add ldflags to go build binary (labring#3679)

* add ldflags to go build binary * make it easier to understand * modify to secret.CONTROLLER_BUILD_CRYPTOKEY
cuisongliu · Aug 15, 2023 · 2bbd1dd · 2bbd1dd
1 parent f03f37a
commit 2bbd1dd
Show file tree

Hide file tree

Showing 7 changed files with 15 additions and 11 deletions.
diff --git a/.github/workflows/controllers.yml b/.github/workflows/controllers.yml
@@ -34,6 +34,7 @@ env:
   # Common versions
   GO_VERSION: "1.20"
   DEFAULT_OWNER: "labring"
+  CRYPTOKEY: ${{ secrets.CONTROLLER_BUILD_CRYPTOKEY }}
 jobs:
   resolve-modules:
     runs-on: ubuntu-20.04

diff --git a/controllers/account/Makefile b/controllers/account/Makefile
@@ -63,7 +63,7 @@ test: manifests generate fmt vet envtest ## Run tests.
 
 .PHONY: build
 build:  ## Build manager binary.
-	CGO_ENABLED=0 GOOS=linux  go build -o bin/manager main.go
+	CGO_ENABLED=0 GOOS=linux go build $(shell [ -n "${CRYPTOKEY}"  ] && echo "-ldflags '-X github.com/labring/sealos/controllers/pkg/crypto.encryptionKey=${CRYPTOKEY} -X github.com/labring/sealos/controllers/pkg/database.cryptoKey=${CRYPTOKEY}'") -o bin/manager main.go
 
 .PHONY: run
 run: manifests generate fmt vet ## Run a controller from your host.

diff --git a/controllers/licenseissuer/Makefile b/controllers/licenseissuer/Makefile
@@ -63,8 +63,8 @@ test: manifests generate fmt vet envtest ## Run tests.
 ##@ Build
 
 .PHONY: build
-build: manifests generate fmt vet ## Build manager binary.
-	CGO_ENABLED=0 GOOS=linux  go build -o bin/manager cmd/main.go
+build:
+	CGO_ENABLED=0 GOOS=linux go build $(shell [ -n "${CRYPTOKEY}"  ] && echo "-ldflags '-X github.com/labring/sealos/controllers/pkg/crypto.encryptionKey=${CRYPTOKEY} -X github.com/labring/sealos/controllers/pkg/database.cryptoKey=${CRYPTOKEY}'") -o bin/manager cmd/main.go
 
 .PHONY: run
 run: manifests generate fmt vet ## Run a controller from your host.

diff --git a/controllers/pkg/crypto/crypto.go b/controllers/pkg/crypto/crypto.go
@@ -33,11 +33,13 @@ import (
 	v1 "github.com/labring/sealos/controllers/licenseissuer/api/v1"
 )
 
-var encryptionKey = []byte("0123456789ABCDEF0123456789ABCDEF")
+const defaultEncryptionKey = "0123456789ABCDEF0123456789ABCDEF"
+
+var encryptionKey = defaultEncryptionKey
 
 // Encrypt encrypts the given plaintext using AES-GCM.
 func Encrypt(plaintext []byte) (string, error) {
-	return EncryptWithKey(plaintext, encryptionKey)
+	return EncryptWithKey(plaintext, []byte(encryptionKey))
 }
 
 // EncryptWithKey encrypts the given plaintext using AES-GCM.
@@ -119,7 +121,7 @@ func DeductBalance(balance *string, amount int64) error {
 
 // Decrypt decrypts the given ciphertext using AES-GCM.
 func Decrypt(ciphertextBase64 string) ([]byte, error) {
-	return DecryptWithKey(ciphertextBase64, encryptionKey)
+	return DecryptWithKey(ciphertextBase64, []byte(encryptionKey))
 }
 
 // DecryptWithKey decrypts the given ciphertext using AES-GCM.

diff --git a/controllers/pkg/database/mongodb.go b/controllers/pkg/database/mongodb.go
@@ -33,7 +33,9 @@ const (
 	MongoPassword = "MONGO_PASSWORD"
 )
 
-var cryptoKey = []byte("Af0b2Bc5e9d0C84adF0A5887cF43aB63")
+const defaultCryptoKey = "Af0b2Bc5e9d0C84adF0A5887cF43aB63"
+
+var cryptoKey = defaultCryptoKey
 
 type MongoDB struct {
 	URL          string
@@ -192,7 +194,7 @@ func (m *MongoDB) GetAllPricesMap() (map[string]common.Price, error) {
 	}
 	var pricesMap = make(map[string]common.Price, len(prices))
 	for i := range prices {
-		price, err := crypto.DecryptInt64WithKey(prices[i].Price, cryptoKey)
+		price, err := crypto.DecryptInt64WithKey(prices[i].Price, []byte(cryptoKey))
 		if err != nil {
 			return nil, fmt.Errorf("decrypt price error: %v", err)
 		}

diff --git a/controllers/resources/Makefile b/controllers/resources/Makefile
@@ -63,8 +63,7 @@ test: manifests generate fmt vet envtest ## Run tests.
 
 .PHONY: build
 build: ## Build manager binary.
-	CGO_ENABLED=0 GOOS=linux go build -o bin/manager main.go
-	CGO_ENABLED=0 GOOS=linux go build -o metering/bin-metering metering/main.go
+	CGO_ENABLED=0 GOOS=linux go build $(shell [ -n "${CRYPTOKEY}"  ] && echo "-ldflags '-X github.com/labring/sealos/controllers/pkg/crypto.encryptionKey=${CRYPTOKEY} -X github.com/labring/sealos/controllers/pkg/database.cryptoKey=${CRYPTOKEY}'") -o bin/manager main.go
 
 .PHONY: run
 run: manifests generate fmt vet ## Run a controller from your host.

diff --git a/controllers/resources/metering/Makefile b/controllers/resources/metering/Makefile
@@ -24,7 +24,7 @@ all: build
 
 .PHONY: build
 build: ## Build manager binary.
-	CGO_ENABLED=0 GOOS=linux go build -o bin/manager main.go
+	CGO_ENABLED=0 GOOS=linux go build $(shell [ -n "${CRYPTOKEY}"  ] && echo "-ldflags '-X github.com/labring/sealos/controllers/pkg/crypto.encryptionKey=${CRYPTOKEY} -X github.com/labring/sealos/controllers/pkg/database.cryptoKey=${CRYPTOKEY}'") -o bin/manager main.go
 
 .PHONY: run
 run: ## Run a controller from your host.