molecule-core

molecule-ai/molecule-core

Fork 2

Commit Graph

Author	SHA1	Message	Date
core-be	0846ebc1f6	fix(workspace-server): respect MOLECULE_IMAGE_REGISTRY in imagewatch + admin_workspace_images (RFC #229 P2-4) All checks were successful audit-force-merge / audit (pull_request) Has been skipped Details Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 24s Details sop-tier-check / tier-check (pull_request) Successful in 26s Details Two surfaces in workspace-server hardcoded `ghcr.io` and silently bypassed the `MOLECULE_IMAGE_REGISTRY` env override that flips every other image operation to the configured private mirror (e.g. AWS ECR in production): 1. internal/imagewatch/watch.go — image-auto-refresh polled `https://ghcr.io/v2/...` and `https://ghcr.io/token` directly. Post- suspension, with the platform pointed at ECR, the watcher silently stopped seeing digest changes (every poll either 404'd or hung on a registry it has no business talking to). 2. internal/handlers/admin_workspace_images.go — Docker Engine auth payload pinned `serveraddress: "ghcr.io"`, so when the operator sets `MOLECULE_IMAGE_REGISTRY=…ecr…/molecule-ai` the engine matched the wrong credential entry on every authenticated pull. Fix: extract `provisioner.RegistryHost()` returning the host portion of `RegistryPrefix()` (e.g. `ghcr.io` ← `ghcr.io/molecule-ai`, or `004947743811.dkr.ecr.us-east-2.amazonaws.com` ← the ECR mirror prefix), and route both surfaces through it. Default behavior is unchanged for OSS users on GHCR. Tests - New `TestRegistryHost_SplitsHostFromOrgPath` and `TestRegistryHost_NeverEmpty` pin the helper across GHCR / ECR / self-hosted Gitea / bare-host edge cases. - New `TestGHCRAuthHeader_RespectsRegistryEnv` asserts the Docker auth payload's `serveraddress` follows MOLECULE_IMAGE_REGISTRY (and never leaks the org-path suffix). - New `TestRemoteDigest_RegistryHostFollowsEnv` stands up an httptest server, points MOLECULE_IMAGE_REGISTRY at it, and confirms both the token endpoint and the manifest HEAD land there — i.e. the full image- watch loop respects the env override end-to-end. Both new tests were verified to FAIL on the pre-fix code path before the helper was wired in, so a future revert can't silently re-introduce the bug. Out of scope (followup needed) ECR uses `aws ecr get-authorization-token` (SigV4 + basic-auth) instead of GHCR's `/token?service=…&scope=…` flow. This PR makes the URL host- configurable; the bearer-token negotiation in `fetchPullToken` still speaks the GHCR flavor. On ECR with `IMAGE_AUTO_REFRESH=true`, the watcher will now fail loudly at the token fetch (logged per tick) rather than silently hitting ghcr.io. Operators on ECR should keep IMAGE_AUTO_REFRESH=false until ECR auth is wired — tracked as a separate task. Net effect of this PR alone is strictly better than pre-fix: fail-loud > silent-broken. Refs: RFC #229 P2-4 tier:low Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-10 04:21:27 -07:00
Hongming Wang	9375e3d4ee	feat(workspace-server): GHCR digest watcher closes runtime CD chain (#2114 ) Adds an opt-in goroutine that polls GHCR every 5 minutes for digest changes on each workspace-template-*:latest tag and invokes the same refresh logic /admin/workspace-images/refresh exposes. With this, the chain from "merge runtime PR" to "containers running new code" is fully hands-off — no operator step between auto-tag → publish-runtime → cascade → template image rebuild → host pull + recreate. Opt-in via IMAGE_AUTO_REFRESH=true. SaaS deploys whose pipeline already pulls every release should leave it off (would be redundant work); self-hosters get true zero-touch. Why a refactor of admin_workspace_images.go is in this PR: The HTTP handler held all the refresh logic inline. To share it with the new watcher without HTTP loopback, extracted WorkspaceImageService with a Refresh(ctx, runtimes, recreate) (RefreshResult, error) shape. HTTP handler is now a thin wrapper; behavior is preserved (same JSON response, same 500-on-list-failure, same per-runtime soft-fail). Watcher design notes: - Last-observed digest tracked in memory (not persisted). On boot the first observation per runtime is seed-only — no spurious refresh fires on every restart. - On Refresh error, the seen digest rolls back so the next tick retries. Without this rollback a transient Docker glitch would convince the watcher the work was done. - Per-runtime fetch errors don't block other runtimes (one template's brief 500 doesn't pause the others). - digestFetcher injection seam in tick() lets unit tests cover all bookkeeping branches without standing up an httptest GHCR server. Verified live: probed GHCR's /token + manifest HEAD against workspace-template-claude-code; got HTTP 200 + a real Docker-Content-Digest. Same calls the watcher makes. Co-authored-by: Hongming Wang <hongmingwangalt@gmail.com> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-26 13:36:26 -07:00

Author

SHA1

Message

Date

core-be

0846ebc1f6

fix(workspace-server): respect MOLECULE_IMAGE_REGISTRY in imagewatch + admin_workspace_images (RFC #229 P2-4)

audit-force-merge / audit (pull_request) Has been skipped

Details

Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 24s

Details

sop-tier-check / tier-check (pull_request) Successful in 26s

Details

Two surfaces in workspace-server hardcoded `ghcr.io` and silently bypassed
the `MOLECULE_IMAGE_REGISTRY` env override that flips every other image
operation to the configured private mirror (e.g. AWS ECR in production):

  1. internal/imagewatch/watch.go — image-auto-refresh polled
     `https://ghcr.io/v2/...` and `https://ghcr.io/token` directly. Post-
     suspension, with the platform pointed at ECR, the watcher silently
     stopped seeing digest changes (every poll either 404'd or hung on a
     registry it has no business talking to).

  2. internal/handlers/admin_workspace_images.go — Docker Engine auth
     payload pinned `serveraddress: "ghcr.io"`, so when the operator sets
     `MOLECULE_IMAGE_REGISTRY=…ecr…/molecule-ai` the engine matched the
     wrong credential entry on every authenticated pull.

Fix: extract `provisioner.RegistryHost()` returning the host portion of
`RegistryPrefix()` (e.g. `ghcr.io` ← `ghcr.io/molecule-ai`, or
`004947743811.dkr.ecr.us-east-2.amazonaws.com` ← the ECR mirror prefix),
and route both surfaces through it. Default behavior is unchanged for
OSS users on GHCR.

Tests
- New `TestRegistryHost_SplitsHostFromOrgPath` and
  `TestRegistryHost_NeverEmpty` pin the helper across GHCR / ECR /
  self-hosted Gitea / bare-host edge cases.
- New `TestGHCRAuthHeader_RespectsRegistryEnv` asserts the Docker auth
  payload's `serveraddress` follows MOLECULE_IMAGE_REGISTRY (and never
  leaks the org-path suffix).
- New `TestRemoteDigest_RegistryHostFollowsEnv` stands up an httptest
  server, points MOLECULE_IMAGE_REGISTRY at it, and confirms both the
  token endpoint and the manifest HEAD land there — i.e. the full image-
  watch loop respects the env override end-to-end.

Both new tests were verified to FAIL on the pre-fix code path before the
helper was wired in, so a future revert can't silently re-introduce the
bug.

Out of scope (followup needed)
ECR uses `aws ecr get-authorization-token` (SigV4 + basic-auth) instead
of GHCR's `/token?service=…&scope=…` flow. This PR makes the URL host-
configurable; the bearer-token negotiation in `fetchPullToken` still
speaks the GHCR flavor. On ECR with `IMAGE_AUTO_REFRESH=true`, the
watcher will now fail loudly at the token fetch (logged per tick) rather
than silently hitting ghcr.io. Operators on ECR should keep
IMAGE_AUTO_REFRESH=false until ECR auth is wired — tracked as a separate
task. Net effect of this PR alone is strictly better than pre-fix:
fail-loud > silent-broken.

Refs: RFC #229 P2-4
tier:low

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-10 04:21:27 -07:00

Hongming Wang

9375e3d4ee

feat(workspace-server): GHCR digest watcher closes runtime CD chain (#2114 )

Adds an opt-in goroutine that polls GHCR every 5 minutes for digest
changes on each workspace-template-*:latest tag and invokes the same
refresh logic /admin/workspace-images/refresh exposes. With this, the
chain from "merge runtime PR" to "containers running new code" is fully
hands-off — no operator step between auto-tag → publish-runtime →
cascade → template image rebuild → host pull + recreate.

Opt-in via IMAGE_AUTO_REFRESH=true. SaaS deploys whose pipeline already
pulls every release should leave it off (would be redundant work);
self-hosters get true zero-touch.

Why a refactor of admin_workspace_images.go is in this PR:
The HTTP handler held all the refresh logic inline. To share it with
the new watcher without HTTP loopback, extracted WorkspaceImageService
with a Refresh(ctx, runtimes, recreate) (RefreshResult, error) shape.
HTTP handler is now a thin wrapper; behavior is preserved (same JSON
response, same 500-on-list-failure, same per-runtime soft-fail).

Watcher design notes:
- Last-observed digest tracked in memory (not persisted). On boot the
  first observation per runtime is seed-only — no spurious refresh
  fires on every restart.
- On Refresh error, the seen digest rolls back so the next tick retries.
  Without this rollback a transient Docker glitch would convince the
  watcher the work was done.
- Per-runtime fetch errors don't block other runtimes (one template's
  brief 500 doesn't pause the others).
- digestFetcher injection seam in tick() lets unit tests cover all
  bookkeeping branches without standing up an httptest GHCR server.

Verified live: probed GHCR's /token + manifest HEAD against
workspace-template-claude-code; got HTTP 200 + a real
Docker-Content-Digest. Same calls the watcher makes.

Co-authored-by: Hongming Wang <hongmingwangalt@gmail.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-26 13:36:26 -07:00

2 Commits