Port mirror registry to use Quay

Author: ggiguash

docs/contributor/howto_quay_build.md

@@ -0,0 +1,87 @@
+# Building Quay From Sources for MicroShift CI
+
+## Introduction
+
+MicroShift CI requires a local mirror registry for storing container images and
+container build artifacts. This is necessary for improving the stability of tests
+(less dependency on network flakes) and overall performance (faster image access).
+
+The simplest local mirror registry tool that can be used in MicroShift CI is
+[Docker Distribution Registry](https://docs.docker.com/registry), but it lacks
+support of `sigstore`, which forces its users not to use signature validation.
+
+[Project Quay](https://github.com/quay/quay) provides for a more feature reach
+alternative, but it comes with a few challenges:
+* Quay registry is more complex to set up and more resource consuming
+* Quay registry is not supported on the `aarch64` platform
+
+Quay can be deployed in a [Quick Local Development](https://github.com/quay/quay/blob/master/docs/quick-local-deployment.md)
+mode that runs the registry inside local containers. To mitigate the lack of the
+`aarch64` platform support, it is necessary to pre-build the required container
+images from [Project Quay](https://github.com/quay/quay) sources and store them
+at [quay.io/microshift] registry to be consumed by MicroShift CI.
+
+The remainder of this document describes how to build Quay container images from
+sources and store them in a cloud registry.
+
+## Prerequisites
+
+Run the following command to initialize the Quay Git repository.
+
+```
+git clone https://github.com/quay/quay.git
+cd quay
+```
+
+Review the list of [Quay Releases](https://github.com/quay/quay/releases) to
+select the branch. It is recommended to use a release with the `latest` tag
+(`v3.11.7` at the time of writing this document).
+
+Check out the appropriate code branch.
+
+```
+QUAY_VER=v3.11.7
+git checkout "${QUAY_VER}"
+```
+
+Install the RPM dependencies required to build Quay images from sources.
+
+```
+sudo dnf install -y podman podman-compose
+sudo ln -s $(which podman-compose) /usr/bin/docker-compose
+```
+
+## Image Build
+
+Run the following command to build Quay container images.
+
+```
+make local-dev-build-images
+```
+
+Make sure that required `quay-local` image was built successfully.
+
+```
+$ podman images quay-local
+REPOSITORY            TAG         IMAGE ID      CREATED        SIZE
+localhost/quay-local  latest      7f4def76a288  2 minutes ago  786 MB
+```
+
+## Image Push
+
+Log into your `quay.io` account at the `microshift` organization.
+
+```
+podman login quay.io/microshift
+```
+
+Tag the local image with the version and current architecture, and push it to
+the cloud registry.
+
+```
+podman tag localhost/quay-local:latest quay.io/microshift/quay:${QUAY_VER}-$(uname -m)
+podman push quay.io/microshift/quay:${QUAY_VER}-$(uname -m)
+```
+
+Finally, browse to [Quay Repository Settings](https://quay.io/repository/microshift/quay?tab=settings)
+and make sure the repository has public access.

test/assets/quay/config.yaml.template

@@ -0,0 +1,95 @@
+ALLOWED_OCI_ARTIFACT_TYPES:
+    application/vnd.oci.image.config.v1+json:
+        - application/vnd.oci.image.layer.v1.tar+zstd
+    application/vnd.sylabs.sif.config.v1+json:
+        - application/vnd.sylabs.sif.layer.v1+tar
+AUTHENTICATION_TYPE: Database
+AVATAR_KIND: local
+BUILDLOGS_REDIS:
+    host: ${REDIS_IP}
+    password: strongpassword
+    port: 6379
+DATABASE_SECRET_KEY: 5861fd40-0eab-42fb-8837-574ae401fa89
+DB_CONNECTION_ARGS: {}
+DB_URI: postgresql://user:pass@${POSTGRES_IP}/quay
+DEFAULT_TAG_EXPIRATION: 2w
+DISTRIBUTED_STORAGE_CONFIG:
+    default:
+        - LocalStorage
+        - storage_path: /datastorage/registry
+DISTRIBUTED_STORAGE_DEFAULT_LOCATIONS: []
+DISTRIBUTED_STORAGE_PREFERENCE:
+    - default
+FEATURE_ACI_CONVERSION: false
+FEATURE_ACTION_LOG_ROTATION: false
+FEATURE_ANONYMOUS_ACCESS: true
+FEATURE_APP_REGISTRY: false
+FEATURE_APP_SPECIFIC_TOKENS: true
+FEATURE_BITBUCKET_BUILD: false
+FEATURE_BLACKLISTED_EMAILS: false
+FEATURE_BUILD_SUPPORT: false
+FEATURE_CHANGE_TAG_EXPIRATION: true
+FEATURE_DIRECT_LOGIN: true
+FEATURE_EXTENDED_REPOSITORY_NAMES: true
+FEATURE_FIPS: false
+FEATURE_GITHUB_BUILD: false
+FEATURE_GITHUB_LOGIN: false
+FEATURE_GITLAB_BUILD: false
+FEATURE_GOOGLE_LOGIN: false
+FEATURE_INVITE_ONLY_USER_CREATION: false
+FEATURE_MAILING: false
+FEATURE_NONSUPERUSER_TEAM_SYNCING_SETUP: false
+FEATURE_PARTIAL_USER_AUTOCOMPLETE: true
+FEATURE_PROXY_STORAGE: false
+FEATURE_REPO_MIRROR: false
+FEATURE_REQUIRE_TEAM_INVITE: true
+FEATURE_RESTRICTED_V1_PUSH: true
+FEATURE_SECURITY_NOTIFICATIONS: false
+FEATURE_SECURITY_SCANNER: false
+FEATURE_STORAGE_REPLICATION: false
+FEATURE_TEAM_SYNCING: false
+FEATURE_USER_CREATION: true
+FEATURE_USER_LAST_ACCESSED: true
+FEATURE_USER_LOG_ACCESS: false
+FEATURE_USER_METADATA: false
+FEATURE_USER_RENAME: false
+FEATURE_USERNAME_CONFIRMATION: true
+FRESH_LOGIN_TIMEOUT: 10m
+GITHUB_LOGIN_CONFIG: {}
+GITHUB_TRIGGER_CONFIG: {}
+GITLAB_TRIGGER_KIND: {}
+LDAP_ALLOW_INSECURE_FALLBACK: false
+LDAP_EMAIL_ATTR: mail
+LDAP_UID_ATTR: uid
+LDAP_URI: ldap://localhost
+LOG_ARCHIVE_LOCATION: default
+LOGS_MODEL: database
+LOGS_MODEL_CONFIG: {}
+MAIL_DEFAULT_SENDER: [email protected]
+MAIL_PORT: 587
+MAIL_USE_AUTH: false
+MAIL_USE_TLS: false
+PREFERRED_URL_SCHEME: http
+REGISTRY_TITLE: Project Quay
+REGISTRY_TITLE_SHORT: Project Quay
+REPO_MIRROR_INTERVAL: 30
+REPO_MIRROR_TLS_VERIFY: true
+SEARCH_MAX_RESULT_PAGE_COUNT: 10
+SEARCH_RESULTS_PER_PAGE: 10
+SECRET_KEY: f8d15d8b-5b24-4210-a762-1db6175cba2a
+SECURITY_SCANNER_INDEXING_INTERVAL: 30
+SERVER_HOSTNAME: ${QUAY_URL}
+SETUP_COMPLETE: true
+SUPER_USERS:
+    - microshift
+TAG_EXPIRATION_OPTIONS:
+    - 2w
+TEAM_RESYNC_STALE_TIME: 30m
+TESTING: false
+USE_CDN: false
+USER_EVENTS_REDIS:
+    host: ${REDIS_IP}
+    password: strongpassword
+    port: 6379
+USER_RECOVERY_TOKEN_LIFETIME: 30m
+USERFILES_LOCATION: default

test/assets/quay/user_dump.sql

@@ -0,0 +1,38 @@
+--
+-- PostgreSQL database dump
+--
+
+-- Dumped from database version 10.12 (Debian 10.12-2.pgdg90+1)
+-- Dumped by pg_dump version 10.12 (Debian 10.12-2.pgdg90+1)
+
+SET statement_timeout = 0;
+SET lock_timeout = 0;
+SET idle_in_transaction_session_timeout = 0;
+SET client_encoding = 'UTF8';
+SET standard_conforming_strings = on;
+SELECT pg_catalog.set_config('search_path', '', false);
+SET check_function_bodies = false;
+SET xmloption = content;
+SET client_min_messages = warning;
+SET row_security = off;
+
+--
+-- Data for Name: user; Type: TABLE DATA; Schema: public; Owner: user
+--
+
+COPY public."user" (id, uuid, username, password_hash, email, verified, stripe_id, organization, robot, invoice_email, invalid_login_attempts, last_invalid_login, removed_tag_expiration_s, enabled, invoice_email_address, company, family_name, given_name, location, maximum_queued_builds_count, creation_date, last_accessed) FROM stdin;
+1	781bf4e3-2458-4b6a-9137-e80ea516be1d	microshift	$2b$12$aBToatOQeemO4IVB5/lhXOUk3J3iRZaLOpTB9RAho.JLOjnPWdquO	microshift@redhat.com	t	\N	f	f	f	0	2024-12-30 11:40:06.096595	1209600	t	\N	\N	\N	\N	\N	\N	2024-12-30 11:40:06.096597	\N
+\.
+
+
+--
+-- Name: user_id_seq; Type: SEQUENCE SET; Schema: public; Owner: user
+--
+
+SELECT pg_catalog.setval('public.user_id_seq', 1, true);
+
+
+--
+-- PostgreSQL database dump complete
+--
+