Build images on push to integration-**, qa/*, - release-** and master (…

…TykTechnologies#262)

Build bare-bones docker image on pushes to
- integration-**
- qa/*
- release-**
- master

## Related Issues

https://github.com/TykTechnologies/internal/issues/64

## Motivation and Context
Docker images are built after packages are built. This is too late in the process to effectively perform tests.

[Big picture](https://docs.google.com/document/d/18fRiUOiT9r_zsmRDSNt1xhuFt7dZb_8wZKukLXJZOnA/)

## How This Has Been Tested
See [run](https://github.com/TykTechnologies/tyk-pump/runs/742277491?check_suite_focus=true)

## Types of changes
<!-- What types of changes does your code introduce? Put an `x` in all the boxes that apply: -->
- [ ] Bug fix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing functionality to change)

## Checklist
<!-- Go over all the following points, and put an `x` in all the boxes that apply -->
<!-- If you're unsure about any of these, don't hesitate to ask; we're here to help! -->
- [x] Make sure you are requesting to **pull a topic/feature/bugfix branch** (right side). If pulling from your own
      fork, don't request your `master`!
- [x] Make sure you are making a pull request against the **`master` branch** (left side). Also, you should start
      *your branch* off *our latest `master`*.

.github/workflows/int-image.yml

@@ -0,0 +1,77 @@
+# Generated on: Wed Jul  8 11:06:47 IST 2020
+
+# Generated by: wf-gen from tyk-ci
+
+name: tyk-pump image
+
+on:
+  push:
+    branches:
+      - master
+      - integration**
+      - release-**
+jobs:
+  tyk-pump:
+    runs-on: ubuntu-latest
+    container: tykio/tyk-build-env:ga
+
+    steps:
+      - name: checkout tyk-pump
+        uses: actions/checkout@v2
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v1
+        with:
+          cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
+          terraform_wrapper: false
+          terraform_version: 0.13.0-beta2
+
+      - name: Get AWS creds from Terraform remote state
+        id: aws-creds
+        run: |
+            cd integration/terraform
+            terraform init -input=false
+            terraform refresh
+            eval $(terraform output -json tyk-pump | jq -r 'to_entries[] | [.key,.value] | join("=")')
+            region=$(terraform output region)
+            [ -z "$key" -o -z "$secret" -o -z "$region" -o -z "$ecr" ] && exit 1
+            echo "::set-output name=secret::$secret"
+            echo "::add-mask::$secret"
+            echo "::set-output name=key::$key"
+            echo "::set-output name=ecr::$ecr"
+            echo "::set-output name=region::$region"
+      
+      - name: Configure AWS credentials for use
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ steps.aws-creds.outputs.key }}
+          aws-secret-access-key: ${{ steps.aws-creds.outputs.secret }}
+          aws-region: ${{ steps.aws-creds.outputs.region }}
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: Build release tarball
+        run: |
+            if [ -x bin/integration_build.sh ]; then
+               SIGNPKGS=0 BUILDPKGS=0 BUILDWEB=0 ARCH=amd64 bin/integration_build.sh
+               cp tyk-pump-amd64-*.tar.gz integration/image/tyk-pump.tar.gz
+            fi
+
+      - name: Build, tag, and push image to Amazon ECR
+        env:
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          ECR_REPOSITORY: tyk-pump
+        run: |
+            cd integration/image
+            IMAGE_TAG="${GITHUB_REF##*/}"
+            docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG \
+                         -t $ECR_REGISTRY/$ECR_REPOSITORY:latest \
+                         -t $ECR_REGISTRY/$ECR_REPOSITORY:${GITHUB_SHA} \
+                         .
+            docker push $ECR_REGISTRY/$ECR_REPOSITORY
+
+      - name: Logout of Amazon ECR
+        if: always()
+        run: docker logout ${{ steps.login-ecr.outputs.registry }}

bin/integration_build.sh

@@ -0,0 +1,74 @@
+#!/bin/bash
+
+set -exo pipefail
+
+: ${SIGNKEY:="12B5D62C28F57592D1575BD51ED14C59E37DAC20"}
+: ${BUILDPKGS:="1"}
+: ${ARCH:=amd64}
+: ${PKG_PREFIX:=tyk-pump}
+
+if [ $BUILDPKGS == "1" ]; then
+    echo Configuring gpg-agent-config to accept a passphrase
+    mkdir ~/.gnupg && chmod 700 ~/.gnupg
+    cat >> ~/.gnupg/gpg-agent.conf <<EOF
+allow-preset-passphrase
+debug-level expert
+log-file /tmp/gpg-agent.log
+EOF
+    gpg-connect-agent reloadagent /bye
+
+    echo "Importing signing key"
+    gpg --list-keys | grep -w $SIGNKEY && echo "Key exists" || gpg --batch --import $BUILDTOOLSDIR/tyk.io.signing.key
+    bash $BUILDTOOLSDIR/unlock-agent.sh $SIGNKEY
+fi
+
+bdir=build
+echo "Creating build dir: $bdir"
+mkdir -p $bdir
+
+# ---- APP BUILD START ---
+echo "Building application"
+go build && mv tyk-pump $bdir
+# ---- APP BUILD END ---
+
+# ---- CREATE TARGET FOLDER ---
+echo "Copying pump files"
+cp -R install $bdir/
+cp pump.example.conf $bdir/${PKG_PREFIX}.conf
+cp LICENSE.md $bdir/
+cp README.md $bdir/
+
+echo "Making tarball"
+tar -C $bdir -pczf ${PKG_PREFIX}-${ARCH}-${VERSION}.tar.gz .
+
+FPMCOMMON=(
+    --name tyk-pump
+    --description "Tyk Pump to move analytics data from Redis to any supported back end"
+    -v $VERSION
+    --vendor "Tyk Technologies Ltd"
+    -m "<[email protected]>"
+    --url "https://tyk.io"
+    -s dir
+    -C $bdir
+    --before-install $bdir/install/before_install.sh
+    --after-install $bdir/install/post_install.sh
+    --after-remove $bdir/install/post_remove.sh
+    --config-files /opt/tyk-pump/pump.conf
+)
+FPMRPM=(
+    --before-upgrade $bdir/install/post_remove.sh
+    --after-upgrade $bdir/install/post_install.sh
+)
+
+if [ $BUILDPKGS == "1" ]; then
+    echo "Building $ARCH packages"
+    fpm "${FPMCOMMON[@]}" -a $ARCH -t deb --deb-user tyk --deb-group tyk ./=/opt/tyk-pump
+    fpm "${FPMCOMMON[@]}" "${FPMRPM[@]}" -a $ARCH -t rpm --rpm-user tyk --rpm-group tyk  ./=/opt/tyk-pump
+
+    echo "Signing $ARCH RPM"
+    rpm --define "%_gpg_name Team Tyk (package signing) <[email protected]>" \
+        --define "%__gpg /usr/bin/gpg" \
+        --addsign *.rpm || (cat /tmp/gpg-agent.log; exit 1)
+    echo "Signing $ARCH DEB"
+    dpkg-sig --sign builder -k $SIGNKEY $i || (cat /tmp/gpg-agent.log; exit 1)
+fi

images/integration/Dockerfile

@@ -0,0 +1,10 @@
+FROM debian:buster-slim
+
+ARG conf_file=/conf/tyk-pump/tyk-pump.conf
+
+ADD pump.tar.gz /opt/tyk-pump
+
+VOLUME ["/conf"]
+WORKDIR /opt/tyk-pump
+
+ENTRYPOINT ["/opt/tyk-pump/tyk-pump", "--conf=${conf_file}"]

integration/image/Dockerfile

@@ -0,0 +1,16 @@
+# Generated on: Wed Jul  8 11:06:49 IST 2020
+
+# Generated by: wf-gen from tyk-ci
+
+FROM debian:buster-slim
+
+ADD tyk-pump.tar.gz /opt/tyk-pump
+
+VOLUME ["/conf"]
+WORKDIR /opt/tyk-pump
+
+ENTRYPOINT ["/opt/tyk-pump/tyk-pump" ]
+CMD [ "--conf=/conf/tyk-pump/tyk-pump.conf" ]
+# Local Variables:
+# mode: dockerfile
+# End:

integration/terraform/outputs.tf

@@ -0,0 +1,23 @@
+# Generated by: wf-gen from tyk-ci
+# Generated at: Thu  2 Jul 03:46:35 IST 2020
+
+data "terraform_remote_state" "integration" {
+  backend = "remote"
+
+  config = {
+    organization = "Tyk"
+    workspaces = {
+      name = "dev-euc1"
+    }
+  }
+}
+
+output "tyk-pump" {
+  value = data.terraform_remote_state.integration.outputs.tyk-pump
+  description = "ECR creds for tyk-pump repo"
+}
+
+output "region" {
+  value = data.terraform_remote_state.integration.outputs.region
+  description = "Region in which the env is running"
+}

utils

@@ -0,0 +1 @@
+bin