score-compose icon indicating copy to clipboard operation
score-compose copied to clipboard

Published 20 hours ago verified publisher icon score-spec

[feature request] Support generic OCI image in `init --provisioners`

Open mathieu-benoit opened this issue 1 year ago • 9 comments
trafficstars

To complete https://github.com/score-spec/score-compose/pull/175, it would be great to support generic OCI image to import external provisioners.

https://opencontainers.org/

Example:

score-compose init --provisioners oci://...

Wondering if for this we could use the ORAS client:

  • https://oras.land/
  • https://github.com/oras-project/oras-go/blob/main/example_test.go

mathieu-benoit avatar Sep 21 '24 10:09 mathieu-benoit

@mathieu-benoit how would that work? What would the archive format be inside the image and how would users create an image file with a single yaml file inside it?

astromechza avatar Sep 23 '24 12:09 astromechza

Why is this better than just an https url?

astromechza avatar Sep 23 '24 12:09 astromechza

Simple as:

oras push registry/name:tag my-provisioner.yaml

Then you can use it:

oras pull registry/name:tag

Or more embedded:

score-compose init --provisioners registry/name:tag

Why it's appealing? Because you now have your provisioners as OCI artifacts in your private secure artifact/container registry.

Not directly related, but I went through this full picture/story in a GitOps flow with Policies files, as an illustration: https://medium.com/p/e1233429ae2.

mathieu-benoit avatar Sep 23 '24 13:09 mathieu-benoit

Ah ok I see so this is a common pattern used in oras 👍 .

So score-k8s init --provisioners oci://reg/name:tag would be fairly equivalent to

score-k8s init
oras pull oci://reg/name:tag --output .score-k8s

Thankfully looks like there's a useful go library here: https://github.com/oras-project/oras-go.

Cool @mathieu-benoit I think this is a good idea. Note that we MUST keep the oci:// or oras:// scheme prefix on the URI to unambiguate it.

astromechza avatar Sep 24 '24 10:09 astromechza

Also note: This would import ALL the files from that oci reference: all provisioner files and possibility utility scripts as needed.

astromechza avatar Sep 24 '24 10:09 astromechza

Yup, I think oci:// is the right approach, very generic, and that's what oras recommends too.

And yes, you can do this below to upload multiple files in a folder:

oras push registry/name:tag my-folder-container-files/

mathieu-benoit avatar Sep 24 '24 13:09 mathieu-benoit

hey, since it's a good first issue, Can I try to fix it?

7h3-3mp7y-m4n avatar Oct 02 '24 18:10 7h3-3mp7y-m4n

@7h3-3mp7y-m4n For sure, that sounds great! You can go ahead and assign the issue to yourself whenever you're ready to get started. If you have any questions in regards to the implementation @mathieu-benoit and @delca85 should be able to assist. Thanks a lot!

sujaya-sys avatar Oct 03 '24 15:10 sujaya-sys

thanks @mathieu-benoit and @sujaya-sys I'll start working on this and I'll be happy if you folks could help me if I run into some confusion :)

7h3-3mp7y-m4n avatar Oct 06 '24 19:10 7h3-3mp7y-m4n

@7h3-3mp7y-m4n, like discussed offline, the implementation of this needs to actually happen in the https://github.com/score-spec/score-go repo, see example here: https://github.com/score-spec/score-go/pull/45. And then, we will be able to release a new version of score-go and include it here for this OCI support (and in score-k8s in the meantime ;)).

mathieu-benoit avatar Oct 11 '24 22:10 mathieu-benoit

Thanks @mathieu-benoit :)

7h3-3mp7y-m4n avatar Oct 11 '24 22:10 7h3-3mp7y-m4n

Good progress here, it's now in score-go 1.8.3: https://github.com/score-spec/score-go/releases/tag/v1.8.3.

We'll need to do the following things next in order to officially release this new feature:

  • [X] Integrate score-go 1.8.3 in score-compose: https://github.com/score-spec/score-compose/pull/194
  • [X] Integrate score-go 1.8.3 in score-k8s: https://github.com/score-spec/score-k8s/pull/63
  • [x] Test/validate this new feature integrated in score-compose's main
  • [x] Test/validate this new feature integrated in score-k8s's main
  • [x] In https://github.com/score-spec/score-k8s/blob/main/main_init.go#L170 add the oci:// example: https://github.com/score-spec/score-k8s/pull/69
  • [x] In https://github.com/score-spec/score-compose/blob/main/internal/command/init.go#L228 add the oci:// example: https://github.com/score-spec/score-compose/pull/196
  • [x] In https://github.com/score-spec/docs/blob/main/content/en/docs/score%20implementation/score-compose/cli.md?plain=1#L52 add the oci:// example
  • [x] In https://github.com/score-spec/docs/blob/main/content/en/docs/score%20implementation/score-k8s/cli.md?plain=1, add the provisioner parameter missing here, like we have in score-compose doc just above.

Out of scope for now (right?):

  • We don't add associated unit test in score-k8s like here: https://github.com/score-spec/score-k8s/blob/main/main_init_test.go#L128
  • We don't add associated unit test in score-compose like here: https://github.com/score-spec/score-compose/blob/main/internal/command/init_test.go#L234

mathieu-benoit avatar Oct 18 '24 15:10 mathieu-benoit

Now implemented in https://github.com/score-spec/score-compose/releases/tag/0.20.0 and https://github.com/score-spec/score-k8s/releases/tag/0.1.15, with the integration of https://github.com/score-spec/score-go/releases/tag/v1.8.4. Closing now!

mathieu-benoit avatar Nov 04 '24 16:11 mathieu-benoit