core/cli
8
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions 1
cli/pkg/devops/sources/cdn.go
Snider 1d18339a97 docs(audit): add dependency security audit report (#248) 
* feat(devops): migrate filesystem operations to io.Local abstraction

Migrate config.go:
- os.ReadFile → io.Local.Read

Migrate devops.go:
- os.Stat → io.Local.IsFile

Migrate images.go:
- os.MkdirAll → io.Local.EnsureDir
- os.Stat → io.Local.IsFile
- os.ReadFile → io.Local.Read
- os.WriteFile → io.Local.Write

Migrate test.go:
- os.ReadFile → io.Local.Read
- os.Stat → io.Local.IsFile

Migrate claude.go:
- os.Stat → io.Local.IsDir

Updated tests to reflect improved behavior:
- Manifest.Save() now creates parent directories
- hasFile() correctly returns false for directories

Part of #101 (io.Medium migration tracking issue).

Closes #107

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* chore(io): migrate remaining packages to io.Local abstraction

Migrate filesystem operations to use the io.Local abstraction for
improved security, testability, and consistency:

- pkg/cache: Replace os.ReadFile, WriteFile, Remove, RemoveAll with
  io.Local equivalents. io.Local.Write creates parent dirs automatically.
- pkg/agentic: Migrate config.go and context.go to use io.Local for
  reading config files and gathering file context.
- pkg/repos: Use io.Local.Read, Exists, IsDir, List for registry
  operations and git repo detection.
- pkg/release: Use io.Local for config loading, existence checks,
  and artifact discovery.
- pkg/devops/sources: Use io.Local.EnsureDir for CDN download.

All paths are converted to absolute using filepath.Abs() before
calling io.Local methods to handle relative paths correctly.

Closes #104, closes #106, closes #108, closes #111

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* chore(io): migrate pkg/cli and pkg/container to io.Local abstraction

Continue io.Medium migration for the remaining packages:

- pkg/cli/daemon.go: PIDFile Acquire/Release now use io.Local.Read,
  Delete, and Write for managing daemon PID files.
- pkg/container/state.go: LoadState and SaveState use io.Local for
  JSON state persistence. EnsureLogsDir uses io.Local.EnsureDir.
- pkg/container/templates.go: Template loading and directory scanning
  now use io.Local.IsFile, IsDir, Read, and List.
- pkg/container/linuxkit.go: Image validation uses io.Local.IsFile,
  log file check uses io.Local.IsFile. Streaming log file creation
  (os.Create) remains unchanged as io.Local doesn't support streaming.

Closes #105, closes #107

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* docs(audit): add dependency security audit report

Complete security audit of all project dependencies:

- Run govulncheck: No vulnerabilities found
- Run go mod verify: All modules verified
- Document 15 direct dependencies and 161 indirect
- Assess supply chain risks: Low risk overall
- Verify lock files are committed with integrity hashes
- Provide CI integration recommendations

Closes #185

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix(ci): build core CLI from source instead of downloading release

The workflows were trying to download from a non-existent release URL.
Now builds the CLI directly using `go build` with version injection.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* chore: trigger CI with updated workflow

* chore(ci): add workflow_dispatch trigger for manual runs

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-02 08:04:26 +00:00

113 lines
2.6 KiB
Go
Raw Blame History

package sources
import (
"context"
"fmt"
goio "io"
"net/http"
"os"
"path/filepath"
"github.com/host-uk/core/pkg/io"
)
// CDNSource downloads images from a CDN or S3 bucket.
type CDNSource struct {
config SourceConfig
}
// Compile-time interface check.
var _ ImageSource = (*CDNSource)(nil)
// NewCDNSource creates a new CDN source.
func NewCDNSource(cfg SourceConfig) *CDNSource {
return &CDNSource{config: cfg}
}
// Name returns "cdn".
func (s *CDNSource) Name() string {
return "cdn"
}
// Available checks if CDN URL is configured.
func (s *CDNSource) Available() bool {
return s.config.CDNURL != ""
}
// LatestVersion fetches version from manifest or returns "latest".
func (s *CDNSource) LatestVersion(ctx context.Context) (string, error) {
// Try to fetch manifest.json for version info
url := fmt.Sprintf("%s/manifest.json", s.config.CDNURL)
req, err := http.NewRequestWithContext(ctx, "GET", url, nil)
if err != nil {
return "latest", nil
}
resp, err := http.DefaultClient.Do(req)
if err != nil || resp.StatusCode != 200 {
return "latest", nil
}
defer func() { _ = resp.Body.Close() }()
// For now, just return latest - could parse manifest for version
return "latest", nil
}
// Download downloads the image from CDN.
func (s *CDNSource) Download(ctx context.Context, dest string, progress func(downloaded, total int64)) error {
url := fmt.Sprintf("%s/%s", s.config.CDNURL, s.config.ImageName)
req, err := http.NewRequestWithContext(ctx, "GET", url, nil)
if err != nil {
return fmt.Errorf("cdn.Download: %w", err)
}
resp, err := http.DefaultClient.Do(req)
if err != nil {
return fmt.Errorf("cdn.Download: %w", err)
}
defer func() { _ = resp.Body.Close() }()
if resp.StatusCode != 200 {
return fmt.Errorf("cdn.Download: HTTP %d", resp.StatusCode)
}
// Ensure dest directory exists
if err := io.Local.EnsureDir(dest); err != nil {
return fmt.Errorf("cdn.Download: %w", err)
}
// Create destination file
destPath := filepath.Join(dest, s.config.ImageName)
f, err := os.Create(destPath)
if err != nil {
return fmt.Errorf("cdn.Download: %w", err)
}
defer func() { _ = f.Close() }()
// Copy with progress
total := resp.ContentLength
var downloaded int64
buf := make([]byte, 32*1024)
for {
n, err := resp.Body.Read(buf)
if n > 0 {
if _, werr := f.Write(buf[:n]); werr != nil {
return fmt.Errorf("cdn.Download: %w", werr)
}
downloaded += int64(n)
if progress != nil {
progress(downloaded, total)
}
}
if err == goio.EOF {
break
}
if err != nil {
return fmt.Errorf("cdn.Download: %w", err)
}
}
return nil
}
Reference in a new issue View git blame Copy permalink