ci: add release yml (#1)

* ci: add release yml

* ci: remove codeql

* ci: add helm chart

* feat: automate mirror configuration

* feat: make hosts configurable

* fix: address toml issues

* fix: address unit tests

Author: avtakkar

.github/workflows/release.yml

@@ -0,0 +1,51 @@
+name: Release Docker Image
+
+on:
+  push:
+    tags:
+      - "v[0-9]+.[0-9]+.[0-9]+-alpha"
+
+jobs:
+  publish:
+    name: Build and Publish Container Image
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    env:
+      REGISTRY: ghcr.io
+      REPO_PREFIX: ${{ format('{0}/acr/', github.repository_owner) }}
+
+    steps:
+      - name: Get Git Tag
+        id: get_git_tag
+        run: echo ::set-output name=git_tag::${GITHUB_REF#refs/tags/}
+
+      - name: Check Out Source Code
+        if: ${{ success() }}
+        uses: actions/checkout@v2
+        with:
+          ref: ${{ steps.get_git_tag.outputs.git_tag }}
+
+      - name: Set Docker Image Tag
+        env:
+          GIT_TAG: ${{ steps.get_git_tag.outputs.git_tag }}
+        id: get_image_tag
+        run: echo ::set-output name=docker_tag::${GIT_TAG}
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v1
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build Image
+        if: ${{ success() }}
+        run: |
+          REGISTRY=${{ env.REGISTRY }} REPO_PREFIX=${{ env.REPO_PREFIX }} TAG=${{ steps.get_image_tag.outputs.docker_tag }} make build-image
+        
+      - name: Push Image
+        if: ${{ success() }}
+        run: |
+          docker push ${{ env.REGISTRY }}/${{ env.REPO_PREFIX }}peerd:${{ steps.get_image_tag.outputs.docker_tag }}

.gitignore

@@ -20,3 +20,6 @@ bin/**/*
 
 # Go workspace file
 go.work
+
+# Directories mounted to CI cluster.
+build/ci/configs/certs.d

Makefile

@@ -15,6 +15,11 @@ TESTS_BIN_DIR = $(BIN_DIR)/tests
 COVERAGE_DIR=$(BIN_DIR)/coverage
 SCRIPTS_DIR=$(ROOT_DIR)/scripts
 
+# Docker image variables.
+REGISTRY ?= localhost
+REPO_PREFIX ?= 
+TAG ?= dev
+
 include $(ROOT_DIR)/build/ci/Makefile
 include $(ROOT_DIR)/tests/Makefile
 
@@ -109,13 +114,13 @@ header:
 # build-image-internal takes the dockerfile location, repository name and build context.
 # Example: 
 define build-image-internal
-	@echo "\033[92mBuilding Image: $2\033[0m"
+	@echo "\033[92mBuilding image: $(REGISTRY)/$(REPO_PREFIX)$2:$(TAG)\033[0m"
 
 	@echo docker build -f $1 \
-	-t localhost/$2:dev \
+	-t $(REGISTRY)/$(REPO_PREFIX)$2:$(TAG) \
 	$3
 
 	@docker build -f $1 \
-	-t localhost/$2:dev \
+	-t $(REGISTRY)/$(REPO_PREFIX)$2:$(TAG) \
 	$3
 endef

README.md

@@ -9,6 +9,11 @@ This project implements peer to peer distribution of content (such as files or O
 cluster. The source of the content could be another node in the same cluster, an OCI container registry (like Azure
 Container Registry) or a remote blob store (such as Azure Blob Storage).
 
+#### Important Disclaimer
+
+This project is work in progress and can be used for experimental and development purposes. 
+It is not yet production ready, but we're getting there.
+
 ## Quickstart
 
 This section shows how to get started with `peerd`.
@@ -46,6 +51,31 @@ tests-random-image             Builds the 'random' tests image
 tests-scanner-image            Builds the 'scanner' tests image
 ```
 
+### Deploy Helm Chart to your Cluster
+
+If you already have a k8s cluster, you can deploy the `peerd` helm chart to it. With containerd, `peerd` leverages the 
+[hosts configuration][containerd hosts] to act as a mirror for container images.
+
+The `peerd` container image is available at `ghcr.io/azure/acr/peerd`.
+
+```bash
+CLUSTER_CONTEXT=<your-cluster-context> && \
+  HELM_RELEASE_NAME=peerd && \
+  HELM_CHART_DIR=./build/ci/k8s/peerd-helm && \
+  helm --kube-context=$CLUSTER_CONTEXT install --wait $HELM_RELEASE_NAME $HELM_CHART_DIR
+```
+
+By default, only `mcr.microsoft.com` is mirrored, but this is configurable. For example, to configure `peerd` to mirror 
+`mcr.microsoft.com` and `ghcr.io`, run the following.
+
+```bash
+CLUSTER_CONTEXT=<your-cluster-context> && \
+  HELM_RELEASE_NAME=peerd && \
+  HELM_CHART_DIR=./build/ci/k8s/peerd-helm && \
+  helm --kube-context=$CLUSTER_CONTEXT install --wait $HELM_RELEASE_NAME $HELM_CHART_DIR \
+    --set peerd.hosts="mcr.microsoft.com ghcr.io"
+```
+
 ### Build and Deploy to a Local Kind Cluster
 
 To build and deploy `peerd` to a 3 node kind cluster, run the following. These commands will build the `peerd`
@@ -228,3 +258,5 @@ A hat tip to:
 [swagger.yaml]: ./api/swagger.yaml
 [Spegel]: https://github.com/XenitAB/spegel
 [DADI P2P Proxy]: https://github.com/data-accelerator/dadi-p2proxy
+[containerd hosts]: https://github.com/containerd/containerd/blob/main/docs/hosts.md
+[containerd-mirror]: ./internal/containerd/mirror.go

build/ci/configs/certs.d/mcr.microsoft.com/hosts.toml

@@ -1,5 +1,5 @@
-server = "https://mcr.microsoft.com"
+server = 'https://mcr.microsoft.com'
 
-[host."https://localhost:30001"]
-  capabilities = ["pull"]
-  skip_verify = true
+[host]
+[host.'http://localhost:30001']
+capabilities = ['pull']

build/ci/k8s/app.yml

@@ -2,52 +2,42 @@ kind: Cluster
 apiVersion: kind.x-k8s.io/v1alpha4
 name: p2p
 nodes:
-- role: control-plane
-  extraMounts:
-  - hostPath: $GIT_ROOT/build/ci/configs/certs.d
-    containerPath: /etc/containerd/certs.d
+  - role: control-plane
+    extraMounts:
+      - hostPath: $GIT_ROOT/build/ci/configs/certs.d
+        containerPath: /etc/containerd/certs.d
+      - hostPath: $GIT_ROOT/build/ci/configs/containerd.toml
+        containerPath: /etc/containerd/config.toml
 
-- role: worker
-  labels:
-    p2p-nodepool: 'true'
-  extraMounts:
-  - hostPath: $GIT_ROOT/bin/peerd
-    containerPath: /bin/peerd
-  - hostPath: $GIT_ROOT/bin/peerd.service
-    containerPath: /bin/peerd.service
-  - hostPath: $GIT_ROOT/bin/kind/metrics1
-    containerPath: /var/log/
-  - hostPath: $GIT_ROOT/build/ci/configs/containerd.toml
-    containerPath: /etc/containerd/config.toml
-  - hostPath: $GIT_ROOT/build/ci/configs/certs.d
-    containerPath: /etc/containerd/certs.d
+  - role: worker
+    labels:
+      p2p-nodepool: "true"
+    extraMounts:
+      - hostPath: $GIT_ROOT/bin/kind/metrics1
+        containerPath: /var/log/
+      - hostPath: $GIT_ROOT/build/ci/configs/containerd.toml
+        containerPath: /etc/containerd/config.toml
+      - hostPath: $GIT_ROOT/build/ci/configs/certs.d
+        containerPath: /etc/containerd/certs.d
 
-- role: worker
-  labels:
-    p2p-nodepool: 'true'
-  extraMounts:
-  - hostPath: $GIT_ROOT/bin/peerd
-    containerPath: /bin/peerd
-  - hostPath: $GIT_ROOT/bin/peerd.service
-    containerPath: /bin/peerd.service
-  - hostPath: $GIT_ROOT/bin/kind/metrics2
-    containerPath: /var/log/
-  - hostPath: $GIT_ROOT/build/ci/configs/containerd.toml
-    containerPath: /etc/containerd/config.toml
-  - hostPath: $GIT_ROOT/build/ci/configs/certs.d
-    containerPath: /etc/containerd/certs.d
+  - role: worker
+    labels:
+      p2p-nodepool: "true"
+    extraMounts:
+      - hostPath: $GIT_ROOT/bin/kind/metrics2
+        containerPath: /var/log/
+      - hostPath: $GIT_ROOT/build/ci/configs/containerd.toml
+        containerPath: /etc/containerd/config.toml
+      - hostPath: $GIT_ROOT/build/ci/configs/certs.d
+        containerPath: /etc/containerd/certs.d
 
-- role: worker
-  labels:
-    p2p-nodepool: 'true'
-  extraMounts:
-  - hostPath: $GIT_ROOT/bin/peerd
-    containerPath: /bin/peerd
-  - hostPath: $GIT_ROOT/bin/peerd.service
-    containerPath: /bin/peerd.service
-  - hostPath: $GIT_ROOT/bin/kind/metrics3
-    containerPath: /var/log/
-  - hostPath: $GIT_ROOT/build/ci/configs/containerd.toml
-    containerPath: /etc/containerd/config.toml
-  - hostPath: $GIT_ROOT/build/ci/configs/certs.d
-    containerPath: /etc/containerd/certs.d
+  - role: worker
+    labels:
+      p2p-nodepool: "true"
+    extraMounts:
+      - hostPath: $GIT_ROOT/bin/kind/metrics3
+        containerPath: /var/log/
+      - hostPath: $GIT_ROOT/build/ci/configs/containerd.toml
+        containerPath: /etc/containerd/config.toml
+      - hostPath: $GIT_ROOT/build/ci/configs/certs.d
+        containerPath: /etc/containerd/certs.d

build/ci/k8s/kind-cluster.yml

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

build/ci/k8s/peerd-helm/.helmignore

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: peerd
+description: A Helm chart for peerd.
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.0.1-alpha
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "0.0.1-alpha"