go-sigma · tosone · Sep 20, 2024 · Sep 20, 2024
diff --git a/pkg/inits/baseimage.go → cmd/tools.go b/pkg/inits/baseimage.go → cmd/tools.go
@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package inits
+package cmd
 
 import (
 	"bytes"
@@ -27,29 +27,84 @@ import (
 
 	mapset "github.com/deckarep/golang-set/v2"
 	"github.com/rs/zerolog/log"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
 	"gorm.io/gorm"
 
 	"github.com/go-sigma/sigma/pkg/configs"
 	"github.com/go-sigma/sigma/pkg/consts"
+	"github.com/go-sigma/sigma/pkg/dal"
+	"github.com/go-sigma/sigma/pkg/dal/badger"
 	"github.com/go-sigma/sigma/pkg/dal/dao"
+	"github.com/go-sigma/sigma/pkg/logger"
 	"github.com/go-sigma/sigma/pkg/modules/locker"
 	"github.com/go-sigma/sigma/pkg/utils"
+	"github.com/go-sigma/sigma/pkg/utils/ptr"
 	"github.com/go-sigma/sigma/pkg/utils/token"
 )
 
-func init() {
-	afterInit["baseimage"] = initBaseimage
+// toolsCmd represents the tools command
+var toolsCmd = &cobra.Command{
+	Use:   "tools",
+	Short: "Tools for sigma",
 }
 
-const baseImageDir = "./bin"
+var toolsForPushBuilderImageCmd = &cobra.Command{
+	Use:   "push-builder-image",
+	Short: "Push builder image to distribution",
+	PersistentPreRun: func(_ *cobra.Command, _ []string) {
+		initConfig()
+		logger.SetLevel(viper.GetString("log.level"))
+	},
+	Run: func(_ *cobra.Command, _ []string) {
+		err := configs.Initialize()
+		if err != nil {
+			log.Error().Err(err).Msg("initialize configs with error")
+			return
+		}
+
+		config := ptr.To(configs.GetConfiguration())
+
+		err = badger.Initialize(context.Background(), config)
+		if err != nil {
+			log.Error().Err(err).Msg("initialize badger with error")
+			return
+		}
+
+		err = locker.Initialize(config)
+		if err != nil {
+			log.Error().Err(err).Msg("initialize locker with error")
+			return
+		}
+
+		err = dal.Initialize(config)
+		if err != nil {
+			log.Error().Err(err).Msg("initialize database with error")
+			return
+		}
+
+		err = initBaseimage(config)
+		if err != nil {
+			log.Error().Err(err).Msg("push builder image with error")
+			return
+		}
+	},
+}
+
+func init() {
+	toolsForPushBuilderImageCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is /etc/sigma/sigma.yaml)")
+
+	toolsCmd.AddCommand(toolsForPushBuilderImageCmd)
+	rootCmd.AddCommand(toolsCmd)
+}
 
 func initBaseimage(config configs.Configuration) error {
 	if !config.Daemon.Builder.Enabled {
 		return nil
 	}
-	dir := strings.TrimPrefix(baseImageDir, "./")
+	dir := strings.TrimPrefix(consts.BuilderImagePath, "./")
 	if !utils.IsDir(dir) {
-		log.Info().Msg("Baseimage not found, skip push image")
+		log.Info().Msg("builder image not found, skip push image")
 		return nil
 	}
 	ctx, ctxCancel := context.WithCancel(context.Background())
@@ -111,7 +166,6 @@ func pushImage(config configs.Configuration, path, name, version string) error {
 		versionsVal = string(versions.Val)
 	}
 	var sets = mapset.NewSet(strings.Split(versionsVal, ",")...)
-	fmt.Println(versionsVal == "", versionsVal != "" && sets.ContainsOne(version), !(versionsVal == "" || (versionsVal != "" && sets.ContainsOne(version))))
 	if !(versionsVal == "" || (versionsVal != "" && sets.ContainsOne(version))) {
 		return nil
 	}
@@ -127,11 +181,11 @@ func pushImage(config configs.Configuration, path, name, version string) error {
 	if err != nil {
 		return err
 	}
-	authorization, err := tokenService.New(userObj.ID, config.Auth.Jwt.Ttl)
+	autoToken, err := tokenService.New(userObj.ID, config.Auth.Jwt.Ttl)
 	if err != nil {
 		return err
 	}
-	cmd := exec.Command("skopeo", "--insecure-policy", "copy", "--dest-registry-token", authorization, "--dest-tls-verify=false", "-a", fmt.Sprintf("oci-archive:%s", path), fmt.Sprintf("docker://%s/library/%s:latest", utils.TrimHTTP(config.HTTP.InternalEndpoint), name)) // nolint: gosec
+	cmd := exec.Command("skopeo", "--insecure-policy", "copy", "--dest-registry-token", autoToken, "--dest-tls-verify=false", "-a", fmt.Sprintf("oci-archive:%s", path), fmt.Sprintf("docker://%s/library/%s:latest", utils.TrimHTTP(config.HTTP.InternalEndpoint), name)) // nolint: gosec
 	var stdout, stderr bytes.Buffer
 	cmd.Stdout = &stdout
 	cmd.Stderr = &stderr

diff --git a/deploy/sigma/templates/_helpers.tpl b/deploy/sigma/templates/_helpers.tpl
@@ -48,6 +48,11 @@ app.kubernetes.io/name: {{ template "sigma.web" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 
+{{- define "sigma.postJob.labels" -}}
+app.kubernetes.io/name: {{ template "sigma.postJob" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
 {{- define "sigma.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "sigma.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
@@ -68,3 +73,7 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 {{- define "sigma.web" -}}
   {{- printf "%s-web" (include "common.names.fullname" .) -}}
 {{- end -}}
+
+{{- define "sigma.postJob" -}}
+  {{- printf "%s-post-job" (include "common.names.fullname" .) -}}
+{{- end -}}
diff --git a/deploy/sigma/templates/distribution/deployment.yaml b/deploy/sigma/templates/distribution/deployment.yaml
@@ -1,8 +1,8 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ include "sigma.distribution" . }}
-  namespace: "{{ .Release.Namespace }}"
+  name: {{ include "sigma.distribution" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels:
     {{- include "sigma.distribution.labels" . | nindent 4 }}
 spec:
@@ -29,11 +29,11 @@ spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       containers:
-        - name: {{ printf "%s-distribution" .Chart.Name }}
+        - name: {{ printf "%s-distribution" ( include "sigma.fullname" . ) | quote }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          image: {{ printf "%s/%s:%s" .Values.image.registry .Values.image.repository .Values.image.tag | quote }}
+          imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
           command:
             - sigma
           args:
@@ -52,16 +52,16 @@ spec:
               path: /healthz
               port: {{ .Values.service.distribution.port }}
           volumeMounts:
-            - name: "config"
-              mountPath: "/etc/sigma/config.yaml"
-              subPath: "config.yaml"
+            - name: config
+              mountPath: /etc/sigma/config.yaml
+              subPath: config.yaml
               readOnly: true
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
       volumes:
-        - name: "config"
+        - name: config
           configMap:
-            name: {{ printf "%s-config" .Chart.Name }}
+            name: {{ printf "%s-config" ( include "sigma.fullname" . ) | quote }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

diff --git a/deploy/sigma/templates/post-job.yaml b/deploy/sigma/templates/post-job.yaml
@@ -0,0 +1,51 @@
+{{- if .Values.config.daemon.builder.image.push }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ printf "%s-post-job" ( include "sigma.fullname" . ) | trunc 63 | trimSuffix "-" }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{- include "sigma.postJob.labels" . | nindent 4 }}
+spec:
+  backoffLimit: 6
+  template:
+    metadata:
+      annotations:
+        rollme: {{ randAlphaNum 5 | quote }}
+      {{- with .Values.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "sigma.postJob.labels" . | nindent 8 }}
+    spec:
+      restartPolicy: Never
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      initContainers:
+        - name: check-distribution
+          image: {{ printf "%s:%s" .Values.busybox.repository .Values.busybox.tag | quote }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          command:
+            - /bin/sh
+            - -c
+            - 'until nc -z {{ include "sigma.distribution" . }} 80; do echo waiting for {{ include "sigma.distribution" . }}; sleep 3; done;'
+      containers:
+        - name: push-images
+          image: {{ printf "%s/%s:%s" .Values.image.registry .Values.image.repository .Values.image.tag | quote }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          command:
+            - sigma
+          args:
+            - worker
+            - --config=/etc/sigma/config.yaml
+          volumeMounts:
+            - name: config
+              mountPath: /etc/sigma/config.yaml
+              subPath: config.yaml
+              readOnly: true
+          resources: {}
+      volumes:
+        - name: config
+          configMap:
+            name: {{ printf "%s-config" ( include "sigma.fullname" . ) | quote }}
+{{- end }}
diff --git a/deploy/sigma/templates/server/deployment.yaml b/deploy/sigma/templates/server/deployment.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "sigma.server" . }}
-  namespace: "{{ .Release.Namespace }}"
+  namespace: {{ .Release.Namespace | quote }}
   labels:
     {{- include "sigma.server.labels" . | nindent 4 }}
 spec:
@@ -33,7 +33,7 @@ spec:
         - name: {{ printf "%s-server" .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          image: {{ printf "%s/%s:%s" .Values.image.registry .Values.image.repository .Values.image.tag | quote }}
           imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
           command:
             - sigma
@@ -56,22 +56,23 @@ spec:
               port: {{ .Values.service.server.port }}
           volumeMounts:
             - name: config
-              mountPath: "/etc/sigma/config.yaml"
-              subPath: "config.yaml"
+              mountPath: /etc/sigma/config.yaml
+              subPath: config.yaml
               readOnly: true
-            # - name: trivy
-            #   mountPath: "/opt/trivy-tmp"
-              # TODO: image volumes not support subPath
+            {{- if semverCompare ">= 1.31" .Capabilities.KubeVersion.Version }}
+            - name: trivy
+              mountPath: /opt/trivy
+            {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
       volumes:
         - name: config
           configMap:
-            name: {{ printf "%s-config" .Chart.Name }}
+            name: {{ printf "%s-config" ( include "sigma.fullname" . ) | quote }}
         {{- if semverCompare ">= 1.31" .Capabilities.KubeVersion.Version }}
         - name: trivy
           image:
-            reference: "{{ .Values.image.registry }}/{{ .Values.image.trivyRepository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+            reference: "{{ .Values.image.registry }}/{{ .Values.image.trivy.repository }}:{{ .Values.image.trivy.tag }}"
             pullPolicy: {{ .Values.image.pullPolicy | quote }}
         {{- end }}
       {{- with .Values.nodeSelector }}

diff --git a/deploy/sigma/templates/tests/test-connection.yaml b/deploy/sigma/templates/tests/test-connection.yaml
diff --git a/deploy/sigma/templates/web/deployment.yaml b/deploy/sigma/templates/web/deployment.yaml
@@ -1,8 +1,8 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ include "sigma.web" . }}
-  namespace: "{{ .Release.Namespace }}"
+  name: {{ include "sigma.web" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels:
     {{- include "sigma.web.labels" . | nindent 4 }}
 spec:
@@ -29,11 +29,11 @@ spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       containers:
-        - name: {{ include "sigma.web" . }}
+        - name: {{ include "sigma.web" . | quote }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.image.registry }}/{{ .Values.image.webRepository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          image: {{ printf "%s/%s:%s" .Values.image.registry .Values.image.web.repository .Values.image.web.tag | quote }}
+          imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
           ports:
             - name: http
               containerPort: {{ .Values.service.web.port }}
@@ -47,16 +47,16 @@ spec:
               path: /
               port: {{ .Values.service.web.port }}
           volumeMounts:
-            - name: "config"
-              mountPath: "/etc/sigma/config.yaml"
-              subPath: "config.yaml"
+            - name: config
+              mountPath: /etc/sigma/config.yaml
+              subPath: config.yaml
               readOnly: true
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
       volumes:
-        - name: "config"
+        - name: config
           configMap:
-            name: {{ printf "%s-config" .Chart.Name }}
+            name: {{ printf "%s-config" ( include "sigma.fullname" . ) | quote }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}