feat: host builder certs layer

knative · Jun 23, 2023 · 79fa677 · 79fa677
1 parent 264507d
commit 79fa677
Show file tree

Hide file tree

Showing 33 changed files with 22,750 additions and 12,051 deletions.
diff --git a/.gitignore b/.gitignore
@@ -4,6 +4,7 @@
 /cmd/func.yaml
 /templates/typescript/cloudevents/build
 /templates/typescript/http/build
+/templates/go/cloudevents/go.sum
 /coverage.out
 /coverage.txt
 /.coverage

diff --git a/Makefile b/Makefile
@@ -27,8 +27,10 @@ KVER    ?= $(shell git describe --tags --match 'knative-*')
 LDFLAGS := "-X main.date=$(DATE) -X main.vers=$(VERS) -X main.kver=$(KVER) -X main.hash=$(HASH)"
 
 # All Code prerequisites, including generated files, etc.
-CODE := $(shell find . -name '*.go') generate/zz_filesystem_generated.go go.mod schema/func_yaml-schema.json
-TEMPLATES := $(shell find templates -name '*' -type f)
+CODE := $(shell find . -name '*.go') \
+				generate/zz_filesystem_generated.go \
+				schema/func_yaml-schema.json \
+				templates/certs/ca-certificates.crt \
 
 .PHONY: test docs
 
@@ -88,7 +90,7 @@ clean_templates:
 
 .PHONY: generate/zz_filesystem_generated.go
 
-generate/zz_filesystem_generated.go: clean_templates
+generate/zz_filesystem_generated.go: clean_templates templates/certs/ca-certificates.crt
 	go generate pkg/functions/templates_embedded.go
 
 .PHONY: clean
@@ -97,6 +99,7 @@ clean: clean_templates ## Remove generated artifacts such as binaries and schema
 	rm -f $(BIN) $(BIN_WINDOWS) $(BIN_LINUX) $(BIN_DARWIN_AMD64) $(BIN_DARWIN_ARM64)
 	rm -f schema/func_yaml-schema.json
 	rm -f coverage.txt
+	rm -f templates/certs/ca-certificates.crt
 
 docs:
 	# Generating command reference doc
@@ -143,6 +146,11 @@ test-typescript: ## Test Typescript templates
 	cd templates/typescript/cloudevents && npm ci && npm test && rm -rf node_modules build
 	cd templates/typescript/http && npm ci && npm test && rm -rf node_modules build
 
+.PHONY: certs templates/certs/ca-certificates.crt
+certs: templates/certs/ca-certificates.crt ## Update root certificates
+templates/certs/ca-certificates.crt:
+	# Updating root certificates
+	curl --output templates/certs/ca-certificates.crt https://curl.se/ca/cacert.pem
 
 ###################
 ##@ Extended Testing (cluster required)

diff --git a/generate/zz_filesystem_generated.go b/generate/zz_filesystem_generated.go
diff --git a/pkg/filesystem/filesystem_test.go b/pkg/filesystem/filesystem_test.go
@@ -158,7 +158,7 @@ func loadLocalFiles(root string) ([]FileInfo, error) {
 			}
 		case fs.ModeSymlink:
 			t, _ := os.Readlink(path)
-			bs = []byte(t)
+			bs = []byte(filepath.ToSlash(t))
 		}
 		path, err = filepath.Rel(root, path)
 		if err != nil {

diff --git a/pkg/functions/repository.go b/pkg/functions/repository.go
@@ -275,6 +275,10 @@ func repositoryRuntimes(fs filesystem.Filesystem, repoName string, repoConfig re
 		if !fi.IsDir() || strings.HasPrefix(fi.Name(), ".") {
 			continue
 		}
+		// ignore the reserved word "certs"
+		if fi.Name() == "certs" {
+			continue
+		}
 		// Runtime, defaulted to values inherited from the repository
 		runtime := Runtime{
 			Name: fi.Name(),

diff --git a/pkg/scaffolding/testdata/go/scaffolding/instanced-http/main.go b/pkg/scaffolding/testdata/go/scaffolding/instanced-http/main.go
diff --git a/pkg/scaffolding/testdata/testwrite/certs/README.md b/pkg/scaffolding/testdata/testwrite/certs/README.md
@@ -0,0 +1,11 @@
+# Test Certs
+
+This directory mocks the existence of a 'certs' directory peer to the various
+languages in the templates directory.  This directory is required for the
+error-free execution of Scaffolding Write tests, since it is used to
+create the certificates container layer.
+
+The actual certs used are located in templates/certs, and are refreshed
+by running `make certs` or by running a `make clean`
+before a `make`.
+
diff --git a/pkg/scaffolding/testdata/testwrite/certs/ca-certificates.crt b/pkg/scaffolding/testdata/testwrite/certs/ca-certificates.crt
diff --git a/templates/README.md b/templates/README.md
@@ -1,9 +1,26 @@
 # Templates
 
+Contains all example source code, scaffolding, certificates and metadata used
+by func when creating and building function instances.
+
+To rebuild run `make templates` (which caches).  To force a full rebuild run
+`make clean && make`
+
+## Layout
+
+Each directory within `templates` corresponds to a known language runtime.
+The `certs` directory is a reserved word containing root SSL certificates.
+Each directory within a runtime directory corresponds to a named templaate.
+The `scaffolding` directory within the runtime directory is a reserved word
+containing the adapter code that converts a function with a given method
+signature into a service by way of the external function runtime libraries.
+
 ## Packaging
 
-When updates are made to these templates, they must be packaged (serialized as a Go byte array)
-by running `make generate/zz_filesystem_generated.go`, and checking in the resultant `./generate/zz_filesystem_generated.go` file.
+When updates are made to these templates, they must be packaged (serialized as
+a Go byte array) by running `make templates` (which rebuilds
+`generate/zz_filesystem_generated.go`, and checking in the resultant
+`./generate/zz_filesystem_generated.go` file.
 
 ## How it works
 

diff --git a/templates/certs/README.md b/templates/certs/README.md
@@ -0,0 +1,8 @@
+# Certs
+
+This directory contains the SSL root certificates used when creating
+function images.
+
+The certs can be updated by running `make certs` or by running `make clean`
+before `make`.
+