mship_worker_server misc CLI changes

This commit is contained in:
Mustafa Gezen 2023-08-28 05:12:52 +02:00
parent 7d6a4c1048
commit b04451eb81
Signed by: mustafa
GPG Key ID: DCDF010D946438C1
3 changed files with 165 additions and 3 deletions

View File

@ -17,15 +17,19 @@ load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
go_library(
name = "mship_worker_server_lib",
srcs = ["main.go"],
embedsrcs = ["rh_public_key.asc"],
importpath = "go.resf.org/peridot/tools/mothership/cmd/mship_worker_server",
visibility = ["//visibility:private"],
deps = [
"//base/go",
"//base/go/storage/detector",
"//tools/mothership/worker_server",
"//tools/mothership/worker_server/forge",
"//tools/mothership/worker_server/forge/github",
"//vendor/github.com/urfave/cli/v2:cli",
"//vendor/go.temporal.io/sdk/client",
"//vendor/go.temporal.io/sdk/worker",
"//vendor/golang.org/x/crypto/openpgp",
],
)

View File

@ -15,15 +15,24 @@
package main
import (
"bytes"
_ "embed"
"encoding/base64"
"github.com/urfave/cli/v2"
base "go.resf.org/peridot/base/go"
storage_detector "go.resf.org/peridot/base/go/storage/detector"
mothership_worker_server "go.resf.org/peridot/tools/mothership/worker_server"
"go.resf.org/peridot/tools/mothership/worker_server/forge"
github_forge "go.resf.org/peridot/tools/mothership/worker_server/forge/github"
"go.temporal.io/sdk/client"
"go.temporal.io/sdk/worker"
"golang.org/x/crypto/openpgp"
"os"
)
//go:embed rh_public_key.asc
var defaultGpgKey []byte
func run(ctx *cli.Context) error {
temporalClient, err := base.GetTemporalClientFromFlags(ctx, client.Options{})
if err != nil {
@ -36,8 +45,51 @@ func run(ctx *cli.Context) error {
return err
}
w := worker.New(temporalClient, ctx.String(string(base.EnvVarTemporalTaskQueue)), worker.Options{})
workerServer := mothership_worker_server.New(db, storage)
// Create pgp keys
var gpgKeys openpgp.EntityList
for _, key := range ctx.StringSlice("allowed-gpg-keys") {
decoded, err := base64.StdEncoding.DecodeString(key)
if err != nil {
return err
}
keyRing, err := openpgp.ReadArmoredKeyRing(bytes.NewReader([]byte(decoded)))
if err != nil {
return err
}
gpgKeys = append(gpgKeys, keyRing...)
}
// Create forge based on git provider
var remoteForge forge.Forge
switch ctx.String("git-provider") {
case "github":
var appPrivateKey []byte
if ctx.Bool("github-app-private-key-base64") {
appPrivateKey, err = base64.StdEncoding.DecodeString(ctx.String("github-app-private-key"))
if err != nil {
return err
}
} else {
appPrivateKey = []byte(ctx.String("github-app-private-key"))
}
remoteForge, err = github_forge.New(
ctx.String("github-org"),
ctx.String("github-app-id"),
appPrivateKey,
ctx.Bool("github-make-repo-public"),
)
if err != nil {
return err
}
remoteForge = forge.NewCacher(remoteForge)
default:
return cli.Exit("git-provider must be github", 1)
}
w := worker.New(temporalClient, ctx.String("temporal-task-queue"), worker.Options{})
workerServer := mothership_worker_server.New(db, storage, gpgKeys, remoteForge)
// Register workflows
w.RegisterWorkflow(mothership_worker_server.ProcessRPMWorkflow)
@ -52,10 +104,87 @@ func run(ctx *cli.Context) error {
func main() {
base.ChangeDefaultForEnvVar(base.EnvVarTemporalTaskQueue, "mship_worker_server")
flags := base.WithDefaultCliFlagsTemporal(base.WithStorageFlags()...)
flags = append(flags, &cli.StringSliceFlag{
Name: "allowed-gpg-keys",
Usage: "Armored GPG keys that we verify SRPMs with. Must be base64 encoded",
EnvVars: []string{"ALLOWED_GPG_KEYS"},
})
flags = append(flags, []cli.Flag{
&cli.StringFlag{
Name: "git-provider",
Action: func(ctx *cli.Context, s string) error {
// Can only be github for now
if s != "github" {
return cli.Exit("git-provider must be github", 1)
}
return nil
},
Usage: "Git provider to use. Currently only github is supported",
EnvVars: []string{"GIT_PROVIDER"},
},
// Github only
&cli.StringFlag{
Name: "github-org",
Usage: "Github organization to use",
EnvVars: []string{"GITHUB_ORG"},
Action: func(ctx *cli.Context, s string) error {
// Required for github
if ctx.String("git-provider") == "github" && s == "" {
return cli.Exit("github-org is required for github", 1)
}
return nil
},
},
&cli.StringFlag{
Name: "github-app-id",
Usage: "Github app ID",
EnvVars: []string{"GITHUB_APP_ID"},
Action: func(ctx *cli.Context, s string) error {
// Required for github
if ctx.String("git-provider") == "github" && s == "" {
return cli.Exit("github-org is required for github", 1)
}
return nil
},
},
&cli.StringFlag{
Name: "github-app-private-key",
Usage: "Github app private key",
EnvVars: []string{"GITHUB_APP_PRIVATE_KEY"},
Action: func(ctx *cli.Context, s string) error {
// Required for github
if ctx.String("git-provider") == "github" && s == "" {
return cli.Exit("github-org is required for github", 1)
}
return nil
},
},
&cli.BoolFlag{
Name: "github-app-private-key-base64",
Usage: "Whether the Github app private key is base64 encoded",
EnvVars: []string{"GITHUB_APP_PRIVATE_KEY_BASE64"},
Value: false,
},
&cli.BoolFlag{
Name: "github-make-repo-public",
Usage: "Whether to make the Github repository public",
EnvVars: []string{"GITHUB_MAKE_REPO_PUBLIC"},
Value: false,
},
}...)
base64EncodedDefaultGpgKey := base64.StdEncoding.EncodeToString(defaultGpgKey)
base.RareUseChangeDefault("ALLOWED_GPG_KEYS", base64EncodedDefaultGpgKey)
app := &cli.App{
Name: "mship_worker_server",
Action: run,
Flags: base.WithDefaultCliFlagsTemporal(base.WithStorageFlags()...),
Flags: flags,
}
if err := app.Run(os.Args); err != nil {

View File

@ -0,0 +1,29 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.5 (GNU/Linux)
mQINBErgSTsBEACh2A4b0O9t+vzC9VrVtL1AKvUWi9OPCjkvR7Xd8DtJxeeMZ5eF
0HtzIG58qDRybwUe89FZprB1ffuUKzdE+HcL3FbNWSSOXVjZIersdXyH3NvnLLLF
0DNRB2ix3bXG9Rh/RXpFsNxDp2CEMdUvbYCzE79K1EnUTVh1L0Of023FtPSZXX0c
u7Pb5DI5lX5YeoXO6RoodrIGYJsVBQWnrWw4xNTconUfNPk0EGZtEnzvH2zyPoJh
XGF+Ncu9XwbalnYde10OCvSWAZ5zTCpoLMTvQjWpbCdWXJzCm6G+/hx9upke546H
5IjtYm4dTIVTnc3wvDiODgBKRzOl9rEOCIgOuGtDxRxcQkjrC+xvg5Vkqn7vBUyW
9pHedOU+PoF3DGOM+dqv+eNKBvh9YF9ugFAQBkcG7viZgvGEMGGUpzNgN7XnS1gj
/DPo9mZESOYnKceve2tIC87p2hqjrxOHuI7fkZYeNIcAoa83rBltFXaBDYhWAKS1
PcXS1/7JzP0ky7d0L6Xbu/If5kqWQpKwUInXtySRkuraVfuK3Bpa+X1XecWi24JY
HVtlNX025xx1ewVzGNCTlWn1skQN2OOoQTV4C8/qFpTW6DTWYurd4+fE0OJFJZQF
buhfXYwmRlVOgN5i77NTIJZJQfYFj38c/Iv5vZBPokO6mffrOTv3MHWVgQARAQAB
tDNSZWQgSGF0LCBJbmMuIChyZWxlYXNlIGtleSAyKSA8c2VjdXJpdHlAcmVkaGF0
LmNvbT6JAjYEEwECACAFAkrgSTsCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAK
CRAZni+R/UMdUWzpD/9s5SFR/ZF3yjY5VLUFLMXIKUztNN3oc45fyLdTI3+UClKC
2tEruzYjqNHhqAEXa2sN1fMrsuKec61Ll2NfvJjkLKDvgVIh7kM7aslNYVOP6BTf
C/JJ7/ufz3UZmyViH/WDl+AYdgk3JqCIO5w5ryrC9IyBzYv2m0HqYbWfphY3uHw5
un3ndLJcu8+BGP5F+ONQEGl+DRH58Il9Jp3HwbRa7dvkPgEhfFR+1hI+Btta2C7E
0/2NKzCxZw7Lx3PBRcU92YKyaEihfy/aQKZCAuyfKiMvsmzs+4poIX7I9NQCJpyE
IGfINoZ7VxqHwRn/d5mw2MZTJjbzSf+Um9YJyA0iEEyD6qjriWQRbuxpQXmlAJbh
8okZ4gbVFv1F8MzK+4R8VvWJ0XxgtikSo72fHjwha7MAjqFnOq6eo6fEC/75g3NL
Ght5VdpGuHk0vbdENHMC8wS99e5qXGNDued3hlTavDMlEAHl34q2H9nakTGRF5Ki
JUfNh3DVRGhg8cMIti21njiRh7gyFI2OccATY7bBSr79JhuNwelHuxLrCFpY7V25
OFktl15jZJaMxuQBqYdBgSay2G0U6D1+7VsWufpzd/Abx1/c3oi9ZaJvW22kAggq
dzdA27UUYjWvx42w9menJwh/0jeQcTecIUd0d0rFcw/c1pvgMMl/Q73yzKgKYw==
=zbHE
-----END PGP PUBLIC KEY BLOCK-----