Merge pull request 'flake.nix: switch to crane' (#21) from Armael/tricot:crane into main

Reviewed-on: Deuxfleurs/tricot#21
Reviewed-by: Quentin <quentin@dufour.io>

.woodpecker.yml

@@ -17,9 +17,9 @@ steps:
   - name: build
     image: nixpkgs/nix:nixos-22.05
     commands:
-      - nix build -j4 --extra-experimental-features nix-command --extra-experimental-features flakes .#packages.x86_64-linux.debug
+      - nix build --extra-experimental-features nix-command --extra-experimental-features flakes .#packages.x86_64-linux.debug
 
   - name: test
     image: nixpkgs/nix:nixos-22.05
     commands:
-      - nix build -j4 --extra-experimental-features nix-command --extra-experimental-features flakes .#packages.x86_64-linux.test
+      - nix build --extra-experimental-features nix-command --extra-experimental-features flakes .#packages.x86_64-linux.test

.woodpecker/publish.yaml

@@ -1,18 +0,0 @@
-when:
-  event:
-  - deployment
-  - cron
-
-steps:
-  - name: docker build and publish
-    image: nixpkgs/nix:nixos-22.05
-    environment:
-      DOCKER_AUTH:
-        from_secret: docker_auth
-      commands:
-        - mkdir -p /root/.docker
-        - echo $DOCKER_AUTH > /root/.docker/config.json
-        - export CONTAINER_TAG=${CI_COMMIT_TAG:-$CI_COMMIT_SHA}
-        - nix-build -j4 --extra-experimental-features nix-command --extra-experimental-features flakes .#packages.x86_64-linux.docker
-        - nix-shell -p gzip --run "gunzip -c ./result > image.tar"
-        - nix-shell -p crane --run "crane push ./image.tar dxflrs/tricot:$CONTAINER_TAG"

Dockerfile

@@ -0,0 +1,23 @@
+FROM rust:1.68-buster as builder
+
+RUN apt-get update && \
+    apt-get install -y libssl-dev pkg-config
+
+WORKDIR /srv
+
+# Build dependencies and cache them
+COPY Cargo.* ./
+RUN mkdir -p src && \
+    echo "fn main() {println!(\"if you see this, the build broke\")}" > src/main.rs && \
+    cargo build --release && \
+    rm -r src && \
+    rm target/release/deps/tricot*
+
+# Build final app
+COPY ./src ./src
+RUN cargo build --release
+
+FROM debian:bullseye-slim
+RUN apt-get update && apt-get install -y libssl1.1 iptables ca-certificates
+COPY --from=builder /srv/target/release/tricot /usr/local/sbin/tricot
+CMD ["/usr/local/sbin/tricot"]

README.md

@@ -36,7 +36,7 @@ Tricot uses the following environment variables for its configuration (they can
 
 Backends are configured by adding tags of the following form to the services in Consul:
 
-- `tricot myapp.example.com`: indicates that Tricot should get a TLS certificate for domain myapp.example.com and route traffic for this domain to this service
+- `tricot myapp.example.com`: indicates that Tricot should get a TLS certificate for domain myapp.example.com and route traffic for this domain to this service. Also supports glob patterns (for instance, `tricot *` redirects requests for all domains).
 - `tricot myapp.example.com 10`: same but with a priority of 10. This is lower than the default priority value of 100, so Tricot will only use this rule if no higher-priority services are available.
 - `tricot myapp.example.com/path/to_subresource`: same but indicates that only requests whose paths start with `/path/to/subresource` should be routed to this service
 - `tricot myapp.example.com/path/to_subresource 10`: combining the previous two examples