feat: Support direct image access (#173)

When bootstrapping test infra, allow pulling from image registry when
PAT is set.

Clickup: https://app.clickup.com/t/869c079a0

---------

Signed-off-by: NautiluX <2600004+NautiluX@users.noreply.github.com>
Co-authored-by: NautiluX <2600004+NautiluX@users.noreply.github.com>

Author: NautiluX

cli/cmd/bootstrap_gcp.go

@@ -78,6 +78,8 @@ func AddBootstrapGcpCmd(parent *cobra.Command, opts *GlobalOptions) {
 	flags.StringVar(&bootstrapGcpCmd.InputRegistryType, "registry-type", "local-container", "Container registry type to use (options: local-container, artifact-registry) (default: artifact-registry)")
 	flags.BoolVar(&bootstrapGcpCmd.CodesphereEnv.WriteConfig, "write-config", true, "Write generated install config to file (default: true)")
 	flags.BoolVar(&bootstrapGcpCmd.SSHQuiet, "ssh-quiet", true, "Suppress SSH command output (default: true)")
+	flags.StringVar(&bootstrapGcpCmd.CodesphereEnv.GitHubPAT, "github-pat", "", "GitHub Personal Access Token to use for direct image access. Scope required: package read (optional)")
+	flags.StringVar(&bootstrapGcpCmd.CodesphereEnv.RegistryUser, "registry-user", "", "Custom Registry username (only for GitHub registry type) (optional)")
 
 	util.MarkFlagRequired(bootstrapGcpCmd.cmd, "project-name")
 	util.MarkFlagRequired(bootstrapGcpCmd.cmd, "billing-account")
@@ -100,6 +102,12 @@ func (c *BootstrapGcpCmd) BootstrapGcp() error {
 	}
 
 	c.CodesphereEnv.RegistryType = gcp.RegistryType(c.InputRegistryType)
+	if c.CodesphereEnv.GitHubPAT != "" {
+		c.CodesphereEnv.RegistryType = gcp.RegistryTypeGitHub
+		if c.CodesphereEnv.RegistryUser == "" {
+			return fmt.Errorf("registry-user must be set when using GitHub registry type")
+		}
+	}
 
 	err = bs.Bootstrap()
 	envBytes, err2 := json.MarshalIndent(bs.Env, "", "  ")
@@ -131,6 +139,14 @@ func (c *BootstrapGcpCmd) BootstrapGcp() error {
 	log.Println(envString)
 	log.Printf("Infrastructure details written to %s", infraFilePath)
 	log.Printf("Start the Codesphere installation using OMS from the jumpbox host:\nssh-add $SSH_KEY_PATH; ssh -o StrictHostKeyChecking=no -o ForwardAgent=yes -o SendEnv=OMS_PORTAL_API_KEY root@%s", bs.Env.Jumpbox.GetExternalIP())
+	packageName := "<package-name>-installer"
+	installCmd := "oms-cli install codesphere -c /etc/codesphere/config.yaml -k /etc/codesphere/secrets/age_key.txt"
+	if gcp.RegistryType(bs.Env.RegistryType) == gcp.RegistryTypeGitHub {
+		log.Printf("You set a GitHub PAT for direct image access. Make sure to use a lite package, as VM root disk sizes are reduced.")
+		installCmd += " -s load-container-images"
+		packageName += "-lite"
+	}
+	log.Printf("example install command:\n%s -p %s.tar.gz", installCmd, packageName)
 
 	return nil
 }

docs/oms-cli_beta_bootstrap-gcp.md

@@ -26,13 +26,15 @@ oms-cli beta bootstrap-gcp [flags]
       --folder-id string                    GCP Folder ID (optional)
       --github-app-client-id string         Github App Client ID (required)
       --github-app-client-secret string     Github App Client Secret (required)
+      --github-pat string                   GitHub Personal Access Token to use for direct image access. Scope required: package read (optional)
   -h, --help                                help for bootstrap-gcp
       --install-codesphere-version string   Codesphere version to install (default: none)
       --install-config string               Path to install config file (optional) (default "config.yaml")
       --preemptible                         Use preemptible VMs for Codesphere infrastructure (default: false)
       --project-name string                 Unique GCP Project Name (required)
       --region string                       GCP Region (default: europe-west4) (default "europe-west4")
       --registry-type string                Container registry type to use (options: local-container, artifact-registry) (default: artifact-registry) (default "local-container")
+      --registry-user string                Custom Registry username (only for GitHub registry type) (optional)
       --secrets-dir string                  Directory for secrets (default: /etc/codesphere/secrets) (default "/etc/codesphere/secrets")
       --secrets-file string                 Path to secrets files (optional) (default "prod.vault.yaml")
       --ssh-private-key-path string         SSH Private Key Path (default: ~/.ssh/id_rsa) (default "~/.ssh/id_rsa")

internal/bootstrap/gcp/gcp.go

@@ -30,6 +30,7 @@ type RegistryType string
 const (
 	RegistryTypeLocalContainer   RegistryType = "local-container"
 	RegistryTypeArtifactRegistry RegistryType = "artifact-registry"
+	RegistryTypeGitHub           RegistryType = "github"
 )
 
 type VMDef struct {
@@ -81,6 +82,8 @@ type CodesphereEnvironment struct {
 	GatewayIP                string       `json:"gateway_ip"`
 	PublicGatewayIP          string       `json:"public_gateway_ip"`
 	RegistryType             RegistryType `json:"registry_type"`
+	GitHubPAT                string       `json:"-"`
+	RegistryUser             string       `json:"-"`
 
 	// Config
 	InstallConfigPath string              `json:"-"`
@@ -215,6 +218,13 @@ func (b *GCPBootstrapper) Bootstrap() error {
 		}
 	}
 
+	if b.Env.RegistryType == RegistryTypeGitHub {
+		err = b.stlog.Step("Ensure GitHub access configured", b.EnsureGitHubAccessConfigured)
+		if err != nil {
+			return fmt.Errorf("failed to update install config: %w", err)
+		}
+	}
+
 	if b.Env.WriteConfig {
 		err = b.stlog.Step("Update install config", b.UpdateInstallConfig)
 		if err != nil {
@@ -563,6 +573,10 @@ func (b *GCPBootstrapper) EnsureComputeInstances() error {
 	wg := sync.WaitGroup{}
 	errCh := make(chan error, len(vmDefs))
 	resultCh := make(chan vmResult, len(vmDefs))
+	rootDiskSize := int64(200)
+	if b.Env.RegistryType == RegistryTypeGitHub {
+		rootDiskSize = 50
+	}
 	for _, vm := range vmDefs {
 		wg.Add(1)
 		go func(vm VMDef) {
@@ -574,7 +588,7 @@ func (b *GCPBootstrapper) EnsureComputeInstances() error {
 					Type:       protoString("PERSISTENT"),
 					InitializeParams: &computepb.AttachedDiskInitializeParams{
 						DiskType:    &diskType,
-						DiskSizeGb:  protoInt64(200),
+						DiskSizeGb:  protoInt64(rootDiskSize),
 						SourceImage: protoString("projects/ubuntu-os-cloud/global/images/family/ubuntu-2204-lts"),
 					},
 				},
@@ -917,15 +931,28 @@ func (b *GCPBootstrapper) EnsureLocalContainerRegistry() error {
 
 	return nil
 }
+func (b *GCPBootstrapper) EnsureGitHubAccessConfigured() error {
+	if b.Env.GitHubPAT == "" {
+		return fmt.Errorf("GitHub PAT is not set")
+	}
+	b.Env.InstallConfig.Registry.Server = "ghcr.io"
+	b.Env.InstallConfig.Registry.Username = b.Env.RegistryUser
+	b.Env.InstallConfig.Registry.Password = b.Env.GitHubPAT
+	b.Env.InstallConfig.Registry.ReplaceImagesInBom = false
+	b.Env.InstallConfig.Registry.LoadContainerImages = false
+	return nil
+}
 
 func (b *GCPBootstrapper) UpdateInstallConfig() error {
 	// Update install config with necessary values
 	b.Env.InstallConfig.Datacenter.ID = b.Env.DatacenterID
 	b.Env.InstallConfig.Datacenter.City = "Karlsruhe"
 	b.Env.InstallConfig.Datacenter.CountryCode = "DE"
 	b.Env.InstallConfig.Secrets.BaseDir = b.Env.SecretsDir
-	b.Env.InstallConfig.Registry.ReplaceImagesInBom = true
-	b.Env.InstallConfig.Registry.LoadContainerImages = true
+	if b.Env.RegistryType != RegistryTypeGitHub {
+		b.Env.InstallConfig.Registry.ReplaceImagesInBom = true
+		b.Env.InstallConfig.Registry.LoadContainerImages = true
+	}
 
 	if b.Env.InstallConfig.Postgres.Primary == nil {
 		b.Env.InstallConfig.Postgres.Primary = &files.PostgresPrimaryConfig{
@@ -1245,12 +1272,22 @@ func (b *GCPBootstrapper) EnsureDNSRecords() error {
 }
 
 func (b *GCPBootstrapper) InstallCodesphere() error {
-	err := b.Env.Jumpbox.RunSSHCommand("root", "oms-cli download package "+b.Env.InstallCodesphereVersion)
+	packageFile := "installer.tar.gz"
+	skipSteps := ""
+	if b.Env.RegistryType == RegistryTypeGitHub {
+		skipSteps = " -s load-container-images"
+		packageFile = "installer-lite.tar.gz"
+	}
+
+	downloadCmd := "oms-cli download package -f " + packageFile + " " + b.Env.InstallCodesphereVersion
+	err := b.Env.Jumpbox.RunSSHCommand("root", downloadCmd)
 	if err != nil {
 		return fmt.Errorf("failed to download Codesphere package from jumpbox: %w", err)
 	}
 
-	err = b.Env.Jumpbox.RunSSHCommand("root", "oms-cli install codesphere -c /etc/codesphere/config.yaml -k "+b.Env.SecretsDir+"/age_key.txt -p "+b.Env.InstallCodesphereVersion+".tar.gz")
+	installCmd := fmt.Sprintf("oms-cli install codesphere -c /etc/codesphere/config.yaml -k %s/age_key.txt -p %s-%s%s",
+		b.Env.SecretsDir, b.Env.InstallCodesphereVersion, packageFile, skipSteps)
+	err = b.Env.Jumpbox.RunSSHCommand("root", installCmd)
 	if err != nil {
 		return fmt.Errorf("failed to install Codesphere from jumpbox: %w", err)
 	}