feat: Add support for various packages

dadav · Jul 1, 2024 · 53f028f · 53f028f
1 parent eef2379
commit 53f028f
Show file tree

Hide file tree

Showing 18 changed files with 782 additions and 3 deletions.
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -2,7 +2,7 @@
 # yaml-language-server: $schema=https://goreleaser.com/static/schema.json
 # vim: set ts=2 sw=2 tw=0 fo=cnqoj
 
-version: 1
+version: 2
 
 before:
   hooks:
@@ -32,6 +32,41 @@ archives:
       - goos: windows
         format: zip
 
+nfpms:
+  - homepage: https://github.com/dadav/gorge
+    maintainer: dadav <dadav@protonmail.com>
+    description: |-
+      Gorge is a puppet forge implementation in go.
+    license: Apache 2.0
+    formats:
+      - apk
+      - deb
+      - rpm
+      - termux.deb
+      - archlinux
+    provides:
+      - gorge
+    contents:
+      - src: gorge.service
+        dst: /usr/lib/systemd/system/gorge.service
+      - src: defaults.yaml
+        dst: /etc/gorge.yaml
+        type: "config|noreplace"
+
+dockers:
+  - goos: linux
+    goarch: amd64
+    image_templates:
+      - 'ghcr.io/dadav/gorge:{{ .Tag }}'
+      - 'ghcr.io/dadav/gorge:latest'
+    build_flag_templates:
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.authors=dadav"
+      - "--label=org.opencontainers.image.url=https://github.com/dadav/gorge"
+      - "--label=org.opencontainers.image.title={{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
+
 changelog:
   sort: asc
   filters:

diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,3 @@
+FROM scratch
+ENTRYPOINT ["/gorge"]
+COPY gorge /
diff --git a/README.md b/README.md
@@ -20,9 +20,9 @@ This project is still in an very early stage. Contributions are very welcome.
 
 You put your modules in the directory `~/.gorge/modules/$module/$release.tar.gz` and gorge will
 send them to incoming requests from puppet or r10k.
-If the module is not found locally it will forward to request (if configured) to an upstream
+If the module is not found locally it will forward the request (if configured) to an upstream
 forge.
-The result of this upstream request will be cached for one day (if not disabled with `--no-cache`).
+The results will be cached for one day (if not disabled with `--no-cache`).
 Usually the request results in a module tarball being downloaded. You can set `--import-proxied-releases`
 to automatically import them in your `~/.gorge/modules` directory.
 

diff --git a/cmd/serve.go b/cmd/serve.go
@@ -179,6 +179,18 @@ You can also enable the caching functionality to speed things up.`,
 
 			r.Mount("/", apiRouter)
 
+			r.Get("/readyz", func(w http.ResponseWriter, r *http.Request) {
+				w.Header().Set("Content-Type", "application/json")
+				w.WriteHeader(200)
+				w.Write([]byte(`{"message": "ok"}`))
+			})
+
+			r.Get("/livez", func(w http.ResponseWriter, r *http.Request) {
+				w.Header().Set("Content-Type", "application/json")
+				w.WriteHeader(200)
+				w.Write([]byte(`{"message": "ok"}`))
+			})
+
 			bindPort := fmt.Sprintf("%s:%d", config.Bind, config.Port)
 			log.Log.Infof("Listen on %s", bindPort)
 

diff --git a/defaults.yaml b/defaults.yaml
@@ -0,0 +1,35 @@
+---
+# The forge api version to use. Currently only v3 is supported.
+api-version: v3
+# The backend type to use. Currently only filesystem is supported.
+backend: filesystem
+# Max seconds to keep the cached responses.
+cache-max-age: 86400
+# The host to bind the webservice to.
+bind: 127.0.0.1
+# The prefixes of requests to cache responses from. Multiple entries must be separated by comma.
+cache-prefixes: /v3/files
+# Value of the `Access-Control-Allow-Origin` header.
+cors: "*"
+# Enables the dev mode.
+dev: false
+# List of comma separated upstream forge(s) to use when local requests return 404
+fallback-proxy:
+# Import proxied modules into local backend.
+import-proxied-releases: false
+# Path to local modules.
+modulesdir: ~/.gorge/modules
+# Seconds between scans of directory containing all the modules
+modules-scan-sec: 0
+# Disable cache functionality.
+no-cache: false
+# Port to bind the webservice to.
+port: 8080
+# The jwt secret used in the protected endpoint validation
+jwt-secret: changeme
+# The path to write the jwt token to
+jwt-token-path: ~/.gorge/token
+# Path to tls cert file
+tls-cert: ""
+# Path to tls key file
+tls-key: ""
diff --git a/gorge.service b/gorge.service
@@ -0,0 +1,25 @@
+[Unit]
+Description=Gorge is a puppet forge server written in Go
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/gorge --config /etc/gorge.yaml serve
+Restart=on-failure
+NoNewPrivileges=yes
+PrivateTmp=yes
+DevicePolicy=closed
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+MemoryDenyWriteExecute=yes
+LockPersonality=yes
+ProtectClock=yes
+ProtectHostname=yes
+PrivateUsers=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/helm/README.md b/helm/README.md
@@ -0,0 +1,5 @@
+# ⚡ Helm
+
+This directory contains the gorge helm chart.
+
+You can use this to easily install gorge in kubernetes.
diff --git a/helm/gorge/.helmignore b/helm/gorge/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/helm/gorge/.pre-commit-config.yaml b/helm/gorge/.pre-commit-config.yaml
@@ -0,0 +1,20 @@
+---
+repos:
+  - repo: https://github.com/dadav/helm-schema
+    rev: 0.11.4
+    hooks:
+      - id: helm-schema
+        # for all available options: helm-schema -h
+        args:
+          # directory to search recursively within for charts
+          - --chart-search-root=.
+
+          # don't analyze dependencies
+          - --no-dependencies
+
+          # add references to values file if not exist
+          - --add-schema-reference
+
+          # list of fields to skip from being created by default
+          # e.g. generate a relatively permissive schema
+          # - "--skip-auto-generation=required,additionalProperties"
diff --git a/helm/gorge/Chart.yaml b/helm/gorge/Chart.yaml
@@ -0,0 +1,24 @@
+apiVersion: v2
+name: gorge
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: 0.4.1-alpha
diff --git a/helm/gorge/templates/deployment.yaml b/helm/gorge/templates/deployment.yaml
@@ -0,0 +1,70 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gorge
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: gorge
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        app: gorge
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ .Values.serviceAccount.name }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          env:
+            - name: GORGE_MODULESDIR
+              value: /modules
+          ports:
+            - name: http
+              containerPort: 8080
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /livez
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /readyz
+              port: http
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+            - mountPath: /modules
+              name: modules
+      volumes:
+        - name: modules
+          {{- if .Values.persistence.enabled }}
+          persistentVolumeClaim:
+            claimName: gorge
+          {{- else }}
+          emptyDir: {}
+          {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/helm/gorge/templates/ingress.yaml b/helm/gorge/templates/ingress.yaml
@@ -0,0 +1,26 @@
+{{- if (and (.Values.ingress.enabled) (not .Values.openshift)) }}
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: gorge
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- with .Values.ingress.className }}
+  ingressClassName: {{ . }}
+  {{- end }}
+  rules:
+  - host: {{ .Values.ingress.host }}
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: gorge
+            port:
+              name: http
+{{- end }}
diff --git a/helm/gorge/templates/pvc.yaml b/helm/gorge/templates/pvc.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.persistence.enabled }}
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: gorge
+spec:
+  {{- with .Values.persistence.storageClass }}
+  storageClassName: {{ . }}
+  {{- end }}
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ .Values.persitence.size }}
+{{- end }}
diff --git a/helm/gorge/templates/route.yaml b/helm/gorge/templates/route.yaml
@@ -0,0 +1,18 @@
+{{- if (and (.Values.ingress.enabled) (.Values.openshift)) }}
+---
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  name: gorge
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  host: {{ .Values.ingress.host }}
+  port:
+    targetPort: http
+  to:
+    kind: Service
+    name: gorge
+{{- end }}
diff --git a/helm/gorge/templates/service.yaml b/helm/gorge/templates/service.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: gorge
+spec:
+  type: ClusterIP
+  ports:
+    - port: 8080
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    app: gorge
diff --git a/helm/gorge/templates/serviceaccount.yaml b/helm/gorge/templates/serviceaccount.yaml
@@ -0,0 +1,11 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccount.name }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}