Merge pull request #1 from quay/init

initial import for Open Source 🎉

.dockerignore

@@ -0,0 +1 @@
+vendor/*

.gitignore

@@ -0,0 +1,5 @@
+vendor/*
+.idea
+/bin/
+_vendor*
+*.test

Dockerfile.alpine

@@ -0,0 +1,26 @@
+FROM golang:1.12-alpine3.9 as build
+
+ARG BUILDER_SRC=github.com/quay/quay-builder
+RUN apk --no-cache add build-base git
+COPY . /go/src/${BUILDER_SRC}
+RUN cd /go/src/${BUILDER_SRC} && make && make install
+
+################################################################################
+
+FROM alpine:3.9
+
+RUN apk --no-cache upgrade # 2019-03-19
+
+RUN apk --no-cache add --virtual .runtime-deps \
+  ca-certificates git openssh-client perl
+
+COPY --from=build /go/bin/quay-builder /usr/local/bin
+
+COPY buildpack/ssh-git.sh /
+ADD load_extra_ca.alpine.sh /load_extra_ca.sh
+ADD entrypoint.sh /entrypoint.sh
+
+VOLUME ["/tmp"]
+VOLUME [ "/certs" ]
+
+ENTRYPOINT ["sh", "/entrypoint.sh"]

Dockerfile.rhel7

@@ -0,0 +1,53 @@
+FROM centos:7 AS build
+LABEL maintainer "Sida Chen <[email protected]>"
+
+# Install Golang by retrieving the binary
+ENV GO_VERSION=1.12.1
+ENV GO_OS=linux
+ENV GO_ARCH=amd64
+ENV GO_HASH=2a3fdabf665496a0db5f41ec6af7a9b15a49fbe71a85a50ca38b1f13a103aeec
+RUN curl https://dl.google.com/go/go${GO_VERSION}.${GO_OS}-${GO_ARCH}.tar.gz --output go.tar.gz
+RUN echo ${GO_HASH} go.tar.gz > GOCHECKSUM
+RUN sha256sum -c GOCHECKSUM
+RUN tar -C /usr/local -xzf go.tar.gz > /dev/null
+ENV GOPATH=/go
+ENV PATH=$PATH:/usr/local/go/bin:${GOPATH}/bin
+
+# Verify go verion
+RUN go version
+
+ARG BUILDER_SRC=github.com/quay/quay-builder
+
+# Install dependencies
+RUN yum install -y --setopt=tsflags=nodocs --setopt=skip_missing_names_on_install=False git perl wget make gcc
+
+COPY . /go/src/${BUILDER_SRC}
+RUN cd /go/src/${BUILDER_SRC} && make && make install
+
+FROM registry.redhat.io/rhel7:7.6
+LABEL maintainer "[email protected]"
+
+ARG SUBSCRIPTION_KEY
+RUN test -n "$SUBSCRIPTION_KEY" # Subscription key is required
+
+# Install subscription key
+ADD ${SUBSCRIPTION_KEY} /tmp/
+RUN subscription-manager import --certificate=/tmp/${SUBSCRIPTION_KEY}
+RUN rm -f /tmp/${SUBSCRIPTION_KEY}
+
+RUN yum install -y --setopt=tsflags=nodocs --setopt=skip_missing_names_on_install=False git perl
+
+# Remove subscription key
+RUN subscription-manager remove --all
+
+COPY --from=build /go/bin/quay-builder /usr/local/bin
+
+COPY buildpack/ssh-git.sh /
+ADD load_extra_ca.rhel.sh /load_extra_ca.sh
+ADD entrypoint.sh /entrypoint.sh
+
+VOLUME ["/tmp"]
+VOLUME [ "/certs" ]
+
+ENTRYPOINT ["sh", "/entrypoint.sh"]
+

Makefile

@@ -0,0 +1,35 @@
+.PHONY: dep test bin/quay-builder
+
+PROJECT   ?= quay-builder
+ORG_PATH  ?= github.com/quay
+REPO_PATH ?= $(ORG_PATH)/$(PROJECT)
+IMAGE     ?= quay.io/quay/$(PROJECT)
+VERSION   ?= $(shell ./scripts/git-version)
+LD_FLAGS  ?= "-w -X $(REPO_PATH)/version.Version=$(VERSION)"
+IMAGE_TAG ?= latest
+SUBSCRIPTION_KEY ?= subscription.pem
+
+all: dep test build
+
+dep:
+	@GO111MODULE=on go mod vendor
+
+test: dep
+	@go vet ./...
+	@go test -v ./...
+
+build: dep bin/quay-builder
+
+bin/quay-builder:
+	@go build -ldflags $(LD_FLAGS) -o bin/quay-builder \
+	  $(REPO_PATH)/cmd/quay-builder
+
+install:
+	@go install -ldflags $(LD_FLAGS) $(REPO_PATH)/cmd/quay-builder
+
+build-rhel7:
+	docker build --squash -f Dockerfile.rhel7 -t $(IMAGE):$(IMAGE_TAG)-rhel7 . \
+		--build-arg SUBSCRIPTION_KEY=$(SUBSCRIPTION_KEY)
+
+build-alpine:
+	docker build -f Dockerfile.alpine -t $(IMAGE):$(IMAGE_TAG)-alpine .

README.md

@@ -0,0 +1,80 @@
+# Quay Builder
+
+This repository is for an automated build worker for a Quay.
+
+## Architecture
+
+There is a client/server relationship between builder and the management server.
+Clients connect using a standard websocket RPC/pubsub subprotocol called [WAMP](http://wamp.ws).
+There are two modes in which builders can operate: enterprise and hosted.
+Enterprise builders are designed to be long-running processes on the given machine that will be trusted forever.
+In this mode a builder connect to a Build Manager and indefinitely loop completing available work.
+Hosted builders are designed to be dynamically created and connect to the management server for a single build and then disappear.
+
+## Building the builder
+
+```
+make test
+make build
+```
+
+## Running the builder
+
+### Enterprise
+
+Only an endpoint is required as all other parameters for building are acquired from a Build Manager on a per build basis.
+
+```sh
+ENDPOINT="ws://localhost:8787" ./quay-builder
+```
+
+### Hosted
+
+A token and realm must be provided at launch in order to identify a particular build or else it will be rejected by a Build Manager.
+
+```sh
+TOKEN="sometoken" ENDPOINT="ws://localhost:8787" REALM="builder-realm" ./quay-builder
+```
+
+## Building the builder image
+
+For both images, you can also specify make parameters
+
+`IMAGE_TAG` ( tag name, default to `latest`) 
+
+`IMAGE` ( repo name, default to `quay.io/quay/quay-builder`) 
+
+and the built image will be tagged with 
+```
+<IMAGE>:<IMAGE_TAG>-<base image name>
+```
+where the `<base image name>` can be either `alpine` or `rhel7`.
+
+### Building Alpine based image:
+```sh
+make build-alpine-image
+```
+This generates image with tag `quay.io/quay/quay-builder:latest-alpine`.
+
+### Building RHEL based image 
+It requires certificate key and requires enabling `--squash` experimental feature
+```sh
+make build-rhel7-image SUBSCRIPTION_KEY=<path to your key file (PEM)>
+```
+This generates image with tag `quay.io/quay/quay-builder:latest-rhel7`.
+
+## Running the builder image
+
+Running alpine based image or rhel based image requires the same parameters but different image.
+
+**Please Notice** that quay builder uses the host machine's docker.sock to pull/push/build images and therefore, the docker machine must be able to reach the Quay host. You can debug by pushing a image to quay instance.
+
+### Pointing to Quay without TLS
+```
+docker run --restart on-failure -e SERVER=ws://myquayserver:8787 -v /var/run/docker.sock:/var/run/docker.sock quay.io/quay/quay-builder:latest-alpine
+```
+
+### Pointing to Quay with TLS
+```
+docker run --restart on-failure -e SERVER=wss://myquayserver:8787 -v /var/run/docker.sock:/var/run/docker.sock -v /path/to/customCA/rootCA.pem:/certs/rootCA.pem quay.io/quay/quay-builder:latest-alpine
+```