feat: v3 Go rewrite — full artifact proxy with web UI, TUI, and Terraform provider

Complete rewrite of ArtifactAPI from Python/FastAPI to Go as a single binary.

Core engine:
- 10 package providers: generic, docker, helm, pypi, npm, rpm, alpine,
  puppet, terraform, goproxy — each with built-in mutable patterns
- Content-addressable storage (SHA256 dedup across all remotes)
- Three-tier caching: Redis (TTL/locks) → S3/MinIO (blobs) → upstream
- Classifier with allowlist/blocklist per-remote (empty = allow all)
- Circuit breaker, conditional revalidation, stale-on-error
- Background garbage collection for orphaned blobs
- Access logging to PostgreSQL

API:
- v1 proxy endpoints (backwards compatible)
- v2 management API: CRUD remotes/virtuals, object browser, stats,
  health, SSE events, probe/test endpoint
- Virtual repos with index merging (Helm YAML + PyPI HTML)

Frontend (React + Vite, separate Dockerfile):
- Dashboard with stats, health indicators, top remotes
- Remotes list with type filter, remote detail with config/patterns
- Object browser with pagination and evict
- Test Remote page: probe any remote path, see headers/size/timing
- Virtuals page with expandable member lists

TUI (Bubble Tea):
- Dashboard, remotes list/detail, object browser, virtuals
- Vim-style navigation, artifactapi tui --endpoint <url>

Infrastructure:
- S3 client supports MinIO, Ceph RGW, AWS S3 (minio-go)
- PostgreSQL schema with migrations
- Docker Compose: API + UI + Postgres 17 + Redis 7 + MinIO
- Makefile with Go version check, build/test/lint/fmt/e2e targets
- Distroless Docker image (~15MB)

Testing:
- Unit tests for models, classifier, providers, mergers
- E2E tests with testcontainers-go (real Postgres/Redis/MinIO)

Terraform config:
- All 40 production remotes + helm virtual as HCL
- Provider repo: terraform-provider-artifactapi v0.0.1 (separate)
This commit is contained in:
2026-06-07 15:53:14 +10:00
parent f25bf6cb29
commit deabda9895
111 changed files with 11428 additions and 741 deletions
+72
View File
@@ -0,0 +1,72 @@
package storage
import (
"context"
"crypto/sha256"
"encoding/hex"
"fmt"
"io"
"os"
)
type CAS struct {
s3 *S3
}
func NewCAS(s3 *S3) *CAS {
return &CAS{s3: s3}
}
type CASResult struct {
ContentHash string
S3Key string
SizeBytes int64
AlreadyExists bool
}
func (c *CAS) Store(ctx context.Context, reader io.Reader, contentType string) (*CASResult, error) {
tmp, err := os.CreateTemp("", "artifact-*")
if err != nil {
return nil, fmt.Errorf("create temp file: %w", err)
}
defer os.Remove(tmp.Name())
defer tmp.Close()
hasher := sha256.New()
size, err := io.Copy(io.MultiWriter(tmp, hasher), reader)
if err != nil {
return nil, fmt.Errorf("write temp file: %w", err)
}
hash := hex.EncodeToString(hasher.Sum(nil))
s3Key := BlobKey(hash)
exists, err := c.s3.Exists(ctx, s3Key)
if err != nil {
return nil, fmt.Errorf("check blob exists: %w", err)
}
if !exists {
if _, err := tmp.Seek(0, io.SeekStart); err != nil {
return nil, fmt.Errorf("seek temp file: %w", err)
}
if err := c.s3.Upload(ctx, s3Key, tmp, size, contentType); err != nil {
return nil, fmt.Errorf("upload blob: %w", err)
}
}
return &CASResult{
ContentHash: fmt.Sprintf("sha256:%s", hash),
S3Key: s3Key,
SizeBytes: size,
AlreadyExists: exists,
}, nil
}
func BlobKey(hash string) string {
return fmt.Sprintf("blobs/sha256/%s", hash)
}
func IndexKey(remote, path string) string {
return fmt.Sprintf("indexes/%s/%s", remote, path)
}
+99
View File
@@ -0,0 +1,99 @@
package storage
import (
"context"
"fmt"
"io"
"log/slog"
"github.com/minio/minio-go/v7"
"github.com/minio/minio-go/v7/pkg/credentials"
)
type S3 struct {
client *minio.Client
bucket string
}
func NewS3(endpoint, accessKey, secretKey, bucket string, secure bool, region string) (*S3, error) {
opts := &minio.Options{
Creds: credentials.NewStaticV4(accessKey, secretKey, ""),
Secure: secure,
}
if region != "" {
opts.Region = region
}
client, err := minio.New(endpoint, opts)
if err != nil {
return nil, fmt.Errorf("create s3 client: %w", err)
}
s := &S3{client: client, bucket: bucket}
if err := s.ensureBucket(context.Background()); err != nil {
return nil, err
}
return s, nil
}
func (s *S3) ensureBucket(ctx context.Context) error {
exists, err := s.client.BucketExists(ctx, s.bucket)
if err != nil {
return fmt.Errorf("check bucket: %w", err)
}
if !exists {
if err := s.client.MakeBucket(ctx, s.bucket, minio.MakeBucketOptions{}); err != nil {
return fmt.Errorf("create bucket: %w", err)
}
slog.Info("created bucket", "bucket", s.bucket)
}
return nil
}
func (s *S3) Upload(ctx context.Context, key string, reader io.Reader, size int64, contentType string) error {
_, err := s.client.PutObject(ctx, s.bucket, key, reader, size, minio.PutObjectOptions{
ContentType: contentType,
})
return err
}
func (s *S3) Download(ctx context.Context, key string) (io.ReadCloser, *minio.ObjectInfo, error) {
obj, err := s.client.GetObject(ctx, s.bucket, key, minio.GetObjectOptions{})
if err != nil {
return nil, nil, err
}
info, err := obj.Stat()
if err != nil {
obj.Close()
return nil, nil, err
}
return obj, &info, nil
}
func (s *S3) Exists(ctx context.Context, key string) (bool, error) {
_, err := s.client.StatObject(ctx, s.bucket, key, minio.StatObjectOptions{})
if err != nil {
resp := minio.ToErrorResponse(err)
if resp.Code == "NoSuchKey" {
return false, nil
}
return false, err
}
return true, nil
}
func (s *S3) Delete(ctx context.Context, key string) error {
return s.client.RemoveObject(ctx, s.bucket, key, minio.RemoveObjectOptions{})
}
func (s *S3) Stat(ctx context.Context, key string) (*minio.ObjectInfo, error) {
info, err := s.client.StatObject(ctx, s.bucket, key, minio.StatObjectOptions{})
if err != nil {
return nil, err
}
return &info, nil
}