nats runner

Author: khanzadimahdi

.github/workflows/nats.yaml

@@ -0,0 +1,76 @@
+name: Nats Blueprints CI and CD
+
+on:
+  push:
+    paths:
+      - 'nats/**'
+
+  pull_request:
+    paths:
+      - 'nats/**'
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: code-runner
+  BUILD_ARG_VERSION_NAME: NATS_SERVER_VERSION
+concurrency:
+  group: nats-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  ci:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        nats_server_version: [2.10.0]
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Build nats:${{ matrix.nats_server_version }} image
+        uses: ./.github/actions/docker-build
+        with:
+          context: ./nats
+          dockerfile: ./nats/Dockerfile
+          image-name: ${{ env.IMAGE_NAME }}
+          tag: nats-server-${{ matrix.nats_server_version }}
+          push: false
+          container-registry: ${{ env.REGISTRY }}
+          build-arg-version-name: ${{ env.BUILD_ARG_VERSION_NAME }}
+          build-arg-version-value: ${{ matrix.nats_server_version }}
+
+  cd:
+    runs-on: ubuntu-latest
+
+    if: ${{ format('refs/heads/{0}', github.event.repository.default_branch) == github.ref }}
+
+    strategy:
+      matrix:
+        nats_server_version: [2.10.0]
+
+    permissions:
+      packages: write
+      contents: read
+
+    needs:
+      - ci
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Build and push nats:${{ matrix.nats_server_version }} image
+        uses: ./.github/actions/docker-build
+        with:
+          context: ./nats
+          dockerfile: ./nats/Dockerfile
+          image-name: ${{ env.IMAGE_NAME }}
+          tag: nats-server-${{ matrix.nats_server_version }}
+          push: true
+          container-registry: ${{ env.REGISTRY }}
+          container-registry-username: ${{ github.actor }}
+          container-registry-password: ${{ secrets.GITHUB_TOKEN }}
+          build-arg-version-name: ${{ env.BUILD_ARG_VERSION_NAME }}
+          build-arg-version-value: ${{ matrix.nats_server_version }}

nats/Dockerfile

@@ -0,0 +1,35 @@
+# Accept Nats server version as build argument
+ARG NATS_SERVER_VERSION=2.10.0
+
+# ------------------------------------------
+FROM nats:${NATS_SERVER_VERSION}-alpine AS base
+
+# ------------------------------------------
+FROM base AS builder
+
+COPY install.sh /tmp/install.sh
+
+RUN chmod +x /tmp/install.sh && /tmp/install.sh
+
+# ------------------------------------------
+FROM base AS runner
+
+# Install tools
+RUN apk add --no-cache bash coreutils busybox-extras
+
+# Create data directory
+RUN mkdir -p /data
+
+# Copy nats binary from builder image
+COPY --from=builder /usr/local/bin/nats /usr/local/bin/nats
+
+# Copy nats.conf from builder image
+COPY nats.conf /etc/nats/nats-server.conf
+
+# Set working directory
+WORKDIR /app
+
+COPY run.sh /run.sh
+RUN chmod +x /run.sh
+
+ENTRYPOINT ["/run.sh"]

nats/install.sh

@@ -0,0 +1,53 @@
+#!/bin/sh
+
+# Step 1: Detect OS and Architecture
+OS=$(uname | tr '[:upper:]' '[:lower:]')
+ARCH=$(uname -m)
+
+# Normalize architecture name
+case "$ARCH" in
+  x86_64) ARCH="amd64" ;;
+  amd64) ARCH="amd64" ;;
+  aarch64) ARCH="arm64" ;;
+  armv7l) ARCH="arm7" ;;
+  armv6l) ARCH="arm6" ;;
+  i386 | i686) ARCH="386" ;;
+  *) echo "Unsupported arch: $ARCH"; exit 1;;
+esac
+
+# Step 2: Get Latest NATS CLI Version
+VERSION=$(wget --no-check-certificate -qO- https://api.github.com/repos/nats-io/natscli/releases/latest | grep '"tag_name":' | head -n 1 | cut -d '"' -f4)
+
+if [ -z "$VERSION" ]; then
+    echo "Failed to get latest NATS version."
+    exit 1
+fi
+
+echo "Detected OS: $OS"
+echo "Detected Architecture: $ARCH"
+echo "Latest NATS Version: $VERSION"
+
+# Step 3: Build Download URL
+VERSION_NUMBER=$(echo "$VERSION" | sed 's/^v//')
+FILE_NAME="nats-${VERSION_NUMBER}-${OS}-${ARCH}"
+ZIP_FILE="${FILE_NAME}.zip"
+URL="https://github.com/nats-io/natscli/releases/download/${VERSION}/${ZIP_FILE}"
+
+# Step 4: Download and Extract
+wget --no-check-certificate $URL -O /tmp/$ZIP_FILE
+
+if [ $? -ne 0 ]; then
+    echo "Failed to download NATS."
+    exit 1
+fi
+
+cd /tmp
+unzip $ZIP_FILE
+
+# Step 5: Move binary to /usr/local/bin
+mv $FILE_NAME/nats /usr/local/bin/
+
+# Step 6: Cleanup
+rm -rf $ZIP_FILE $FILE_NAME
+
+echo "NATS server installed successfully."

nats/nats.conf

@@ -0,0 +1,80 @@
+# Client port of 4222 on all interfaces
+port: 4222
+
+# Monitoring and metrics
+server_name: "nats-server"
+monitor_port: 8222
+
+# Enable JetStream
+jetstream {
+  store_dir: "/data/jetstream"
+  max_mem: 5MB
+  max_file: 2MB
+}
+
+# Logging configuration
+logtime: true
+log_file: "/data/nats.log"
+debug: false
+trace: false
+
+# Connection limits and timeouts
+max_connections: 5
+max_subscriptions: 0
+max_payload: 1MB
+max_pending: 2MB
+write_deadline: 5s
+max_control_line: 4096
+
+
+# Account Structure
+# --------------------------------------------------
+# 1. SYS Account (System Account)
+#   User: sys / syspass
+#   Purpose: System operations and monitoring
+#   Permissions: Can only access $SYS.> subjects
+#   Exports: System services for other accounts
+
+# 3. Authorization Section
+#   User: ruser / T0pS3cr3t
+#   Purpose: Cluster route authentication
+#   Permissions: Full access for cluster routing
+
+# Define accounts: SYS for system operations and CLUSTER for cluster communication
+accounts: {
+  SYS: {
+    users: [
+      {
+        user: sys
+        password: syspass
+        permissions: {
+          publish: {
+            allow: ["$SYS.>", "_INBOX.>"]
+          }
+          subscribe: {
+            allow: ["$SYS.>", "_INBOX.>"]
+          }
+        }
+      }
+    ]
+    exports: [
+      { service: "$SYS.>" }
+    ]
+  },
+}
+
+# System account config
+system_account: SYS
+
+authorization: {
+  users: [
+    {
+      user: "ruser"
+      password: "T0pS3cr3t"
+      permissions: {
+        publish: ">"
+        subscribe: ">"
+      }
+    }
+  ]
+}

nats/readme.md

@@ -0,0 +1,33 @@
+This Dockerfile will creates a docker image which can be used to run `nats` commands.
+
+# How to build
+
+```
+# building with nats-server 2.10.0
+docker build --build-arg NATS_SERVER_VERSION=2.10.0 -t code-runner:nats-2.10.0 .
+```
+
+The Nodejs version can be specified by passing the `NATS_SERVER_VERSION` argument to the `docker build` command.
+
+# How to use
+
+1. Run code with default timeout
+
+```sh
+docker run --rm code-runner:nats-2.10.0 'nats --user=mahdi account info'
+```
+
+2. Run code with custom timeout
+
+```sh
+docker run --rm code-runner:nats-2.10.0 --timeout 3 'nats --user=mahdi account info'
+```
+
+3. Multiline + custom timeout
+
+```sh
+docker run --rm -i code-runner:nats-2.10.0 --timeout 5 <<EOF
+nats account info && \
+nats stream ls
+EOF
+```

nats/run.sh

@@ -0,0 +1,111 @@
+#!/bin/bash
+
+start_nats_server() {
+    # Run nats-server and purge its logs
+    nats-server --config /etc/nats/nats-server.conf > /dev/null 2>&1 &
+
+    # Wait for nats-server to be ready
+    timeout_seconds=10
+    start_time=$(date +%s.%N)
+    deadline_time=$(echo "$start_time + $timeout_seconds" | bc -l)
+    while ! timeout 1 nats --user=sys --password=syspass server ping >/dev/null 2>&1; do
+        sleep 0.2
+        current_time=$(date +%s.%N)
+        if (( $(echo "$current_time > $deadline_time" | bc -l) )); then
+            echo "⏰ Nats server failed to start after ${timeout_seconds} seconds."
+            exit 1
+        fi
+    done
+}
+
+stop_nats_server() {
+    # kill nats-server
+    kill -9 $(pgrep nats-server)
+
+    # wait for nats-server to exit
+    wait $(pgrep nats-server)
+}
+
+parse_args() {
+    TIMEOUT=10
+    while [[ "$#" -gt 0 ]]; do
+        case $1 in
+            --timeout)
+                TIMEOUT="$2"
+                shift 2
+                ;;
+            *)
+                COMMAND_ARGS=("$@")
+                break
+                ;;
+        esac
+    done
+}
+
+read_command_from_stdin() {
+    if [ ${#COMMAND_ARGS[@]} -eq 0 ] && [ ! -t 0 ]; then
+        COMMAND=$(cat -)
+        COMMAND_ARGS=($COMMAND)
+    fi
+}
+
+preprocess_command() {
+    if [ ${#COMMAND_ARGS[@]} -eq 0 ]; then
+        echo "No command provided."
+        exit 1
+    fi
+    if [ ${#COMMAND_ARGS[@]} -eq 1 ] && [[ "${COMMAND_ARGS[0]}" == *" "* ]]; then
+        COMMAND_ARGS=(${COMMAND_ARGS[0]})
+    fi
+    COMMAND_STR="${COMMAND_ARGS[*]}"
+
+    # Handle line continuations
+    COMMAND_STR=$(echo "$COMMAND_STR" | sed 's/\\[[:space:]]/ /g')
+    COMMAND_STR=$(echo "$COMMAND_STR" | sed 's/\\$//g')
+}
+
+add_auth_flags() {
+    # Replace both && and ; with a single delimiter for splitting
+    # IFS cannot handle multi-character sequences like &&, so we use sed to replace them
+    SPLIT_CLEANED_COMMAND=$(echo "$COMMAND_STR" | sed 's/&&/|/g; s/;/|/g')
+
+    IFS='|' read -ra SUBCOMMANDS <<< "$SPLIT_CLEANED_COMMAND"
+    AUTH_COMMANDS=()
+    for subcommand in "${SUBCOMMANDS[@]}"; do
+        subcommand=$(echo "$subcommand" | sed 's/^[[:space:]]*//;s/[[:space:]]*$//')
+        if [[ -z "$subcommand" ]]; then
+            continue
+        fi
+        if [[ "$subcommand" =~ ^nats ]]; then
+            # Remove any existing auth flags
+            subcommand=$(echo "$subcommand" | sed -E 's/--user(=[^ ]+| [^ ]+)? ?//g; s/--password(=[^ ]+| [^ ]+)? ?//g')
+
+            # Add auth flags
+            auth_subcommand=$(echo "$subcommand" | sed 's/^nats/& --user=ruser --password=T0pS3cr3t/')
+            AUTH_COMMANDS+=("$auth_subcommand")
+        else
+            AUTH_COMMANDS+=("$subcommand")
+        fi
+    done
+    PROCESSED_COMMAND=$(printf '%s && ' "${AUTH_COMMANDS[@]}" | sed 's/ && $//')
+}
+
+run_commands() {
+    start_nats_server
+    timeout "$TIMEOUT" bash -c "$PROCESSED_COMMAND"
+    if [ $? -eq 124 ]; then
+        stop_nats_server
+        echo "⏰ Execution timed out after ${TIMEOUT} seconds."
+        exit 124
+    fi
+}
+
+main() {
+    parse_args "$@"
+    read_command_from_stdin
+    preprocess_command
+    add_auth_flags
+    run_commands
+}
+
+main "$@"