Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for OCI engine #914

Open
wants to merge 39 commits into
base: master
Choose a base branch
from
Open

Add support for OCI engine #914

wants to merge 39 commits into from

Conversation

ezekg
Copy link
Member

@ezekg ezekg commented Nov 8, 2024
edited
Loading

Closes #911. In the end, it should be as simple as docker save keygen/api:1.0.0 > keygen-1.0.0.tar and keygen upload keygen-1.0.0.tar — the rest should be automatically handled by the OCI engine.

Like with npm and friends, docker push will not be supported right away.

Prereqs

  • Implement the Docker/OCI manifest and blob API endpoints.
  • Test parsing of popular images, e.g. Alpine, Ubuntu, etc.
  • Test multi-platform images using docker buildx.
  • Test OCI conformance (namely OCI_TEST_PULL=1).1
  • Write tests for OCI spec conformance.
  • Write tests for manifests API.
  • Write tests for blobs API.
  • Helm compatibility (should be fine?)
  • Make EE-only.

Subreqs

  • Set up oci.pkg.keygen.sh subdomain.
  • Update dashboard.
  • Update changelog.
  • Update blog.
  • Update docs.
  • Outreach.
  • Stdout?
  • Apply?

Footnotes

  1. Results from OCI conformance test can be found here.

@ezekg ezekg force-pushed the feature/docker-engine branch 3 times, most recently from 49c2e66 to ba9255f Compare November 8, 2024 23:08
ezekg
ezekg commented Nov 10, 2024
View reviewed changes
app/workers/process_docker_image_worker.rb Outdated Show resolved Hide resolved
app/workers/process_docker_image_worker.rb Outdated Show resolved Hide resolved
spec/support/matchers/upload_matcher.rb Outdated Show resolved Hide resolved
ezekg
ezekg commented Nov 10, 2024
View reviewed changes
app/workers/process_docker_image_worker.rb Outdated
require 'minitar'
require 'zlib'

class ProcessDockerImageWorker < BaseWorker
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This worker should be in a high_memory queue.

@ezekg ezekg force-pushed the feature/docker-engine branch 4 times, most recently from 576478c to 39740c4 Compare November 11, 2024 22:21
@ezekg ezekg force-pushed the feature/docker-engine branch 2 times, most recently from 7758cb0 to a4c8292 Compare November 15, 2024 00:10
@ezekg ezekg force-pushed the feature/docker-engine branch from a4c8292 to 306a26c Compare November 15, 2024 01:13
@ezekg ezekg force-pushed the feature/docker-engine branch from ff1fc3e to f106a2c Compare November 15, 2024 22:06
ezekg
ezekg commented Nov 16, 2024
View reviewed changes
app/controllers/api/v1/release_engines/oci/blobs_controller.rb Show resolved Hide resolved
app/controllers/api/v1/release_engines/oci/manifests_controller.rb Show resolved Hide resolved
app/models/release_artifact.rb Outdated Show resolved Hide resolved
app/models/release_manifest.rb Show resolved Hide resolved
db/migrate/20241113134529_create_release_descriptors.rb Outdated Show resolved Hide resolved
db/migrate/20241114163421_add_content_attributes_to_release_manifests.rb Show resolved Hide resolved
features/api/v1/engines/oci/conformance.feature Outdated Show resolved Hide resolved
lib/enumerator_io.rb
@buffer.clear
end

buffer.empty? ? nil : buffer
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

buffer.presence should suffice?

lib/oci_image_layout.rb Outdated Show resolved Hide resolved
ezekg
ezekg commented Nov 18, 2024
View reviewed changes
lib/oci_image_layout.rb
# a Minitar::Reader, and that closes an entry's reader io after
# reading the entry. This lets us avoid buffering entries into
# memory, since some of the blobs could be large layers.
io.each do |entry|
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Move all this outside of initializer?

lib/oci_image_layout.rb
io.rewind
end

def each(&)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we add return to_enum(:each) unless block_given??

ezekg
ezekg commented Nov 21, 2024
View reviewed changes
db/migrate/20241114163421_add_content_attributes_to_release_manifests.rb Outdated Show resolved Hide resolved
db/migrate/20241113134529_create_release_descriptors.rb Outdated Show resolved Hide resolved
db/migrate/20241114163421_add_content_attributes_to_release_manifests.rb
disable_ddl_transaction!

def change
add_column :release_manifests, :content_path, :string, null: true
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Eventually make these not-null.

ezekg added a commit to keygen-sh/keygen-relay that referenced this pull request Nov 26, 2024
@ezekg
temp: comment image recipes
9425ebd 
- blocker: keygen-sh/keygen-api#914
ezekg
ezekg commented Nov 28, 2024
View reviewed changes
app/workers/process_oci_image_worker.rb Outdated

class ProcessOciImageWorker < BaseWorker
MIN_TARBALL_SIZE = 512.bytes # to avoid processing empty or invalid tarballs
MAX_TARBALL_SIZE = 512.megabytes # to avoid downloading excessive tarballs
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is unlikely to be sufficient for some applications, but I feel like it's a good default. Maybe bumping it up to 1GB would be fine, since I've seen quite a few 800MB images. I think we should eventually add a max artifact size to accounts.

Copy link
Member Author

@ezekg ezekg Nov 28, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

E.g. Sentry is 250MB, Plausible is 50MB, Keygen is 90MB, Cal.com is 1.4GB, Caddy on Windows is 2.2GB and 80MB on Linux, and PostHog is 1.5GB.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe add max_upload for individual uploads, and max_ingress and max_egress for monthly ingress/egress limits (which can be handled like max_reqs).

@ezekg ezekg force-pushed the feature/docker-engine branch from 04e8ccb to 8a3a382 Compare December 5, 2024 21:49
@ezekg ezekg mentioned this pull request Dec 21, 2024
Open
@keygen-sh keygen-sh locked and limited conversation to collaborators Jan 12, 2025
@keygen-sh keygen-sh unlocked this conversation Jan 12, 2025
@ezekg ezekg changed the title Add support for Docker engine Add support for OCI engine Jan 13, 2025
@ezekg ezekg marked this pull request as ready for review January 13, 2025 21:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add support for Docker/OCI container registry
1 participant
@ezekg