mirror of
https://github.com/peridotbuild/peridot.git
synced 2024-12-03 18:16:25 +00:00
mship_worker_server misc CLI changes
This commit is contained in:
parent
7d6a4c1048
commit
b04451eb81
@ -17,15 +17,19 @@ load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
|
||||
go_library(
|
||||
name = "mship_worker_server_lib",
|
||||
srcs = ["main.go"],
|
||||
embedsrcs = ["rh_public_key.asc"],
|
||||
importpath = "go.resf.org/peridot/tools/mothership/cmd/mship_worker_server",
|
||||
visibility = ["//visibility:private"],
|
||||
deps = [
|
||||
"//base/go",
|
||||
"//base/go/storage/detector",
|
||||
"//tools/mothership/worker_server",
|
||||
"//tools/mothership/worker_server/forge",
|
||||
"//tools/mothership/worker_server/forge/github",
|
||||
"//vendor/github.com/urfave/cli/v2:cli",
|
||||
"//vendor/go.temporal.io/sdk/client",
|
||||
"//vendor/go.temporal.io/sdk/worker",
|
||||
"//vendor/golang.org/x/crypto/openpgp",
|
||||
],
|
||||
)
|
||||
|
||||
|
@ -15,15 +15,24 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
_ "embed"
|
||||
"encoding/base64"
|
||||
"github.com/urfave/cli/v2"
|
||||
base "go.resf.org/peridot/base/go"
|
||||
storage_detector "go.resf.org/peridot/base/go/storage/detector"
|
||||
mothership_worker_server "go.resf.org/peridot/tools/mothership/worker_server"
|
||||
"go.resf.org/peridot/tools/mothership/worker_server/forge"
|
||||
github_forge "go.resf.org/peridot/tools/mothership/worker_server/forge/github"
|
||||
"go.temporal.io/sdk/client"
|
||||
"go.temporal.io/sdk/worker"
|
||||
"golang.org/x/crypto/openpgp"
|
||||
"os"
|
||||
)
|
||||
|
||||
//go:embed rh_public_key.asc
|
||||
var defaultGpgKey []byte
|
||||
|
||||
func run(ctx *cli.Context) error {
|
||||
temporalClient, err := base.GetTemporalClientFromFlags(ctx, client.Options{})
|
||||
if err != nil {
|
||||
@ -36,8 +45,51 @@ func run(ctx *cli.Context) error {
|
||||
return err
|
||||
}
|
||||
|
||||
w := worker.New(temporalClient, ctx.String(string(base.EnvVarTemporalTaskQueue)), worker.Options{})
|
||||
workerServer := mothership_worker_server.New(db, storage)
|
||||
// Create pgp keys
|
||||
var gpgKeys openpgp.EntityList
|
||||
for _, key := range ctx.StringSlice("allowed-gpg-keys") {
|
||||
decoded, err := base64.StdEncoding.DecodeString(key)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
keyRing, err := openpgp.ReadArmoredKeyRing(bytes.NewReader([]byte(decoded)))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
gpgKeys = append(gpgKeys, keyRing...)
|
||||
}
|
||||
|
||||
// Create forge based on git provider
|
||||
var remoteForge forge.Forge
|
||||
switch ctx.String("git-provider") {
|
||||
case "github":
|
||||
var appPrivateKey []byte
|
||||
if ctx.Bool("github-app-private-key-base64") {
|
||||
appPrivateKey, err = base64.StdEncoding.DecodeString(ctx.String("github-app-private-key"))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
} else {
|
||||
appPrivateKey = []byte(ctx.String("github-app-private-key"))
|
||||
}
|
||||
|
||||
remoteForge, err = github_forge.New(
|
||||
ctx.String("github-org"),
|
||||
ctx.String("github-app-id"),
|
||||
appPrivateKey,
|
||||
ctx.Bool("github-make-repo-public"),
|
||||
)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
remoteForge = forge.NewCacher(remoteForge)
|
||||
default:
|
||||
return cli.Exit("git-provider must be github", 1)
|
||||
}
|
||||
|
||||
w := worker.New(temporalClient, ctx.String("temporal-task-queue"), worker.Options{})
|
||||
workerServer := mothership_worker_server.New(db, storage, gpgKeys, remoteForge)
|
||||
|
||||
// Register workflows
|
||||
w.RegisterWorkflow(mothership_worker_server.ProcessRPMWorkflow)
|
||||
@ -52,10 +104,87 @@ func run(ctx *cli.Context) error {
|
||||
func main() {
|
||||
base.ChangeDefaultForEnvVar(base.EnvVarTemporalTaskQueue, "mship_worker_server")
|
||||
|
||||
flags := base.WithDefaultCliFlagsTemporal(base.WithStorageFlags()...)
|
||||
flags = append(flags, &cli.StringSliceFlag{
|
||||
Name: "allowed-gpg-keys",
|
||||
Usage: "Armored GPG keys that we verify SRPMs with. Must be base64 encoded",
|
||||
EnvVars: []string{"ALLOWED_GPG_KEYS"},
|
||||
})
|
||||
flags = append(flags, []cli.Flag{
|
||||
&cli.StringFlag{
|
||||
Name: "git-provider",
|
||||
Action: func(ctx *cli.Context, s string) error {
|
||||
// Can only be github for now
|
||||
if s != "github" {
|
||||
return cli.Exit("git-provider must be github", 1)
|
||||
}
|
||||
|
||||
return nil
|
||||
},
|
||||
Usage: "Git provider to use. Currently only github is supported",
|
||||
EnvVars: []string{"GIT_PROVIDER"},
|
||||
},
|
||||
// Github only
|
||||
&cli.StringFlag{
|
||||
Name: "github-org",
|
||||
Usage: "Github organization to use",
|
||||
EnvVars: []string{"GITHUB_ORG"},
|
||||
Action: func(ctx *cli.Context, s string) error {
|
||||
// Required for github
|
||||
if ctx.String("git-provider") == "github" && s == "" {
|
||||
return cli.Exit("github-org is required for github", 1)
|
||||
}
|
||||
|
||||
return nil
|
||||
},
|
||||
},
|
||||
&cli.StringFlag{
|
||||
Name: "github-app-id",
|
||||
Usage: "Github app ID",
|
||||
EnvVars: []string{"GITHUB_APP_ID"},
|
||||
Action: func(ctx *cli.Context, s string) error {
|
||||
// Required for github
|
||||
if ctx.String("git-provider") == "github" && s == "" {
|
||||
return cli.Exit("github-org is required for github", 1)
|
||||
}
|
||||
|
||||
return nil
|
||||
},
|
||||
},
|
||||
&cli.StringFlag{
|
||||
Name: "github-app-private-key",
|
||||
Usage: "Github app private key",
|
||||
EnvVars: []string{"GITHUB_APP_PRIVATE_KEY"},
|
||||
Action: func(ctx *cli.Context, s string) error {
|
||||
// Required for github
|
||||
if ctx.String("git-provider") == "github" && s == "" {
|
||||
return cli.Exit("github-org is required for github", 1)
|
||||
}
|
||||
|
||||
return nil
|
||||
},
|
||||
},
|
||||
&cli.BoolFlag{
|
||||
Name: "github-app-private-key-base64",
|
||||
Usage: "Whether the Github app private key is base64 encoded",
|
||||
EnvVars: []string{"GITHUB_APP_PRIVATE_KEY_BASE64"},
|
||||
Value: false,
|
||||
},
|
||||
&cli.BoolFlag{
|
||||
Name: "github-make-repo-public",
|
||||
Usage: "Whether to make the Github repository public",
|
||||
EnvVars: []string{"GITHUB_MAKE_REPO_PUBLIC"},
|
||||
Value: false,
|
||||
},
|
||||
}...)
|
||||
|
||||
base64EncodedDefaultGpgKey := base64.StdEncoding.EncodeToString(defaultGpgKey)
|
||||
base.RareUseChangeDefault("ALLOWED_GPG_KEYS", base64EncodedDefaultGpgKey)
|
||||
|
||||
app := &cli.App{
|
||||
Name: "mship_worker_server",
|
||||
Action: run,
|
||||
Flags: base.WithDefaultCliFlagsTemporal(base.WithStorageFlags()...),
|
||||
Flags: flags,
|
||||
}
|
||||
|
||||
if err := app.Run(os.Args); err != nil {
|
||||
|
@ -0,0 +1,29 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v1.4.5 (GNU/Linux)
|
||||
|
||||
mQINBErgSTsBEACh2A4b0O9t+vzC9VrVtL1AKvUWi9OPCjkvR7Xd8DtJxeeMZ5eF
|
||||
0HtzIG58qDRybwUe89FZprB1ffuUKzdE+HcL3FbNWSSOXVjZIersdXyH3NvnLLLF
|
||||
0DNRB2ix3bXG9Rh/RXpFsNxDp2CEMdUvbYCzE79K1EnUTVh1L0Of023FtPSZXX0c
|
||||
u7Pb5DI5lX5YeoXO6RoodrIGYJsVBQWnrWw4xNTconUfNPk0EGZtEnzvH2zyPoJh
|
||||
XGF+Ncu9XwbalnYde10OCvSWAZ5zTCpoLMTvQjWpbCdWXJzCm6G+/hx9upke546H
|
||||
5IjtYm4dTIVTnc3wvDiODgBKRzOl9rEOCIgOuGtDxRxcQkjrC+xvg5Vkqn7vBUyW
|
||||
9pHedOU+PoF3DGOM+dqv+eNKBvh9YF9ugFAQBkcG7viZgvGEMGGUpzNgN7XnS1gj
|
||||
/DPo9mZESOYnKceve2tIC87p2hqjrxOHuI7fkZYeNIcAoa83rBltFXaBDYhWAKS1
|
||||
PcXS1/7JzP0ky7d0L6Xbu/If5kqWQpKwUInXtySRkuraVfuK3Bpa+X1XecWi24JY
|
||||
HVtlNX025xx1ewVzGNCTlWn1skQN2OOoQTV4C8/qFpTW6DTWYurd4+fE0OJFJZQF
|
||||
buhfXYwmRlVOgN5i77NTIJZJQfYFj38c/Iv5vZBPokO6mffrOTv3MHWVgQARAQAB
|
||||
tDNSZWQgSGF0LCBJbmMuIChyZWxlYXNlIGtleSAyKSA8c2VjdXJpdHlAcmVkaGF0
|
||||
LmNvbT6JAjYEEwECACAFAkrgSTsCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAK
|
||||
CRAZni+R/UMdUWzpD/9s5SFR/ZF3yjY5VLUFLMXIKUztNN3oc45fyLdTI3+UClKC
|
||||
2tEruzYjqNHhqAEXa2sN1fMrsuKec61Ll2NfvJjkLKDvgVIh7kM7aslNYVOP6BTf
|
||||
C/JJ7/ufz3UZmyViH/WDl+AYdgk3JqCIO5w5ryrC9IyBzYv2m0HqYbWfphY3uHw5
|
||||
un3ndLJcu8+BGP5F+ONQEGl+DRH58Il9Jp3HwbRa7dvkPgEhfFR+1hI+Btta2C7E
|
||||
0/2NKzCxZw7Lx3PBRcU92YKyaEihfy/aQKZCAuyfKiMvsmzs+4poIX7I9NQCJpyE
|
||||
IGfINoZ7VxqHwRn/d5mw2MZTJjbzSf+Um9YJyA0iEEyD6qjriWQRbuxpQXmlAJbh
|
||||
8okZ4gbVFv1F8MzK+4R8VvWJ0XxgtikSo72fHjwha7MAjqFnOq6eo6fEC/75g3NL
|
||||
Ght5VdpGuHk0vbdENHMC8wS99e5qXGNDued3hlTavDMlEAHl34q2H9nakTGRF5Ki
|
||||
JUfNh3DVRGhg8cMIti21njiRh7gyFI2OccATY7bBSr79JhuNwelHuxLrCFpY7V25
|
||||
OFktl15jZJaMxuQBqYdBgSay2G0U6D1+7VsWufpzd/Abx1/c3oi9ZaJvW22kAggq
|
||||
dzdA27UUYjWvx42w9menJwh/0jeQcTecIUd0d0rFcw/c1pvgMMl/Q73yzKgKYw==
|
||||
=zbHE
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
Loading…
Reference in New Issue
Block a user