feat: migrate blob proxy

.forgejo/workflows/functions.yml

@@ -5,26 +5,22 @@ on:
 
 jobs:
   build:
+    strategy:
+      fail-fast: true
+      matrix:
+        function:
+          - comics
+          - blob-proxy
     runs-on: ubuntu-latest
     steps:
       - name: Setup Git config
         run: |
           git config --global user.email "ci@icb4dc0.de"
           git config --global user.name "Forgejo Actions"
+
       - name: Setup `spin`
         uses: fermyon/actions/spin/setup@v1
 
-      - name: Setup argocd CLI
-        run: |
-          curl -sSL -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-arm64
-          chmod +x /usr/local/bin/argocd
-          argocd version --client
-
-      - name: Setup kustomize
-        run: |
-          unset GITHUB_TOKEN
-          curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash -s -- /usr/local/bin
-
       - name: Setup Go 1.23.x
         uses: actions/setup-go@v5
         with:
@@ -48,20 +44,31 @@ jobs:
 
       - name: Build
         run: |
-          spin registry push --build code.icb4dc0.de/infrastructure/functions/comics:${{ github.sha }}
+          spin registry push --build code.icb4dc0.de/infrastructure/functions/${{ matrix.function }}:${{ github.sha }}
         working-directory: comics
 
       - name: Update image reference
         run: |
-          kustomize edit set image comics=code.icb4dc0.de/infrastructure/functions/comics:${{ github.sha }}
+          kustomize edit set image ${{ matrix.function }}=code.icb4dc0.de/infrastructure/functions/${{ matrix.function }}:${{ github.sha }}
           git add kustomization.yaml
-          git commit -m "chore(deploy): update comics image reference"
+          git commit -m "chore(deploy): update ${{ matrix.function }} image reference"
           git push
         working-directory: deploy
 
+  deploy:
+    runs-on: ubuntu-latest
+    needs:
+      - build
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref_name }}
+
       - name: Upsert Argo App
         run: |
           argocd app create functions -f deploy/argo-app.yaml --upsert --server argo-cd-argocd-server.argo-system.svc --auth-token ${{ secrets.ARGOCD_TOKEN }} --plaintext
+
       - name: Deploy KubeSpin apps
         run: |
           argocd app sync functions --server argo-cd-argocd-server.argo-system.svc --auth-token ${{ secrets.ARGOCD_TOKEN }} --plaintext --assumeYes

blob-proxy/.gitignore

@@ -0,0 +1,2 @@
+main.wasm
+.spin/

blob-proxy/go.mod

@@ -0,0 +1,10 @@
+module github.com/blob_proxy
+
+go 1.23
+
+require (
+	github.com/fermyon/spin-go-sdk v0.0.0-20250115171427-1ec2bbb84009
+	github.com/fermyon/spin/sdk/go/v2 v2.2.0
+)
+
+require github.com/julienschmidt/httprouter v1.3.0 // indirect

blob-proxy/go.sum

@@ -0,0 +1,6 @@
+github.com/fermyon/spin-go-sdk v0.0.0-20250115171427-1ec2bbb84009 h1:dP4VrX/4zdnjQ2dx3HBmPxbkbcnVL0Y/0NWUN7XyCyY=
+github.com/fermyon/spin-go-sdk v0.0.0-20250115171427-1ec2bbb84009/go.mod h1:9GoW1+MR0gN1OEinITtjPOzmu0dur3U6ty3pIH/gN24=
+github.com/fermyon/spin/sdk/go/v2 v2.2.0 h1:zHZdIqjbUwyxiwdygHItnM+vUUNSZ3CX43jbIUemBI4=
+github.com/fermyon/spin/sdk/go/v2 v2.2.0/go.mod h1:kfJ+gdf/xIaKrsC6JHCUDYMv2Bzib1ohFIYUzvP+SCw=
+github.com/julienschmidt/httprouter v1.3.0 h1:U0609e9tgbseu3rBINet9P48AI/D3oJs4dN7jwJOQ1U=
+github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=

blob-proxy/main.go

@@ -0,0 +1,80 @@
+package main
+
+import (
+	"encoding/json"
+	"io"
+	"log/slog"
+	"net/http"
+	"os"
+	"path"
+
+	"github.com/fermyon/spin-go-sdk/variables"
+	spinhttp "github.com/fermyon/spin/sdk/go/v2/http"
+)
+
+var (
+	client   = spinhttp.NewClient()
+	logLevel slog.LevelVar
+)
+
+func init() {
+	// call the Handle function
+	spinhttp.Handle(func(w http.ResponseWriter, r *http.Request) {
+		if levelValue, err := variables.Get("log_level"); err == nil {
+			_ = logLevel.UnmarshalText([]byte(levelValue))
+		}
+
+		logger := slog.New(slog.NewJSONHandler(os.Stderr, &slog.HandlerOptions{
+			Level: &logLevel,
+		}))
+
+		logger.Info("Incoming request", slog.String("url", r.URL.String()))
+		mappingValue, err := variables.Get("domain_mapping")
+		if err != nil {
+			panic(err)
+		}
+
+		mapping := make(map[string]string)
+
+		if err := json.Unmarshal([]byte(mappingValue), &mapping); err != nil {
+			panic(err)
+		}
+
+		mappedHost, ok := mapping[r.URL.Host]
+		if !ok {
+			w.WriteHeader(http.StatusNotFound)
+			return
+		}
+
+		if path.Ext(r.URL.Path) == "" {
+			r.URL.Path = path.Join(r.URL.Path, "index.html")
+		}
+
+		r.URL.Host = mappedHost
+		r.URL.Scheme = "https"
+
+		req, err := http.NewRequestWithContext(r.Context(), r.Method, r.URL.String(), nil)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		logger.Info("Forwarding request", slog.String("url", req.URL.String()))
+		resp, err := client.Do(req)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		defer resp.Body.Close()
+
+		logger.Info("Got response", slog.Int("status_code", resp.StatusCode))
+
+		for k, v := range resp.Header {
+			w.Header().Add(k, v[0])
+		}
+
+		w.WriteHeader(resp.StatusCode)
+		_, _ = io.Copy(w, resp.Body)
+	})
+}

blob-proxy/spin.toml

@@ -0,0 +1,24 @@
+spin_manifest_version = 2
+
+[application]
+name = "blob-proxy"
+version = "0.1.0"
+authors = ["Peter Kurfer <peter@icb4dc0.de>"]
+description = ""
+
+[variables]
+domain_mapping = { default = '{"docs.git-age.icb4dc0.de":"1661580-git-age.fsn1.your-objectstorage.com","localhost:3000":"1661580-git-age.fsn1.your-objectstorage.com","docs.supabase-operator.icb4dc0.de":"1661580-supabase-operator-docs.hel1.your-objectstorage.com"}'}
+
+[[trigger.http]]
+route = "/..."
+component = "blob-proxy"
+
+[component.blob-proxy]
+source = "main.wasm"
+allowed_outbound_hosts = [
+    "https://1661580-blog.fsn1.your-objectstorage.com",
+    "https://1661580-supabase-operator-docs.hel1.your-objectstorage.com"
+]
+[component.blob-proxy.build]
+command = "tinygo build -target=wasip1 -gc=leaking -no-debug -scheduler=none -buildmode=c-shared -o main.wasm main.go"
+watch = ["**/*.go", "go.mod"]

deploy/apps/blob-proxy.yaml

@@ -0,0 +1,11 @@
+apiVersion: core.spinkube.dev/v1alpha1
+kind: SpinApp
+metadata:
+  name: blob-proxy
+spec:
+  image: blob-proxy
+  executor: containerd-shim-spin
+  replicas: 2
+  variables:
+    - name: domain_mapping
+      value: '{"www.icb4dc0.de":"1661580-blog.fsn1.your-objectstorage.com","docs.supabase-operator.icb4dc0.de":"1661580-supabase-operator-docs.hel1.your-objectstorage.com"}'

deploy/kustomization.yaml

@@ -4,15 +4,20 @@ kind: Kustomization
 namespace: functions
 
 images:
-- name: comics
-  newName: code.icb4dc0.de/infrastructure/functions/comics
-  newTag: 96cf231814d27f6dc9451e4eef0b7faaa63fc3c5
+  - name: comics
+    newName: code.icb4dc0.de/infrastructure/functions/comics
+    newTag: 96cf231814d27f6dc9451e4eef0b7faaa63fc3c5
+
+  - name: blob-proxy
+    newName: code.icb4dc0.de/infrastructure/functions/blob-proxy
+    newTag: latest
 
 resources:
-- resources/namespace.yaml
-- resources/executor.yaml
-- resources/routes.yaml
-- apps/comics.yaml
+  - resources/namespace.yaml
+  - resources/executor.yaml
+  - resources/routes.yaml
+  - apps/comics.yaml
+  - apps/blob-proxy.yaml
 
 configurations:
-- kustomizeconfig/spinapp.yaml
+  - kustomizeconfig/spinapp.yaml

deploy/resources/routes.yaml

@@ -1,3 +1,4 @@
+---
 apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute
 metadata:
@@ -16,3 +17,19 @@ spec:
       backendRefs:
         - name: comics
           port: 80
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: blog-https
+spec:
+  parentRefs:
+    - name: contour
+      sectionName: https
+      namespace: projectcontour
+  hostnames:
+    - "www.icb4dc0.de"
+  rules:
+    - backendRefs:
+        - name: blob-proxy
+          port: 80