Initial scaffold: API service, K8s operator, and CRDs
Forgebot is a K8s operator + API service for dispatching AI agent jobs from git forge commands. Includes: - CRDs: AgentPool, AgentTask, ProviderQueue, RepositoryBinding - API server with webhook handler, task queue, and comment proxy - Operator controllers for task scheduling and job management - Gitea provider with webhook parsing and signature verification - PostgreSQL database with auto-migration - Woodpecker CI pipelines and multi-stage Dockerfiles
This commit is contained in:
@@ -0,0 +1,57 @@
|
||||
package controller
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
ctrl "sigs.k8s.io/controller-runtime"
|
||||
"sigs.k8s.io/controller-runtime/pkg/client"
|
||||
"sigs.k8s.io/controller-runtime/pkg/log"
|
||||
|
||||
forgebotv1alpha1 "git.unkin.net/unkin/forgebot/api/v1alpha1"
|
||||
)
|
||||
|
||||
type AgentPoolReconciler struct {
|
||||
client.Client
|
||||
Scheme *runtime.Scheme
|
||||
}
|
||||
|
||||
// +kubebuilder:rbac:groups=forgebot.unkin.net,resources=agentpools,verbs=get;list;watch;create;update;patch;delete
|
||||
// +kubebuilder:rbac:groups=forgebot.unkin.net,resources=agentpools/status,verbs=get;update;patch
|
||||
|
||||
func (r *AgentPoolReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
|
||||
logger := log.FromContext(ctx)
|
||||
|
||||
var pool forgebotv1alpha1.AgentPool
|
||||
if err := r.Get(ctx, req.NamespacedName, &pool); err != nil {
|
||||
return ctrl.Result{}, client.IgnoreNotFound(err)
|
||||
}
|
||||
|
||||
var taskList forgebotv1alpha1.AgentTaskList
|
||||
if err := r.List(ctx, &taskList, client.InNamespace(req.Namespace)); err != nil {
|
||||
return ctrl.Result{}, err
|
||||
}
|
||||
|
||||
active := 0
|
||||
for _, task := range taskList.Items {
|
||||
if task.Spec.PoolRef == pool.Name && task.Status.Phase == forgebotv1alpha1.TaskRunning {
|
||||
active++
|
||||
}
|
||||
}
|
||||
|
||||
if pool.Status.ActiveJobs != active {
|
||||
pool.Status.ActiveJobs = active
|
||||
if err := r.Status().Update(ctx, &pool); err != nil {
|
||||
return ctrl.Result{}, err
|
||||
}
|
||||
logger.Info("updated pool status", "pool", pool.Name, "active", active)
|
||||
}
|
||||
|
||||
return ctrl.Result{}, nil
|
||||
}
|
||||
|
||||
func (r *AgentPoolReconciler) SetupWithManager(mgr ctrl.Manager) error {
|
||||
return ctrl.NewControllerManagedBy(mgr).
|
||||
For(&forgebotv1alpha1.AgentPool{}).
|
||||
Complete(r)
|
||||
}
|
||||
@@ -0,0 +1,186 @@
|
||||
package controller
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
|
||||
batchv1 "k8s.io/api/batch/v1"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
ctrl "sigs.k8s.io/controller-runtime"
|
||||
"sigs.k8s.io/controller-runtime/pkg/client"
|
||||
"sigs.k8s.io/controller-runtime/pkg/log"
|
||||
|
||||
forgebotv1alpha1 "git.unkin.net/unkin/forgebot/api/v1alpha1"
|
||||
)
|
||||
|
||||
type AgentTaskReconciler struct {
|
||||
client.Client
|
||||
Scheme *runtime.Scheme
|
||||
}
|
||||
|
||||
// +kubebuilder:rbac:groups=forgebot.unkin.net,resources=agenttasks,verbs=get;list;watch;create;update;patch;delete
|
||||
// +kubebuilder:rbac:groups=forgebot.unkin.net,resources=agenttasks/status,verbs=get;update;patch
|
||||
// +kubebuilder:rbac:groups=batch,resources=jobs,verbs=get;list;watch;create;delete
|
||||
|
||||
func (r *AgentTaskReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
|
||||
logger := log.FromContext(ctx)
|
||||
|
||||
var task forgebotv1alpha1.AgentTask
|
||||
if err := r.Get(ctx, req.NamespacedName, &task); err != nil {
|
||||
return ctrl.Result{}, client.IgnoreNotFound(err)
|
||||
}
|
||||
|
||||
switch task.Status.Phase {
|
||||
case forgebotv1alpha1.TaskPending, "":
|
||||
return r.handlePending(ctx, &task)
|
||||
case forgebotv1alpha1.TaskRunning:
|
||||
return r.handleRunning(ctx, &task)
|
||||
default:
|
||||
logger.V(1).Info("task in terminal state", "phase", task.Status.Phase)
|
||||
return ctrl.Result{}, nil
|
||||
}
|
||||
}
|
||||
|
||||
func (r *AgentTaskReconciler) handlePending(ctx context.Context, task *forgebotv1alpha1.AgentTask) (ctrl.Result, error) {
|
||||
logger := log.FromContext(ctx)
|
||||
|
||||
var pool forgebotv1alpha1.AgentPool
|
||||
if err := r.Get(ctx, client.ObjectKey{Namespace: task.Namespace, Name: task.Spec.PoolRef}, &pool); err != nil {
|
||||
return ctrl.Result{}, fmt.Errorf("get pool %s: %w", task.Spec.PoolRef, err)
|
||||
}
|
||||
|
||||
if pool.Status.ActiveJobs >= pool.Spec.MaxConcurrent {
|
||||
logger.Info("pool at capacity, requeueing", "pool", pool.Name, "active", pool.Status.ActiveJobs)
|
||||
return ctrl.Result{RequeueAfter: 10_000_000_000}, nil // 10s
|
||||
}
|
||||
|
||||
job := r.buildJob(task, &pool)
|
||||
if err := ctrl.SetControllerReference(task, job, r.Scheme); err != nil {
|
||||
return ctrl.Result{}, err
|
||||
}
|
||||
if err := r.Create(ctx, job); err != nil {
|
||||
return ctrl.Result{}, fmt.Errorf("create job: %w", err)
|
||||
}
|
||||
|
||||
now := metav1.Now()
|
||||
task.Status.Phase = forgebotv1alpha1.TaskRunning
|
||||
task.Status.JobName = job.Name
|
||||
task.Status.StartTime = &now
|
||||
if err := r.Status().Update(ctx, task); err != nil {
|
||||
return ctrl.Result{}, err
|
||||
}
|
||||
|
||||
logger.Info("created job for task", "job", job.Name, "task", task.Name)
|
||||
return ctrl.Result{}, nil
|
||||
}
|
||||
|
||||
func (r *AgentTaskReconciler) handleRunning(ctx context.Context, task *forgebotv1alpha1.AgentTask) (ctrl.Result, error) {
|
||||
logger := log.FromContext(ctx)
|
||||
|
||||
var job batchv1.Job
|
||||
if err := r.Get(ctx, client.ObjectKey{Namespace: task.Namespace, Name: task.Status.JobName}, &job); err != nil {
|
||||
return ctrl.Result{}, client.IgnoreNotFound(err)
|
||||
}
|
||||
|
||||
if job.Status.Succeeded > 0 {
|
||||
now := metav1.Now()
|
||||
task.Status.Phase = forgebotv1alpha1.TaskSucceeded
|
||||
task.Status.EndTime = &now
|
||||
if err := r.Status().Update(ctx, task); err != nil {
|
||||
return ctrl.Result{}, err
|
||||
}
|
||||
logger.Info("task succeeded", "task", task.Name)
|
||||
return ctrl.Result{}, nil
|
||||
}
|
||||
|
||||
if job.Status.Failed > 0 {
|
||||
now := metav1.Now()
|
||||
task.Status.Phase = forgebotv1alpha1.TaskFailed
|
||||
task.Status.EndTime = &now
|
||||
task.Status.Message = "job failed"
|
||||
if err := r.Status().Update(ctx, task); err != nil {
|
||||
return ctrl.Result{}, err
|
||||
}
|
||||
logger.Info("task failed", "task", task.Name)
|
||||
return ctrl.Result{}, nil
|
||||
}
|
||||
|
||||
return ctrl.Result{RequeueAfter: 15_000_000_000}, nil // 15s
|
||||
}
|
||||
|
||||
func (r *AgentTaskReconciler) buildJob(task *forgebotv1alpha1.AgentTask, pool *forgebotv1alpha1.AgentPool) *batchv1.Job {
|
||||
backoffLimit := int32(0)
|
||||
ttl := int32(3600)
|
||||
|
||||
env := []corev1.EnvVar{
|
||||
{Name: "FORGEBOT_REPO", Value: task.Spec.Repository},
|
||||
{Name: "FORGEBOT_REF", Value: task.Spec.Ref},
|
||||
{Name: "FORGEBOT_COMMAND", Value: task.Spec.Command},
|
||||
{Name: "FORGEBOT_SKILL", Value: task.Spec.Skill},
|
||||
{Name: "FORGEBOT_TASK_ID", Value: task.Name},
|
||||
{Name: "FORGEBOT_MODEL", Value: pool.Spec.Model},
|
||||
{Name: "FORGEBOT_BODY", Value: task.Spec.Context.Body},
|
||||
{Name: "FORGEBOT_AUTHOR", Value: task.Spec.Context.Author},
|
||||
{Name: "FORGEBOT_ISSUE_NUMBER", Value: fmt.Sprintf("%d", task.Spec.Context.IssueNumber)},
|
||||
{Name: "FORGEBOT_PR_NUMBER", Value: fmt.Sprintf("%d", task.Spec.Context.PRNumber)},
|
||||
{Name: "ANTHROPIC_BASE_URL", Value: pool.Spec.Endpoint},
|
||||
}
|
||||
|
||||
if pool.Spec.CredentialSecretRef.Name != "" {
|
||||
env = append(env, corev1.EnvVar{
|
||||
Name: "ANTHROPIC_API_KEY",
|
||||
ValueFrom: &corev1.EnvVarSource{
|
||||
SecretKeyRef: &corev1.SecretKeySelector{
|
||||
LocalObjectReference: pool.Spec.CredentialSecretRef,
|
||||
Key: "api-key",
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
return &batchv1.Job{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: fmt.Sprintf("forgebot-%s", task.Name),
|
||||
Namespace: task.Namespace,
|
||||
Labels: map[string]string{
|
||||
"app.kubernetes.io/managed-by": "forgebot",
|
||||
"forgebot.unkin.net/task": task.Name,
|
||||
"forgebot.unkin.net/pool": pool.Name,
|
||||
"forgebot.unkin.net/command": task.Spec.Command,
|
||||
},
|
||||
},
|
||||
Spec: batchv1.JobSpec{
|
||||
BackoffLimit: &backoffLimit,
|
||||
TTLSecondsAfterFinished: &ttl,
|
||||
Template: corev1.PodTemplateSpec{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Labels: map[string]string{
|
||||
"app.kubernetes.io/managed-by": "forgebot",
|
||||
"forgebot.unkin.net/task": task.Name,
|
||||
},
|
||||
},
|
||||
Spec: corev1.PodSpec{
|
||||
ServiceAccountName: pool.Spec.ServiceAccountName,
|
||||
RestartPolicy: corev1.RestartPolicyNever,
|
||||
Containers: []corev1.Container{
|
||||
{
|
||||
Name: "agent",
|
||||
Image: pool.Spec.Image,
|
||||
Env: env,
|
||||
Resources: pool.Spec.Resources,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func (r *AgentTaskReconciler) SetupWithManager(mgr ctrl.Manager) error {
|
||||
return ctrl.NewControllerManagedBy(mgr).
|
||||
For(&forgebotv1alpha1.AgentTask{}).
|
||||
Owns(&batchv1.Job{}).
|
||||
Complete(r)
|
||||
}
|
||||
@@ -0,0 +1,171 @@
|
||||
package controller
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
ctrl "sigs.k8s.io/controller-runtime"
|
||||
"sigs.k8s.io/controller-runtime/pkg/client"
|
||||
"sigs.k8s.io/controller-runtime/pkg/log"
|
||||
|
||||
forgebotv1alpha1 "git.unkin.net/unkin/forgebot/api/v1alpha1"
|
||||
"git.unkin.net/unkin/forgebot/pkg/models"
|
||||
)
|
||||
|
||||
type ProviderQueueReconciler struct {
|
||||
client.Client
|
||||
Scheme *runtime.Scheme
|
||||
HTTPClient *http.Client
|
||||
}
|
||||
|
||||
// +kubebuilder:rbac:groups=forgebot.unkin.net,resources=providerqueues,verbs=get;list;watch;update;patch
|
||||
// +kubebuilder:rbac:groups=forgebot.unkin.net,resources=providerqueues/status,verbs=get;update;patch
|
||||
// +kubebuilder:rbac:groups=forgebot.unkin.net,resources=agenttasks,verbs=create
|
||||
// +kubebuilder:rbac:groups=forgebot.unkin.net,resources=repositorybindings,verbs=get;list;watch
|
||||
|
||||
func (r *ProviderQueueReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
|
||||
logger := log.FromContext(ctx)
|
||||
|
||||
var queue forgebotv1alpha1.ProviderQueue
|
||||
if err := r.Get(ctx, req.NamespacedName, &queue); err != nil {
|
||||
return ctrl.Result{}, client.IgnoreNotFound(err)
|
||||
}
|
||||
|
||||
pollInterval, err := time.ParseDuration(queue.Spec.PollInterval)
|
||||
if err != nil {
|
||||
pollInterval = 30 * time.Second
|
||||
}
|
||||
|
||||
httpClient := r.HTTPClient
|
||||
if httpClient == nil {
|
||||
httpClient = &http.Client{Timeout: 10 * time.Second}
|
||||
}
|
||||
|
||||
resp, err := httpClient.Get(queue.Spec.Endpoint + "/tasks?status=pending")
|
||||
if err != nil {
|
||||
now := metav1.Now()
|
||||
queue.Status.LastPoll = &now
|
||||
queue.Status.LastError = err.Error()
|
||||
_ = r.Status().Update(ctx, &queue)
|
||||
logger.Error(err, "failed to poll API")
|
||||
return ctrl.Result{RequeueAfter: pollInterval}, nil
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
body, err := io.ReadAll(resp.Body)
|
||||
if err != nil {
|
||||
return ctrl.Result{RequeueAfter: pollInterval}, err
|
||||
}
|
||||
|
||||
var tasks []models.Task
|
||||
if err := json.Unmarshal(body, &tasks); err != nil {
|
||||
return ctrl.Result{RequeueAfter: pollInterval}, err
|
||||
}
|
||||
|
||||
var bindings forgebotv1alpha1.RepositoryBindingList
|
||||
if err := r.List(ctx, &bindings, client.InNamespace(req.Namespace)); err != nil {
|
||||
return ctrl.Result{RequeueAfter: pollInterval}, err
|
||||
}
|
||||
|
||||
bindingMap := map[string]*forgebotv1alpha1.RepositoryBinding{}
|
||||
for i := range bindings.Items {
|
||||
b := &bindings.Items[i]
|
||||
if b.Spec.ProviderQueueRef == queue.Name {
|
||||
bindingMap[b.Spec.Repository] = b
|
||||
}
|
||||
}
|
||||
|
||||
for _, task := range tasks {
|
||||
binding, ok := bindingMap[task.Repository]
|
||||
if !ok {
|
||||
continue
|
||||
}
|
||||
|
||||
if !isAllowed(binding, task.Author, task.Command) {
|
||||
continue
|
||||
}
|
||||
|
||||
agentTask := &forgebotv1alpha1.AgentTask{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: fmt.Sprintf("task-%s", task.ID[:8]),
|
||||
Namespace: req.Namespace,
|
||||
},
|
||||
Spec: forgebotv1alpha1.AgentTaskSpec{
|
||||
PoolRef: binding.Spec.AgentPoolRef,
|
||||
Command: task.Command,
|
||||
Skill: resolveSkill(binding, task.Command),
|
||||
Repository: task.Repository,
|
||||
Ref: task.Ref,
|
||||
Context: forgebotv1alpha1.TaskContext{
|
||||
IssueNumber: task.IssueNumber,
|
||||
PRNumber: task.PRNumber,
|
||||
CommentID: task.CommentID,
|
||||
Body: task.Body,
|
||||
Author: task.Author,
|
||||
},
|
||||
ExtraTools: task.ExtraTools,
|
||||
ParentTaskRef: task.ParentTaskID,
|
||||
},
|
||||
}
|
||||
|
||||
if err := r.Create(ctx, agentTask); err != nil {
|
||||
logger.Error(err, "failed to create AgentTask", "task", task.ID)
|
||||
continue
|
||||
}
|
||||
|
||||
queue.Status.TasksCreated++
|
||||
logger.Info("created AgentTask", "task", agentTask.Name, "command", task.Command)
|
||||
}
|
||||
|
||||
now := metav1.Now()
|
||||
queue.Status.LastPoll = &now
|
||||
queue.Status.LastError = ""
|
||||
_ = r.Status().Update(ctx, &queue)
|
||||
|
||||
return ctrl.Result{RequeueAfter: pollInterval}, nil
|
||||
}
|
||||
|
||||
func isAllowed(binding *forgebotv1alpha1.RepositoryBinding, author, command string) bool {
|
||||
if len(binding.Spec.AllowedUsers) > 0 {
|
||||
found := false
|
||||
for _, u := range binding.Spec.AllowedUsers {
|
||||
if u == author {
|
||||
found = true
|
||||
break
|
||||
}
|
||||
}
|
||||
if !found {
|
||||
return false
|
||||
}
|
||||
}
|
||||
if len(binding.Spec.AllowedCommands) > 0 {
|
||||
for _, c := range binding.Spec.AllowedCommands {
|
||||
if c == command {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
func resolveSkill(binding *forgebotv1alpha1.RepositoryBinding, command string) string {
|
||||
for _, m := range binding.Spec.SkillMapping {
|
||||
if m.Command == command {
|
||||
return m.Skill
|
||||
}
|
||||
}
|
||||
return command
|
||||
}
|
||||
|
||||
func (r *ProviderQueueReconciler) SetupWithManager(mgr ctrl.Manager) error {
|
||||
return ctrl.NewControllerManagedBy(mgr).
|
||||
For(&forgebotv1alpha1.ProviderQueue{}).
|
||||
Complete(r)
|
||||
}
|
||||
@@ -0,0 +1,41 @@
|
||||
package controller
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
ctrl "sigs.k8s.io/controller-runtime"
|
||||
"sigs.k8s.io/controller-runtime/pkg/client"
|
||||
"sigs.k8s.io/controller-runtime/pkg/log"
|
||||
|
||||
forgebotv1alpha1 "git.unkin.net/unkin/forgebot/api/v1alpha1"
|
||||
)
|
||||
|
||||
type RepositoryBindingReconciler struct {
|
||||
client.Client
|
||||
Scheme *runtime.Scheme
|
||||
}
|
||||
|
||||
// +kubebuilder:rbac:groups=forgebot.unkin.net,resources=repositorybindings,verbs=get;list;watch;create;update;patch;delete
|
||||
// +kubebuilder:rbac:groups=forgebot.unkin.net,resources=repositorybindings/status,verbs=get;update;patch
|
||||
|
||||
func (r *RepositoryBindingReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
|
||||
logger := log.FromContext(ctx)
|
||||
|
||||
var binding forgebotv1alpha1.RepositoryBinding
|
||||
if err := r.Get(ctx, req.NamespacedName, &binding); err != nil {
|
||||
return ctrl.Result{}, client.IgnoreNotFound(err)
|
||||
}
|
||||
|
||||
// TODO: Validate that referenced pool and queue exist
|
||||
// TODO: Register webhook with Gitea for this repository
|
||||
|
||||
logger.V(1).Info("reconciled binding", "repo", binding.Spec.Repository)
|
||||
return ctrl.Result{}, nil
|
||||
}
|
||||
|
||||
func (r *RepositoryBindingReconciler) SetupWithManager(mgr ctrl.Manager) error {
|
||||
return ctrl.NewControllerManagedBy(mgr).
|
||||
For(&forgebotv1alpha1.RepositoryBinding{}).
|
||||
Complete(r)
|
||||
}
|
||||
@@ -0,0 +1,37 @@
|
||||
package controller
|
||||
|
||||
import (
|
||||
ctrl "sigs.k8s.io/controller-runtime"
|
||||
)
|
||||
|
||||
func SetupAll(mgr ctrl.Manager) error {
|
||||
if err := (&AgentPoolReconciler{
|
||||
Client: mgr.GetClient(),
|
||||
Scheme: mgr.GetScheme(),
|
||||
}).SetupWithManager(mgr); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if err := (&AgentTaskReconciler{
|
||||
Client: mgr.GetClient(),
|
||||
Scheme: mgr.GetScheme(),
|
||||
}).SetupWithManager(mgr); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if err := (&ProviderQueueReconciler{
|
||||
Client: mgr.GetClient(),
|
||||
Scheme: mgr.GetScheme(),
|
||||
}).SetupWithManager(mgr); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if err := (&RepositoryBindingReconciler{
|
||||
Client: mgr.GetClient(),
|
||||
Scheme: mgr.GetScheme(),
|
||||
}).SetupWithManager(mgr); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
Reference in New Issue
Block a user