bitforge/orchard
3
0
Fork 0
Code Projects Wiki Activity

Compare commits

base: bitforge:ce331a3843b021030533bc9eb05deb18be84a69c
Branches Tags
bitforge:main bitforge:fix/helm-minio-ingress-rename bitforge:feature/presigned-url-downloads bitforge:feature/store-sha256-checksums bitforge:feature/integrity-verification-design bitforge:feature/schema-enhancements bitforge:docs/curl-download-usage bitforge:feature/database-storage-layer bitforge:feature/search-filtering-enhancements bitforge:fix/restore-merged-features bitforge:feature/frontend-hierarchy-components bitforge:feature/list-tagged-versions-api bitforge:feature/packages-api-enhancements bitforge:feature/upload-download-apis bitforge:feature/modern-dark-ui bitforge:feature/test-data-seeding bitforge:feature/projects-api-pagination-search
..
compare: bitforge:main
Branches Tags
bitforge:fix/helm-minio-ingress-rename bitforge:feature/presigned-url-downloads bitforge:main bitforge:feature/store-sha256-checksums bitforge:feature/integrity-verification-design bitforge:feature/schema-enhancements bitforge:docs/curl-download-usage bitforge:feature/database-storage-layer bitforge:feature/search-filtering-enhancements bitforge:fix/restore-merged-features bitforge:feature/frontend-hierarchy-components bitforge:feature/list-tagged-versions-api bitforge:feature/packages-api-enhancements bitforge:feature/upload-download-apis bitforge:feature/modern-dark-ui bitforge:feature/test-data-seeding bitforge:feature/projects-api-pagination-search

1 Commits
ce331a3843 ... main

Author SHA1 Message Date
dane.moss
994f166de8 release new image with presigned URL support for direct s3 downloads as default download mode 2025-12-15 15:17:53 -07:00
6 changed files with 44 additions and 41 deletions
Expand all files Collapse all files

17
CHANGELOG.md
View File

@@ -6,6 +6,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [Unreleased] ## [Unreleased]
## [0.3.0] - 2025-12-15
### Changed
- Changed default download mode from `proxy` to `presigned` for better performance (#48)
### Added ### Added
- Added presigned URL support for direct S3 downloads (#48) - Added presigned URL support for direct S3 downloads (#48)
- Added `ORCHARD_DOWNLOAD_MODE` config option (`presigned`, `redirect`, `proxy`) (#48) - Added `ORCHARD_DOWNLOAD_MODE` config option (`presigned`, `redirect`, `proxy`) (#48)
@@ -22,12 +26,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Compute and store MD5, SHA1, and S3 ETag alongside SHA256 during upload (#25) - Compute and store MD5, SHA1, and S3 ETag alongside SHA256 during upload (#25)
- Added `Dockerfile.local` and `docker-compose.local.yml` for local development (#25) - Added `Dockerfile.local` and `docker-compose.local.yml` for local development (#25)
- Added migration script `003_checksum_fields.sql` for existing databases (#25) - Added migration script `003_checksum_fields.sql` for existing databases (#25)
### Changed
- Changed default download mode from `proxy` to `presigned` for better performance (#48)
### Fixed
- Fixed Helm chart `minio.ingress` conflicting with Bitnami MinIO subchart by renaming to `minioIngress` (#48)
## [0.2.0] - 2025-12-15 ## [0.2.0] - 2025-12-15
### Changed
- Updated images to use internal container BSF proxy (#46)
### Added ### Added
- Added `format` and `platform` fields to packages table (#16) - Added `format` and `platform` fields to packages table (#16)
- Added `checksum_md5` and `metadata` JSONB fields to artifacts table (#16) - Added `checksum_md5` and `metadata` JSONB fields to artifacts table (#16)
@@ -41,11 +44,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Added database triggers for maintaining artifact `ref_count` accuracy (#16) - Added database triggers for maintaining artifact `ref_count` accuracy (#16)
- Added CHECK constraints for data integrity (`size > 0`, `ref_count >= 0`) (#16) - Added CHECK constraints for data integrity (`size > 0`, `ref_count >= 0`) (#16)
- Added migration script `002_schema_enhancements.sql` for existing databases (#16) - Added migration script `002_schema_enhancements.sql` for existing databases (#16)
### Changed
- Updated images to use internal container BSF proxy (#46)
## [0.1.0] - 2025-12-12 ## [0.1.0] - 2025-12-12
### Added
- Added Prosper docker template config (#45)
### Changed ### Changed
- Changed the Dockerfile npm build arg to use the deps.global.bsf.tools URL as the default registry (#45) - Changed the Dockerfile npm build arg to use the deps.global.bsf.tools URL as the default registry (#45)
### Added
- Added Prosper docker template config (#45)

19
README.md
View File

@@ -553,18 +553,19 @@ orchard:
presignedUrlExpiry: 3600 presignedUrlExpiry: 3600
# MinIO ingress (required for presigned URL downloads) # MinIO ingress (required for presigned URL downloads)
minioIngress: minio:
enabled: true ingress:
className: "nginx"
annotations:
cert-manager.io/cluster-issuer: "letsencrypt"
host: "minio.your-domain.com"
tls:
enabled: true enabled: true
secretName: minio-tls className: "nginx"
annotations:
cert-manager.io/cluster-issuer: "letsencrypt"
host: "minio.your-domain.com"
tls:
enabled: true
secretName: minio-tls
``` ```
When `minioIngress.enabled` is `true`, the S3 endpoint automatically uses the external URL (`https://minio.your-domain.com`), making presigned URLs accessible to external clients. When `minio.ingress.enabled` is `true`, the S3 endpoint automatically uses the external URL (`https://minio.your-domain.com`), making presigned URLs accessible to external clients.
See `helm/orchard/values.yaml` for all configuration options. See `helm/orchard/values.yaml` for all configuration options.

2
helm/orchard/templates/NOTES.txt
View File

@@ -62,3 +62,5 @@ Orchard has been installed!
Endpoint: {{ include "orchard.minio.host" . }} Endpoint: {{ include "orchard.minio.host" . }}
Bucket: {{ .Values.orchard.s3.bucket }} Bucket: {{ .Values.orchard.s3.bucket }}
{{- end }} {{- end }}
For more information, visit: https://git.bitstorm.ca/bitforge/orchard

8
helm/orchard/templates/_helpers.tpl
View File

@@ -111,11 +111,11 @@ MinIO internal host (for server-side operations)
MinIO host (uses external URL if ingress enabled, for presigned URLs) MinIO host (uses external URL if ingress enabled, for presigned URLs)
*/}} */}}
{{- define "orchard.minio.host" -}} {{- define "orchard.minio.host" -}}
{{- if and .Values.minio.enabled .Values.minioIngress.enabled .Values.minioIngress.host }} {{- if and .Values.minio.enabled .Values.minio.ingress.enabled .Values.minio.ingress.host }}
{{- if .Values.minioIngress.tls.enabled }} {{- if .Values.minio.ingress.tls.enabled }}
{{- printf "https://%s" .Values.minioIngress.host }} {{- printf "https://%s" .Values.minio.ingress.host }}
{{- else }} {{- else }}
{{- printf "http://%s" .Values.minioIngress.host }} {{- printf "http://%s" .Values.minio.ingress.host }}
{{- end }} {{- end }}
{{- else if .Values.minio.enabled }} {{- else if .Values.minio.enabled }}
{{- printf "http://%s-minio:9000" .Release.Name }} {{- printf "http://%s-minio:9000" .Release.Name }}

16
helm/orchard/templates/minio-ingress.yaml
View File

@@ -1,4 +1,4 @@
{{- if and .Values.minio.enabled .Values.minioIngress.enabled -}} {{- if and .Values.minio.enabled .Values.minio.ingress.enabled -}}
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
metadata: metadata:
@@ -6,22 +6,22 @@ metadata:
labels: labels:
{{- include "orchard.labels" . | nindent 4 }} {{- include "orchard.labels" . | nindent 4 }}
app.kubernetes.io/component: minio app.kubernetes.io/component: minio
{{- with .Values.minioIngress.annotations }} {{- with .Values.minio.ingress.annotations }}
annotations: annotations:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
spec: spec:
{{- if .Values.minioIngress.className }} {{- if .Values.minio.ingress.className }}
ingressClassName: {{ .Values.minioIngress.className }} ingressClassName: {{ .Values.minio.ingress.className }}
{{- end }} {{- end }}
{{- if .Values.minioIngress.tls.enabled }} {{- if .Values.minio.ingress.tls.enabled }}
tls: tls:
- hosts: - hosts:
- {{ .Values.minioIngress.host | quote }} - {{ .Values.minio.ingress.host | quote }}
secretName: {{ .Values.minioIngress.tls.secretName }} secretName: {{ .Values.minio.ingress.tls.secretName }}
{{- end }} {{- end }}
rules: rules:
- host: {{ .Values.minioIngress.host | quote }} - host: {{ .Values.minio.ingress.host | quote }}
http: http:
paths: paths:
- path: / - path: /

23
helm/orchard/values.yaml
View File

@@ -152,18 +152,17 @@ minio:
persistence: persistence:
enabled: false enabled: false
size: 50Gi size: 50Gi
# MinIO ingress for presigned URL access
# MinIO external ingress for presigned URL access (separate from subchart ingress) ingress:
minioIngress: enabled: false
enabled: true className: "nginx"
className: "nginx" annotations:
annotations: cert-manager.io/cluster-issuer: "letsencrypt"
cert-manager.io/cluster-issuer: "letsencrypt" nginx.ingress.kubernetes.io/proxy-body-size: "0" # Disable body size limit for uploads
nginx.ingress.kubernetes.io/proxy-body-size: "0" # Disable body size limit for uploads host: "" # e.g., minio.your-domain.com
host: "minio-orch-dev.common.global.bsf.tools" tls:
tls: enabled: true
enabled: true secretName: minio-tls
secretName: minio-tls
# Redis subchart configuration (for future caching) # Redis subchart configuration (for future caching)
redis: redis: