Merge branch 'main' into 1397-type-regex-adjudicators

defenseunicorns · Dec 12, 2024 · 12b815e · 12b815e
2 parents dba5f25 + 6729370
commit 12b815e
Show file tree

Hide file tree

Showing 14 changed files with 1,111 additions and 282 deletions.
diff --git a/.github/workflows/secret-scan.yml b/.github/workflows/secret-scan.yml
@@ -23,6 +23,6 @@ jobs:
       with:
         fetch-depth: 0
     - name: Default Secret Scanning
-      uses: trufflesecurity/trufflehog@f726d02330dbcec836fa17f79fa7711fdb3a5cc8 # main
+      uses: trufflesecurity/trufflehog@6ceb49097f21249369f015c4d571173e9252f04d # main
       with:
         extra_args: --debug --no-verification # Warn on potential violations
diff --git a/docs/090_roadmap/README.md b/docs/090_roadmap/README.md
@@ -66,3 +66,38 @@ _2024 Roadmap_
     - Load test Pepr/KFC to identify bottlenecks and areas of improvement.
     - Ensure that Pepr/KFC can handle a large number of resources and events over a sustained period of time (nightly).
 
+_2025 Roadmap_  
+## Phase 1: Code Quality - Experimentation 
+
+- **Q1**:
+  - **Turn on eslint enforcement and configure settings and see no warnings**:
+    - Eliminate circular dependencies, complexity, return statements, etc.
+  - **Metric and Performance Baselining**:
+    - Establish a baseline for performance and resource utilization metrics. Use this data to make informed decisions about the direction of the project in terms of Deno2
+  - **OTEL Preparation**:
+    - Come up with a plan to implement Open Telemetry. Specifically distributed tracing, metrics, logs and events. Use this data to make debugging easier from a UDS Core prespective. There will be documentation work on how to use an OTEL collector with a Pepr Module.
+  - **Nightly Release**:
+    - Establish a nightly release process. This will help us to catch bugs early and ensure that the project is always in a releasable state.
+
+## Phase 2: Durable Storage for Metrics and Performance Tests / Transactional Pepr Store
+
+- **Q2**:
+  - **Professional Dashboard displaying metrics and performance tests originating from CI**:
+  - **Determine if a Transactional PeprStore makes sense**:
+    - Sus out details involved with having a transactional Pepr Store. What are the implications of this? What are the benefits? What are the drawbacks? What are the use-cases? What are the technologies that can be used to implement this?
+  - **Experimentation with Deno2**:
+    - Experiment with Deno2 through Dash Days and see if it can be used in the project. Look into the performance improvements and new features that Deno2 brings to the table. 
+
+
+## Phase 3: TBD
+
+- **Q3**:
+  - **Deno2 Implementation**:
+    - If determined to be advisable, move forward with migrating the project to Deno2 (starting with the kubernetes-fluent-client..?). This phase will focus on adapting the codebase, conducting extensive testing, and creating comprehensive documentation to ensure a seamless transition.
+  - **Transactional PeprStore Implementation**:
+    - Begin integrating transactional functionality into PeprStore. The implementation will emphasize robust testing and clear documentation to support fast and reliable data operations in a transactional manner.
+
+## Phase 4: TDB
+
+- **Q4**:
+
diff --git a/package-lock.json b/package-lock.json
diff --git a/src/cli/build.helpers.ts b/src/cli/build.helpers.ts
@@ -1,3 +1,15 @@
+import { createDirectoryIfNotExists } from "../lib/filesystemService";
+import { sanitizeResourceName } from "../sdk/sdk";
+import { createDockerfile } from "../lib/included-files";
+import { execSync } from "child_process";
+import { CapabilityExport } from "../lib/types";
+import { validateCapabilityNames } from "../lib/helpers";
+import { BuildOptions, BuildResult, context, BuildContext } from "esbuild";
+import { Assets } from "../lib/assets";
+import { resolve } from "path";
+import { promises as fs } from "fs";
+
+export type Reloader = (opts: BuildResult<BuildOptions>) => void | Promise<void>;
 /**
  * Determine the RBAC mode based on the CLI options and the module's config
  * @param opts CLI options
@@ -26,3 +38,171 @@ export function determineRbacMode(
   // if nothing is defined return admin, else return scoped
   return cfg.pepr.rbacMode || "admin";
 }
+
+/**
+ * Handle the custom output directory
+ * @param outputDir the desired output directory
+ * @returns The desired output directory or the default one
+ */
+
+export async function handleCustomOutputDir(outputDir: string): Promise<string> {
+  const defaultOutputDir = "dist";
+  if (outputDir) {
+    try {
+      await createDirectoryIfNotExists(outputDir);
+      return outputDir;
+    } catch (error) {
+      console.error(`Error creating output directory: ${error.message}`);
+      process.exit(1);
+    }
+  }
+  return defaultOutputDir;
+}
+
+/**
+ * Check if the image is from Iron Bank and return the correct image
+ * @param registry The registry of the image
+ * @param image The image to check
+ * @param peprVersion The version of the PEPR controller
+ * @returns The image string
+ * @example
+ */
+export function checkIronBankImage(registry: string, image: string, peprVersion: string): string {
+  return registry === "Iron Bank"
+    ? `registry1.dso.mil/ironbank/opensource/defenseunicorns/pepr/controller:v${peprVersion}`
+    : image;
+}
+
+/**
+ * Check if the image pull secret is a valid Kubernetes name
+ * @param imagePullSecret
+ * @returns boolean
+ */
+export function validImagePullSecret(imagePullSecretName: string): void {
+  if (imagePullSecretName) {
+    const error = "Invalid imagePullSecret. Please provide a valid name as defined in RFC 1123.";
+    if (sanitizeResourceName(imagePullSecretName) !== imagePullSecretName) {
+      // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#dns-subdomain-names
+      console.error(error);
+      process.exit(1);
+    }
+  }
+}
+
+/**
+ * Constraint to majke sure customImage and registry are not both used
+ * @param customImage
+ * @param registry
+ * @returns
+ */
+export function handleCustomImage(customImage: string, registry: string): string {
+  let defaultImage = "";
+  if (customImage) {
+    if (registry) {
+      console.error(`Custom Image and registry cannot be used together.`);
+      process.exit(1);
+    }
+    defaultImage = customImage;
+  }
+  return defaultImage;
+}
+
+/**
+ * Creates and pushes a custom image for WASM or any other included files
+ * @param includedFiles
+ * @param peprVersion
+ * @param description
+ * @param image
+ */
+export async function handleCustomImageBuild(
+  includedFiles: string[],
+  peprVersion: string,
+  description: string,
+  image: string,
+): Promise<void> {
+  if (includedFiles.length > 0) {
+    await createDockerfile(peprVersion, description, includedFiles);
+    execSync(`docker build --tag ${image} -f Dockerfile.controller .`, {
+      stdio: "inherit",
+    });
+    execSync(`docker push ${image}`, { stdio: "inherit" });
+  }
+}
+
+/**
+ * Disables embedding of deployment files into output module
+ * @param embed
+ * @param path
+ * @returns
+ */
+export function handleEmbedding(embed: boolean, path: string): void {
+  if (!embed) {
+    console.info(`✅ Module built successfully at ${path}`);
+    return;
+  }
+}
+
+/**
+ * Check if the capability names are valid
+ * @param capabilities The capabilities to check
+ */
+export function handleValidCapabilityNames(capabilities: CapabilityExport[]): void {
+  try {
+    // wait for capabilities to be loaded and test names
+    validateCapabilityNames(capabilities);
+  } catch (e) {
+    console.error(`Error loading capability:`, e);
+    process.exit(1);
+  }
+}
+
+/**
+ * Watch for changes in the module
+ * @param ctxCfg The build options
+ * @param reloader The reloader function
+ * @returns The build context
+ */
+export async function watchForChanges(
+  ctxCfg: BuildOptions,
+  reloader: Reloader | undefined,
+): Promise<BuildContext<BuildOptions>> {
+  const ctx = await context(ctxCfg);
+
+  // If the reloader function is defined, watch the module for changes
+  if (reloader) {
+    await ctx.watch();
+  } else {
+    // Otherwise, just build the module once
+    await ctx.rebuild();
+    await ctx.dispose();
+  }
+
+  return ctx;
+}
+
+export async function generateYamlAndWriteToDisk(obj: {
+  uuid: string;
+  imagePullSecret: string;
+  outputDir: string;
+  assets: Assets;
+  zarf: string;
+}): Promise<void> {
+  const { uuid, imagePullSecret, outputDir, assets, zarf } = obj;
+  const yamlFile = `pepr-module-${uuid}.yaml`;
+  const chartPath = `${uuid}-chart`;
+  const yamlPath = resolve(outputDir, yamlFile);
+  const yaml = await assets.allYaml(imagePullSecret);
+  const zarfPath = resolve(outputDir, "zarf.yaml");
+
+  let localZarf = "";
+  if (zarf === "chart") {
+    localZarf = assets.zarfYamlChart(chartPath);
+  } else {
+    localZarf = assets.zarfYaml(yamlFile);
+  }
+  await fs.writeFile(yamlPath, yaml);
+  await fs.writeFile(zarfPath, localZarf);
+
+  await assets.generateHelmChart(outputDir);
+  console.info(`✅ K8s resource for the module saved to ${yamlPath}`);
+}