Add support for Docker engine #914
Draft
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ezekg
force-pushed
the
feature/docker-engine
branch
3 times, most recently
from
49c2e66
to
ba9255f
Compare
ezekg
commented
Nov 9, 2024
ezekg
commented
Nov 10, 2024
ezekg
commented
Nov 10, 2024
| require 'minitar' | ||
| require 'zlib' | ||
|
|
||
| class ProcessDockerImageWorker < BaseWorker |
There was a problem hiding this comment.
This worker should be in a high_memory queue.
ezekg
commented
Nov 10, 2024
ezekg
commented
Nov 10, 2024
ezekg
force-pushed
the
feature/docker-engine
branch
4 times, most recently
from
576478c
to
39740c4
Compare
reverts commit 04dabba.
ezekg
force-pushed
the
feature/docker-engine
branch
2 times, most recently
from
7758cb0
to
a4c8292
Compare
ezekg
commented
Nov 15, 2024
app/controllers/api/v1/release_engines/oci/manifests_controller.rb
Outdated
Show resolved
Hide resolved
| @@ -86,6 +86,8 @@ def render_forbidden(**kwargs) | |||
|
|
|||
| respond_to do |format| | |||
| format.any { | |||
| response.content_type = Mime::Type.lookup_by_extension(:jsonapi) | |||
There was a problem hiding this comment.
I think we should respond with a JSON content type if asked (or if the route uses the :json format), instead of always responding with JSONAPI.
| response.content_type = Mime::Type.lookup_by_extension(:jsonapi) | ||
| in json: | ||
| in json: _ |
There was a problem hiding this comment.
This can respond with JSONAPI depending on route format and accept header, since JSON and JSONAPI are often synonymous.
ezekg
force-pushed
the
feature/docker-engine
branch
from
a4c8292
to
306a26c
Compare
- oci expects any manifest to be referenceable not just the index
ezekg
force-pushed
the
feature/docker-engine
branch
from
306a26c
to
da5fa6b
Compare
ezekg
commented
Nov 15, 2024
| descriptor = package.descriptors.find_by!(content_digest: params[:digest]) | ||
| authorize! descriptor.artifact | ||
|
|
||
| redirect_to vanity_v1_account_release_artifact_url(current_account, descriptor.artifact, filename: descriptor.content_path, host: request.host), |
There was a problem hiding this comment.
Maybe rename this from vanity to descriptor or smth? It's more than a vanity URL now.
app/controllers/api/v1/release_engines/oci/manifests_controller.rb
Outdated
Show resolved
Hide resolved
| MIN_TARBALL_SIZE = 512.bytes # to avoid processing empty or invalid tarballs | ||
| MAX_TARBALL_SIZE = 512.megabytes # to avoid downloading excessive tarballs | ||
| MAX_MANIFEST_SIZE = 1.megabyte # to avoid storing large manifests | ||
| MAX_BLOB_SIZE = 512.megabytes # to avoid storing large layers |
| @@ -54,6 +54,14 @@ def perform(artifact_id, enqueued_at = Time.current.iso8601) | |||
| ) | |||
|
|
|||
| ProcessNpmPackageWorker.perform_async(artifact.id) | |||
| in filetype: ReleaseFiletype(:tar), engine: ReleaseEngine(:oci) | |||
There was a problem hiding this comment.
For example tar.gz and tgz.
|
|
||
| expect(artifact.manifests).to satisfy { |manifests| | ||
| manifests in [ | ||
| ReleaseManifest(content_path: 'index.json', content_digest: 'sha256:355eee6af939abf5ba465c9be69c3b725f8d3f19516ca9644cf2a4fb112fd83b', content_type: 'application/vnd.oci.image.index.v1+json', content_length: 441, content: String), |
| end | ||
|
|
||
| it 'should be efficient' do | ||
| expect { subject.perform_async(artifact.id) }.to allocate_less_than(5.megabytes) |
There was a problem hiding this comment.
Refactor this to sample memory usage and assert against peak
ezekg
commented
Nov 15, 2024
| @@ -39,7 +39,10 @@ def show | |||
| return render jsonapi: artifact if | |||
| !artifact.downloadable? || prefers?('no-download') | |||
|
|
|||
| download = artifact.download!(ttl: release_artifact_query[:ttl]) | |||
| download = artifact.download!( | |||
| filename: params.fetch(:filename) { artifact.filename }, | |||
ezekg
force-pushed
the
feature/docker-engine
branch
from
ff1fc3e
to
f106a2c
Compare
ezekg
commented
Nov 16, 2024
db/migrate/20241114163421_add_content_attributes_to_release_manifests.rb
Show resolved
Hide resolved
| Then the response status should be "405" | ||
|
|
||
| @sp | ||
| Scenario: Endpoint should fail delete |
| @buffer.clear | ||
| end | ||
|
|
||
| buffer.empty? ? nil : buffer |
There was a problem hiding this comment.
buffer.presence should suffice?
|
|
||
| def self.parse(io) = Parser.new(io).parse | ||
|
|
||
| class DigestIO < SimpleDelegator |
There was a problem hiding this comment.
Move to separate lib since it's duplicated in keygen/ee too.
ezekg
commented
Nov 16, 2024
| end | ||
| end | ||
|
|
||
| class Index < Blob |
ezekg
commented
Nov 18, 2024
| # a Minitar::Reader, and that closes an entry's reader io after | ||
| # reading the entry. This lets us avoid buffering entries into | ||
| # memory, since some of the blobs could be large layers. | ||
| io.each do |entry| |
There was a problem hiding this comment.
Move all this outside of initializer?
| io.rewind | ||
| end | ||
|
|
||
| def each(&) |
There was a problem hiding this comment.
Should we add return to_enum(:each) unless block_given??
ezekg
commented
Nov 21, 2024
| algorithm: :concurrently, | ||
| unique: true | ||
|
|
||
| add_index :release_manifests, %i[content_type release_artifact_id], |
There was a problem hiding this comment.
Doesn't need artifact in the index.
| t.index %i[release_artifact_id] | ||
| t.index %i[content_path release_artifact_id], unique: true | ||
| t.index %i[content_digest release_artifact_id], unique: true | ||
| t.index %i[content_type release_artifact_id] |
| disable_ddl_transaction! | ||
|
|
||
| def change | ||
| add_column :release_manifests, :content_path, :string, null: true |
There was a problem hiding this comment.
Eventually make these not-null.
ezekg
added a commit
to keygen-sh/keygen-relay
that referenced
this pull request
Nov 26, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #911. In the end, it should be as simple as
docker save keygen/api:1.0.0 > keygen-1.0.0.tarandkeygen upload keygen-1.0.0.tar— the rest should be automatically handled by the Docker engine.Like with npm and friends,
docker pushwill not be supported right away.Prereqs
Subreqs
oci.pkg.keygen.shsubdomain.