briceburg

#!/usr/bin/env bash
# 
# usage: JWT_SECRET="silly" mk-jwt-token 
# @WARN: modify the payload and header to your needs.
#  
main(){
  set -eo pipefail

  [ -n "$JWT_SECRET" ] || die "JWT_SECRET environment variable is not set."

briceburg

# add the bellow blocks to your shell startup files (~/.bashrc || ~/.zshrc &c.)
# you will now have awsp-<profile_name> tab completions for activating configured profiles.
_aws-set-profile(){
  echo "activating aws profile: $1" >&2
  export AWS_PROFILE="$1"
  local sso_session="$(aws configure get sso_session 2>/dev/null)"
  if [[ -n "$sso_session" ]]; then
    local expires=$(aws configure export-credentials | jq -r '.Expiration')
    if [[ -z "$expires" || $(gdate --date "$expires" +'%s') -lt $(gdate --date "+2 hours" +'%s') ]]; then
     echo "refreshing sso session" >&2

briceburg

FROM haproxy:2.9-alpine
COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
COPY healthcheck.sh /usr/local/bin/healthcheck.sh
HEALTHCHECK CMD ["/usr/local/bin/healthcheck.sh"]

ARG HEALTHCHECK_PORT="8080"
ARG METRICS_PORT="8405"
# align client and server timeouts with underlying server (e.g. match databaseidle_session_timeout value)
# WARNING: Ports Must be > 1024 in AWS Fargate -- https://github.com/aws/containers-roadmap/issues/1721
ENV \

briceburg

#!/usr/bin/env bash
# dumps the current environment into .env file format (multiline values are quoted) while ignorning common variables.
# additional ignore list can be provided as arguments.

# common variables to ignore
declare -a COMMON_IGNORE_LIST=(
    "_"
    "COLORTERM"
    "GEM_CACHE"
    "GEM_HOME"

briceburg

#!/usr/bin/env python3
# @code-style: black
import argparse, os, sys
import atexit
import psycopg2  # export LIBRARY_PATH=$LIBRARY_PATH:/opt/homebrew/opt/openssl/lib when doing pip install
import difflib
import random


def die(errMsg):

briceburg

services:
  proxy:
    image: mitmproxy/mitmproxy:11.0
    tty: true
    ports:
      - "80:8080"   # proxy
      - "8081:8081" # web ui 
    command: mitmweb --mode reverse:http://backend:3000/ --web-host 0.0.0.0 --set keep_host_header --no-web-open-browser 
    depends_on:
      - backend

briceburg

import com.cloudbees.plugins.credentials.*;
import com.cloudbees.plugins.credentials.domains.Domain;
import org.jenkinsci.plugins.plaincredentials.impl.FileCredentialsImpl;

//
// modify fileName to match the filename of the secret(s) you want to print.
//  (ID would probably be more helpful... yay stack overflow copy pasta)
// alternatively comment out the filter [line 15] to dump all secret files.
// 
def fileName = "secrets.env"

briceburg

#!/bin/bash
set -e

if [ -n "$POSTGRES_DATABASES" ]; then
  echo "POSTGRES_DATABASES provided. Creating multiple databases..." >&2
  IFS=', '; for db in $POSTGRES_DATABASES; do
    echo "Creating '$db'" >&2
    psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-ESQL
      CREATE USER "$db";
      CREATE DATABASE "$db";

briceburg

What is ArgoCD?

ArgoCD does a great job managing application "deployment" configuration across multiple k8s clusters. It does an equally well job maintaining "core" or "baseline" configuration across the clusters (e.g. ingress class CRDs), including the intrinsic ability to manage itself.

It works by watching for configuration changes in registered git repositories and performing a "sync" whenever there is a difference in the manifests it has applied (aka "live") and the ones in git (aka "desired"). "Syncs" can be performed automatically, through the API, or manually -- and the configuration repositories are typically polled for changes every 3m.

GitOps

This concept of responding to and applying infrastructure configuration changes in response to a git repository's state is called "gitops".

briceburg

#!/usr/bin/env bash
set -eo pipefail
project_root="$(cd "$(dirname "$0")/.." ; pwd -P)"

default_env="prod"
default_src="Dockerfile"
default_tag="build:latest"

(
    echo "Build Dir: ${BUILD_DIR:=$project_root}" >&2