openela · NeilHanlon · Mar 14, 2025 · Mar 14, 2025 · Mar 14, 2025 · NeilHanlon
diff --git a/.envrc b/.envrc
@@ -12,4 +12,6 @@ AWS_ACCESS_KEY_ID="minioadmin"
 AWS_SECRET_ACCESS_KEY="minioadmin"
 
 export SELF OIDC_ISSUER OIDC_CLIENT_ID OIDC_CLIENT_SECRET REQUIRED_OIDC_GROUP
-export STORAGE_ENDPOINT STORAGE_SECURE STORAGE_PATH_STYLE STORAGE_CONNECTION_STRING AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
+export STORAGE_ENDPOINT STORAGE_SECURE STORAGE_PATH_STYLE STORAGE_CONNECTION_STRING AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
+
+export KO_DOCKER_REPO="github.com/openela/mothership"
diff --git a/.ko.yaml b/.ko.yaml
@@ -5,8 +5,10 @@ defaultPlatforms:
   - linux/arm64
   - linux/amd64
 
-baseImageOverrides:
-  github.com/openela/mothership/cmd/mship_worker_client: ghcr.io/mstg/mship_base:latest
+# baseImageOverrides:
+#   github.com/openela/mothership/cmd/mship_worker_client: ghcr.io/mstg/mship_base:latest
+
+defaultRegistry: github.com/openela/mothership
 
 builds:
   - id: mship_server

diff --git a/Tiltfile b/Tiltfile
@@ -0,0 +1,99 @@
+# Load necessary extensions
+load('ext://cert_manager', 'deploy_cert_manager')
+load('ext://configmap', 'configmap_create')
+load('ext://helm_remote', 'helm_remote')
+load('ext://secret', 'secret_create_generic', 'secret_from_dict')
+load('ext://ko', 'ko_build')
+
+# Database credentials
+DB_PASSWORD = '43254SSfsdAA32ds3232sds'
+NAMESPACE = 'mothership'
+
+# Deploy PostgreSQL
+helm_remote(
+    'postgresql',
+    repo_url='https://charts.bitnami.com/bitnami',
+    set=[
+        "auth.database=mothership",
+        "auth.postgresPassword="+DB_PASSWORD
+    ],
+    namespace=NAMESPACE,
+)
+k8s_resource('postgresql', port_forwards=[5432])
+
+# Deploy Valkey (Redis alternative)
+helm_remote(
+    'valkey',
+    repo_url='oci://registry-1.docker.io/bitnamicharts',
+    set=["auth.password="+DB_PASSWORD],
+    namespace=NAMESPACE,
+)
+k8s_resource('valkey-primary', port_forwards=[6379])
+
+# Deploy Dex
+k8s_yaml('k8s/dev/dex.yaml')
+configmap_create('dex-config', from_file=['dex.yaml=./dev/dex.yaml'])
+k8s_resource('dev-dex', port_forwards=[5556])
+
+# Deploy Temporal
+k8s_yaml('k8s/dev/temporal.yaml')
+k8s_resource('dev-temporal', port_forwards=[7233, 8233])
+
+# Deploy Cert Manager
+deploy_cert_manager()
+
+# Secrets Management
+k8s_yaml(secret_from_dict(
+    "db", namespace=NAMESPACE, 
+    inputs={'uri': "postgres://postgres:"+DB_PASSWORD+"@postgresql/mothership?sslmode=disable"}
+))
+
+k8s_yaml(secret_from_dict("gh", namespace=NAMESPACE, inputs={'client_id': '', 'client_secret': ''}))
+k8s_yaml(secret_from_dict("csrf", namespace=NAMESPACE, inputs={'secret': DB_PASSWORD * 2}))
+k8s_yaml(secret_from_dict("redis", namespace=NAMESPACE, inputs={'password': DB_PASSWORD}))
+
+# Load all Kubernetes manifests
+k8s_yaml([
+    "k8s/admin-api.yaml",
+    "k8s/api.yaml",
+    "k8s/namespace.yaml",
+    "k8s/serviceaccount.yaml",
+    "k8s/ui.yaml",
+    "k8s/worker.yaml",
+])
+
+# Update DNS names in cert configuration
+objects = read_yaml_stream('k8s/cert.yaml')
+for obj in objects:
+    obj['spec']['dnsNames'] = ['mothership.local']
+k8s_yaml(encode_yaml_stream(objects))
+
+# Build Docker images using `ko`
+ko_build("github.com/openela/mothership/cmd/mship_server", "./cmd/mship_server")
+ko_build("github.com/openela/mothership/cmd/mship_admin_server", "./cmd/mship_admin_server")
+ko_build("github.com/openela/mothership/cmd/mship_worker_server", "./cmd/mship_worker_server")
+
+# Build UI image (live rebuild enabled)
+docker_build('ghcr.io/openela/mothership-ui', './ui',
+    build_args={'node_env': 'development'},
+    # entrypoint='',
+    live_update=[
+        sync('./ui', '/app'),
+        run('cd /app && pnpm install --frozen-lockfile && pnpm run build', trigger=['./ui/package.json', './ui/pnpm-lock.lock']),
+
+        run('touch /app/server.ts', trigger='./server.ts'),
+])
+
+# Assign local port-forwards for easier access
+k8s_resource("mothership-api-deployment", port_forwards=6677, resource_deps=[
+    "postgresql", "valkey-primary", "dev-dex"
+])
+k8s_resource("mothership-admin-api-deployment", port_forwards=6687, resource_deps=[
+    "postgresql", "valkey-primary", "dev-dex"
+])
+k8s_resource("mothership-worker-deployment", port_forwards=9114, resource_deps=[
+    "postgresql", "valkey-primary", "dev-temporal"
+])
+k8s_resource("mothership-ui-deployment", port_forwards=9111, resource_deps=[
+    "mothership-api-deployment", "mothership-admin-api-deployment"
+])
diff --git a/k8s/admin-api.yaml b/k8s/admin-api.yaml
@@ -18,7 +18,7 @@ spec:
       serviceAccountName: mothership
       containers:
         - name: mothership-admin-api
-          image: ko://github.com/openela/mothership/cmd/mship_admin_server
+          image: github.com/openela/mothership/cmd/mship_admin_server
           env:
             - name: GITHUB_TEAM
               value: openela/teams/tsc
@@ -81,4 +81,4 @@ spec:
               service:
                 name: mothership-admin-api-service
                 port:
-                  number: 6688
+                  number: 6688
diff --git a/k8s/api.yaml b/k8s/api.yaml
@@ -18,7 +18,7 @@ spec:
       serviceAccountName: mothership
       initContainers:
         - name: migrate
-          image: ko://github.com/openela/mothership/cmd/mship_server
+          image: github.com/openela/mothership/cmd/mship_server
           args:
             - "migrate"
           env:
@@ -29,7 +29,7 @@ spec:
                   key: uri
       containers:
         - name: mothership-api
-          image: ko://github.com/openela/mothership/cmd/mship_server
+          image: github.com/openela/mothership/cmd/mship_server
           env:
             - name: TEMPORAL_ADDRESS
               value: temporal-frontend.default.svc.cluster.local:7233

diff --git a/k8s/dev/dex.yaml b/k8s/dev/dex.yaml
@@ -0,0 +1,40 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: dev-dex
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: dev-dex
+  template:
+    metadata:
+      labels:
+        app: dev-dex
+    spec:
+      containers:
+      - name: mship-dex
+        image: ghcr.io/dexidp/dex:v2.37.0
+        command: ["dex", "serve", "/dex.yaml"]
+        ports:
+        - containerPort: 5556
+        volumeMounts:
+        - name: dex-config
+          mountPath: /dex.yaml
+          subPath: dex.yaml
+      volumes:
+      - name: dex-config
+        configMap:
+          name: dex-config
+# ---
+# apiVersion: v1
+# kind: Service
+# metadata:
+#   name: dev-dex
+# spec:
+#   selector:
+#     app: dev-dex
+#   ports:
+#   - protocol: TCP
+#     port: 5556
+#     targetPort: 5556
diff --git a/k8s/dev/temporal.yaml b/k8s/dev/temporal.yaml
@@ -0,0 +1,39 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: dev-temporal
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: dev-temporal
+  template:
+    metadata:
+      labels:
+        app: dev-temporal
+    spec:
+      containers:
+      - name: mship-temporal
+        image: ghcr.io/mstg/temporalite:latest
+        args: ["--log-format", "pretty", "--log-level", "fatal", "--ephemeral"]
+        ports:
+        - containerPort: 7233
+        - containerPort: 8233
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: temporal-frontend
+spec:
+  selector:
+    app: dev-temporal
+  ports:
+  - name: rpc
+    protocol: TCP
+    port: 7233
+    targetPort: 7233
+  - name: grpc
+    protocol: TCP
+    port: 8233
+    targetPort: 8233
+
diff --git a/k8s/ui.yaml b/k8s/ui.yaml
@@ -18,7 +18,7 @@ spec:
       serviceAccountName: mothership
       containers:
         - name: mothership-ui
-          image: ghcr.io/mstg/mship_ui@sha256:934ed2028d74a33c5f1fb6c63d276c96f0a269d3b16220fff5342c43c8c57801
+          image: ghcr.io/openela/mothership-ui
           env:
             - name: NODE_ENV
               value: "production"
@@ -97,4 +97,4 @@ spec:
               service:
                 name: mothership-ui-service
                 port:
-                  number: 9111
+                  number: 9111
diff --git a/k8s/worker.yaml b/k8s/worker.yaml
@@ -18,7 +18,7 @@ spec:
       serviceAccountName: mothership
       containers:
         - name: mothership-worker
-          image: ko://github.com/openela/mothership/cmd/mship_worker_server
+          image: github.com/openela/mothership/cmd/mship_worker_server
           env:
             - name: GIT_PROVIDER
               value: github
@@ -71,4 +71,4 @@ spec:
           resources:
             requests:
               memory: "128Mi"
-              cpu: "300m"
+              cpu: "300m"
diff --git a/ui/Dockerfile b/ui/Dockerfile
@@ -24,11 +24,11 @@ COPY --from=install /temp/dev/node_modules node_modules
 ENV NODE_ENV=development
 RUN pnpm run build
 
-FROM cgr.dev/chainguard/bun
+FROM oven/bun:1
 WORKDIR /app
 COPY --from=install /temp/prod/node_modules node_modules
 COPY --from=build /app/dist dist
 COPY server.ts server.ts
 COPY favicon.png favicon.png
 ENV NODE_ENV=production
-CMD ["run", "server.ts"]
+CMD ["run", "server.ts"]