feat: disabled by default api-server for porter installation outputs (g…

…etporter#2763)

This satisfies requirements in PEP-006 that needs an outputs API for the Operator.

Signed-off-by: Brian DeGeeter <[email protected]>
Co-authored-by: Steven Gettys <[email protected]>

.dockerignore

@@ -1,5 +1,10 @@
 *
 
 !bin/dev/porter-linux-amd64
+!bin/dev/porter-linux-arm64
+!bin/dev/porter-api-server-linux-amd64
+!bin/dev/porter-api-server-linux-arm64
 !bin/dev/agent-linux-amd64
+!bin/dev/agent-linux-arm64
 !bin/mixins/exec/dev/exec-linux-amd64
+!bin/mixins/exec/dev/exec-linux-arm64

.github/workflows/build-publish-from-fork.yaml

@@ -0,0 +1,36 @@
+name: build-publish-from-fork
+on:
+  workflow_dispatch: {}
+  push: {}
+  pull_request: {}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    if: github.repository != 'getporter/porter'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Login to DockerHub
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+      - uses: actions/setup-go@v3
+        with:
+          go-version-file: go.mod
+          cache: true
+          cache-dependency-path: go.sum
+      - name: Set up Mage
+        run: go run mage.go EnsureMage
+      - name: Publish
+        if: ${{ github.event_name != 'pull_request' }}
+        env:
+          PORTER_REGISTRY: ghcr.io/${{ github.repository }}
+        run: |
+          mage -v XBuildAll
+          mage -v PublishServerMultiArchImages

.gitignore

@@ -16,5 +16,11 @@ examples/**/Dockerfile
 workshop/**/Dockerfile
 
 .vscode
+*.code-workspace
 .idea
 kind.config
+grpc-porter-tls.crt
+grpc-porter-tls.key
+grpc-porter.csr
+.grpcurl/
+config.yaml

build/images/server/Dockerfile

@@ -0,0 +1,28 @@
+FROM alpine:3 as builder
+ARG TARGETARCH
+WORKDIR /app/.porter
+
+RUN mkdir runtimes && \
+  mkdir -p mixins/exec/runtimes
+
+# Install porter-api-server, agent, and the exec mixin, everything else
+COPY bin/dev/porter-api-server-linux-$TARGETARCH porter
+COPY bin/dev/agent-linux-$TARGETARCH agent
+COPY bin/mixins/exec/dev/exec-linux-$TARGETARCH mixins/exec/exec
+RUN ln -s /app/.porter/porter runtimes/porter-runtime && \
+  ln -s /app/.porter/mixins/exec/exec mixins/exec/runtimes/exec-runtime
+
+# Copy the porter installation into a distroless container
+# Explicitly not using the nonroot tag because we don't want the user to exist so it is placed in the root group
+# This allows us to run with a random UID, and access a mounted docker socket (which is only accessible via the root group)
+FROM gcr.io/distroless/static
+WORKDIR /app
+COPY --from=builder --chown=65532:0 --chmod=770 /app/.porter /app/.porter
+ENV PATH "$PATH:/app/.porter"
+# This is where files that need to be copied into /app/.porter/ should be mounted
+VOLUME /porter-config
+ENV PORTER_HOME /app/.porter
+
+# Run as a nonroot user
+USER 65532
+ENTRYPOINT ["/app/.porter/agent"]

build/protoc.Dockerfile

@@ -0,0 +1,5 @@
+FROM golang:1.19.0
+RUN apt-get update && apt-get -y install protobuf-compiler
+RUN go install google.golang.org/protobuf/cmd/[email protected]
+RUN go install google.golang.org/grpc/cmd/[email protected]
+WORKDIR /proto

cmd/porter/main.go

@@ -7,6 +7,7 @@ import (
 	"os"
 	"os/signal"
 	"runtime/debug"
+	"strconv"
 	"strings"
 
 	"get.porter.sh/porter/pkg/cli"
@@ -19,6 +20,8 @@ import (
 
 var includeDocsCommand = false
 
+var includeGRPCServer string = "false"
+
 //go:embed helptext/usage.txt
 var usageText string
 
@@ -226,6 +229,11 @@ Try our QuickStart https://getporter.org/quickstart to learn how to use Porter.
 	cmd.AddCommand(buildCredentialsCommands(p))
 	cmd.AddCommand(buildParametersCommands(p))
 	cmd.AddCommand(buildCompletionCommand(p))
+	//use -ldflags "-X main.includeGRPCServer=true" during build to include
+	grpcServer, _ := strconv.ParseBool(includeGRPCServer)
+	if grpcServer {
+		cmd.AddCommand(buildGRPCServerCommands(p))
+	}
 
 	for _, alias := range buildAliasCommands(p) {
 		cmd.AddCommand(alias)

cmd/porter/server.go

@@ -0,0 +1,58 @@
+package main
+
+import (
+	"time"
+
+	grpc "get.porter.sh/porter/pkg/grpc"
+	"get.porter.sh/porter/pkg/porter"
+	"get.porter.sh/porter/pkg/signals"
+	"github.com/spf13/cobra"
+)
+
+func buildGRPCServerCommands(p *porter.Porter) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:    "api-server",
+		Short:  "API server",
+		Long:   "Launch API server for porter",
+		Hidden: true, // This is a hidden command and is currently only meant to be used by the porter operator
+	}
+	cmd.Annotations = map[string]string{
+		"group": "api-server",
+	}
+	cmd.AddCommand(buildServerRunCommand(p))
+	return cmd
+}
+
+func buildServerRunCommand(p *porter.Porter) *cobra.Command {
+	opts := porter.ServiceOptions{}
+	cmd := &cobra.Command{
+		Use:   "run",
+		Short: "Run the gRPC server",
+		Long: `Run the gRPC server for porter.
+
+This command starts the gRPC server for porter which is able to expose limited porter functionality via RPC.
+Currently only data operations are supported, creation of resources such as installations, credential sets, or parameter sets is not supported.
+
+A list of the supported RPCs can be found at <link?>
+`,
+		PreRunE: func(cmd *cobra.Command, args []string) error {
+			return opts.Validate()
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+			srv, err := grpc.NewServer(cmd.Context(), &opts)
+			if err != nil {
+				return err
+			}
+			grpcServer, err := srv.ListenAndServe()
+			stopCh := signals.SetupSignalHandler()
+			serverShutdownTimeout := time.Duration(time.Second * 30)
+			sd, _ := signals.NewShutdown(serverShutdownTimeout, cmd.Context())
+			sd.Graceful(stopCh, grpcServer, cmd.Context())
+			return err
+		},
+	}
+	f := cmd.Flags()
+	f.Int64VarP(&opts.Port, "port", "p", 3001, "Port to run the server on")
+	f.StringVarP(&opts.ServiceName, "service-name", "s", "api-server", "Server service name")
+	return cmd
+}

docker-bake.json

@@ -0,0 +1,19 @@
+{
+  "group": {
+    "default": {
+      "targets": [
+        "server"
+      ]
+    }
+  },
+  "target": {
+    "server": {
+      "platforms": [
+        "linux/amd64",
+        "linux/arm64"
+      ],
+      "dockerfile": "build/images/server/Dockerfile",
+      "context": "./"
+    }
+  }
+}