file
+        if: ${{ steps.scan.outputs.sarif != '' }}
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: ${{ steps.scan.outputs.sarif }}
 
       # cookie strategy
       - name: Run Docker Image with Cookie Strategy
-        run: docker run --name statista_proxy -d -p80:80 -e STRATEGY=COOKIE -e OLD_DOMAIN=haproxy.com:443 -e NEW_DOMAIN=apache.org:443 -e COOKIE_STRATEGY_NAME="my_app_routing=new" statista_proxy
+        run: |
+          docker run --name statista_proxy -d -p80:80 \
+          -e STRATEGY=COOKIE \
+          -e OLD_DOMAIN=haproxy.com:443 -e NEW_DOMAIN=apache.org:443 \
+          -e COOKIE_STRATEGY_NAME="my_app_routing=new" \
+          "${{ env.IMAGE_NAME }}"
+
+          sleep 2
+          docker ps -a
+          docker logs statista_proxy
 
       - name: Test Docker Image with Cookie Strategy without cookie
         run: |
@@ -41,7 +73,17 @@ jobs:
 
       # percentage strategy
       - name: Run Docker Image with Percentage Strategy
-        run: docker run --name statista_proxy -d -p80:80 -e STRATEGY=PERCENTAGE -e OLD_DOMAIN=haproxy.com:443 -e NEW_DOMAIN=apache.org:443 -e PERCENTAGE_NEW=50 -e PERCENTAGE_OLD=50 -e COOKIE_PERCENTAGE_NAME=my_app statista_proxy
+        run: |
+          docker run --name statista_proxy -d -p80:80 \
+          -e STRATEGY=PERCENTAGE \
+          -e OLD_DOMAIN=haproxy.com:443 -e NEW_DOMAIN=apache.org:443 \
+          -e PERCENTAGE_NEW=50 -e PERCENTAGE_OLD=50 \
+          -e COOKIE_PERCENTAGE_NAME=my_app \
+          "${{ env.IMAGE_NAME }}"
+
+          sleep 2
+          docker ps -a
+          docker logs statista_proxy
 
       - name: Test Docker Image with Percentage Strategy backend selection
         run: |
@@ -53,14 +95,65 @@ jobs:
 
       - name: Test Docker Image with Percentage Strategy with sticky cookie on new domain
         run: |
-          curl -Is localhost:80 --cookie "my_app=new_domain" | grep -i -e "server: nginx"
+          curl -Is localhost:80 --cookie "my_app=new_domain" | grep -i -e "x-served-by: cache-"
 
       - name: Test Docker Image with Percentage Strategy with round robin
         # sadly we dont know which server serves us first, so we have to check both
         run: |
-          curl -Is localhost:80 | grep -i -e "server: " -e "set-cookie: my_app=new_domain; path=/" -e "set-cookie: my_app=old_domain; path=/"
-          curl -Is localhost:80 | grep -i -e "server: " -e "set-cookie: my_app=new_domain; path=/" -e "set-cookie: my_app=old_domain; path=/"
+          curl -Is localhost:80 | grep -i -e "server:" -e "x-served-by:" -e "set-cookie: my_app=new_domain; path=/" -e "set-cookie: my_app=old_domain; path=/"
+          curl -Is localhost:80 | grep -i -e "server:" -e "x-served-by:" -e "set-cookie: my_app=new_domain; path=/" -e "set-cookie: my_app=old_domain; path=/"
 
       - name: Stop the Percentage Strategy Docker Image
         if: success() || failure()
         run: docker rm -f statista_proxy
+
+      # variable validation
+      - name: Run Docker Image with Invalid new Percentage
+        run: |
+          set +e
+
+          docker run \
+          -e STRATEGY=PERCENTAGE \
+          -e OLD_DOMAIN=haproxy.com:443 -e NEW_DOMAIN=apache.org:443 \
+          -e PERCENTAGE_NEW=foo -e PERCENTAGE_OLD=50 \
+          -e COOKIE_PERCENTAGE_NAME=my_app \
+          "${{ env.IMAGE_NAME }}"
+
+          if [[ $? == 1 ]]; then exit 0; else exit 1; fi
+
+      - name: Run Docker Image with Invalid old Percentage
+        run: |
+          set +e
+
+          docker run \
+          -e STRATEGY=PERCENTAGE \
+          -e OLD_DOMAIN=haproxy.com:443 -e NEW_DOMAIN=apache.org:443 \
+          -e PERCENTAGE_NEW=50 -e PERCENTAGE_OLD=foo \
+          -e COOKIE_PERCENTAGE_NAME=my_app \
+          "${{ env.IMAGE_NAME }}"
+
+          if [[ $? == 1 ]]; then exit 0; else exit 1; fi
+
+      - name: Run Docker Image with Invalid old domain
+        run: |
+          set +e
+
+          docker run \
+          -e STRATEGY=PERCENTAGE \
+          -e NEW_DOMAIN=apache.org:443 \
+          -e COOKIE_PERCENTAGE_NAME=my_app \
+          "${{ env.IMAGE_NAME }}"
+
+          if [[ $? == 1 ]]; then exit 0; else exit 1; fi
+
+      - name: Run Docker Image with Invalid new domain
+        run: |
+          set +e
+
+          docker run \
+          -e STRATEGY=PERCENTAGE \
+          -e OLD_DOMAIN=haproxy.com:443 -e NEW_DOMAIN=apache.org:lol \
+          -e COOKIE_PERCENTAGE_NAME=my_app \
+          "${{ env.IMAGE_NAME }}"
+
+          if [[ $? == 1 ]]; then exit 0; else exit 1; fi
diff --git a/Dockerfile b/Dockerfile
@@ -1,13 +1,12 @@
 FROM haproxy:lts-alpine
 
+LABEL org.opencontainers.image.source=https://github.com/statista-oss/proxy-router
+LABEL org.opencontainers.image.description="haproxy configurable through env vars for different routing strategies"
+
 USER root
 RUN apk add --no-cache curl socat
 
 USER haproxy
 
-# defaults
-ENV PERCENTAGE_NEW=0
-ENV PERCENTAGE_OLD=100
-
 COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
 
diff --git a/README.md b/README.md
@@ -1,4 +1,6 @@
-# Statista Proxy
+# Routing Proxy
+
+uses HAPROXY under the hood.
 
 > route between your legacy and your new application using different strategies
 
@@ -8,8 +10,9 @@ set the following environment variables for this container:
 
 ```bash
 STRATEGY=PERCENTAGE | COOKIE
-OLD_DOMAIN=old.statista.com
-COOKIE_STRATEGY_NAME=my_app_routing=new
+OLD_DOMAIN=old.domain.com:443
+NEW_DOMAIN=new.domain.com:443
+COOKIE_STRATEGY_NAME="my_app_routing=new"
 COOKIE_PERCENTAGE_NAME=my_app_sticky_name
 PERCENTAGE_OLD=70
 PERCENTAGE_NEW=30 
@@ -32,8 +35,6 @@ this cookie will taken into account when a forced routing to the new application
 ### COOKIE_PERCENTAGE_NAME
 this is the name of the cookie for implementing the sticky session
 
-> this cookie needs to be present in our [cookie consent](https://forms.office.com/pages/responsepage.aspx?id=OfiFB67f4U-gaID-j8YfK0gVGkEOyf1NiUPPYqdVPa5UNFFUUVNPSEZNMDVSOExKNDE0NksxQURSMi4u&route=shorturl) 
-
 ### PERCENTAGE_OLD
 how much traffic should be routed to the old application
 
@@ -83,3 +84,8 @@ curl -I localhost:80
 curl -I --cookie "my_app_routing=new" localhost:80
 ```
 > should be the new application
+
+
+## Usage
+
+tbd
diff --git a/haproxy.cfg b/haproxy.cfg
@@ -1,11 +1,19 @@
 global
   # enable runtime api via socket, run this inside the container
-  # echo "get var proc.cookie_percentage_name" | socat stdio unix-connect:/tmp/haproxy.sock
+  # echo "get var proc.strategy" | socat stdio unix-connect:/tmp/haproxy.sock
   # see https://www.haproxy.com/documentation/haproxy-runtime-api/
   stats socket /tmp/haproxy.sock user haproxy group haproxy mode 660 level admin
 
   # strategy can be either "PERCENTAGE" or "COOKIE"
-  set-var proc.strategy str("${STRATEGY}")
+  set-var proc.strategy env(STRATEGY)
+
+  # default some environment variables
+  presetenv PERCENTAGE_NEW "0"
+  presetenv PERCENTAGE_OLD "100"
+
+  # we source them from the environment here to actually typecheck them
+  set-var proc.percentage_new int("${PERCENTAGE_NEW}")
+  set-var proc.percentage_old int("${PERCENTAGE_OLD}")
 
   #log stdout format raw local0