skoppe / private-dub Goto Github PK

View Code? Open in Web Editor NEW

3.0 3.0 4.0 132 KB

Private dub registry with minimal config

D 99.74% Dockerfile 0.26%

private-dub's Introduction

Private Dub Registry

Want to keep all your precious projects for yourself but still use dub?

Tired of workarounds with submodules or git trees?

Run a registry yourself

Just point it to your VCS. No need to publish anything. Projects and versions are discovered automatically.

Tell dub about your registry and be happy ever after. dub build --registry=https://gitlab.example.com.

Better yet, put the following in ~/.dub/settings.json or /%APPDATA%\dub\settings.json, and just dub like a boss:

{
	"registryUrls": ["https://gitlab.example.com"]
}

NOTE: Look in the official dub documentation for other places where this file can be located.

Requirements for packages

The dub.sdl|.json needs to be in the root folder of the repository.
The package name needs to be prefixed, by default the <hostname> from the config.ini is taken, but it is advised to explicitly set the prefix yourself.

name "gitlab.example.com.my-project"
dependency "gitlab.example.com.another-project" version="~>1.2.3"
dependency "vibe-d" version="~>3.4.5"

The prefixing is necessary to avoid having public packages shadow private package, or vice versa.

The repository needs a tag in the form of v1.2.3 with optional release candidates or build information. Just like with dub.

NOTE: Even though the documentation on code.dlang.org states that only alphanumerics and '-' are allowed, since there is no enforcement, we decided to take this approach.

code.dlang.org

Yes, it will also resolve packages from code.dlang.org.

Running your own

See config-example.ini for configuration.

docker run --rm -p 8888:8888 -v $(pwd)/config.ini:/home/private-dub/config.ini -v $(pwd)/storage:/home/private-dub/storage skoppe/private-dub:latest

The storage mount is optional, but recommended. Otherwise it needs to a crawl your VCS on each start of the container.

NOTE: The application provides no SSL. It is recommended to run it behind a reverse proxy that provides SSL termination (e.g. nginx).

Credendials

If you have repositories on your VCS that have limited access, you need pass credentials.

Currently the access token is passed as part of the registry's uri. E.g. dub --registry=https://gitlab.example.com/token/<access-token> or in your settings.json.

NOTE: The application itself performs no checks on the token, it simply passes it along in the redirect to your VCS archive when dub requests a download uri. (This means that the api itself is open, and anyone can make api requests and retrieve metadata about your packages. (I would accept PR that check the token on each api request (with optional cache))).

NOTE: I haven't found the best way to pass credentials. I really prefer to keep this a stateless application. I am considering adding OAuth2 support, which will add the benefit of token expiry (whereas access tokens are mostly set to never expire).

VCS's

Gitlab

Initially it crawls all projects and looks for dub.json/dub.sdl files. Once a local registry is build, it keeps itself in sync by calling the gitlab event api every minute.

Dlang

Initially the dlang registry is fetched by cloning the https://github.com/skoppe/dub-packages-index repository (which itself is updated every 15 minutes and also drives the dub.bytecraft.nl registry mirror). Afterwards a git pull is executed every minute.

private-dub's People

Contributors

Stargazers

Watchers

Forkers

laeeth nordlow cosby5 geod24

private-dub's Issues

Correctly handle a pushed event with multiple tags

Apparently gitlab creates one event when you push multiple tags in one go.

That event won't have a ref referring to the created tag, but instead has the ref_count set to however many you pushed.

This means the private dub registry needs to recrawl that one project when it sees ref_count != null

getPackageMeta should be called less.

Specifically the getPackages endpoint should not (in)-directly use it.

Support gitlab imported project

The event crawler only looks at tags, not imported projects, which are thus skipped.

This is an event for an imported project:

  {
    "id": 1,
    "project_id": 1,
    "action_name": "imported",
    "target_id": null,
    "target_iid": null,
    "target_type": null,
    "author_id": 1,
    "target_title": null,
    "created_at": "2021-02-23T04:25:36.531Z",
    "author": {
      "id": 307,
      "username": "asdf",
      "name": "asdf",
      "state": "active",
      "avatar_url": "<url>",
      "web_url": "<url>"
    },
    "author_username": "asdf"
  }

It is unsure if this event is generated when the project is imported, or when it is finish importing. E.g. can we already look at the tags and pull dub files?

Also, this event doesn't show up in the event api when action=pushed, but only when action=created.

make prefix configurable

Catch Exception in server and avoid tearing down nursery

If a repository gets deleted, we need to remove it from the index as well

Besides cleaning up stuff, otherwise we can never reuse the package name

dlang-requests "1.0.0-dev" branch gets wrongfully stripped

Should fail when token is empty

Otherwise it messes up the index

Require prefix in all cases

Otherwise we can shadow public packages on the private registry.

registry prefixes should be stripped when looking for packages

Not really though. The name needs to be unique across all registries.

Dub will download packages to its global packages dir, and if a package conflicts with another from code.dlang.org, it will bring chaos.

Every package needs to be prefixes else it cannot be safely downloaded by dub (for fear of global conflicts).

make event crawling timer configurable

or less at least

Gitlab sync should fetch more to allow for overlap

The current synchronization mechanism uses the gitlab event api to fetch events since a particular date. The events are filtered for new tags which update the registry.

The after date is set to yesterday, but close after midnight that can mean just a couple of minutes. That way it might miss tag just before midnight.

having slashes in package names is probably a bad idea

Get packages from code.dlang.org directly

The dub-packages-index trails 15min behind and it uses an awful sync mechanism. Also it runs on github actions.

Crashes when upstream is down

Could use a read/write lock in the gitlab registry

Right now reading has no locks, which might be an issue since we add items to the AA from another thread.

add ready for queries endpoint

useful for loadbalancers to signal the backend is synced up

Use api to locate default branch

Sometimes it isn't master.

https://docs.gitlab.com/ee/api/projects.html#get-single-project

subPackages' path should be normalised in crawler

gitlab doesn't like paths like ./fx/dub.sdl. Instead they need the ./` stripped.

what happens if a project changes its package name ?

Add sync from mirror

Allow the initial sync to happen against a mirror of the same private dub registry.

This is useful in immutable-infra environments where a new version is rolled out. If the registry can sync up with the currently running one (over https) it can speed up the sync (it takes about 8-10min on a 900 project gitlab instance).

Need to supply token to the sync endpoint (which we validate against the gitlab version endpoint), then dump everything over via multiform.

Performing "release" build using /usr/bin/ldc2 for x86_64.
arsd-official:cgi 8.2.0: building configuration "embedded_httpd"...
asdf 0.5.7: building configuration "library"...
concepts 0.0.8: building configuration "library"...
concurrency 0.0.6: building configuration "default"...
dini 2.0.0: building configuration "library"...
argsd 1.0.0: building configuration "library"...
�[91m/root/.dub/packages/argsd-1.0.0/argsd/source/args.d(837,11): Error: undefined identifier `winsize`
�[0m
�[91m/root/.dub/packages/argsd-1.0.0/argsd/source/args.d(838,3): Error: undefined identifier `ioctl`
�[0m
�[91m/usr/bin/ldc2 failed with exit code 1.
�[0m