Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deploy from an OCI reference #105

Merged
merged 1 commit into from
Oct 2, 2023
Merged

Deploy from an OCI reference #105

merged 1 commit into from
Oct 2, 2023

Conversation

itowlson
Copy link
Contributor

@itowlson itowlson commented Sep 29, 2023
edited
Loading

This is VERY VERY DRAFT. The code needs a lot of tidying ; it doesn't currently validate OCI apps (for unsatisfied variables, nondefault stores, etc.); and I have broken the route printing. And probably other stuff too. But it worked, on my machine, at least once, so :shipit:

NOTES:

  • The download from the source registry currently always requires HTTPS and uses the default Spin cache. We could add deploy options for these if we wanted to - easy to implement, but more for users to understand.

@itowlson itowlson force-pushed the deploy-from-oci-reference branch 2 times, most recently from 3740618 to f5d04f4 Compare September 29, 2023 04:35
@itowlson itowlson mentioned this pull request Sep 29, 2023
Merged
@itowlson
Copy link
Contributor Author

itowlson commented Sep 29, 2023
edited
Loading

The Spin crates are pointed to my fork because this depends on fermyon/spin#1825 - I couldn't see a way around needing this extra API, but I'm happy to take one if someone points out the blindingly obvious one I utterly missed.

@itowlson itowlson force-pushed the deploy-from-oci-reference branch 5 times, most recently from fafec82 to c58a616 Compare October 2, 2023 00:31
@itowlson
Copy link
Contributor Author

itowlson commented Oct 2, 2023

I believe this is ready for review, but am leaving as draft because the Cargo.toml Spin crate references can't be finalised until fermyon/spin#1825 merges.

@itowlson itowlson force-pushed the deploy-from-oci-reference branch from c58a616 to f33945c Compare October 2, 2023 19:43
@itowlson itowlson marked this pull request as ready for review October 2, 2023 19:44
@itowlson
Copy link
Contributor Author

itowlson commented Oct 2, 2023

The required Spin change is merged: the Spin references now point to the main repo. Ready for review.

kate-goldenring
kate-goldenring reviewed Oct 2, 2023
View reviewed changes
src/commands/deploy.rs
/// Specifies to perform `spin build` before deploying the application.
/// For local apps, specifies to perform `spin build` before deploying the application.
///
/// This is ignored on remote applications, as they are already built.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For OCI deploys, do we need a "validate wasm" step? I can see a concern of a malicious wasm module being deployed in an OCI reference. Maybe we run the equivalent of wasm-tools component wit to ensure that the Spin app has the imports and exports that we expect?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good question. We don't currently do that for other Wasm files, e.g. those from URLs. How would you feel about punting that to a separate PR, possibly somewhere in the loader so it would work for local Spin too?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is also the wasm-tools component targets ... command to ensure a component has the proper type. The diagnostics on error to explain the difference between actual and expected are pretty gnarly ATM but...

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@itowlson I am okay with punting to another PR. On that note, @fibonacci1729 is this work planned for spin as part of the broader validation efforts? Maybe we create an issue to track it and potentially take this portion of it on soon

vdice
vdice approved these changes Oct 2, 2023
View reviewed changes
Copy link
Member

@vdice vdice left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great! Only had non-blocking Qs/thoughts.

Will we want to add the same reference -f support to spin registry push at some point?

src/commands/deploy.rs Show resolved Hide resolved
src/commands/deploy.rs Show resolved Hide resolved
@itowlson
Deploy from an OCI reference
a0764a5 
Signed-off-by: itowlson <ivan.towlson@fermyon.com>
@itowlson itowlson force-pushed the deploy-from-oci-reference branch from f33945c to a0764a5 Compare October 2, 2023 22:05
@itowlson itowlson merged commit cb036fc into fermyon:main Oct 2, 2023
@itowlson
Copy link
Contributor Author

itowlson commented Oct 2, 2023

@vdice Sorry, I overlooked your question:

Will we want to add the same reference -f support to spin registry push at some point?

spin registry push already supports -f for local applications. Are you envisaging a scenario where we could use it to copy an image from one registry to another?

@vdice
Copy link
Member

vdice commented Oct 3, 2023

Are you envisaging a scenario where we could use it to copy an image from one registry to another?

Yes, that was my thought. Not sure if a priority to support. Honestly, I was more thinking about consistency of -f supporting both local manifest and oci ref between related commands.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vdice vdice vdice approved these changes

@fibonacci1729 fibonacci1729 fibonacci1729 left review comments

@kate-goldenring kate-goldenring kate-goldenring approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@itowlson @vdice @fibonacci1729 @kate-goldenring