Merge branch 'main' of https://github.com/flipt-io/reverst

* 'main' of https://github.com/flipt-io/reverst: fix(config): only call run if informer not already synced (#33) fix(config): correctly set token supplied via explicit token field (#32) feat(config): support watching k8s secrets directly as token sources (#31) fix(server): call WriteHeader in status interceptor (#30) fix: correct typo and add cancel context handling in watchFSNotify function (#29) feat: rename reverst to reverstd and add a new tunnel client CLI in its place (#28) feat(gh): tag images pushed to main with SHA as latest (#27) fix(server/client): fix propagation of client errors from server to client (#26) chore(gh): run publish on merge_group event type chore(mod): upgrade quic-go to v0.44.0 (#25) fix(server): stop accumulating times and calculate correct ellapsed fix(roundrobbin): ensure current cannot be out of bounds fix(roundrobbin): ensure that evict is only called once chore(dagger): run unit tests 5 times repeatedly test(roundrobbin): add failing case ensuring one call to evict per unique eviction chore(server): add debug logging around metrics endpoint
flipt-io · Jan 10, 2025 · aac82b5 · aac82b5
2 parents a77ae79 + 218b51f
commit aac82b5
Show file tree

Hide file tree

Showing 38 changed files with 1,760 additions and 683 deletions.
diff --git a/.github/workflows/publish-latest.yml b/.github/workflows/publish-latest.yml
@@ -0,0 +1,33 @@
+name: 'Publish Latest'
+
+on:
+  push:
+    branches:
+    - "main"
+
+# limit concurrency of workflow to one run at a time
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+
+jobs:
+  publish-image:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Tag current SHA being pushed to main as latest
+        run: |
+          docker buildx imagetools create \
+            --tag ghcr.io/${{ github.repository }}:latest \
+            ghcr.io/${{ github.repository }}:${{ github.sha }}
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -1,12 +1,11 @@
 name: 'Publish'
 
 on:
-  push:
-    branches:
-    - main
+  workflow_dispatch:
+  merge_group:
 
 jobs:
-  dagger:
+  publish-image:
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -17,8 +16,8 @@ jobs:
       - name: Call Dagger Function
         uses: dagger/dagger-for-github@v5
         with:
-          version: "0.10.3"
+          version: "0.11.6"
           verb: call
-          args: publish --source . --password env:GITHUB_TOKEN
+          args: publish --source . --password env:GITHUB_TOKEN --tag ${{ github.sha }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -2,6 +2,7 @@ name: 'Test'
 
 on:
   pull_request:
+  merge_group:
 
 jobs:
   unit:
@@ -12,9 +13,9 @@ jobs:
       - name: Call Dagger Function
         uses: dagger/dagger-for-github@v5
         with:
-          version: "0.10.3"
+          version: "0.11.6"
           verb: call
-          args: testUnit --source .
+          args: test-unit --source .
 
   integration:
     runs-on: ubuntu-latest
@@ -24,6 +25,6 @@ jobs:
       - name: Call Dagger Function
         uses: dagger/dagger-for-github@v5
         with:
-          version: "0.10.3"
+          version: "0.11.6"
           verb: call
-          args: testIntegration --source .
+          args: test-integration --source .
diff --git a/README.md b/README.md
@@ -1,6 +1,10 @@
 reverst: HTTP reverse tunnels over QUIC
 ---------------------------------------
 
+<p align="center">
+  <img width="300" height="300" src="./docs/gopher-glasses.svg" alt="Tunnel Gopher">
+</p>
+
 > Ti esrever dna ti pilf nwod gnaht ym tup i
 
 Reverst is a (load-balanced) reverse-tunnel server and Go server-client library built on QUIC and HTTP/3.
@@ -17,12 +21,13 @@ The tunnel binary is intended to be deployed on the public internet.
 Client servers then dial out to the tunnels and register themselves on target tunnel groups.
 A tunnel group is a load-balanced set of client-servers, which is exposed through the reverst tunnel HTTP interface.
 
-<p align="center">
-  <img width="800" height="1199" src="./diagram.png" alt="Tunnel Lifecycle">
-</p>
-
 ## Client
 
+[![Go Reference](https://pkg.go.dev/badge/go.flipt.io/reverst/client.svg)](https://pkg.go.dev/go.flipt.io/reverst/client)
+
+The following section refers to the Go tunnel client code.
+This can be added as a dependency to any Go code that requires exposing through a `reverstd` tunnel server.
+
 ### Install
 
 ```console
@@ -35,10 +40,12 @@ go get go.flipt.io/reverst/client
 go install ./client/...
 ```
 
-## Server
+## Server and CLI
 
 ### Building
 
+The following builds both `reverstd` (tunnel server) and `reverst` (tunnel cli client).
+
 ```console
 go install ./cmd/...
 ```
@@ -47,61 +54,23 @@ go install ./cmd/...
 
 Reverst uses Dagger to setup and run an integration test suite.
 
-```console
-dagger call test --source=.
-```
-
-The test suite sets up a tunnel, registers a server-client to the tunnel and then requests the service through the tunnels HTTP interface.
-
-### Running
-
-The following walks through experimenting with the [./examples/simple](./examples/simple) server example.
-This directory contains a number of things needed to stand up reverst and a registering client server:
-
-- The example service in [./examples/simple/main.go](./examples/simple/main.go).
-- Simple self-signed TLS private key and certificate.
-- A tunnel-groups file for routing decisions.
-
-#### Running `reverst`
-
-The following runs the tunnel server with:
-
-- The QUIC tunnel listener on `127.0.0.1:7171`
-- The HTTP serving listener on `127.0.0.1:8181`
-- Logging with `debug` level
-- A TLS server-name of `flipt.dev.local`
-- Some tunnel group definitions with a single tunnel group
-  - The group has the name `flipt.dev.local`
-  - The group is reachable under the same host name
-  - The group requires basic username and password authentication
-- The dummy TLS certificates
+#### Unit
 
 ```console
-go run ./cmd/reverst/... -l debug \
-    -n flipt.dev.local \
-    -g examples/simple/group.yml \
-    -k examples/simple/server.key \
-    -c examples/simple/server.crt
+dagger call testUnit --source=.
 ```
 
-#### Running example server
-
-Now you can run the example server.
-This is a simple HTTP server that responds to all requests with `PONG`.
-It is setup to use the server client to register as a listener on the tunnel.
+#### Integration
 
 ```console
-go run ./examples/simple/main.go --username user --password pass
+dagger call testIntegration --source=.
 ```
 
-#### Making requests
+The test suite sets up a tunnel, registers a server-client to the tunnel and then requests the service through the tunnels HTTP interface.
 
-You can now curl the tunnel and requests will be forward all the way through to the example server.
-Be sure to include the `Host` header, as this is used to route requests to the respective tunnel-group.
+### Examples
 
-```curl
-curl -H 'Host: flipt.dev.local' 127.0.0.1:8181/fo
-```
+Head over to the [examples](./examples) directory for some walkthroughs running `reverstd` and `reverst`.
 
 ### Usage and Configuration
 
@@ -110,12 +79,12 @@ curl -H 'Host: flipt.dev.local' 127.0.0.1:8181/fo
 The following flags can be used to configure a running instance of the `reverst` server.
 
 ```console
-➜  reverst -h
+➜  reverstd -h
 COMMAND
-  reverst
+  reverstd
 
 USAGE
-  reverst [FLAGS]
+  reverstd [FLAGS]
 
 FLAGS
   -l, --log LEVEL                    debug, info, warn or error (default: INFO)
@@ -145,25 +114,25 @@ Both tunnel group sources support watching sources for changes over time (see `-
 
 - Local filesystem (`file://[path]`)
 
-The standard and simplest method is to point reverst at your configuration YAML file on your machine via its path.
+The standard and simplest method is to point `reverstd` at your configuration YAML file on your machine via its path.
 
 ```console
-reverst -g path/to/configuration.yml
+reverstd -g path/to/configuration.yml
 // alternatively:
-reverst -g file:///path/to/configuration.yml
+reverstd -g file:///path/to/configuration.yml
 ```
 
 - Kubernetes ConfigMap `k8s://configmap/[namespace]/[name]/[key]`
 
 Alternatively, you can configure reverst to connect to a Kubernetes API server and fetch / watch configuration from.
 
 ```console
-reverst -g k8s://configmap/default/tunnelconfig/groups.yml
+reverstd -g k8s://configmap/default/tunnelconfig/groups.yml
 ```
 
 **defining**
 
-The reverst server take a path to a YAML encoded file, which identifies the tunnel groups to be hosted.
+The `reverstd` server take a path to a YAML encoded file, which identifies the tunnel groups to be hosted.
 A tunnel group is a load-balancer on which tunneled servers can register themselves.
 The file contains a top-level key groups, under which each tunnel group is uniquely named.