Add managed registry provisioning, pruning, and readiness tracking

2026-06-08 20:44:16 +01:00
parent 5b977c1f41
commit 3a851db08f
52 changed files with 2706 additions and 116 deletions
--- a/app/Services/Registries/RegistryDockerAuthScript.php
+++ b/app/Services/Registries/RegistryDockerAuthScript.php
@@ -0,0 +1,50 @@
+<?php
+
+namespace App\Services\Registries;
+
+use App\Models\Registry;
+
+class RegistryDockerAuthScript
+{
+    /**
+     * @return array{script: string, secrets: array<string, string>}
+     */
+    public function forBuild(Registry $registry, string $user = 'keystone'): array
+    {
+        return $this->forCredential($registry, 'build', $user);
+    }
+
+    /**
+     * @return array{script: string, secrets: array<string, string>}
+     */
+    public function forRuntime(Registry $registry, string $user = 'keystone'): array
+    {
+        return $this->forCredential($registry, 'runtime', $user);
+    }
+
+    /**
+     * @return array{script: string, secrets: array<string, string>}
+     */
+    private function forCredential(Registry $registry, string $scope, string $user): array
+    {
+        $credentials = $registry->credentials ?? [];
+        $username = (string) ($credentials[$scope.'_username'] ?? $credentials['username'] ?? '');
+        $password = (string) ($credentials[$scope.'_password'] ?? $credentials['password'] ?? '');
+        $home = $user === 'root' ? '/root' : '/home/'.$user;
+        $registryHost = rtrim((string) preg_replace('#^https?://#', '', (string) $registry->url), '/');
+
+        return [
+            'script' => implode("\n", [
+                'set -euo pipefail',
+                'install -d -m 700 -o '.escapeshellarg($user).' -g '.escapeshellarg($user).' '.escapeshellarg($home.'/.docker'),
+                'export DOCKER_CONFIG='.escapeshellarg($home.'/.docker'),
+                'printf %s '.escapeshellarg('[!registry_password_base64!]').' | base64 -d | docker login '.escapeshellarg($registryHost).' --username '.escapeshellarg($username).' --password-stdin >/dev/null',
+                'chown '.escapeshellarg($user.':'.$user).' '.escapeshellarg($home.'/.docker/config.json'),
+                'chmod 600 '.escapeshellarg($home.'/.docker/config.json'),
+            ]),
+            'secrets' => [
+                'registry_password_base64' => base64_encode($password),
+            ],
+        ];
+    }
+}