Build api

.env.example

@@ -12,4 +12,10 @@ KUBERNETES_CERT_FILENAME=./tokens/ca.crt
 # if not set, the image is build with local tag and will not be pushed
 REGISTRY=
 # namespace is required if REGISTRY is set
-NAMESPACE=
+NAMESPACE=
+
+REGISTRY_HOST=http://127.0.0.1:5000
+REGISTRY_USER=opsuser
+REGISTRY_PASS=password
+
+ADMIN_API_URL=http://127.0.0.1:5002

.github/cisetup.sh

@@ -18,3 +18,4 @@
 #
 sudo sh -c "$(curl --location https://taskfile.dev/install.sh)" -- -d -b /usr/local/bin
 sudo apt-get -y install curl wget jq
+pip install uv

.github/workflows/check.yml

@@ -34,3 +34,12 @@ jobs:
           submodules: recursive
       - name: License   
         uses: apache/skywalking-eyes@main
+      - name: Set up Python 3.12
+        uses: actions/setup-python@v4
+        with:
+          python-version: 3.12
+      - name: Setup
+        run: bash .github/cisetup.sh
+      - name: Unit Tests
+        run: task utest
+        continue-on-error: false

.licenserc.yaml

@@ -28,6 +28,7 @@ header:
     - 'LICENSE'
     - 'NOTICE'
     - 'DISCLAIMER'
+    - 'deploy/samples/requirements.txt'
     - '**/*.json'
     - '**/*.service'
     - '**/*.txt'

README.md

@@ -34,18 +34,23 @@ Available APIs at the moment:
 
 `PATCH /system/api/v1/auth/{login}` - Update the user password patching the corresponding wsku/\<login\> entry.
 
+### Build API
+
+`POST /system/api/v1/build` - Perform the build of a custom image and push it to repository.
+
+More informations [Here](docs/DEPLOYER.md)
+
 ### Info API
 
 `GET /system/info` - Info endpoint
 
-
 ## Developer instructions
 
 You need to have access to be Apache OpenServerless admin and have access to kubernetes cluster.
 
 Refer to the [Apache OpenServerless installation page](https://openserverless.apache.org/docs/installation/install/docker/): 
 
-Give the command `task setup-developer` and it will:
+Give the command `task dev:setup-developer` and it will:
 
 - extract the required ca.crt and token from operator service account
 - copy a sample .env file
@@ -61,14 +66,22 @@ Open http://localhost:5002/system/apidocs/ to see the API documentation.
 Taskfile supports the following tasks:
 
 ```yaml
-* build:                 Build the image locally
-* build-and-load:        Build the image and loads it to local Kind cluster
-* buildx:                Build the docker image using buildx. Set PUSH=1 to push the image to the registry. 
-* docker-login:          Login to the docker registry. Set REGISTRY=ghcr or REGISTRY=dockerhub in .env to use the respective registry. 
-* get-tokens:            Get Service Account tokens and save them to tokens directory
-* image-tag:             Create a new tag for the current git commit.       
-* run:                   Run the admin api locally, using configuration from .env file 
-* setup-developer:       Setup developer environment
+* build:                       Build the image locally
+* build-and-load:              Build the image and loads it to local Kind cluster
+* buildx:                      Build the docker image using buildx. Set PUSH=1 to push the image to the registry. 
+* docker-login:                Login to the docker registry. Set REGISTRY=ghcr or REGISTRY=dockerhub in .env to use the respective registry. 
+* image-tag:                   Create a new tag for the current git commit.       
+* builder:cleanjobs:           Clean up old jobs
+* builder:delete-image:        Delete an image from the registry
+* builder:get-image:           Get an image from the registry
+* builder:list-catalogs:       List catalogs in the registry
+* builder:list-images:         List images in a specific catalog
+* builder:logs:                Show logs of the last build job
+* builder:send:                Send the build to the server
+* builder:updatetoml:          Update the buildkitd.toml file config map
+* dev:get-tokens:              Get Service Account tokens and save them to tokens directory
+* dev:run:                     Run the admin api locally, using configuration from .env file 
+* dev:setup-developer:         Setup developer environment
 ```
 
 ## Build and push
@@ -128,4 +141,8 @@ $ git push apache 0.1.0-incubating.2507270910
 ```
 
 This will trigger the build workflow, and the process will be visible at
-https://github.com/apache/openserverless-admin-api/actions
+https://github.com/apache/openserverless-admin-api/actions
+
+## Additional Documentation
+
+- [Deployer](docs/DEPLOYER.md)

TODO.md

@@ -0,0 +1,28 @@
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one
+  ~ or more contributor license agreements.  See the NOTICE file
+  ~ distributed with this work for additional information
+  ~ regarding copyright ownership.  The ASF licenses this file
+  ~ to you under the Apache License, Version 2.0 (the
+  ~ "License"); you may not use this file except in compliance
+  ~ with the License.  You may obtain a copy of the License at
+  ~
+  ~   http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  ~
+-->
+# TODO
+
+## Tests
+Add integration and unit tests
+
+## Various
+
+- [ ] `openserverless.common.whis_user_data.py` - Add `with_` blocks for other new OpenServerless Services
+- [ ] `openserverless.common.whisk_user_generator` - Check if `generate_whisk_user_yaml` is complete

Taskfile.yml

@@ -27,32 +27,14 @@ vars:
 
 dotenv:
  - .env  
-
-tasks:
 
-  get-tokens:
-    desc: "Get Service Account tokens and save them to tokens directory"
-    silent: true
-    cmds:
-      - mkdir -p tokens
-      - kubectl get secret nuvolaris-wsku-secret -o jsonpath='{.data.token}' | base64 --decode > tokens/token
-      - kubectl get secret nuvolaris-wsku-secret -o jsonpath='{.data.ca\.crt}' | base64 --decode > tokens/ca.crt
+includes:
+  builder:
+    taskfile: TaskfileBuilder.yml
+  dev:
+    taskfile: TaskfileDev.yml
 
-  setup-developer:
-    desc: "Setup developer environment"
-    silent: true
-    cmds:
-      - task: get-tokens
-      - |
-        if [ ! -f .env ]; 
-        then cp .env.example .env
-          echo "Please edit .env file with your local CouchDB and Kubernetes credentials"
-        fi
-      - |
-        if [ ! -d .venv ];
-        then uv venv
-        fi
-      - uv pip install -r pyproject.toml 2>/dev/null 
+tasks:
 
   docker-login-ghcr: >
     silent: true
@@ -145,8 +127,11 @@ tasks:
         IMG="$BASEIMG:{{.TAG}}"
         kind load docker-image $IMG --name=nuvolaris
 
-  run:
-    desc: |
-      Run the admin api locally, using configuration from .env file
+  utest:
     cmds:
-      - uv run -m openserverless
+      - |
+        for test in openserverless/common/{{.T}}*.py
+        do  echo "*** [{{.KUBE}}] $test"
+            uv run python3 -m doctest -o ELLIPSIS $test {{.CLI_ARGS}}
+        done
+    silent: true

TaskfileBuilder.yml

@@ -0,0 +1,107 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+version: '3'
+
+tasks:
+
+  send:
+    desc: Send the build to the server
+    vars:
+      AUTH:
+        sh: cat ~/.wskprops | grep "AUTH" | cut -d'=' -f2 | xargs -I {}
+    cmds:
+      - if test -z "{{.SOURCE}}"; then echo "SOURCE IS NOT SET" && exit 1; fi
+      - if test -z "{{.TARGET}}"; then echo "TARGET IS NOT SET" && exit 1; fi
+      - if test -z "{{.KIND}}"; then echo "KIND IS NOT SET" && exit 1; fi
+      - |
+        echo '{"source": "{{.SOURCE}}", "target": "{{.TARGET}}", "kind": "{{.KIND}}", "file": "{{.REQUIREMENTS}}" }' | \
+        curl -X POST $ADMIN_API_URL/api/v1/build -H "Content-Type: application/json" -H "Authorization: {{.AUTH}}" -d @-
+      - sleep 5
+      - task: logs
+    deps:
+      - cleanjobs
+      # - updatetoml
+    silent: true
+
+  logs:
+    desc: Show logs of the last build job
+    cmds:
+      - kubectl -n nuvolaris logs $(kubectl get jobs.batch -o name | grep "build-") -c buildkit --follow
+    silent: false
+
+  cleanjobs:
+    desc: Clean up old jobs
+    cmds:
+      - for I in $(kubectl get jobs -n nuvolaris | grep build | awk '{ print $1 }' | tr "\n" " "); do kubectl delete job $I; done
+      - for I in $(kubectl get cm -n nuvolaris | grep "cm-" | awk '{ print $1 }' | tr "\n" " "); do kubectl delete cm $I; done
+    silent: true
+
+  updatetoml:
+    desc: Update the buildkitd.toml file config map
+    cmds:
+      - |
+        if test $(kubectl -n nuvolaris get cm -o name | grep nuvolaris-buildkitd-conf | wc -l) -gt 0; 
+          then kubectl -n nuvolaris delete configmap nuvolaris-buildkitd-conf
+        fi
+      - kubectl -n nuvolaris create configmap nuvolaris-buildkitd-conf --from-file=deploy/buildkit/buildkitd.toml
+    silent: true
+
+  list-catalogs:
+    desc: List catalogs in the registry
+    cmds:
+      - curl -u $REGISTRY_USER:$REGISTRY_PASS $REGISTRY_HOST/v2/_catalog
+    silent: false
+
+  list-images:
+    desc: List images in a specific catalog
+    vars:
+      CATALOG: '{{.CATALOG}}'
+    cmds:
+      - if test -z "{{.CATALOG}}"; then echo "CATALOG IS NOT SET" && exit 1; fi
+      - curl -u $REGISTRY_USER:$REGISTRY_PASS $REGISTRY_HOST/v2/{{.CATALOG}}/tags/list
+    silent: false
+
+  get-image:
+    desc: Get an image from the registry
+    vars:
+      IMAGE: '{{.IMAGE}}'
+      IMAGE_NAME:
+        sh: echo '{{.IMAGE}}' | cut -d':' -f1
+      HASH:
+        sh: echo '{{.IMAGE}}' | cut -d':' -f2
+    cmds:
+      - echo "Getting image {{.IMAGE_NAME}} with hash {{.HASH}}"
+      - curl -u $REGISTRY_USER:$REGISTRY_PASS $REGISTRY_HOST/v2/{{.IMAGE_NAME}}/manifests/{{.HASH}}
+    silent: false
+
+  delete-image:
+    desc: Delete an image from the registry
+    vars:
+      IMAGE: '{{.IMAGE}}'
+      IMAGE_NAME:
+        sh: echo '{{.IMAGE}}' | cut -d':' -f1
+      HASH:
+        sh: echo '{{.IMAGE}}' | cut -d':' -f2
+      MANIFEST_DIGEST:
+        sh: curl --silent -u $REGISTRY_USER:$REGISTRY_PASS $REGISTRY_HOST/v2/{{.IMAGE_NAME}}/manifests/{{.HASH}} | grep -i 'Docker-Content-Digest:' | awk '{print $2}' | tr -d '\r'
+    cmds:
+      - echo 'Deleting image {{.IMAGE}}'
+      - echo "Deleting manifest {{.MANIFEST_DIGEST}} for image {{.IMAGE_NAME}}"
+      - curl -u $REGISTRY_USER:$REGISTRY_PASS -X DELETE $REGISTRY_HOST/v2/{{.IMAGE_NAME}}/manifests/{{.MANIFEST_DIGEST}}
+    silent: false

TaskfileDev.yml

@@ -0,0 +1,50 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+version: '3'
+
+tasks:
+  get-tokens:
+    desc: "Get Service Account tokens and save them to tokens directory"
+    silent: true
+    cmds:
+      - mkdir -p tokens
+      - kubectl get secret nuvolaris-wsku-secret -o jsonpath='{.data.token}' | base64 --decode > tokens/token
+      - kubectl get secret nuvolaris-wsku-secret -o jsonpath='{.data.ca\.crt}' | base64 --decode > tokens/ca.crt
+
+  setup-developer:
+    desc: "Setup developer environment"
+    silent: true
+    cmds:
+      - task: get-tokens
+      - |
+        if [ ! -f .env ]; 
+        then cp .env.example .env
+          echo "Please edit .env file with your local CouchDB and Kubernetes credentials"
+        fi
+      - |
+        if [ ! -d .venv ];
+        then uv venv
+        fi
+      - uv pip install -r pyproject.toml 2>/dev/null 
+
+  run:
+    desc: |
+      Run the admin api locally, using configuration from .env file
+    cmds:
+      - uv run -m openserverless

deploy/buildkit/buildkitd.toml

@@ -0,0 +1,41 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# =========================
+# Worker OCI (rootlesskit)
+# =========================
+[worker.oci]
+  enabled = true
+  rootless = true
+  no-process-sandbox = true
+  snapshotter = "overlayfs"   # usa overlayfs se il kernel lo consente
+
+[worker.containerd]
+  enabled = false
+
+# =========================
+# Registry HTTP insicuro
+# =========================
+[registry."nuvolaris-registry-svc:5000"]
+  insecure = true
+  http = true
+
+# =========================
+# Logging
+# =========================
+[log]
+  level = "debug"