Handle signing key and event key

.github/workflows/deploy.yml

@@ -0,0 +1,79 @@
+name: Deploy
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  build_and_deploy:
+    name: Build and Deploy
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_GH_ACTION_ACCESS }}
+          aws-region: ${{ vars.AWS_REGION }}
+
+      - name: Login to AWS ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+
+      - name: Image metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ steps.login-ecr.outputs.registry }}/rust-sdk
+          tags: |
+            type=sha,prefix=
+
+      - name: Build and Push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          provenance: false
+          file: inngest/examples/axum/Dockerfile
+          tags: ${{ steps.meta.outputs.tags }}
+          platform: linux/amd64
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Replace placeholders in kustomize
+        working-directory: deploy
+        run: |
+          # image name
+          sed -i "s/IMAGE_NAME/${{ steps.login-ecr.outputs.registry }}\/rust-sdk/g" kustomization.yaml
+
+          # image tag
+          sed -i "s/IMAGE_TAG/${{ env.DOCKER_METADATA_OUTPUT_VERSION }}/g" kustomization.yaml
+
+          # siging key
+          sed -i "s/REPLACE_SIGNING_KEY/${{ secrets.INNGEST_SIGNING_KEY }}/g" kustomization.yaml
+
+          # event key
+          sed -i "s/REPLACE_EVENT_KEY/${{ secrets.INNGEST_EVENT_KEY }}/g" kustomization.yaml
+
+          # TLS cert - use % as separator instead
+          sed -i 's%REPLACE_TLS_CERT_ARN%${{ secrets.TLS_CERT_ARN }}%g' service.yaml
+
+      - name: Deploy
+        uses: ianbelcher/eks-kubectl-action@master # ALERT: master...?
+        with:
+          cluster_name: ${{ secrets.EKS_CLUSTER_NAME }}
+          kubernetes_version: v1.28.4
+          eks_role_arn: ${{ secrets.EKS_ACCESS_ARN }}
+          args: apply -k ./deploy

deploy/deployment.yaml

@@ -0,0 +1,53 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: rust-sdk
+spec:
+  replicas: 2
+  revisionHistoryLimit: 5
+  template:
+    spec:
+      topologySpreadConstraints:
+        - topologyKey: "topology.kubernetes.io/zone"
+          maxSkew: 1
+          whenUnsatisfiable: ScheduleAnyway
+          labelSelector:
+            matchLabels:
+              app: rust-sdk
+      serviceAccountName: rust-sdk
+      containers:
+        - image: rust-sdk:TO_BE_REPLACED
+          imagePullPolicy: IfNotPresent
+          name: axum
+          ports:
+            - containerPort: 3000
+          resources:
+            limits:
+              memory: 100Mi
+            requests:
+              cpu: 0.5
+          envFrom:
+            - configMapRef:
+                name: common
+          livenessProbe:
+            httpGet:
+              path: /
+              port: 3000
+            initialDelaySeconds: 3
+            periodSeconds: 10
+            successThreshold: 1
+            failureThreshold: 3
+          readinessProbe:
+            httpGet:
+              path: /
+              port: 3000
+            initialDelaySeconds: 3
+            periodSeconds: 10
+            successThreshold: 3
+            failureThreshold: 3
+          lifecycle:
+            # required for LB to register and drain target
+            # ref: https://aws.github.io/aws-eks-best-practices/networking/loadbalancing/loadbalancing/#ensure-pods-are-deregistered-from-load-balancers-before-termination
+            preStop:
+              exec:
+                command: ["/bin/sh", "-c", "sleep 180"]

deploy/kustomization.yaml

@@ -0,0 +1,29 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: rust-sdk
+
+commonLabels:
+  app: rust-sdk
+  app.kubernetes.io/managed-by: kustomize
+
+configMapGenerator:
+  - name: common
+    literals:
+      - INNGEST_SERVE_ORIGIN=https://rust-sdk.inngest.net
+      - INNGEST_EVENT_API_ORIGIN=https://stage.inn.gs
+      - INNGEST_API_ORIGIN=https://api.inngest.net
+
+      - INNGEST_SIGNING_KEY=REPLACE_SIGNING_KEY
+      - INNGEST_EVENT_KEY=REPLACE_EVENT_KEY
+
+resources:
+  - namespace.yaml
+  - serviceaccount.yaml
+  - service.yaml
+  - deployment.yaml
+
+images:
+  - name: rust-sdk
+    newName: "IMAGE_NAME"
+    newTag: "IMAGE_TAG"

deploy/namespace.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: rust-sdk
+  labels:
+    # required to make sure pods are ready after LB has completed their health checks
+    elbv2.k8s.aws/pod-readiness-gate-inject: enabled

deploy/service.yaml

@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: rust-sdk
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-name: rust-sdk
+    service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+    service.beta.kubernetes.io/aws-load-balancer-ip-address-type: dualstack
+    service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
+    service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: preserve_client_ip.enabled=true
+    service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy: ELBSecurityPolicy-TLS13-1-2-2021-06
+    service.beta.kubernetes.io/aws-load-balancer-attributes: load_balancing.cross_zone.enabled=true
+    service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: env=staging,app=rust-sdk
+    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: REPLACE_TLS_CERT_ARN
+    # external DNS integration test
+    external-dns.alpha.kubernetes.io/hostname: rust-sdk.inngest.net
+spec:
+  type: LoadBalancer
+  ports:
+    - name: tcp
+      port: 443
+      targetPort: 3000
+      protocol: TCP

deploy/serviceaccount.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rust-sdk
+  labels:
+    service: rust-sdk

flake.nix

@@ -29,6 +29,7 @@
 
             # LSP
             rust-analyzer
+            nodePackages.yaml-language-server
           ];
 
           RUST_SRC_PATH =

inngest/Cargo.toml

@@ -21,7 +21,11 @@ slug = "0.1.4"
 typetag = "0.2.13"
 inngest_macros = { path = "../macros" }
 futures = "0.3.30"
+regex = "1.11.0"
 
 # used for step encoding in SDK
 sha1 = "0.10.6"
 base16 = "0.2.1"
+url = "2.5.2"
+sha2 = "0.10.8"
+hmac = "0.12.1"

inngest/examples/axum/Dockerfile

@@ -0,0 +1,16 @@
+FROM rust:1.79-bookworm AS build
+
+RUN apt-get update && apt-get install -y adduser ca-certificates tzdata curl dnsutils && update-ca-certificates
+
+WORKDIR /app
+COPY . .
+
+RUN cargo build --example axum --release
+
+FROM ubuntu:24.04 AS runner
+RUN apt update && apt install -y adduser wget ca-certificates tzdata curl dnsutils && update-ca-certificates
+
+COPY --from=build /app/target/release/examples/axum /bin/main
+
+USER ubuntu
+CMD ["main"]

inngest/examples/axum/main.rs

@@ -1,16 +1,16 @@
 use axum::{
     routing::{get, put},
-    Json, Router,
+    Router,
 };
 use inngest::{
+    client::Inngest,
     event::Event,
     function::{create_function, FunctionOps, Input, ServableFn, Trigger},
     handler::Handler,
     into_dev_result,
-    result::{DevError, Error, InngestResult},
+    result::{DevError, Error},
     serve,
     step_tool::{InvokeFunctionOpts, Step as StepTool, WaitForEventOpts},
-    Inngest,
 };
 use serde::{Deserialize, Serialize};
 use serde_json::{json, Value};
@@ -29,15 +29,17 @@ async fn main() {
     let inngest_state = Arc::new(inngest_handler);
 
     let app = Router::new()
-        .route("/", get(|| async { "Hello, World!" }))
+        .route("/", get(|| async { "OK!\n" }))
         .route(
             "/api/inngest",
             put(serve::axum::register).post(serve::axum::invoke),
         )
         .with_state(inngest_state);
 
+    let addr = "[::]:3000".parse::<std::net::SocketAddr>().unwrap();
+
     // run it with hyper on localhost:3000
-    axum::Server::bind(&"0.0.0.0:3000".parse().unwrap())
+    axum::Server::bind(&addr)
         .serve(app.into_make_service())
         .await
         .unwrap();
@@ -138,7 +140,7 @@ fn hello_fn() -> ServableFn<TestData, Error> {
             let evt = &input.event;
             println!("Event: {}", evt.name);
 
-            step.sleep_until("sleep", 1727245659000)?;
+            step.sleep("wait-5s", Duration::from_secs(5))?;
 
             Ok(json!("test hello"))
         },

inngest/examples/send_events/main.rs

@@ -1,4 +1,4 @@
-use inngest::{event::Event, Inngest};
+use inngest::{client::Inngest, event::Event};
 use serde::{Deserialize, Serialize};
 
 #[derive(Serialize, Deserialize, Clone, Debug)]