diff --git a/.github/workflows/publish-dev-assets.yml b/.github/workflows/publish-dev-assets.yml index 0426b2bf7..a651698ff 100644 --- a/.github/workflows/publish-dev-assets.yml +++ b/.github/workflows/publish-dev-assets.yml @@ -79,7 +79,7 @@ jobs: - name: docker build ratify base run: | docker buildx create --use - docker buildx build -f ./httpserver/Dockerfile \ + docker buildx build -f ./Dockerfile \ --attest type=sbom \ --attest type=provenance,mode=max \ --platform linux/amd64,linux/arm64,linux/arm/v7 \ @@ -91,7 +91,7 @@ jobs: - name: docker build ratify with plugin run: | docker buildx create --use - docker buildx build -f ./httpserver/Dockerfile \ + docker buildx build -f ./Dockerfile \ --attest type=sbom \ --attest type=provenance,mode=max \ --platform linux/amd64,linux/arm64,linux/arm/v7 \ diff --git a/.github/workflows/publish-package.yml b/.github/workflows/publish-package.yml index 11bee4cee..f952707d4 100644 --- a/.github/workflows/publish-package.yml +++ b/.github/workflows/publish-package.yml @@ -60,7 +60,7 @@ jobs: - name: docker build ratify base run: | docker buildx create --use - docker buildx build -f ./httpserver/Dockerfile \ + docker buildx build -f ./Dockerfile \ --attest type=sbom \ --attest type=provenance,mode=max \ --platform linux/amd64,linux/arm64,linux/arm/v7 \ @@ -71,7 +71,7 @@ jobs: - name: docker build ratify with plugin run: | docker buildx create --use - docker buildx build -f ./httpserver/Dockerfile \ + docker buildx build -f ./Dockerfile \ --attest type=sbom \ --attest type=provenance,mode=max \ --platform linux/amd64,linux/arm64,linux/arm/v7 \ diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index b634fac3a..e1a9f9420 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -206,7 +206,7 @@ Follow the steps below to build and deploy a Ratify image with your private chan export REGISTRY=yourregistry docker buildx create --use -docker buildx build -f httpserver/Dockerfile --platform linux/amd64 --build-arg build_sbom=true --build-arg build_licensechecker=true --build-arg build_schemavalidator=true --build-arg build_vulnerabilityreport=true -t ${REGISTRY}/ratify-project/ratify:yourtag . +docker buildx build -f Dockerfile --platform linux/amd64 --build-arg build_sbom=true --build-arg build_licensechecker=true --build-arg build_schemavalidator=true --build-arg build_vulnerabilityreport=true -t ${REGISTRY}/ratify-project/ratify:yourtag . docker build --progress=plain --build-arg KUBE_VERSION="1.29.2" --build-arg TARGETOS="linux" --build-arg TARGETARCH="amd64" -f crd.Dockerfile -t ${REGISTRY}/localbuildcrd:yourtag ./charts/ratify/crds ``` diff --git a/httpserver/Dockerfile b/Dockerfile similarity index 100% rename from httpserver/Dockerfile rename to Dockerfile diff --git a/Makefile b/Makefile index fde9cad09..dbe28aaff 100644 --- a/Makefile +++ b/Makefile @@ -564,7 +564,7 @@ e2e-deploy-ratify: e2e-notation-setup e2e-notation-leaf-cert-setup e2e-cosign-se e2e-build-local-ratify-base-image: docker build --progress=plain --no-cache \ - -f ./httpserver/Dockerfile \ + -f ./Dockerfile \ -t baselocalbuild:test . kind load docker-image --name kind baselocalbuild:test @@ -574,7 +574,7 @@ e2e-build-local-ratify-image: --build-arg build_licensechecker=true \ --build-arg build_schemavalidator=true \ --build-arg build_vulnerabilityreport=true \ - -f ./httpserver/Dockerfile \ + -f ./Dockerfile \ -t localbuild:test . load-local-ratify-image: diff --git a/charts/ratify/templates/deployment.yaml b/charts/ratify/templates/deployment.yaml index 46ed544ae..4b3b1924e 100644 --- a/charts/ratify/templates/deployment.yaml +++ b/charts/ratify/templates/deployment.yaml @@ -58,12 +58,11 @@ spec: seccompProfile: type: RuntimeDefault command: - - "/app/ratify" + - "/app/ratifymain" args: - - "serve" - "--http" - ":6001" - - "-c" + - "--config" - "/usr/local/ratify/config.json" - "--enable-crd-manager" - --cert-dir=/usr/local/tls diff --git a/scripts/azure-ci-test.sh b/scripts/azure-ci-test.sh index b5ddce9ce..9e23a6c4a 100755 --- a/scripts/azure-ci-test.sh +++ b/scripts/azure-ci-test.sh @@ -42,7 +42,7 @@ REGISTRY="${ACR_NAME}.azurecr.io" build_push_to_acr() { echo "Building and pushing images to ACR" - docker build --progress=plain --no-cache --build-arg build_sbom=true --build-arg build_licensechecker=true --build-arg build_schemavalidator=true --build-arg build_vulnerabilityreport=true -f ./httpserver/Dockerfile -t "${ACR_NAME}.azurecr.io/test/localbuild:${TAG}" . + docker build --progress=plain --no-cache --build-arg build_sbom=true --build-arg build_licensechecker=true --build-arg build_schemavalidator=true --build-arg build_vulnerabilityreport=true -f ./Dockerfile -t "${ACR_NAME}.azurecr.io/test/localbuild:${TAG}" . docker push "${REGISTRY}/test/localbuild:${TAG}" docker build --progress=plain --no-cache --build-arg KUBE_VERSION=${KUBERNETES_VERSION} --build-arg TARGETOS="linux" --build-arg TARGETARCH="amd64" -f crd.Dockerfile -t "${ACR_NAME}.azurecr.io/test/localbuildcrd:${TAG}" ./charts/ratify/crds diff --git a/httpserver/context.go b/server/httpserver/context.go similarity index 100% rename from httpserver/context.go rename to server/httpserver/context.go diff --git a/httpserver/handlers.go b/server/httpserver/handlers.go similarity index 100% rename from httpserver/handlers.go rename to server/httpserver/handlers.go diff --git a/httpserver/server.go b/server/httpserver/server.go similarity index 100% rename from httpserver/server.go rename to server/httpserver/server.go diff --git a/httpserver/server_test.go b/server/httpserver/server_test.go similarity index 100% rename from httpserver/server_test.go rename to server/httpserver/server_test.go diff --git a/httpserver/tlsManager.go b/server/httpserver/tlsManager.go similarity index 100% rename from httpserver/tlsManager.go rename to server/httpserver/tlsManager.go diff --git a/httpserver/tlsManager_test.go b/server/httpserver/tlsManager_test.go similarity index 100% rename from httpserver/tlsManager_test.go rename to server/httpserver/tlsManager_test.go diff --git a/httpserver/types.go b/server/httpserver/types.go similarity index 100% rename from httpserver/types.go rename to server/httpserver/types.go diff --git a/httpserver/types_test.go b/server/httpserver/types_test.go similarity index 100% rename from httpserver/types_test.go rename to server/httpserver/types_test.go diff --git a/pkg/manager/manager.go b/server/manager/manager.go similarity index 99% rename from pkg/manager/manager.go rename to server/manager/manager.go index f284ceaea..eb6b8fb39 100644 --- a/pkg/manager/manager.go +++ b/server/manager/manager.go @@ -29,7 +29,7 @@ import ( // to ensure that exec-entrypoint and run can make use of them. "github.com/open-policy-agent/cert-controller/pkg/rotator" "github.com/ratify-project/ratify/config" - "github.com/ratify-project/ratify/httpserver" + "github.com/ratify-project/ratify/server/httpserver" "github.com/ratify-project/ratify/pkg/featureflag" _ "github.com/ratify-project/ratify/pkg/policyprovider/configpolicy" // register config policy provider _ "github.com/ratify-project/ratify/pkg/policyprovider/regopolicy" // register rego policy provider diff --git a/server/ratifymain/config.go b/server/ratifymain/config.go new file mode 100644 index 000000000..7e25531f8 --- /dev/null +++ b/server/ratifymain/config.go @@ -0,0 +1,67 @@ +/* +Copyright The Ratify Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package ratifymain + +import ( + "flag" + "fmt" + "time" + + "github.com/ratify-project/ratify/server/httpserver" + "github.com/ratify-project/ratify/pkg/cache" + "github.com/sirupsen/logrus" +) + +// options defines the command line options to start the ratify server. +type options struct { + configFilePath string + httpServerAddress string + certDirectory string + caCertFile string + enableCrdManager bool + cacheEnabled bool + cacheType string + cacheName string + cacheSize int + cacheTTL time.Duration + metricsEnabled bool + metricsType string + metricsPort int + healthPort string +} + +// parse parses the command line arguments and returns the options. +func parse() *options { + opts := options{} + flag.StringVar(&opts.httpServerAddress, "http", "", "HTTP Address") + flag.StringVar(&opts.configFilePath, "config", "", "Config File Path") + flag.StringVar(&opts.certDirectory, "cert-dir", "", "Path to ratify certs") + flag.StringVar(&opts.caCertFile, "ca-cert-file", "", "Path to CA cert file") + flag.BoolVar(&opts.enableCrdManager, "enable-crd-manager", false, "Start crd manager if enabled (default: false)") + flag.BoolVar(&opts.cacheEnabled, "cache-enabled", false, "Enable cache if enabled (default: false)") + flag.StringVar(&opts.cacheType, "cache-type", cache.DefaultCacheType, fmt.Sprintf("Cache type to use (default: %s)", cache.DefaultCacheType)) + flag.StringVar(&opts.cacheName, "cache-name", cache.DefaultCacheName, fmt.Sprintf("Cache implementation name to use (default: %s)", cache.DefaultCacheName)) + flag.IntVar(&opts.cacheSize, "cache-size", cache.DefaultCacheSize, fmt.Sprintf("Cache max size to use in MB (default: %d)", cache.DefaultCacheSize)) + flag.DurationVar(&opts.cacheTTL, "cache-ttl", cache.DefaultCacheTTL, fmt.Sprintf("Cache TTL for the verifier http server (default: %fs)", cache.DefaultCacheTTL.Seconds())) + flag.BoolVar(&opts.metricsEnabled, "metrics-enabled", false, "Enable metrics exporter if enabled (default: false)") + flag.StringVar(&opts.metricsType, "metrics-type", httpserver.DefaultMetricsType, fmt.Sprintf("Metrics exporter type to use (default: %s)", httpserver.DefaultMetricsType)) + flag.IntVar(&opts.metricsPort, "metrics-port", httpserver.DefaultMetricsPort, fmt.Sprintf("Metrics exporter port to use (default: %d)", httpserver.DefaultMetricsPort)) + flag.StringVar(&opts.healthPort, "health-port", httpserver.DefaultHealthPort, fmt.Sprintf("Health port to use (default: %s)", httpserver.DefaultHealthPort)) + flag.Parse() + + logrus.Infof("Starting Ratify: %+v", opts) + return &opts +} diff --git a/server/ratifymain/main.go b/server/ratifymain/main.go index 9b9938493..4441ca1ff 100644 --- a/server/ratifymain/main.go +++ b/server/ratifymain/main.go @@ -17,15 +17,13 @@ package ratifymain import ( "context" - "flag" "fmt" - "time" "github.com/ratify-project/ratify/config" - "github.com/ratify-project/ratify/httpserver" "github.com/ratify-project/ratify/internal/logger" "github.com/ratify-project/ratify/pkg/cache" - "github.com/ratify-project/ratify/pkg/manager" + "github.com/ratify-project/ratify/server/httpserver" + "github.com/ratify-project/ratify/server/manager" "github.com/sirupsen/logrus" _ "github.com/ratify-project/ratify/pkg/cache/dapr" // register dapr cache @@ -37,24 +35,6 @@ import ( _ "github.com/ratify-project/ratify/pkg/verifier/notation" // register notation verifier ) -// options defines the command line options to start the ratify server. -type options struct { - configFilePath string - httpServerAddress string - certDirectory string - caCertFile string - enableCrdManager bool - cacheEnabled bool - cacheType string - cacheName string - cacheSize int - cacheTTL time.Duration - metricsEnabled bool - metricsType string - metricsPort int - healthPort string -} - func Main() { opts := parse() if err := startRatify(opts); err != nil { @@ -62,29 +42,6 @@ func Main() { } } -// parse parses the command line arguments and returns the options. -func parse() *options { - opts := options{} - flag.StringVar(&opts.httpServerAddress, "http", "", "HTTP Address") - flag.StringVar(&opts.configFilePath, "config", "", "Config File Path") - flag.StringVar(&opts.certDirectory, "cert-dir", "", "Path to ratify certs") - flag.StringVar(&opts.caCertFile, "ca-cert-file", "", "Path to CA cert file") - flag.BoolVar(&opts.enableCrdManager, "enable-crd-manager", false, "Start crd manager if enabled (default: false)") - flag.BoolVar(&opts.cacheEnabled, "cache-enabled", false, "Enable cache if enabled (default: false)") - flag.StringVar(&opts.cacheType, "cache-type", cache.DefaultCacheType, fmt.Sprintf("Cache type to use (default: %s)", cache.DefaultCacheType)) - flag.StringVar(&opts.cacheName, "cache-name", cache.DefaultCacheName, fmt.Sprintf("Cache implementation name to use (default: %s)", cache.DefaultCacheName)) - flag.IntVar(&opts.cacheSize, "cache-size", cache.DefaultCacheSize, fmt.Sprintf("Cache max size to use in MB (default: %d)", cache.DefaultCacheSize)) - flag.DurationVar(&opts.cacheTTL, "cache-ttl", cache.DefaultCacheTTL, fmt.Sprintf("Cache TTL for the verifier http server (default: %fs)", cache.DefaultCacheTTL.Seconds())) - flag.BoolVar(&opts.metricsEnabled, "metrics-enabled", false, "Enable metrics exporter if enabled (default: false)") - flag.StringVar(&opts.metricsType, "metrics-type", httpserver.DefaultMetricsType, fmt.Sprintf("Metrics exporter type to use (default: %s)", httpserver.DefaultMetricsType)) - flag.IntVar(&opts.metricsPort, "metrics-port", httpserver.DefaultMetricsPort, fmt.Sprintf("Metrics exporter port to use (default: %d)", httpserver.DefaultMetricsPort)) - flag.StringVar(&opts.healthPort, "health-port", httpserver.DefaultHealthPort, fmt.Sprintf("Health port to use (default: %s)", httpserver.DefaultHealthPort)) - flag.Parse() - - logrus.Infof("Starting Ratify: %+v", opts) - return &opts -} - // startRatify starts the ratify server. func startRatify(opts *options) error { if opts.cacheEnabled {